package net.netca.pki.encoding.asn1.pki.cms;

import com.qq.taf.jce.JceStruct;
import java.util.ArrayList;
import java.util.Arrays;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.Attributes;
import net.netca.pki.encoding.asn1.pki.Extension;
import net.netca.pki.encoding.asn1.pki.Extensions;
import net.netca.pki.encoding.asn1.pki.IKDF;
import net.netca.pki.encoding.asn1.pki.IKeyAgreement;
import net.netca.pki.encoding.asn1.pki.IKeyWrap;
import net.netca.pki.encoding.asn1.pki.JCEPublicKeyEncrypter;
import net.netca.pki.encoding.asn1.pki.JCESecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.NamedBitStringExtension;
import net.netca.pki.encoding.asn1.pki.PublicKeyEncrypter;
import net.netca.pki.encoding.asn1.pki.SecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.SymEncrypter;
import net.netca.pki.encoding.asn1.pki.X509Certificate;

/* loaded from: classes3.dex */
public class EnvelopedDataBuilder {
    public static final int AES_128 = 2;
    public static final int AES_192 = 3;
    public static final int AES_256 = 4;
    public static final int ISSUER_SN_TYPE = 1;
    public static final int SM1 = 5;
    public static final int SM4 = 7;
    public static final int SSF33 = 6;
    public static final int SUBJECT_KEYID_TYPE = 2;
    public static final int TDES = 1;
    private IKDF kdfObj;
    private IKeyAgreement keyAgreementObj;
    private IKeyWrap keywrapObj;
    private PublicKeyEncrypter publicKeyEncrypter;
    private SecureRandomGenerator randGenerator;
    private SymEncrypter symEncrypter;
    private ArrayList<Integer> certIdTypes = new ArrayList<>();
    private ArrayList<X509Certificate> certs = new ArrayList<>();
    private int symEncAlgo = 2;
    private String contentType = "1.2.840.113549.1.7.1";
    private ArrayList<Attribute> attrs = new ArrayList<>();
    private boolean isQ7 = false;
    private ArrayList<Integer> keyAgreementCertIdTypes = new ArrayList<>();
    private ArrayList<X509Certificate> keyAgreementCerts = new ArrayList<>();

    private AlgorithmIdentifier genContentEncryptionAlgorithm() throws PkiException {
        if (this.symEncAlgo == 1) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.DESEDE3CBC_OID, new OctetString(this.randGenerator.generate(8)));
        }
        if (this.symEncAlgo == 2) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.AES128CBCPAD_OID, new OctetString(this.randGenerator.generate(16)));
        }
        if (this.symEncAlgo == 3) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.AES192CBCPAD_OID, new OctetString(this.randGenerator.generate(16)));
        }
        if (this.symEncAlgo == 4) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.AES256CBCPAD_OID, new OctetString(this.randGenerator.generate(16)));
        }
        if (this.symEncAlgo == 5) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.SM1CBC_OID, new OctetString(this.randGenerator.generate(16)));
        }
        if (this.symEncAlgo == 6) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.SSF33CBC_OID, new OctetString(this.randGenerator.generate(16)));
        }
        if (this.symEncAlgo == 7) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.SM4CBC_OID, new OctetString(this.randGenerator.generate(16)));
        }
        throw new PkiException("unknown algo");
    }

    private byte[] genKey() throws PkiException {
        byte[] generate = this.randGenerator.generate(getKeyLength());
        if (this.symEncAlgo == 1) {
            normdeskey(generate);
        }
        return generate;
    }

    private EncryptedContentInfo getEncryptedContentInfo(byte[] bArr, byte[] bArr2, int i, int i2) throws PkiException {
        AlgorithmIdentifier genContentEncryptionAlgorithm = genContentEncryptionAlgorithm();
        byte[] cipher = this.symEncrypter.cipher(true, bArr, genContentEncryptionAlgorithm, bArr2, i, i2);
        if (this.isQ7 && this.contentType.equals("1.2.840.113549.1.7.1")) {
            this.contentType = "1.2.156.10197.6.1.4.2.1";
        }
        return new EncryptedContentInfo(this.contentType, genContentEncryptionAlgorithm, cipher);
    }

    private RecipientInfo getKeyAgreementRecipientInfo(int i, X509Certificate x509Certificate, byte[] bArr) throws PkiException {
        return RecipientInfo.newKari(KeyAgreeRecipientInfo.buildECCKeyAgreeRecipientInfo(this.keyAgreementObj, this.kdfObj, this.keywrapObj, bArr, this.randGenerator.generate(32), getKeyAgreementkeyEncryptionAlgorithm(), x509Certificate, i));
    }

    private AlgorithmIdentifier getKeyAgreementkeyEncryptionAlgorithm() throws PkiException {
        String str;
        AlgorithmIdentifier CreateAlgorithmIdentifier;
        int i = this.symEncAlgo;
        if (i != 7) {
            switch (i) {
                case 1:
                    str = AlgorithmIdentifier.DHSINGLEPASS_STDDH_SHA256KDF_SCHEME_OID;
                    CreateAlgorithmIdentifier = AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.TDES_WRAP);
                    break;
                case 2:
                case 5:
                    break;
                case 3:
                    str = AlgorithmIdentifier.DHSINGLEPASS_STDDH_SHA384KDF_SCHEME_OID;
                    CreateAlgorithmIdentifier = AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.AES192_WRAP);
                    break;
                case 4:
                    str = AlgorithmIdentifier.DHSINGLEPASS_STDDH_SHA512KDF_SCHEME_OID;
                    CreateAlgorithmIdentifier = AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.AES256_WRAP);
                    break;
                default:
                    throw new PkiException("unknown algo");
            }
            return new AlgorithmIdentifier(str, CreateAlgorithmIdentifier.getASN1Object());
        }
        str = AlgorithmIdentifier.DHSINGLEPASS_STDDH_SHA256KDF_SCHEME_OID;
        CreateAlgorithmIdentifier = AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.AES128_WRAP);
        return new AlgorithmIdentifier(str, CreateAlgorithmIdentifier.getASN1Object());
    }

    private int getKeyLength() throws PkiException {
        int i = this.symEncAlgo;
        if (i == 7) {
            return 16;
        }
        switch (i) {
            case 1:
            case 3:
                return 24;
            case 2:
            case 5:
                return 16;
            case 4:
                return 32;
            default:
                throw new PkiException("unknown algo");
        }
    }

    private RecipientInfo getRecipientInfo(int i, X509Certificate x509Certificate, byte[] bArr) throws PkiException {
        return new RecipientInfo(new KeyTransRecipientInfo(i, x509Certificate, bArr, this.publicKeyEncrypter).getASN1Object());
    }

    private RecipientInfos getRecipientInfos(byte[] bArr) throws PkiException {
        int size = this.certs.size();
        RecipientInfos recipientInfos = new RecipientInfos();
        for (int i = 0; i < size; i++) {
            recipientInfos.add(getRecipientInfo(this.certIdTypes.get(i).intValue(), this.certs.get(i), bArr));
        }
        int size2 = this.keyAgreementCerts.size();
        for (int i2 = 0; i2 < size2; i2++) {
            recipientInfos.add(getKeyAgreementRecipientInfo(this.keyAgreementCertIdTypes.get(i2).intValue(), this.keyAgreementCerts.get(i2), bArr));
        }
        return recipientInfos;
    }

    private Attributes getUnprotectedAttrs() throws PkiException {
        if (this.attrs.size() == 0) {
            return null;
        }
        Attributes attributes = new Attributes();
        for (int i = 0; i < this.attrs.size(); i++) {
            attributes.add(this.attrs.get(i));
        }
        return attributes;
    }

    private int getVersion() {
        if (this.attrs.size() > 0) {
            return 2;
        }
        for (int i = 0; i < this.certIdTypes.size(); i++) {
            if (this.certIdTypes.get(i).intValue() == 2) {
                return 2;
            }
        }
        return 0;
    }

    private boolean hasCert(X509Certificate x509Certificate, int i) {
        for (int i2 = 0; i2 < this.certs.size(); i2++) {
            if (this.certs.get(i2).equals(x509Certificate) && this.keyAgreementCertIdTypes.get(i2).intValue() == i) {
                return true;
            }
        }
        return false;
    }

    private boolean hasKeyAgreementCert(X509Certificate x509Certificate, int i) {
        for (int i2 = 0; i2 < this.keyAgreementCerts.size(); i2++) {
            if (this.keyAgreementCerts.get(i2).equals(x509Certificate) && this.certIdTypes.get(i2).intValue() == i) {
                return true;
            }
        }
        return false;
    }

    private boolean isAllSm2Cert() {
        for (int i = 0; i < this.certs.size(); i++) {
            if (!this.certs.get(i).isSM2()) {
                return false;
            }
        }
        return true;
    }

    private boolean isEncCert(X509Certificate x509Certificate) {
        Extension extension;
        try {
            Extensions extensions = x509Certificate.getExtensions();
            if (extensions == null || (extension = extensions.get(Extension.KEYUSAGE_OID)) == null) {
                return true;
            }
            return ((NamedBitStringExtension) extension.getExtensionObject()).isSet(2);
        } catch (PkiException unused) {
            return false;
        }
    }

    private boolean isKeyAgreementCert(X509Certificate x509Certificate) {
        Extension extension;
        try {
            Extensions extensions = x509Certificate.getExtensions();
            if (extensions == null || (extension = extensions.get(Extension.KEYUSAGE_OID)) == null) {
                return true;
            }
            return ((NamedBitStringExtension) extension.getExtensionObject()).isSet(4);
        } catch (PkiException unused) {
            return false;
        }
    }

    private void normdeskey(byte[] bArr) {
        byte[] bArr2 = {1, 1, 2, 2, 4, 4, 7, 7, 8, 8, JceStruct.STRUCT_END, JceStruct.STRUCT_END, JceStruct.SIMPLE_LIST, JceStruct.SIMPLE_LIST, 14, 14, 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110, 110, 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, Byte.MAX_VALUE, Byte.MAX_VALUE, Byte.MIN_VALUE, Byte.MIN_VALUE, -125, -125, -123, -123, -122, -122, -119, -119, -118, -118, -116, -116, -113, -113, -111, -111, -110, -110, -108, -108, -105, -105, -104, -104, -101, -101, -99, -99, -98, -98, -95, -95, -94, -94, -91, -91, -89, -89, -88, -88, -85, -85, -83, -83, -82, -82, -80, -80, -77, -77, -75, -75, -74, -74, -71, -71, -70, -70, -68, -68, -65, -65, -63, -63, -62, -62, -60, -60, -57, -57, -56, -56, -53, -53, -51, -51, -50, -50, -48, -48, -45, -45, -43, -43, -42, -42, -39, -39, -38, -38, -36, -36, -33, -33, -32, -32, -29, -29, -27, -27, -26, -26, -23, -23, -22, -22, -20, -20, -17, -17, -15, -15, -14, -14, -12, -12, -9, -9, -8, -8, -5, -5, -3, -3, -2, -2};
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] > 0) {
                bArr[i] = bArr2[bArr[i]];
            } else {
                bArr[i] = bArr2[bArr[i] + 256];
            }
        }
    }

    public void addCert(X509Certificate x509Certificate) throws PkiException {
        addCert(x509Certificate, 1);
    }

    public void addCert(X509Certificate x509Certificate, int i) throws PkiException {
        if (i != 1 && i != 2) {
            throw new PkiException("bad certIdType");
        }
        if (!x509Certificate.isInValidity()) {
            throw new PkiException("cert is not in validity");
        }
        if (isEncCert(x509Certificate)) {
            if (hasCert(x509Certificate, i)) {
                return;
            }
            this.certIdTypes.add(new Integer(i));
            this.certs.add(x509Certificate);
            return;
        }
        if (!isKeyAgreementCert(x509Certificate)) {
            throw new PkiException("not encrypt certificate");
        }
        if (hasKeyAgreementCert(x509Certificate, i)) {
            return;
        }
        this.keyAgreementCertIdTypes.add(new Integer(i));
        this.keyAgreementCerts.add(x509Certificate);
    }

    public void addunprotectedAttribute(Attribute attribute) throws PkiException {
        this.attrs.add(attribute);
    }

    public EnvelopedData encypt(byte[] bArr) throws PkiException {
        return encypt(bArr, 0, bArr.length);
    }

    public EnvelopedData encypt(byte[] bArr, int i, int i2) throws PkiException {
        if (this.certs.size() == 0 && this.keyAgreementCerts.size() == 0) {
            throw new PkiException("no cert");
        }
        if (this.symEncrypter == null) {
            throw new PkiException("no symEncrypter");
        }
        if (this.certs.size() > 0 && this.publicKeyEncrypter == null) {
            this.publicKeyEncrypter = new JCEPublicKeyEncrypter();
        }
        if (this.keyAgreementCerts.size() > 0) {
            if (this.keyAgreementObj == null) {
                throw new PkiException("no keyAgreementObj");
            }
            if (this.kdfObj == null) {
                throw new PkiException("no kdfObj");
            }
            if (this.keywrapObj == null) {
                throw new PkiException("no keywrapObj");
            }
        }
        if (this.randGenerator == null) {
            this.randGenerator = new JCESecureRandomGenerator();
        }
        byte[] genKey = genKey();
        this.isQ7 = this.isQ7 && isAllSm2Cert();
        EncryptedContentInfo encryptedContentInfo = getEncryptedContentInfo(genKey, bArr, i, i2);
        RecipientInfos recipientInfos = getRecipientInfos(genKey);
        Arrays.fill(genKey, (byte) 0);
        return new EnvelopedData(getVersion(), null, recipientInfos, encryptedContentInfo, getUnprotectedAttrs(), this.isQ7);
    }

    public void setContentType(String str) throws PkiException {
        this.contentType = str;
    }

    public void setEncryptAlgorithm(int i) throws PkiException {
        if (i == 1 || i == 2 || i == 3 || i == 4 || i == 5 || i == 6 || i == 7) {
            this.symEncAlgo = i;
        } else {
            throw new PkiException("bad encrypt algothm " + i);
        }
    }

    public void setKDFImplement(IKDF ikdf) {
        this.kdfObj = ikdf;
    }

    public void setKeyAgreementImplement(IKeyAgreement iKeyAgreement) {
        this.keyAgreementObj = iKeyAgreement;
    }

    public void setKeyWrapImplement(IKeyWrap iKeyWrap) {
        this.keywrapObj = iKeyWrap;
    }

    public void setPublicKeyEncrypter(PublicKeyEncrypter publicKeyEncrypter) {
        this.publicKeyEncrypter = publicKeyEncrypter;
    }

    public void setSM2Q7(boolean z) {
        this.isQ7 = z;
    }

    public void setSecureRandomGenerator(SecureRandomGenerator secureRandomGenerator) {
        this.randGenerator = secureRandomGenerator;
    }

    public void setSymEncrypter(SymEncrypter symEncrypter) {
        this.symEncrypter = symEncrypter;
    }
}
