package org.bouncycastle.cms.jcajce;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.cms.KeyAgreeRecipientIdentifier;
import org.bouncycastle.asn1.cms.OriginatorPublicKey;
import org.bouncycastle.asn1.cms.RecipientEncryptedKey;
import org.bouncycastle.asn1.cms.RecipientKeyIdentifier;
import org.bouncycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.cryptopro.Gost2814789EncryptedKey;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.KeyAgreeRecipientInfoGenerator;
import org.bouncycastle.jcajce.spec.GOST28147WrapParameterSpec;
import org.bouncycastle.jcajce.spec.MQVParameterSpec;
import org.bouncycastle.jcajce.spec.UserKeyingMaterialSpec;
import org.bouncycastle.operator.DefaultSecretKeySizeProvider;
import org.bouncycastle.operator.GenericKey;
import org.bouncycastle.operator.SecretKeySizeProvider;
import org.bouncycastle.util.Arrays;
import p388.p400.p415.p417.C8117;
import p388.p400.p415.p417.C8118;
import p388.p400.p415.p417.C8122;
import p388.p400.p415.p417.C8123;
import p388.p400.p415.p417.C8124;
import p388.p400.p415.p417.InterfaceC8121;

/* loaded from: classes6.dex */
public class JceKeyAgreeRecipientInfoGenerator extends KeyAgreeRecipientInfoGenerator {

    /* renamed from: ¥, reason: contains not printable characters */
    private static InterfaceC8121 f33810 = new C8124();

    /* renamed from: ª, reason: contains not printable characters */
    private SecretKeySizeProvider f33811;

    /* renamed from: µ, reason: contains not printable characters */
    private List f33812;

    /* renamed from: º, reason: contains not printable characters */
    private List f33813;

    /* renamed from: À, reason: contains not printable characters */
    private PublicKey f33814;

    /* renamed from: Á, reason: contains not printable characters */
    private PrivateKey f33815;

    /* renamed from: Â, reason: contains not printable characters */
    private EnvelopedDataHelper f33816;

    /* renamed from: Ã, reason: contains not printable characters */
    private SecureRandom f33817;

    /* renamed from: Ä, reason: contains not printable characters */
    private KeyPair f33818;

    /* renamed from: Å, reason: contains not printable characters */
    private byte[] f33819;

    public JceKeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier aSN1ObjectIdentifier, PrivateKey privateKey, PublicKey publicKey, ASN1ObjectIdentifier aSN1ObjectIdentifier2) {
        super(aSN1ObjectIdentifier, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()), aSN1ObjectIdentifier2);
        this.f33811 = new DefaultSecretKeySizeProvider();
        this.f33812 = new ArrayList();
        this.f33813 = new ArrayList();
        this.f33816 = new EnvelopedDataHelper(new C8118());
        this.f33814 = publicKey;
        this.f33815 = C8117.m25876(privateKey);
    }

    /* renamed from: ¢, reason: contains not printable characters */
    private void m20371(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws CMSException {
        if (this.f33817 == null) {
            this.f33817 = new SecureRandom();
        }
        if (C8117.m25884(aSN1ObjectIdentifier) && this.f33818 == null) {
            try {
                SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(this.f33814.getEncoded());
                AlgorithmParameters m20337 = this.f33816.m20337(aSN1ObjectIdentifier);
                m20337.init(subjectPublicKeyInfo.getAlgorithm().getParameters().toASN1Primitive().getEncoded());
                KeyPairGenerator m20341 = this.f33816.m20341(aSN1ObjectIdentifier);
                m20341.initialize(m20337.getParameterSpec(AlgorithmParameterSpec.class), this.f33817);
                this.f33818 = m20341.generateKeyPair();
            } catch (Exception e) {
                throw new CMSException("cannot determine MQV ephemeral key pair parameters from public key: " + e, e);
            }
        }
    }

    public JceKeyAgreeRecipientInfoGenerator addRecipient(X509Certificate x509Certificate) throws CertificateEncodingException {
        this.f33812.add(new KeyAgreeRecipientIdentifier(C8117.m25880(x509Certificate)));
        this.f33813.add(x509Certificate.getPublicKey());
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator addRecipient(byte[] bArr, PublicKey publicKey) throws CertificateEncodingException {
        this.f33812.add(new KeyAgreeRecipientIdentifier(new RecipientKeyIdentifier(bArr)));
        this.f33813.add(publicKey);
        return this;
    }

    @Override // org.bouncycastle.cms.KeyAgreeRecipientInfoGenerator
    public ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, GenericKey genericKey) throws CMSException {
        UserKeyingMaterialSpec userKeyingMaterialSpec;
        AlgorithmParameterSpec algorithmParameterSpec;
        DEROctetString dEROctetString;
        if (this.f33812.isEmpty()) {
            throw new CMSException("No recipients associated with generator - use addRecipient()");
        }
        m20371(algorithmIdentifier.getAlgorithm());
        PrivateKey privateKey = this.f33815;
        ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (int i = 0; i != this.f33812.size(); i++) {
            PublicKey publicKey = (PublicKey) this.f33813.get(i);
            KeyAgreeRecipientIdentifier keyAgreeRecipientIdentifier = (KeyAgreeRecipientIdentifier) this.f33812.get(i);
            try {
                ASN1ObjectIdentifier algorithm2 = algorithmIdentifier2.getAlgorithm();
                if (C8117.m25884(algorithm)) {
                    algorithmParameterSpec = new MQVParameterSpec(this.f33818, publicKey, this.f33819);
                } else {
                    if (C8117.m25882(algorithm)) {
                        userKeyingMaterialSpec = new UserKeyingMaterialSpec(f33810.mo20370(algorithmIdentifier2, this.f33811.getKeySize(algorithm2), this.f33819));
                    } else if (C8117.m25885(algorithm)) {
                        byte[] bArr = this.f33819;
                        if (bArr != null) {
                            userKeyingMaterialSpec = new UserKeyingMaterialSpec(bArr);
                        } else {
                            if (algorithm.equals((ASN1Primitive) PKCSObjectIdentifiers.id_alg_SSDH)) {
                                throw new CMSException("User keying material must be set for static keys.");
                            }
                            algorithmParameterSpec = null;
                        }
                    } else {
                        if (!C8117.m25883(algorithm)) {
                            throw new CMSException("Unknown key agreement algorithm: " + algorithm);
                        }
                        byte[] bArr2 = this.f33819;
                        if (bArr2 == null) {
                            throw new CMSException("User keying material must be set for static keys.");
                        }
                        userKeyingMaterialSpec = new UserKeyingMaterialSpec(bArr2);
                    }
                    algorithmParameterSpec = userKeyingMaterialSpec;
                }
                KeyAgreement m20340 = this.f33816.m20340(algorithm);
                m20340.init(privateKey, algorithmParameterSpec, this.f33817);
                m20340.doPhase(publicKey, true);
                SecretKey generateSecret = m20340.generateSecret(algorithm2.getId());
                Cipher m20338 = this.f33816.m20338(algorithm2);
                if (!algorithm2.equals((ASN1Primitive) CryptoProObjectIdentifiers.id_Gost28147_89_None_KeyWrap) && !algorithm2.equals((ASN1Primitive) CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap)) {
                    m20338.init(3, generateSecret, this.f33817);
                    dEROctetString = new DEROctetString(m20338.wrap(this.f33816.m20348(genericKey)));
                    aSN1EncodableVector.add(new RecipientEncryptedKey(keyAgreeRecipientIdentifier, dEROctetString));
                }
                m20338.init(3, generateSecret, new GOST28147WrapParameterSpec(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, this.f33819));
                byte[] wrap = m20338.wrap(this.f33816.m20348(genericKey));
                dEROctetString = new DEROctetString(new Gost2814789EncryptedKey(Arrays.copyOfRange(wrap, 0, wrap.length - 4), Arrays.copyOfRange(wrap, wrap.length - 4, wrap.length)).getEncoded(ASN1Encoding.DER));
                aSN1EncodableVector.add(new RecipientEncryptedKey(keyAgreeRecipientIdentifier, dEROctetString));
            } catch (IOException e) {
                throw new CMSException("unable to encode wrapped key: " + e.getMessage(), e);
            } catch (GeneralSecurityException e2) {
                throw new CMSException("cannot perform agreement step: " + e2.getMessage(), e2);
            }
        }
        return new DERSequence(aSN1EncodableVector);
    }

    @Override // org.bouncycastle.cms.KeyAgreeRecipientInfoGenerator
    public byte[] getUserKeyingMaterial(AlgorithmIdentifier algorithmIdentifier) throws CMSException {
        m20371(algorithmIdentifier.getAlgorithm());
        KeyPair keyPair = this.f33818;
        if (keyPair == null) {
            return this.f33819;
        }
        OriginatorPublicKey createOriginatorPublicKey = createOriginatorPublicKey(SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        try {
            byte[] bArr = this.f33819;
            return bArr != null ? new MQVuserKeyingMaterial(createOriginatorPublicKey, new DEROctetString(bArr)).getEncoded() : new MQVuserKeyingMaterial(createOriginatorPublicKey, null).getEncoded();
        } catch (IOException e) {
            throw new CMSException("unable to encode user keying material: " + e.getMessage(), e);
        }
    }

    public JceKeyAgreeRecipientInfoGenerator setProvider(String str) {
        this.f33816 = new EnvelopedDataHelper(new C8122(str));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator setProvider(Provider provider) {
        this.f33816 = new EnvelopedDataHelper(new C8123(provider));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator setSecureRandom(SecureRandom secureRandom) {
        this.f33817 = secureRandom;
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator setUserKeyingMaterial(byte[] bArr) {
        this.f33819 = Arrays.clone(bArr);
        return this;
    }
}
