package org.bouncycastle.cms.jcajce;

import defpackage.C0102av;
import defpackage.C0687vv;
import defpackage.C0715wv;
import defpackage.C0743xv;
import defpackage.InterfaceC0659uv;
import defpackage._u;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.cms.KeyAgreeRecipientIdentifier;
import org.bouncycastle.asn1.cms.OriginatorPublicKey;
import org.bouncycastle.asn1.cms.RecipientEncryptedKey;
import org.bouncycastle.asn1.cms.RecipientKeyIdentifier;
import org.bouncycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.KeyAgreeRecipientInfoGenerator;
import org.bouncycastle.jcajce.spec.MQVParameterSpec;
import org.bouncycastle.jcajce.spec.UserKeyingMaterialSpec;
import org.bouncycastle.operator.DefaultSecretKeySizeProvider;
import org.bouncycastle.operator.GenericKey;
import org.bouncycastle.operator.SecretKeySizeProvider;
import org.bouncycastle.util.Arrays;

/* loaded from: classes6.dex */
public class JceKeyAgreeRecipientInfoGenerator extends KeyAgreeRecipientInfoGenerator {
    public static InterfaceC0659uv d = new C0743xv();
    public SecretKeySizeProvider e;
    public List f;
    public List g;
    public PublicKey h;
    public PrivateKey i;
    public EnvelopedDataHelper j;
    public SecureRandom k;
    public KeyPair l;
    public byte[] m;

    public JceKeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier aSN1ObjectIdentifier, PrivateKey privateKey, PublicKey publicKey, ASN1ObjectIdentifier aSN1ObjectIdentifier2) {
        super(aSN1ObjectIdentifier, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()), aSN1ObjectIdentifier2);
        this.e = new DefaultSecretKeySizeProvider();
        this.f = new ArrayList();
        this.g = new ArrayList();
        this.j = new EnvelopedDataHelper(new C0102av());
        this.h = publicKey;
        this.i = privateKey;
    }

    public final void a(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws CMSException {
        if (this.k == null) {
            this.k = new SecureRandom();
        }
        if (_u.b(aSN1ObjectIdentifier) && this.l == null) {
            try {
                SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(this.h.getEncoded());
                AlgorithmParameters b = this.j.b(aSN1ObjectIdentifier);
                b.init(subjectPublicKeyInfo.getAlgorithm().getParameters().toASN1Primitive().getEncoded());
                KeyPairGenerator e = this.j.e(aSN1ObjectIdentifier);
                e.initialize(b.getParameterSpec(AlgorithmParameterSpec.class), this.k);
                this.l = e.generateKeyPair();
            } catch (Exception e2) {
                throw new CMSException("cannot determine MQV ephemeral key pair parameters from public key: " + e2, e2);
            }
        }
    }

    public JceKeyAgreeRecipientInfoGenerator addRecipient(X509Certificate x509Certificate) throws CertificateEncodingException {
        this.f.add(new KeyAgreeRecipientIdentifier(_u.a(x509Certificate)));
        this.g.add(x509Certificate.getPublicKey());
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator addRecipient(byte[] bArr, PublicKey publicKey) throws CertificateEncodingException {
        this.f.add(new KeyAgreeRecipientIdentifier(new RecipientKeyIdentifier(bArr)));
        this.g.add(publicKey);
        return this;
    }

    @Override // org.bouncycastle.cms.KeyAgreeRecipientInfoGenerator
    public ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, GenericKey genericKey) throws CMSException {
        AlgorithmParameterSpec algorithmParameterSpec;
        if (this.f.isEmpty()) {
            throw new CMSException("No recipients associated with generator - use addRecipient()");
        }
        a(algorithmIdentifier.getAlgorithm());
        PrivateKey privateKey = this.i;
        ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (int i = 0; i != this.f.size(); i++) {
            PublicKey publicKey = (PublicKey) this.g.get(i);
            KeyAgreeRecipientIdentifier keyAgreeRecipientIdentifier = (KeyAgreeRecipientIdentifier) this.f.get(i);
            try {
                if (_u.b(algorithm)) {
                    algorithmParameterSpec = new MQVParameterSpec(this.l, publicKey, this.m);
                } else if (_u.a(algorithm)) {
                    algorithmParameterSpec = new UserKeyingMaterialSpec(d.a(algorithmIdentifier2, this.e.getKeySize(algorithmIdentifier2.getAlgorithm()), this.m));
                } else {
                    if (!_u.c(algorithm)) {
                        throw new CMSException("Unknown key agreement algorithm: " + algorithm);
                    }
                    if (this.m != null) {
                        algorithmParameterSpec = new UserKeyingMaterialSpec(this.m);
                    } else {
                        if (algorithm.equals(PKCSObjectIdentifiers.id_alg_SSDH)) {
                            throw new CMSException("User keying material must be set for static keys.");
                        }
                        algorithmParameterSpec = null;
                    }
                }
                KeyAgreement d2 = this.j.d(algorithm);
                d2.init(privateKey, algorithmParameterSpec, this.k);
                d2.doPhase(publicKey, true);
                SecretKey generateSecret = d2.generateSecret(algorithmIdentifier2.getAlgorithm().getId());
                Cipher c = this.j.c(algorithmIdentifier2.getAlgorithm());
                c.init(3, generateSecret, this.k);
                aSN1EncodableVector.add(new RecipientEncryptedKey(keyAgreeRecipientIdentifier, new DEROctetString(c.wrap(this.j.a(genericKey)))));
            } catch (GeneralSecurityException e) {
                throw new CMSException("Cannot perform agreement step: " + e.getMessage(), e);
            }
        }
        return new DERSequence(aSN1EncodableVector);
    }

    @Override // org.bouncycastle.cms.KeyAgreeRecipientInfoGenerator
    public byte[] getUserKeyingMaterial(AlgorithmIdentifier algorithmIdentifier) throws CMSException {
        a(algorithmIdentifier.getAlgorithm());
        KeyPair keyPair = this.l;
        if (keyPair == null) {
            return this.m;
        }
        OriginatorPublicKey createOriginatorPublicKey = createOriginatorPublicKey(SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        try {
            return this.m != null ? new MQVuserKeyingMaterial(createOriginatorPublicKey, new DEROctetString(this.m)).getEncoded() : new MQVuserKeyingMaterial(createOriginatorPublicKey, null).getEncoded();
        } catch (IOException e) {
            throw new CMSException("unable to encode user keying material: " + e.getMessage(), e);
        }
    }

    public JceKeyAgreeRecipientInfoGenerator setProvider(String str) {
        this.j = new EnvelopedDataHelper(new C0687vv(str));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator setProvider(Provider provider) {
        this.j = new EnvelopedDataHelper(new C0715wv(provider));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator setSecureRandom(SecureRandom secureRandom) {
        this.k = secureRandom;
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator setUserKeyingMaterial(byte[] bArr) {
        this.m = Arrays.clone(bArr);
        return this;
    }
}
