package org.spongycastle.cms.jcajce;

import c.a.a;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.cms.KeyAgreeRecipientIdentifier;
import org.spongycastle.asn1.cms.OriginatorPublicKey;
import org.spongycastle.asn1.cms.RecipientEncryptedKey;
import org.spongycastle.asn1.cms.RecipientKeyIdentifier;
import org.spongycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.KeyAgreeRecipientInfoGenerator;
import org.spongycastle.jcajce.spec.MQVParameterSpec;
import org.spongycastle.jcajce.spec.UserKeyingMaterialSpec;
import org.spongycastle.operator.DefaultSecretKeySizeProvider;
import org.spongycastle.operator.GenericKey;
import org.spongycastle.operator.SecretKeySizeProvider;
import org.spongycastle.util.Arrays;

/* loaded from: classes2.dex */
public class JceKeyAgreeRecipientInfoGenerator extends KeyAgreeRecipientInfoGenerator {

    /* renamed from: h, reason: collision with root package name */
    public static KeyMaterialGenerator f17723h = new RFC5753KeyMaterialGenerator();

    /* renamed from: i, reason: collision with root package name */
    public KeyPair f17724i;

    /* renamed from: j, reason: collision with root package name */
    public PrivateKey f17725j;
    public PublicKey k;
    public SecureRandom l;
    public List m;
    public EnvelopedDataHelper n;
    public SecretKeySizeProvider o;
    public byte[] p;
    public List q;

    public JceKeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier aSN1ObjectIdentifier, PrivateKey privateKey, PublicKey publicKey, ASN1ObjectIdentifier aSN1ObjectIdentifier2) {
        super(aSN1ObjectIdentifier, SubjectPublicKeyInfo.c(publicKey.getEncoded()), aSN1ObjectIdentifier2);
        this.o = new DefaultSecretKeySizeProvider();
        this.m = new ArrayList();
        this.q = new ArrayList();
        this.n = new EnvelopedDataHelper(new DefaultJcaJceExtHelper());
        this.k = publicKey;
        this.f17725j = privateKey;
    }

    private void x(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        if (this.l == null) {
            this.l = new SecureRandom();
        }
        if (CMSUtils.j(aSN1ObjectIdentifier) && this.f17724i == null) {
            try {
                SubjectPublicKeyInfo c2 = SubjectPublicKeyInfo.c(this.k.getEncoded());
                AlgorithmParameters k = this.n.k(aSN1ObjectIdentifier);
                k.init(c2.f().f().t().getEncoded());
                KeyPairGenerator p = this.n.p(aSN1ObjectIdentifier);
                p.initialize(k.getParameterSpec(AlgorithmParameterSpec.class), this.l);
                this.f17724i = p.generateKeyPair();
            } catch (Exception e2) {
                throw new CMSException(a.q("cannot determine MQV ephemeral key pair parameters from public key: ", e2), e2);
            }
        }
    }

    @Override // org.spongycastle.cms.KeyAgreeRecipientInfoGenerator
    public ASN1Sequence e(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, GenericKey genericKey) {
        AlgorithmParameterSpec algorithmParameterSpec;
        if (this.m.isEmpty()) {
            throw new CMSException("No recipients associated with generator - use addRecipient()");
        }
        x(algorithmIdentifier.e());
        PrivateKey privateKey = this.f17725j;
        ASN1ObjectIdentifier e2 = algorithmIdentifier.e();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (int i2 = 0; i2 != this.m.size(); i2++) {
            PublicKey publicKey = (PublicKey) this.q.get(i2);
            KeyAgreeRecipientIdentifier keyAgreeRecipientIdentifier = (KeyAgreeRecipientIdentifier) this.m.get(i2);
            try {
                if (CMSUtils.j(e2)) {
                    algorithmParameterSpec = new MQVParameterSpec(this.f17724i, publicKey, this.p);
                } else if (CMSUtils.h(e2)) {
                    algorithmParameterSpec = new UserKeyingMaterialSpec(f17723h.a(algorithmIdentifier2, this.o.c(algorithmIdentifier2.e()), this.p));
                } else {
                    if (!CMSUtils.k(e2)) {
                        throw new CMSException("Unknown key agreement algorithm: " + e2);
                    }
                    if (this.p != null) {
                        algorithmParameterSpec = new UserKeyingMaterialSpec(this.p);
                    } else {
                        if (e2.equals(PKCSObjectIdentifiers.eo)) {
                            throw new CMSException("User keying material must be set for static keys.");
                        }
                        algorithmParameterSpec = null;
                    }
                }
                KeyAgreement s = this.n.s(e2);
                s.init(privateKey, algorithmParameterSpec, this.l);
                s.doPhase(publicKey, true);
                SecretKey generateSecret = s.generateSecret(algorithmIdentifier2.e().n());
                Cipher r = this.n.r(algorithmIdentifier2.e());
                r.init(3, generateSecret, this.l);
                aSN1EncodableVector.d(new RecipientEncryptedKey(keyAgreeRecipientIdentifier, new DEROctetString(r.wrap(this.n.n(genericKey)))));
            } catch (GeneralSecurityException e3) {
                throw new CMSException(a.aa(e3, a.ae("Cannot perform agreement step: ")), e3);
            }
        }
        return new DERSequence(aSN1EncodableVector);
    }

    @Override // org.spongycastle.cms.KeyAgreeRecipientInfoGenerator
    public byte[] g(AlgorithmIdentifier algorithmIdentifier) {
        x(algorithmIdentifier.e());
        KeyPair keyPair = this.f17724i;
        if (keyPair == null) {
            return this.p;
        }
        OriginatorPublicKey f2 = f(SubjectPublicKeyInfo.c(keyPair.getPublic().getEncoded()));
        try {
            return this.p != null ? new MQVuserKeyingMaterial(f2, new DEROctetString(this.p)).getEncoded() : new MQVuserKeyingMaterial(f2, null).getEncoded();
        } catch (IOException e2) {
            throw new CMSException(a.h(e2, a.ae("unable to encode user keying material: ")), e2);
        }
    }

    public JceKeyAgreeRecipientInfoGenerator r(String str) {
        this.n = new EnvelopedDataHelper(new NamedJcaJceExtHelper(str));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator s(Provider provider) {
        this.n = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator t(SecureRandom secureRandom) {
        this.l = secureRandom;
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator u(X509Certificate x509Certificate) {
        this.m.add(new KeyAgreeRecipientIdentifier(CMSUtils.d(x509Certificate)));
        this.q.add(x509Certificate.getPublicKey());
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator v(byte[] bArr) {
        this.p = Arrays.aa(bArr);
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator w(byte[] bArr, PublicKey publicKey) {
        this.m.add(new KeyAgreeRecipientIdentifier(new RecipientKeyIdentifier(bArr)));
        this.q.add(publicKey);
        return this;
    }
}
