package org.bouncycastle.cms.jcajce;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashSet;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.cms.ecc.ECCCMSSharedInfo;
import org.bouncycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.cryptopro.Gost2814789EncryptedKey;
import org.bouncycastle.asn1.cryptopro.Gost2814789KeyWrapParameters;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.KeyAgreeRecipient;
import org.bouncycastle.jcajce.spec.GOST28147WrapParameterSpec;
import org.bouncycastle.jcajce.spec.MQVParameterSpec;
import org.bouncycastle.jcajce.spec.UserKeyingMaterialSpec;
import org.bouncycastle.operator.DefaultSecretKeySizeProvider;
import org.bouncycastle.operator.SecretKeySizeProvider;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* loaded from: classes6.dex */
public abstract class JceKeyAgreeRecipient implements KeyAgreeRecipient {

    /* renamed from: h, reason: collision with root package name */
    private static final Set f51592h;

    /* renamed from: i, reason: collision with root package name */
    private static KeyMaterialGenerator f51593i;

    /* renamed from: j, reason: collision with root package name */
    private static KeyMaterialGenerator f51594j;

    /* renamed from: c, reason: collision with root package name */
    private PrivateKey f51595c;

    /* renamed from: d, reason: collision with root package name */
    protected EnvelopedDataHelper f51596d;

    /* renamed from: e, reason: collision with root package name */
    protected EnvelopedDataHelper f51597e;

    /* renamed from: f, reason: collision with root package name */
    private SecretKeySizeProvider f51598f;

    /* renamed from: g, reason: collision with root package name */
    private AlgorithmIdentifier f51599g;

    static {
        HashSet hashSet = new HashSet();
        f51592h = hashSet;
        hashSet.add(X9ObjectIdentifiers.H6);
        hashSet.add(X9ObjectIdentifiers.J6);
        f51593i = new KeyMaterialGenerator() { // from class: org.bouncycastle.cms.jcajce.JceKeyAgreeRecipient.1
            @Override // org.bouncycastle.cms.jcajce.KeyMaterialGenerator
            public byte[] a(AlgorithmIdentifier algorithmIdentifier, int i2, byte[] bArr) {
                try {
                    return new ECCCMSSharedInfo(new AlgorithmIdentifier(algorithmIdentifier.j(), DERNull.f48333a), bArr, Pack.k(i2)).h(ASN1Encoding.f48241a);
                } catch (IOException e2) {
                    throw new IllegalStateException("Unable to create KDF material: " + e2);
                }
            }
        };
        f51594j = new RFC5753KeyMaterialGenerator();
    }

    public JceKeyAgreeRecipient(PrivateKey privateKey) {
        EnvelopedDataHelper envelopedDataHelper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper());
        this.f51596d = envelopedDataHelper;
        this.f51597e = envelopedDataHelper;
        this.f51598f = new DefaultSecretKeySizeProvider();
        this.f51599g = null;
        this.f51595c = CMSUtils.a(privateKey);
    }

    private SecretKey g(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, PublicKey publicKey, ASN1OctetString aSN1OctetString, PrivateKey privateKey, KeyMaterialGenerator keyMaterialGenerator) throws CMSException, GeneralSecurityException, IOException {
        PrivateKey a2 = CMSUtils.a(privateKey);
        UserKeyingMaterialSpec userKeyingMaterialSpec = null;
        userKeyingMaterialSpec = null;
        if (CMSUtils.i(algorithmIdentifier.j())) {
            MQVuserKeyingMaterial l2 = MQVuserKeyingMaterial.l(aSN1OctetString.v());
            PublicKey generatePublic = this.f51596d.j(algorithmIdentifier.j()).generatePublic(new X509EncodedKeySpec(new SubjectPublicKeyInfo(f(), l2.k().m().u()).getEncoded()));
            KeyAgreement i2 = this.f51596d.i(algorithmIdentifier.j());
            byte[] v2 = l2.j() != null ? l2.j().v() : null;
            KeyMaterialGenerator keyMaterialGenerator2 = f51593i;
            if (keyMaterialGenerator == keyMaterialGenerator2) {
                v2 = keyMaterialGenerator2.a(algorithmIdentifier2, this.f51598f.b(algorithmIdentifier2), v2);
            }
            i2.init(a2, new MQVParameterSpec(a2, generatePublic, v2));
            i2.doPhase(publicKey, true);
            return i2.generateSecret(algorithmIdentifier2.j().x());
        }
        KeyAgreement i3 = this.f51596d.i(algorithmIdentifier.j());
        if (CMSUtils.g(algorithmIdentifier.j())) {
            int b2 = this.f51598f.b(algorithmIdentifier2);
            userKeyingMaterialSpec = aSN1OctetString != null ? new UserKeyingMaterialSpec(keyMaterialGenerator.a(algorithmIdentifier2, b2, aSN1OctetString.v())) : new UserKeyingMaterialSpec(keyMaterialGenerator.a(algorithmIdentifier2, b2, null));
        } else if (CMSUtils.j(algorithmIdentifier.j())) {
            if (aSN1OctetString != null) {
                userKeyingMaterialSpec = new UserKeyingMaterialSpec(aSN1OctetString.v());
            }
        } else {
            if (!CMSUtils.h(algorithmIdentifier.j())) {
                throw new CMSException("Unknown key agreement algorithm: " + algorithmIdentifier.j());
            }
            if (aSN1OctetString != null) {
                userKeyingMaterialSpec = new UserKeyingMaterialSpec(aSN1OctetString.v());
            }
        }
        i3.init(a2, userKeyingMaterialSpec);
        i3.doPhase(publicKey, true);
        return i3.generateSecret(algorithmIdentifier2.j().x());
    }

    @Override // org.bouncycastle.cms.KeyAgreeRecipient
    public AlgorithmIdentifier f() {
        if (this.f51599g == null) {
            this.f51599g = PrivateKeyInfo.k(this.f51595c.getEncoded()).n();
        }
        return this.f51599g;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Key h(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, SubjectPublicKeyInfo subjectPublicKeyInfo, ASN1OctetString aSN1OctetString, byte[] bArr) throws CMSException {
        try {
            try {
                AlgorithmIdentifier k2 = AlgorithmIdentifier.k(algorithmIdentifier.m());
                PublicKey generatePublic = this.f51596d.j(subjectPublicKeyInfo.j().j()).generatePublic(new X509EncodedKeySpec(subjectPublicKeyInfo.getEncoded()));
                try {
                    SecretKey g2 = g(algorithmIdentifier, k2, generatePublic, aSN1OctetString, this.f51595c, f51594j);
                    if (!k2.j().n(CryptoProObjectIdentifiers.f49096d) && !k2.j().n(CryptoProObjectIdentifiers.f49097e)) {
                        return n(k2.j(), g2, algorithmIdentifier2.j(), bArr);
                    }
                    Gost2814789EncryptedKey k3 = Gost2814789EncryptedKey.k(bArr);
                    Gost2814789KeyWrapParameters k4 = Gost2814789KeyWrapParameters.k(k2.m());
                    Cipher f2 = this.f51596d.f(k2.j());
                    f2.init(4, g2, new GOST28147WrapParameterSpec(k4.j(), aSN1OctetString.v()));
                    return f2.unwrap(Arrays.B(k3.j(), k3.l()), this.f51596d.u(algorithmIdentifier2.j()), 3);
                } catch (InvalidKeyException e2) {
                    if (!f51592h.contains(algorithmIdentifier.j())) {
                        throw e2;
                    }
                    return n(k2.j(), g(algorithmIdentifier, k2, generatePublic, aSN1OctetString, this.f51595c, f51593i), algorithmIdentifier2.j(), bArr);
                }
            } catch (InvalidKeyException e3) {
                throw new CMSException("key invalid in message.", e3);
            }
        } catch (NoSuchAlgorithmException e4) {
            throw new CMSException("can't find algorithm.", e4);
        } catch (InvalidKeySpecException e5) {
            throw new CMSException("originator key spec invalid.", e5);
        } catch (NoSuchPaddingException e6) {
            throw new CMSException("required padding not supported.", e6);
        } catch (Exception e7) {
            throw new CMSException("originator key invalid.", e7);
        }
    }

    public JceKeyAgreeRecipient i(String str) {
        this.f51597e = CMSUtils.b(str);
        return this;
    }

    public JceKeyAgreeRecipient j(Provider provider) {
        this.f51597e = CMSUtils.c(provider);
        return this;
    }

    public JceKeyAgreeRecipient k(AlgorithmIdentifier algorithmIdentifier) {
        this.f51599g = algorithmIdentifier;
        return this;
    }

    public JceKeyAgreeRecipient l(String str) {
        EnvelopedDataHelper envelopedDataHelper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(str));
        this.f51596d = envelopedDataHelper;
        this.f51597e = envelopedDataHelper;
        return this;
    }

    public JceKeyAgreeRecipient m(Provider provider) {
        EnvelopedDataHelper envelopedDataHelper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider));
        this.f51596d = envelopedDataHelper;
        this.f51597e = envelopedDataHelper;
        return this;
    }

    protected Key n(ASN1ObjectIdentifier aSN1ObjectIdentifier, SecretKey secretKey, ASN1ObjectIdentifier aSN1ObjectIdentifier2, byte[] bArr) throws CMSException, InvalidKeyException, NoSuchAlgorithmException {
        Cipher f2 = this.f51596d.f(aSN1ObjectIdentifier);
        f2.init(4, secretKey);
        return f2.unwrap(bArr, this.f51596d.u(aSN1ObjectIdentifier2), 3);
    }
}
