package com.digt.trusted.cms;

import com.digt.trusted.asn1.ASN1Encodable;
import com.digt.trusted.asn1.ASN1EncodableVector;
import com.digt.trusted.asn1.ASN1InputStream;
import com.digt.trusted.asn1.ASN1OctetString;
import com.digt.trusted.asn1.BERConstructedOctetString;
import com.digt.trusted.asn1.DERInteger;
import com.digt.trusted.asn1.DERNull;
import com.digt.trusted.asn1.DERObject;
import com.digt.trusted.asn1.DERObjectIdentifier;
import com.digt.trusted.asn1.DEROctetString;
import com.digt.trusted.asn1.DERSet;
import com.digt.trusted.asn1.cms.ContentInfo;
import com.digt.trusted.asn1.cms.EncryptedContentInfo;
import com.digt.trusted.asn1.cms.EnvelopedData;
import com.digt.trusted.asn1.cms.IssuerAndSerialNumber;
import com.digt.trusted.asn1.cms.KEKIdentifier;
import com.digt.trusted.asn1.cms.KEKRecipientInfo;
import com.digt.trusted.asn1.cms.KeyTransRecipientInfo;
import com.digt.trusted.asn1.cms.RecipientIdentifier;
import com.digt.trusted.asn1.cms.RecipientInfo;
import com.digt.trusted.asn1.pkcs.PKCSObjectIdentifiers;
import com.digt.trusted.asn1.x509.AlgorithmIdentifier;
import com.digt.trusted.asn1.x509.SubjectPublicKeyInfo;
import com.digt.trusted.asn1.x509.TBSCertificateStructure;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.RC2ParameterSpec;

/* loaded from: input_file:com/digt/trusted/cms/CMSEnvelopedDataGenerator.class */
public class CMSEnvelopedDataGenerator {
    private static Logger logger = Logger.getLogger("com.digt.trusted.cms.CMSEnvelopedDataGenerator");
    public static final String DES_EDE3_CBC = "1.2.840.113549.3.7";
    public static final String RC2_CBC = "1.2.840.113549.3.2";
    public static final String IDEA_CBC = "1.3.6.1.4.1.188.7.1.1.2";
    public static final String CAST5_CBC = "1.2.840.113533.7.66.10";
    public static final String AES128_CBC = "2.16.840.1.101.3.4.1.2";
    public static final String AES192_CBC = "2.16.840.1.101.3.4.1.22";
    public static final String AES256_CBC = "2.16.840.1.101.3.4.1.42";
    public static final String GOST28147_CFB = "1.2.643.2.2.21";
    ArrayList recipientInfs = new ArrayList();
    SecureRandom rand = new SecureRandom();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/digt/trusted/cms/CMSEnvelopedDataGenerator$RecipientInf.class */
    public class RecipientInf {
        X509Certificate cert;
        AlgorithmIdentifier keyEncAlg;
        PublicKey pubKey;
        ASN1OctetString subKeyId;
        SecretKey secKey;
        KEKIdentifier secKeyId;

        RecipientInf(X509Certificate x509Certificate) {
            this.cert = x509Certificate;
            this.pubKey = x509Certificate.getPublicKey();
            try {
                this.keyEncAlg = TBSCertificateStructure.getInstance(new ASN1InputStream(new ByteArrayInputStream(x509Certificate.getTBSCertificate())).readObject()).getSubjectPublicKeyInfo().getAlgorithmId();
            } catch (IOException e) {
                throw new IllegalArgumentException("can't extract key algorithm from this cert");
            } catch (CertificateEncodingException e2) {
                throw new IllegalArgumentException("can't extract tbs structure from this cert");
            }
        }

        RecipientInf(PublicKey publicKey, ASN1OctetString aSN1OctetString) {
            this.pubKey = publicKey;
            this.subKeyId = aSN1OctetString;
            try {
                this.keyEncAlg = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject()).getAlgorithmId();
            } catch (IOException e) {
                throw new IllegalArgumentException("can't extract key algorithm from this key");
            }
        }

        RecipientInf(SecretKey secretKey, KEKIdentifier kEKIdentifier) {
            this.secKey = secretKey;
            this.secKeyId = kEKIdentifier;
            if (secretKey.getAlgorithm().startsWith("DES")) {
                this.keyEncAlg = new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.9.16.3.6"), new DERNull());
            } else {
                if (!secretKey.getAlgorithm().startsWith("RC2")) {
                    throw new IllegalArgumentException("unknown algorithm");
                }
                this.keyEncAlg = new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.9.16.3.7"), new DERInteger(58));
            }
        }

        RecipientInfo toRecipientInfo(SecretKey secretKey, String str) throws IOException, GeneralSecurityException {
            Cipher cipher = null;
            if (!this.keyEncAlg.getObjectId().getId().equals("1.2.643.2.2.19") && !this.keyEncAlg.getObjectId().getId().equals("1.2.643.2.2.20")) {
                cipher = Cipher.getInstance(this.keyEncAlg.getObjectId().getId(), str);
            } else if (this.cert != null) {
                TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(new ASN1InputStream(new ByteArrayInputStream(this.cert.getTBSCertificate())).readObject());
                return new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier(new IssuerAndSerialNumber(tBSCertificateStructure.getIssuer(), tBSCertificateStructure.getSerialNumber().getValue())), this.keyEncAlg, null));
            }
            if (this.pubKey == null) {
                cipher.init(3, this.secKey);
                return new RecipientInfo(new KEKRecipientInfo(this.secKeyId, this.keyEncAlg, new DEROctetString(cipher.wrap(secretKey))));
            }
            byte[] encoded = secretKey.getEncoded();
            cipher.init(1, this.pubKey);
            DEROctetString dEROctetString = new DEROctetString(cipher.doFinal(encoded));
            if (this.cert == null) {
                return new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier(this.subKeyId), this.keyEncAlg, dEROctetString));
            }
            TBSCertificateStructure tBSCertificateStructure2 = TBSCertificateStructure.getInstance(new ASN1InputStream(new ByteArrayInputStream(this.cert.getTBSCertificate())).readObject());
            return new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier(new IssuerAndSerialNumber(tBSCertificateStructure2.getIssuer(), tBSCertificateStructure2.getSerialNumber().getValue())), this.keyEncAlg, dEROctetString));
        }
    }

    private native byte[] CPEncryptMessage(byte[] bArr, int[] iArr, byte[] bArr2);

    public void addKeyTransRecipient(X509Certificate x509Certificate) throws IllegalArgumentException {
        this.recipientInfs.add(new RecipientInf(x509Certificate));
    }

    public void addKeyTransRecipient(PublicKey publicKey, byte[] bArr) throws IllegalArgumentException {
        this.recipientInfs.add(new RecipientInf(publicKey, new DEROctetString(bArr)));
    }

    public void addKEKRecipient(SecretKey secretKey, byte[] bArr) {
        this.recipientInfs.add(new RecipientInf(secretKey, new KEKIdentifier(bArr, null, null)));
    }

    private DERObject makeObj(byte[] bArr) throws IOException {
        if (bArr == null) {
            return null;
        }
        return new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject();
    }

    private AlgorithmIdentifier makeAlgId(String str, byte[] bArr) throws IOException {
        return bArr != null ? new AlgorithmIdentifier(new DERObjectIdentifier(str), makeObj(bArr)) : new AlgorithmIdentifier(new DERObjectIdentifier(str), new DERNull());
    }

    private CMSEnvelopedData generate(CMSProcessable cMSProcessable, String str, KeyGenerator keyGenerator, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        AlgorithmParameters algorithmParameters;
        ASN1Encodable dERNull;
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (str.equals(GOST28147_CFB)) {
            logger.finest("GOST processing");
            Iterator it = this.recipientInfs.iterator();
            X509Certificate[] x509CertificateArr = new X509Certificate[this.recipientInfs.size()];
            int i = 0;
            long j = 0;
            do {
                try {
                    if (!it.hasNext()) {
                        int i2 = i - 1;
                        if (x509CertificateArr.length == 0) {
                            throw new CMSException("No recipient certificates.");
                        }
                        logger.finer("Recipients count: " + x509CertificateArr.length);
                        byte[] bArr = new byte[(int) j];
                        int[] iArr = new int[i2 + 1];
                        int i3 = 0;
                        for (int i4 = 0; i4 <= i2; i4++) {
                            System.arraycopy(x509CertificateArr[i4].getEncoded(), 0, bArr, i3, x509CertificateArr[i4].getEncoded().length);
                            i3 += x509CertificateArr[i4].getEncoded().length;
                            iArr[i4] = x509CertificateArr[i4].getEncoded().length;
                        }
                        try {
                            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                            cMSProcessable.write(byteArrayOutputStream);
                            byte[] CPEncryptMessage = CPEncryptMessage(bArr, iArr, byteArrayOutputStream.toByteArray());
                            if (CPEncryptMessage == null) {
                                throw new CMSException("Error Encrypt Message.");
                            }
                            Iterator it2 = this.recipientInfs.iterator();
                            while (it2.hasNext()) {
                                try {
                                    aSN1EncodableVector.add(((RecipientInf) it2.next()).toRecipientInfo(null, str2));
                                } catch (Exception e) {
                                    logger.severe(e.toString());
                                    throw new CMSException("Error add recipient.", e);
                                }
                            }
                            return new CMSEnvelopedData(new ContentInfo(PKCSObjectIdentifiers.envelopedData, new EnvelopedData(null, new DERSet(aSN1EncodableVector), new EncryptedContentInfo(PKCSObjectIdentifiers.data, new AlgorithmIdentifier(new DERObjectIdentifier(str), new DERNull()), CPEncryptMessage), null)));
                        } catch (Exception e2) {
                            logger.severe(e2.toString());
                            throw new CMSException("Exception  ", e2);
                        }
                    }
                    if (i > 100) {
                        throw new CMSException("Max count recipient certificates " + i + ".");
                    }
                    int i5 = i;
                    i++;
                    x509CertificateArr[i5] = ((RecipientInf) it.next()).cert;
                    j += r0.cert.getEncoded().length;
                } catch (CertificateEncodingException e3) {
                    logger.severe(e3.toString());
                    throw new CMSException("Cann't encoding certificate - ", e3);
                }
            } while (j <= 2147483647L);
            throw new CMSException("Too much length certificates.");
        }
        logger.finer("non-GOST processing");
        try {
            Cipher cipher = Cipher.getInstance(str, str2);
            SecretKey generateKey = keyGenerator.generateKey();
            try {
                AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(str, str2);
                if (str.equals(RC2_CBC)) {
                    byte[] bArr2 = new byte[8];
                    this.rand.setSeed(System.currentTimeMillis());
                    this.rand.nextBytes(bArr2);
                    algorithmParameterGenerator.init(new RC2ParameterSpec(generateKey.getEncoded().length * 8, bArr2));
                }
                algorithmParameters = algorithmParameterGenerator.generateParameters();
                dERNull = new ASN1InputStream(new ByteArrayInputStream(algorithmParameters.getEncoded("ASN.1"))).readObject();
            } catch (NoSuchAlgorithmException e4) {
                logger.severe(e4.toString());
                algorithmParameters = null;
                dERNull = new DERNull();
            }
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier(str), dERNull);
            cipher.init(1, generateKey, algorithmParameters);
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream2, cipher);
            cMSProcessable.write(cipherOutputStream);
            cipherOutputStream.close();
            BERConstructedOctetString bERConstructedOctetString = new BERConstructedOctetString(byteArrayOutputStream2.toByteArray());
            Iterator it3 = this.recipientInfs.iterator();
            while (it3.hasNext()) {
                try {
                    aSN1EncodableVector.add(((RecipientInf) it3.next()).toRecipientInfo(generateKey, str2));
                } catch (IOException e5) {
                    logger.finer("encoding error." + e5);
                    throw new CMSException("encoding error.", e5);
                } catch (InvalidKeyException e6) {
                    logger.finer("key inappropriate for algorithm." + e6);
                    throw new CMSException("key inappropriate for algorithm.", e6);
                } catch (GeneralSecurityException e7) {
                    logger.finer("error making encrypted content." + e7);
                    throw new CMSException("error making encrypted content.", e7);
                }
            }
            return new CMSEnvelopedData(new ContentInfo(PKCSObjectIdentifiers.envelopedData, new EnvelopedData(null, new DERSet(aSN1EncodableVector), new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmIdentifier, bERConstructedOctetString), null)));
        } catch (IOException e8) {
            logger.finer("exception decoding algorithm parameters." + e8);
            throw new CMSException("exception decoding algorithm parameters.", e8);
        } catch (InvalidAlgorithmParameterException e9) {
            logger.finer("algorithm parameters invalid." + e9);
            throw new CMSException("algorithm parameters invalid.", e9);
        } catch (InvalidKeyException e10) {
            logger.finer("key invalid in message." + e10);
            throw new CMSException("key invalid in message.", e10);
        } catch (NoSuchAlgorithmException e11) {
            logger.finer("can't find algorithm. " + e11);
            throw new CMSException("can't find algorithm.", e11);
        } catch (NoSuchPaddingException e12) {
            logger.finer("required padding not supported." + e12);
            throw new CMSException("required padding not supported.", e12);
        }
    }

    public CMSEnvelopedData generate(CMSProcessable cMSProcessable, String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        try {
            return generate(cMSProcessable, str, KeyGenerator.getInstance(str, str2), str2);
        } catch (NoSuchAlgorithmException e) {
            throw new CMSException("can't find key generation algorithm.", e);
        }
    }

    public CMSEnvelopedData generate(CMSProcessable cMSProcessable, String str, int i, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str, str2);
            keyGenerator.init(i);
            return generate(cMSProcessable, str, keyGenerator, str2);
        } catch (NoSuchAlgorithmException e) {
            throw new CMSException("can't find key generation algorithm.", e);
        }
    }

    static {
        System.loadLibrary("djcp20");
    }
}
