package com.dstc.security.cms;

import com.dstc.security.asn1.Asn1;
import com.dstc.security.asn1.Asn1Exception;
import com.dstc.security.asn1.Explicit;
import com.dstc.security.asn1.Integer;
import com.dstc.security.asn1.Oid;
import com.dstc.security.asn1.Sequence;
import com.dstc.security.asn1.Set;
import com.dstc.security.cms.crypto.ContentKeyDecryptor;
import com.dstc.security.x509.X509ExtensionUtil;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Iterator;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.RC2ParameterSpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/dstc/security/cms/EnvelopedDataImpl.class */
public class EnvelopedDataImpl implements EnvelopedData {
    private Asn1 outer;
    private int version;
    private Vector recipients;
    private RecipientInfo matchedRcpt;
    private OriginatorInfoImpl originator;
    private EncryptedContentInfo encryptedContentInfo;
    private SecureRandom rand;
    private int contentType;

    /* JADX INFO: Access modifiers changed from: package-private */
    public EnvelopedDataImpl(InputStream inputStream, PrivateKey privateKey, X509Certificate x509Certificate, Vector vector) throws Asn1Exception, IOException, CertificateException, CMSException {
        this.outer = null;
        this.version = 0;
        this.contentType = 0;
        if (privateKey == null) {
            throw new CMSException("PrivateKey not set for decryption");
        }
        if (x509Certificate == null) {
            throw new CMSException("Cert not set for decryption");
        }
        decode(Asn1.getAsn1(inputStream), privateKey, x509Certificate, vector);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EnvelopedDataImpl(SecureRandom secureRandom, String str, X509Certificate[] x509CertificateArr, CMSTypedDataInputStream cMSTypedDataInputStream) throws CMSException {
        Cipher cipher;
        SecretKey generateKey;
        this.outer = null;
        this.version = 0;
        this.contentType = 0;
        this.rand = secureRandom;
        this.outer = new Sequence();
        this.outer.add(new Oid("1.2.840.113549.1.7.3"));
        Sequence sequence = new Sequence();
        try {
            byte[] bArr = new byte[8];
            secureRandom.nextBytes(bArr);
            if (str.equals("DESede")) {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede");
                cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
                keyGenerator.init(168, secureRandom);
                generateKey = keyGenerator.generateKey();
                cipher.init(1, generateKey, new IvParameterSpec(bArr), secureRandom);
            } else if (str.equals("RC2")) {
                KeyGenerator keyGenerator2 = KeyGenerator.getInstance("RC2");
                cipher = Cipher.getInstance("RC2/CBC/PKCS5Padding");
                keyGenerator2.init(128, secureRandom);
                generateKey = keyGenerator2.generateKey();
                cipher.init(1, generateKey, new RC2ParameterSpec(128, bArr), secureRandom);
            } else if (str.equals("RC2/40")) {
                KeyGenerator keyGenerator3 = KeyGenerator.getInstance("RC2");
                cipher = Cipher.getInstance("RC2/CBC/PKCS5Padding");
                keyGenerator3.init(40, secureRandom);
                generateKey = keyGenerator3.generateKey();
                cipher.init(1, generateKey, new RC2ParameterSpec(40, bArr), secureRandom);
            } else {
                if (!str.equals("IDEA")) {
                    throw new CMSException(new StringBuffer("Unsupported algorithm ").append(str).append(" for CMS").toString());
                }
                KeyGenerator keyGenerator4 = KeyGenerator.getInstance("IDEA");
                cipher = Cipher.getInstance("IDEA/CBC/PKCS5Padding");
                keyGenerator4.init(128, secureRandom);
                generateKey = keyGenerator4.generateKey();
                cipher.init(1, generateKey, new IvParameterSpec(bArr), secureRandom);
            }
            Set set = new Set();
            for (int i = 0; i < x509CertificateArr.length; i++) {
                PublicKey publicKey = x509CertificateArr[i].getPublicKey();
                if (publicKey instanceof RSAPublicKey) {
                    if (!X509ExtensionUtil.isKeyUsageEncryption(x509CertificateArr[i])) {
                        throw new CMSException("Certificate key usage does not include encryption");
                    }
                    set.add(new KeyTransRecipientInfoImpl(secureRandom, x509CertificateArr[i], generateKey).getAsn1());
                } else {
                    if (!(publicKey instanceof DHPublicKey)) {
                        throw new CMSException(new StringBuffer("Key: ").append(publicKey).append(" unsuitable for enveloped data").toString());
                    }
                    DHParameterSpec params = ((DHPublicKey) publicKey).getParams();
                    Vector vector = new Vector();
                    vector.add(x509CertificateArr[i]);
                    Asn1 asn1 = new KeyAgreeRecipientInfoImpl(secureRandom, params, vector, generateKey).getAsn1();
                    asn1.setTagClass(128);
                    asn1.setTagNumber(1);
                    set.add(asn1);
                    this.version = 2;
                }
            }
            sequence.add(new Integer(this.version));
            sequence.add(set);
            sequence.add(new EncryptedContentInfo(cMSTypedDataInputStream.getContentType(), cMSTypedDataInputStream, cipher).getAsn1());
            Explicit explicit = new Explicit(128, 0);
            explicit.add(sequence);
            this.outer.add(explicit);
        } catch (CMSException e) {
            throw e;
        } catch (Exception e2) {
            throw new CMSException(new StringBuffer("encryption error: nested exception is").append(e2.toString()).toString());
        }
    }

    private void decode(Asn1 asn1, PrivateKey privateKey, X509Certificate x509Certificate, Vector vector) throws Asn1Exception, IOException, CertificateException, CMSException {
        Asn1 asn12;
        this.outer = asn1;
        Iterator components = asn1.components();
        if (!((Oid) components.next()).getOid().equals("1.2.840.113549.1.7.3")) {
            throw new CMSException("Not an EnvelopedData encoding");
        }
        Iterator components2 = ((Asn1) ((Asn1) components.next()).components().next()).components();
        this.version = ((Integer) components2.next()).getInt();
        Asn1 asn13 = (Asn1) components2.next();
        if (asn13.getTagNumber() == 0) {
            this.originator = new OriginatorInfoImpl(asn13);
            asn13 = (Asn1) components2.next();
        }
        this.recipients = new Vector();
        Iterator components3 = ((Set) asn13).components();
        while (components3.hasNext() && (asn12 = (Asn1) components3.next()) != null) {
            RecipientInfo recipientInfo = Factory.getRecipientInfo(asn12, vector);
            this.recipients.add(recipientInfo);
            if (this.matchedRcpt == null && match(recipientInfo, x509Certificate)) {
                this.matchedRcpt = recipientInfo;
            }
        }
        if (this.matchedRcpt == null) {
            throw new CMSException("cannot match recipientinfo");
        }
        this.encryptedContentInfo = new EncryptedContentInfo((Asn1) components2.next(), ContentKeyDecryptor.decryptKey(this.matchedRcpt, privateKey));
        String contentType = this.encryptedContentInfo.getContentType();
        if (contentType.equals("1.2.840.113549.1.7.1")) {
            this.contentType = 0;
        } else if (contentType.equals("1.2.840.113549.1.7.2")) {
            this.contentType = 1;
        } else {
            if (!contentType.equals("1.2.840.113549.1.7.3")) {
                throw new CMSException(new StringBuffer("Content type ").append(contentType).append(" unsupported for CMS encryption").toString());
            }
            this.contentType = 2;
        }
    }

    public int getCMSVersion() {
        return this.version;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public InputStream getDecrypted() {
        return this.encryptedContentInfo.getDecrypted();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CMSTypedDataInputStream getEncrypted() {
        return new CMSTypedDataInputStream(2, new BEREncodedInputStream(this.outer));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getEncryptedContentType() {
        return this.contentType;
    }

    @Override // com.dstc.security.cms.EnvelopedData
    public OriginatorInfo getOriginatorInfo() {
        return this.originator;
    }

    @Override // com.dstc.security.cms.EnvelopedData
    public RecipientInfo[] getRecipientInfos() {
        if (this.recipients == null) {
            return null;
        }
        RecipientInfo[] recipientInfoArr = new RecipientInfo[this.recipients.size()];
        this.recipients.toArray(recipientInfoArr);
        return recipientInfoArr;
    }

    public Attribute[] getUnprotectedAttributes() {
        return null;
    }

    private static boolean match(RecipientEncryptedKey recipientEncryptedKey, X509Certificate x509Certificate) {
        KeyAgreeRecipientIdentifier recipientId = recipientEncryptedKey.getRecipientId();
        if (recipientId instanceof IssuerAndSerialNumber) {
            return new IssuerAndSerialNumberImpl(x509Certificate).equals(recipientId);
        }
        if (recipientId instanceof RecipientKeyIdentifier) {
            return new IssuerAndSerialNumberImpl(x509Certificate).equals(((RecipientKeyIdentifier) recipientId).getSubjectKeyIdentifier());
        }
        return false;
    }

    private static boolean match(RecipientInfo recipientInfo, X509Certificate x509Certificate) {
        if (!(recipientInfo instanceof KeyTransRecipientInfo)) {
            Iterator it = ((KeyAgreeRecipientInfo) recipientInfo).getRecipientEncryptedKeys().iterator();
            while (it.hasNext()) {
                if (match((RecipientEncryptedKey) it.next(), x509Certificate)) {
                    return true;
                }
            }
            return false;
        }
        RecipientIdentifier recipientIdentifier = ((KeyTransRecipientInfo) recipientInfo).getRecipientIdentifier();
        if (recipientIdentifier instanceof IssuerAndSerialNumber) {
            return new IssuerAndSerialNumberImpl(x509Certificate).equals(recipientIdentifier);
        }
        if (recipientIdentifier instanceof SubjectKeyIdentifier) {
            return new SubjectKeyIdentifierImpl(x509Certificate).equals(recipientIdentifier);
        }
        return false;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("EnvelopedData");
        stringBuffer.append("\n[");
        stringBuffer.append("\n  version: ").append(this.version);
        if (this.originator != null) {
            stringBuffer.append(new StringBuffer("\noriginatorInfo: ").append(this.originator).toString());
        }
        if (this.recipients == null) {
            return stringBuffer.toString();
        }
        stringBuffer.append("\n  RecipientInfos ");
        stringBuffer.append("{no of recipients = ");
        stringBuffer.append(String.valueOf(this.recipients.size()));
        stringBuffer.append("}");
        stringBuffer.append("\n  [");
        for (int i = 0; i < this.recipients.size(); i++) {
            StringTokenizer stringTokenizer = new StringTokenizer(((RecipientInfo) this.recipients.elementAt(i)).toString(), "\r\n");
            while (stringTokenizer.hasMoreTokens()) {
                stringBuffer.append("\n     ").append(stringTokenizer.nextToken());
            }
            stringBuffer.append("\n");
        }
        stringBuffer.append("  ]");
        stringBuffer.append("\n]");
        return stringBuffer.toString();
    }
}
