package com.dstc.security.cms.crypto;

import com.dstc.security.cms.CMSException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/dstc/security/cms/crypto/KeyWrap.class */
public abstract class KeyWrap implements ContentKeyEncryption {
    private static final byte[] IV_FIXED = {74, -35, -94, 44, 121, -24, 33, 5};
    protected String alg;
    protected SecureRandom rand;
    private MessageDigest sha;
    protected SecretKey KEK = null;
    protected byte[] CEK = null;
    protected byte[] wrappedKey = null;
    protected Cipher cipher = null;
    private byte[] ICV = new byte[8];
    private byte[] IV = new byte[8];
    private byte[] TEMP1 = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyWrap(SecureRandom secureRandom) throws CMSException {
        this.rand = null;
        this.sha = null;
        try {
            this.rand = secureRandom;
            this.sha = MessageDigest.getInstance("SHA");
        } catch (Exception e) {
            throw new CMSException(e.getMessage());
        }
    }

    private byte[] checksum() {
        byte[] bArr = new byte[8];
        System.arraycopy(this.sha.digest(this.CEK), 0, bArr, 0, 8);
        return bArr;
    }

    @Override // com.dstc.security.cms.crypto.ContentKeyEncryption
    public byte[] decrypt(byte[] bArr) throws CMSException {
        return doUnwrap(bArr);
    }

    private byte[] doUnwrap(byte[] bArr) throws CMSException {
        try {
            this.wrappedKey = bArr;
            firstDecrypt();
            secondDecrypt();
            return postProcessKey(this.CEK);
        } catch (Exception e) {
            throw new CMSException(e.getMessage());
        }
    }

    private byte[] doWrap(byte[] bArr) throws CMSException {
        try {
            this.CEK = preProcessKey(bArr);
            firstEncrypt();
            secondEncrypt();
            return this.wrappedKey;
        } catch (Exception e) {
            throw new CMSException(e.getMessage());
        }
    }

    @Override // com.dstc.security.cms.crypto.ContentKeyEncryption
    public byte[] encrypt(byte[] bArr) throws CMSException {
        return doWrap(bArr);
    }

    private void firstDecrypt() throws BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException {
        this.cipher.init(2, this.KEK, new IvParameterSpec(IV_FIXED), this.rand);
        byte[] doFinal = this.cipher.doFinal(this.wrappedKey);
        int length = doFinal.length;
        for (int i = 0; i < this.IV.length; i++) {
            this.IV[i] = doFinal[(length - i) - 1];
        }
        this.TEMP1 = new byte[length - 8];
        for (int i2 = 0; i2 < this.TEMP1.length; i2++) {
            this.TEMP1[(this.TEMP1.length - i2) - 1] = doFinal[i2];
        }
    }

    private void firstEncrypt() throws BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException {
        this.rand.nextBytes(this.IV);
        this.cipher.init(1, this.KEK, new IvParameterSpec(this.IV), this.rand);
        this.ICV = checksum();
        byte[] bArr = new byte[this.ICV.length + this.CEK.length];
        System.arraycopy(this.CEK, 0, bArr, 0, this.CEK.length);
        System.arraycopy(this.ICV, 0, bArr, this.CEK.length, this.ICV.length);
        this.TEMP1 = this.cipher.doFinal(bArr);
    }

    protected abstract byte[] postProcessKey(byte[] bArr);

    protected abstract byte[] preProcessKey(byte[] bArr);

    private void secondDecrypt() throws BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException {
        this.cipher.init(2, this.KEK, new IvParameterSpec(this.IV), this.rand);
        byte[] doFinal = this.cipher.doFinal(this.TEMP1);
        this.CEK = new byte[doFinal.length - 8];
        System.arraycopy(doFinal, 0, this.CEK, 0, this.CEK.length);
        System.arraycopy(doFinal, this.CEK.length, this.ICV, 0, 8);
        if (!Arrays.equals(checksum(), this.ICV)) {
            throw new InvalidKeyException("Bad checksum");
        }
    }

    private void secondEncrypt() throws BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException {
        int length = this.TEMP1.length + this.IV.length;
        byte[] bArr = new byte[length];
        for (int i = 0; i < this.IV.length; i++) {
            bArr[(length - i) - 1] = this.IV[i];
        }
        for (int i2 = 0; i2 < this.TEMP1.length; i2++) {
            bArr[i2] = this.TEMP1[(this.TEMP1.length - i2) - 1];
        }
        this.cipher.init(1, this.KEK, new IvParameterSpec(IV_FIXED), this.rand);
        this.wrappedKey = this.cipher.doFinal(bArr);
    }

    @Override // com.dstc.security.cms.crypto.ContentKeyEncryption
    public void setDecryptionKey(PrivateKey privateKey) {
        throw new UnsupportedOperationException("invalid for keywrap");
    }

    @Override // com.dstc.security.cms.crypto.ContentKeyEncryption
    public void setEncryptionKey(PublicKey publicKey) {
        throw new UnsupportedOperationException("invalid for keywrap");
    }

    public void setKeyEncryptingKey(byte[] bArr) {
        this.KEK = new SecretKeySpec(bArr, this.alg);
    }
}
