package net.netca.pki.encoding.json.jose;

import com.tencent.smtt.sdk.TbsVideoCacheTask;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.Base64Url;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.ECCPublicKey;
import net.netca.pki.encoding.asn1.pki.SubjectPublicKeyInfo;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.json.JSON;
import net.netca.pki.encoding.json.JSONArray;
import net.netca.pki.encoding.json.JSONObject;
import net.netca.pki.encoding.json.JSONString;
import net.netca.pki.encoding.json.jose.impl.jce.JCEHash;

/* loaded from: classes3.dex */
public class JWE {
    public static final int CERTID_TYPE_NONE = 0;
    public static final int CERTID_TYPE_X5C = 1;
    public static final int CERTID_TYPE_X5C_ONLY_CERT = 2;
    public static final int CERTID_TYPE_X5T = 3;
    public static final int CERTID_TYPE_X5T_S256 = 4;
    public static final int COMPACT_SERIALIZATION = 1;
    public static final String CONTENT_ENC_ALGO_AES_128_CBC_HMAC_SHA_256 = "A128CBC-HS256";
    public static final String CONTENT_ENC_ALGO_AES_128_GCM = "A128GCM";
    public static final String CONTENT_ENC_ALGO_AES_192_CBC_HMAC_SHA_384 = "A192CBC-HS384";
    public static final String CONTENT_ENC_ALGO_AES_192_GCM = "A192GCM";
    public static final String CONTENT_ENC_ALGO_AES_256_CBC_HMAC_SHA_512 = "A256CBC-HS512";
    public static final String CONTENT_ENC_ALGO_AES_256_GCM = "A256GCM";
    public static final String CONTENT_ENC_ALGO_SM4_CBC_HMAC_SM3 = "SM4CBC-HSM3";
    public static final String ENCRYPT_CEK_ALGO_AES_128_GCM_KEYWRAP = "A128GCMKW";
    public static final String ENCRYPT_CEK_ALGO_AES_128_KEYWRAP = "A128KW";
    public static final String ENCRYPT_CEK_ALGO_AES_192_GCM_KEYWRAP = "A192GCMKW";
    public static final String ENCRYPT_CEK_ALGO_AES_192_KEYWRAP = "A192KW";
    public static final String ENCRYPT_CEK_ALGO_AES_256_GCM_KEYWRAP = "A256GCMKW";
    public static final String ENCRYPT_CEK_ALGO_AES_256_KEYWRAP = "A256KW";
    public static final String ENCRYPT_CEK_ALGO_DIR = "dir";
    public static final String ENCRYPT_CEK_ALGO_ECDH_ES = "ECDH-ES";
    public static final String ENCRYPT_CEK_ALGO_ECDH_ES_AES_128_KEYWRAP = "ECDH-ES+A128KW";
    public static final String ENCRYPT_CEK_ALGO_ECDH_ES_AES_192_KEYWRAP = "ECDH-ES+A192KW";
    public static final String ENCRYPT_CEK_ALGO_ECDH_ES_AES_256_KEYWRAP = "ECDH-ES+A256KW";
    public static final String ENCRYPT_CEK_ALGO_PBES2_HMAC_SHA256_AES_128_KEYWRAP = "PBES2-HS256+A128KW";
    public static final String ENCRYPT_CEK_ALGO_PBES2_HMAC_SHA384_AES_192_KEYWRAP = "PBES2-HS384+A192KW";
    public static final String ENCRYPT_CEK_ALGO_PBES2_HMAC_SHA512_AES_256_KEYWRAP = "PBES2-HS512+A256KW";
    public static final String ENCRYPT_CEK_ALGO_RSA1_5 = "RSA1_5";
    public static final String ENCRYPT_CEK_ALGO_RSA_OAEP = "RSA-OAEP";
    public static final String ENCRYPT_CEK_ALGO_RSA_OAEP_256 = "RSA-OAEP-256";
    public static final String ENCRYPT_CEK_ALGO_SM2_ENCRYPT = "SM2_3";
    public static final int JSON_SERIALIZATION = 2;
    private String aadEncode;
    private JWEX509CertificateAndPrivateKey certAndPrivateKey;
    private String contentEncryptedAlgo;
    private JWEEncryptedContentInfo encryptedContent;
    private IHash hashInterface;
    private IJWEKDF kdfObj;
    private IJWEKeyUnwarp keyunwrapObj;
    private String protectHeaderEncode;
    private Header protectedHeader;
    private ArrayList<JWERecipientInfo> recipientInfolist;
    private Header sharedUnprotectedHeader;
    private IJWECipher symDecrypter;
    private int type;
    private ArrayList<JWEX509CertificateAndPrivateKey> certAndPrivateKeyList = new ArrayList<>();
    private int decryptIndex = -1;
    private X509Certificate decryptCert = null;

    private JWE(int i2, String str) throws PkiException {
        if (i2 == 1) {
            initWithCompactSerialization(str);
        } else {
            if (i2 != 2) {
                throw new PkiException("invalid type " + i2);
            }
            initJsonSerialization(str);
        }
        decodeFinal(i2);
    }

    public JWE(int i2, Header header, String str, Header header2, ArrayList<JWERecipientInfo> arrayList, String str2, String str3, JWEEncryptedContentInfo jWEEncryptedContentInfo) throws PkiException {
        if (i2 != 1 && i2 != 2) {
            throw new PkiException("type invalid " + i2);
        }
        if (arrayList.size() == 0) {
            throw new PkiException("no RecipientInfo");
        }
        this.aadEncode = str3;
        this.type = i2;
        this.recipientInfolist = arrayList;
        this.protectedHeader = header;
        this.sharedUnprotectedHeader = header2;
        this.encryptedContent = jWEEncryptedContentInfo;
        this.contentEncryptedAlgo = str2;
        this.protectHeaderEncode = str;
    }

    private byte[] aesGcmKeyUnwrap(JWERecipientInfo jWERecipientInfo) throws PkiException {
        if (this.symDecrypter == null) {
            throw new PkiException("no set IJWECipher!");
        }
        String encryptedKey = jWERecipientInfo.getEncryptedKey();
        if (encryptedKey == null || encryptedKey.length() == 0) {
            throw new PkiException("encryptedKeyEncode is empty!");
        }
        byte[] decryptKey = jWERecipientInfo.getDecryptKey();
        String cekAlgo = jWERecipientInfo.getCekAlgo();
        if (decryptKey == null) {
            throw new PkiException("recInfo no set DecryptKey!");
        }
        if (!Utils.IsKEKAlgoMatchKeyLength(cekAlgo, decryptKey.length)) {
            throw new PkiException("key length " + decryptKey.length + "no match algo " + cekAlgo);
        }
        String jSONString = Utils.getJSONString(getHeaderJsonItem(jWERecipientInfo, HeaderParameterNames.INITIALIZATION_VECTOR));
        if (jSONString == null || jSONString.length() == 0) {
            throw new PkiException("no ivEncode in UnProtectedHeader");
        }
        String jSONString2 = Utils.getJSONString(getHeaderJsonItem(jWERecipientInfo, "tag"));
        if (jSONString2 == null || jSONString2.length() == 0) {
            throw new PkiException("no tagEncode in UnProtectedHeader");
        }
        byte[] decode = Base64Url.decode(false, true, jSONString);
        byte[] decode2 = Base64Url.decode(false, true, jSONString2);
        byte[] decode3 = Base64Url.decode(false, true, encryptedKey);
        return this.symDecrypter.decrypt(cekAlgo, decryptKey, decode, null, decode3, 0, decode3.length, decode2);
    }

    private byte[] aesKeyUnwrap(JWERecipientInfo jWERecipientInfo) throws PkiException {
        if (this.keyunwrapObj == null) {
            throw new PkiException("no set IJWEKeyWrap!");
        }
        byte[] decryptKey = jWERecipientInfo.getDecryptKey();
        String cekAlgo = jWERecipientInfo.getCekAlgo();
        if (decryptKey == null) {
            throw new PkiException("recInfo no set DecryptKey!");
        }
        if (Utils.IsKEKAlgoMatchKeyLength(cekAlgo, decryptKey.length)) {
            byte[] decode = Base64Url.decode(false, true, jWERecipientInfo.getEncryptedKey());
            if (decode != null) {
                return this.keyunwrapObj.keyunwrap(cekAlgo, decryptKey, decode);
            }
            throw new PkiException("no encrypted_key or encrypted_key is no base64URL");
        }
        throw new PkiException("key length " + decryptKey.length + "no match algo " + cekAlgo);
    }

    private byte[] certDecryptKey(JWERecipientInfo jWERecipientInfo) throws PkiException {
        byte[] decode = Base64Url.decode(false, true, jWERecipientInfo.getEncryptedKey());
        if (decode == null) {
            throw new PkiException("no encrypted_key or encrypted_key is no base64URL");
        }
        JWEX509CertificateAndPrivateKey x509CertificateAndPrivateKey = jWERecipientInfo.getX509CertificateAndPrivateKey();
        this.certAndPrivateKey = x509CertificateAndPrivateKey;
        byte[] decrypt = x509CertificateAndPrivateKey.getPrivateKeyDecrypter().decrypt(jWERecipientInfo.getCekAlgo(), decode, 0, decode.length);
        this.decryptCert = this.certAndPrivateKey.getCert();
        return decrypt;
    }

    private void checkAlgoParams(Header header) throws PkiException {
        String headerStringValue = header.getHeaderStringValue(HeaderParameterNames.ALGORITHM);
        if (headerStringValue == null || headerStringValue.length() == 0) {
            throw new PkiException("no  algo header params!");
        }
        String headerStringValue2 = header.getHeaderStringValue(HeaderParameterNames.ENCRYPTION_METHOD);
        if (headerStringValue2 == null || headerStringValue2.length() == 0) {
            throw new PkiException("no  enc  header params!");
        }
    }

    private void checkHasDupHeaderParams() throws PkiException {
        int size = this.recipientInfolist.size();
        for (int i2 = 0; i2 < size; i2++) {
            if (Utils.hasDupItemInThreeHeaders(this.protectedHeader, this.sharedUnprotectedHeader, this.recipientInfolist.get(i2).getUnProtectHeader())) {
                throw new PkiException("hasDupItem In  headerparams");
            }
        }
    }

    private boolean checkMatchCert(JWERecipientInfo jWERecipientInfo) throws PkiException {
        if (checkMatchCert(this.certAndPrivateKey, jWERecipientInfo)) {
            return true;
        }
        Iterator<JWEX509CertificateAndPrivateKey> it = this.certAndPrivateKeyList.iterator();
        while (it.hasNext()) {
            if (checkMatchCert(it.next(), jWERecipientInfo)) {
                return true;
            }
        }
        return false;
    }

    private boolean checkMatchCert(JWEX509CertificateAndPrivateKey jWEX509CertificateAndPrivateKey, JWERecipientInfo jWERecipientInfo) throws PkiException {
        boolean z;
        boolean z2;
        if (jWERecipientInfo.getX509CertificateAndPrivateKey() != null) {
            return true;
        }
        boolean z3 = false;
        if (jWEX509CertificateAndPrivateKey == null || jWEX509CertificateAndPrivateKey.getCert() == null) {
            return false;
        }
        JSON headerJsonItem = getHeaderJsonItem(jWERecipientInfo, HeaderParameterNames.X509_CERTIFICATE_CHAIN);
        if (jWERecipientInfo.getCert() == null) {
            z = false;
            z2 = true;
        } else {
            if (!jWEX509CertificateAndPrivateKey.getCert().equals(jWERecipientInfo.getCert())) {
                return false;
            }
            jWERecipientInfo.setX509CertificateAndPrivateKey(jWEX509CertificateAndPrivateKey);
            z = true;
            z2 = false;
        }
        if (headerJsonItem != null) {
            X509Certificate x5CJsonCert = Utils.getX5CJsonCert(headerJsonItem);
            if (x5CJsonCert != null) {
                if (!jWEX509CertificateAndPrivateKey.getCert().equals(x5CJsonCert)) {
                    return false;
                }
                jWERecipientInfo.setX509CertificateAndPrivateKey(jWEX509CertificateAndPrivateKey);
                z = true;
            }
            z2 = false;
        }
        if (getHeaderJsonItem(jWERecipientInfo, HeaderParameterNames.X509_CERTIFICATE_THUMBPRINT) != null) {
            JSON headerJsonItem2 = getHeaderJsonItem(jWERecipientInfo, HeaderParameterNames.X509_CERTIFICATE_THUMBPRINT);
            X509Certificate cert = jWEX509CertificateAndPrivateKey.getCert();
            IHash iHash = this.hashInterface;
            if (iHash == null) {
                iHash = new JCEHash();
            }
            if (Utils.verifyCertx5t(headerJsonItem2, HeaderParameterNames.X509_CERTIFICATE_THUMBPRINT, cert, iHash)) {
                jWERecipientInfo.setX509CertificateAndPrivateKey(jWEX509CertificateAndPrivateKey);
                z = true;
            }
            z2 = false;
        }
        if (getHeaderJsonItem(jWERecipientInfo, HeaderParameterNames.X509_CERTIFICATE_SHA256_THUMBPRINT) != null) {
            JSON headerJsonItem3 = getHeaderJsonItem(jWERecipientInfo, HeaderParameterNames.X509_CERTIFICATE_SHA256_THUMBPRINT);
            X509Certificate cert2 = jWEX509CertificateAndPrivateKey.getCert();
            IHash iHash2 = this.hashInterface;
            if (iHash2 == null) {
                iHash2 = new JCEHash();
            }
            if (Utils.verifyCertx5t(headerJsonItem3, HeaderParameterNames.X509_CERTIFICATE_SHA256_THUMBPRINT, cert2, iHash2)) {
                jWERecipientInfo.setX509CertificateAndPrivateKey(jWEX509CertificateAndPrivateKey);
                z = true;
            }
        } else {
            z3 = z2;
        }
        if (!z3) {
            return z;
        }
        jWERecipientInfo.setX509CertificateAndPrivateKey(jWEX509CertificateAndPrivateKey);
        return true;
    }

    private boolean checkMatchDecryptEncryptedKeyRecipent(JWERecipientInfo jWERecipientInfo) throws PkiException {
        String cekAlgo = jWERecipientInfo.getCekAlgo();
        if (cekAlgo.equals(ENCRYPT_CEK_ALGO_RSA1_5) || cekAlgo.equals(ENCRYPT_CEK_ALGO_RSA_OAEP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_RSA_OAEP_256) || cekAlgo.equals(ENCRYPT_CEK_ALGO_ECDH_ES) || cekAlgo.equals(ENCRYPT_CEK_ALGO_ECDH_ES_AES_128_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_ECDH_ES_AES_192_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_ECDH_ES_AES_256_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_SM2_ENCRYPT)) {
            return checkMatchCert(jWERecipientInfo);
        }
        if (cekAlgo.equals(ENCRYPT_CEK_ALGO_AES_128_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_AES_192_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_AES_256_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_DIR) || cekAlgo.equals(ENCRYPT_CEK_ALGO_AES_128_GCM_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_AES_192_GCM_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_AES_256_GCM_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_PBES2_HMAC_SHA256_AES_128_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_PBES2_HMAC_SHA384_AES_192_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_PBES2_HMAC_SHA512_AES_256_KEYWRAP)) {
            return jWERecipientInfo.getDecryptKey() != null;
        }
        throw new PkiException("bad cekalgo " + cekAlgo);
    }

    public static JWE decode(int i2, String str) throws PkiException {
        return new JWE(i2, str);
    }

    public static JWE decode(int i2, byte[] bArr) throws PkiException {
        try {
            return decode(i2, new String(bArr, "UTF-8"));
        } catch (Exception unused) {
            throw new PkiException("UTF-8 encode Fail");
        }
    }

    private void decodeFinal(int i2) throws PkiException {
        checkHasDupHeaderParams();
    }

    private byte[] decryptEncryptedKey(JWERecipientInfo jWERecipientInfo) throws PkiException {
        String cekAlgo = jWERecipientInfo.getCekAlgo();
        if (cekAlgo.equals(ENCRYPT_CEK_ALGO_RSA1_5) || cekAlgo.equals(ENCRYPT_CEK_ALGO_RSA_OAEP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_RSA_OAEP_256) || cekAlgo.equals(ENCRYPT_CEK_ALGO_SM2_ENCRYPT)) {
            return certDecryptKey(jWERecipientInfo);
        }
        if (cekAlgo.equals(ENCRYPT_CEK_ALGO_AES_128_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_AES_192_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_AES_256_KEYWRAP)) {
            return aesKeyUnwrap(jWERecipientInfo);
        }
        if (cekAlgo.equals(ENCRYPT_CEK_ALGO_AES_128_GCM_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_AES_192_GCM_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_AES_256_GCM_KEYWRAP)) {
            return aesGcmKeyUnwrap(jWERecipientInfo);
        }
        if (cekAlgo.equals(ENCRYPT_CEK_ALGO_DIR)) {
            return dirDecryptKey(jWERecipientInfo);
        }
        if (cekAlgo.equals(ENCRYPT_CEK_ALGO_PBES2_HMAC_SHA256_AES_128_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_PBES2_HMAC_SHA384_AES_192_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_PBES2_HMAC_SHA512_AES_256_KEYWRAP)) {
            return pkcs5PBES2DecryptKey(jWERecipientInfo);
        }
        if (cekAlgo.equals(ENCRYPT_CEK_ALGO_ECDH_ES) || cekAlgo.equals(ENCRYPT_CEK_ALGO_ECDH_ES_AES_128_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_ECDH_ES_AES_192_KEYWRAP) || cekAlgo.equals(ENCRYPT_CEK_ALGO_ECDH_ES_AES_256_KEYWRAP)) {
            return ecdhDecryptKey(jWERecipientInfo);
        }
        return null;
    }

    private byte[] dirDecryptKey(JWERecipientInfo jWERecipientInfo) throws PkiException {
        byte[] decryptKey = jWERecipientInfo.getDecryptKey();
        String cekAlgo = jWERecipientInfo.getCekAlgo();
        if (decryptKey == null) {
            throw new PkiException("recInfo no set DecryptKey!");
        }
        if (!Utils.IsKEKAlgoMatchKeyLength(cekAlgo, decryptKey.length)) {
            throw new PkiException("key length " + decryptKey.length + "no match algo " + cekAlgo);
        }
        String encryptedKey = jWERecipientInfo.getEncryptedKey();
        if (encryptedKey == null || encryptedKey.length() <= 0) {
            byte[] bArr = new byte[decryptKey.length];
            System.arraycopy(decryptKey, 0, bArr, 0, decryptKey.length);
            return bArr;
        }
        throw new PkiException(String.valueOf(cekAlgo) + " algo  has encrypted_key");
    }

    private byte[] ecdhDecryptKey(JWERecipientInfo jWERecipientInfo) throws PkiException {
        JWEX509CertificateAndPrivateKey x509CertificateAndPrivateKey = jWERecipientInfo.getX509CertificateAndPrivateKey();
        this.certAndPrivateKey = x509CertificateAndPrivateKey;
        IJWEKeyAgreement keyAgreementObject = x509CertificateAndPrivateKey.getKeyAgreementObject();
        if (keyAgreementObject == null) {
            throw new PkiException("no set IJWEKeyAgreement implement");
        }
        if (this.kdfObj == null) {
            throw new PkiException("no set IJWEKDF implement");
        }
        byte[] eccKDF = this.kdfObj.eccKDF("SHA256", keyAgreementObject.ecdhkeyAgreement(getEccPublicKeyFromHeaderParams(jWERecipientInfo)), Utils.encodeOtherInfo(this.contentEncryptedAlgo, jWERecipientInfo.getCekAlgo(), getPartyInfoFromHeaderParams(jWERecipientInfo, HeaderParameterNames.AGREEMENT_PARTY_U_INFO), getPartyInfoFromHeaderParams(jWERecipientInfo, HeaderParameterNames.AGREEMENT_PARTY_V_INFO)), (Utils.getKekBit(jWERecipientInfo.getCekAlgo(), this.contentEncryptedAlgo) + 7) / 8);
        if (jWERecipientInfo.getCekAlgo().equals(ENCRYPT_CEK_ALGO_ECDH_ES)) {
            this.decryptCert = this.certAndPrivateKey.getCert();
            return eccKDF;
        }
        if (jWERecipientInfo.getEncryptedKey() == null || jWERecipientInfo.getEncryptedKey().length() == 0) {
            throw new PkiException("no encrypted_key info ");
        }
        byte[] decode = Base64Url.decode(false, true, jWERecipientInfo.getEncryptedKey());
        if (decode == null) {
            throw new PkiException("no encrypted_key or encrypted_key is no base64URL");
        }
        byte[] keyunwrap = this.keyunwrapObj.keyunwrap(jWERecipientInfo.getCekAlgo(), eccKDF, decode);
        this.decryptCert = this.certAndPrivateKey.getCert();
        return keyunwrap;
    }

    private int getCanDecryptCekKeyRecipientInfoIndex() throws PkiException {
        int size = this.recipientInfolist.size();
        for (int i2 = 0; i2 < size; i2++) {
            if (checkMatchDecryptEncryptedKeyRecipent(this.recipientInfolist.get(i2))) {
                return i2;
            }
        }
        return -1;
    }

    private String getCompactSerialization() throws PkiException {
        JWERecipientInfo jWERecipientInfo = this.recipientInfolist.get(0);
        StringBuilder sb = new StringBuilder();
        sb.append(getProtectHeaderEncode());
        sb.append(".");
        if (jWERecipientInfo.getEncryptedKey() != null) {
            sb.append(jWERecipientInfo.getEncryptedKey());
        }
        sb.append(".");
        sb.append(this.encryptedContent.getIvEncode());
        sb.append(".");
        sb.append(this.encryptedContent.getChiperEncode());
        sb.append(".");
        sb.append(this.encryptedContent.getTagEncode());
        return sb.toString();
    }

    private SubjectPublicKeyInfo getEccPublicKeyFromHeaderParams(JWERecipientInfo jWERecipientInfo) throws PkiException {
        String str;
        JSON headerJsonItem = getHeaderJsonItem(jWERecipientInfo, HeaderParameterNames.EPHEMERAL_PUBLIC_KEY);
        if (headerJsonItem == null || !(headerJsonItem instanceof JSONObject)) {
            throw new PkiException("get EccPublicKey info fail,no epk header");
        }
        JSONObject jSONObject = (JSONObject) headerJsonItem;
        String jSONString = Utils.getJSONString(jSONObject.getValue("kty"));
        if (jSONString == null || !jSONString.equals("EC")) {
            throw new PkiException("kty header error");
        }
        String jSONString2 = Utils.getJSONString(jSONObject.getValue("crv"));
        if (jSONString2 == null) {
            throw new PkiException("crv header error");
        }
        if (jSONString2.equals("P-521")) {
            str = "1.3.132.0.35";
        } else if (jSONString2.equals("P-384")) {
            str = "1.3.132.0.34";
        } else if (jSONString2.equals("P-256")) {
            str = "1.2.840.10045.3.1.7";
        } else {
            if (!jSONString2.equals("SM2")) {
                throw new PkiException("no support PulicKey Crv!");
            }
            str = AlgorithmIdentifier.SM2Curve_OID;
        }
        byte[] arrayFromBase64urlJSONString = Utils.getArrayFromBase64urlJSONString(jSONObject, "x");
        if (arrayFromBase64urlJSONString == null) {
            throw new PkiException("get EccPublicKey  x fail");
        }
        byte[] arrayFromBase64urlJSONString2 = Utils.getArrayFromBase64urlJSONString(jSONObject, "y");
        if (arrayFromBase64urlJSONString2 != null) {
            return new ECCPublicKey(str, new BigInteger(1, arrayFromBase64urlJSONString), new BigInteger(1, arrayFromBase64urlJSONString2)).toSubjectPublicKeyInfo();
        }
        throw new PkiException("get EccPublicKey  y fail");
    }

    private byte[] getEncryptedContentInfoAad() throws PkiException {
        byte[] bArr = new byte[0];
        String str = this.protectHeaderEncode;
        if (str != null && str.length() > 0) {
            try {
                bArr = this.protectHeaderEncode.getBytes("US-ASCII");
            } catch (UnsupportedEncodingException unused) {
                throw new PkiException("getProtectHeaderEncodeBytes fail");
            }
        }
        String str2 = this.aadEncode;
        if (str2 == null || str2.length() == 0) {
            return bArr;
        }
        try {
            return Utils.genJWEEncryptedContentInfoAad(bArr, this.aadEncode.getBytes("US-ASCII"));
        } catch (UnsupportedEncodingException unused2) {
            throw new PkiException("getAadEncodeBytes fail");
        }
    }

    private JWEEncryptedContentInfo getEncryptedContentInfoFromJsonSerialization(JSONObject jSONObject, String str) throws PkiException {
        String str2;
        byte[] arrayFromBase64urlJSONString = Utils.getArrayFromBase64urlJSONString(jSONObject, HeaderParameterNames.INITIALIZATION_VECTOR);
        if (arrayFromBase64urlJSONString == null) {
            throw new PkiException("get Initialization Vector  fail!");
        }
        byte[] arrayFromBase64urlJSONString2 = Utils.getArrayFromBase64urlJSONString(jSONObject, "ciphertext");
        if (arrayFromBase64urlJSONString2 == null) {
            throw new PkiException("get ciphertext  fail!");
        }
        byte[] arrayFromBase64urlJSONString3 = Utils.getArrayFromBase64urlJSONString(jSONObject, "tag");
        if (arrayFromBase64urlJSONString3 == null) {
            throw new PkiException("get authentication tag   fail!");
        }
        JSON value = jSONObject.getValue("aad");
        if (value == null) {
            str2 = null;
        } else {
            if (!(value instanceof JSONString)) {
                throw new PkiException("add  no  JSONString");
            }
            str2 = ((JSONString) value).getString();
        }
        this.aadEncode = str2;
        return new JWEEncryptedContentInfo(arrayFromBase64urlJSONString, arrayFromBase64urlJSONString2, arrayFromBase64urlJSONString3);
    }

    private String getEncrytedContentAlgoFromHeader() {
        Header header;
        String headerStringValue = this.protectedHeader.getHeaderStringValue(HeaderParameterNames.ENCRYPTION_METHOD);
        return (headerStringValue != null || (header = this.sharedUnprotectedHeader) == null) ? headerStringValue : header.getHeaderStringValue(HeaderParameterNames.ENCRYPTION_METHOD);
    }

    private String getFlattenedJSONSerialization() throws PkiException {
        JWERecipientInfo jWERecipientInfo = this.recipientInfolist.get(0);
        JSONObject jSONObject = new JSONObject();
        if (this.protectedHeader.getCount() > 0) {
            jSONObject.add("protected", new JSONString(getProtectHeaderEncode()));
        }
        Header header = this.sharedUnprotectedHeader;
        if (header != null && header.getJSONObject() != null) {
            jSONObject.add("unprotected", this.sharedUnprotectedHeader.getJSONObject());
        }
        if (jWERecipientInfo.getUnProtectHeader() != null && jWERecipientInfo.getUnProtectHeader().getJSONObject() != null) {
            jSONObject.add(TbsVideoCacheTask.KEY_VIDEO_CACHE_PARAM_HEADER, jWERecipientInfo.getUnProtectHeader().getJSONObject());
        }
        jSONObject.add("encrypted_key", new JSONString(jWERecipientInfo.getEncryptedKey()));
        String str = this.aadEncode;
        if (str != null && str.length() > 0) {
            jSONObject.add("aad", new JSONString(this.aadEncode));
        }
        jSONObject.add(HeaderParameterNames.INITIALIZATION_VECTOR, new JSONString(this.encryptedContent.getIvEncode()));
        jSONObject.add("ciphertext", new JSONString(this.encryptedContent.getChiperEncode()));
        jSONObject.add("tag", new JSONString(this.encryptedContent.getTagEncode()));
        return Utils.getNormalJSONString(jSONObject);
    }

    private JSON getHeaderJsonItem(JWERecipientInfo jWERecipientInfo, String str) {
        JSON headerJsonValue;
        JSON headerJsonValue2;
        JSON headerJsonValue3;
        Header header = this.protectedHeader;
        if (header != null && (headerJsonValue3 = header.getHeaderJsonValue(str)) != null) {
            return headerJsonValue3;
        }
        Header header2 = this.sharedUnprotectedHeader;
        if (header2 != null && (headerJsonValue2 = header2.getHeaderJsonValue(str)) != null) {
            return headerJsonValue2;
        }
        if (jWERecipientInfo.getUnProtectHeader() == null || (headerJsonValue = jWERecipientInfo.getUnProtectHeader().getHeaderJsonValue(str)) == null) {
            return null;
        }
        return headerJsonValue;
    }

    private String getJSONSerialization() throws PkiException {
        JSONObject jSONObject = new JSONObject();
        if (this.protectedHeader.getCount() > 0) {
            jSONObject.add("protected", new JSONString(getProtectHeaderEncode()));
        }
        Header header = this.sharedUnprotectedHeader;
        if (header != null && header.getJSONObject() != null) {
            jSONObject.add("unprotected", this.sharedUnprotectedHeader.getJSONObject());
        }
        JSONArray jSONArray = new JSONArray();
        int size = this.recipientInfolist.size();
        for (int i2 = 0; i2 < size; i2++) {
            JWERecipientInfo jWERecipientInfo = this.recipientInfolist.get(i2);
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.add(TbsVideoCacheTask.KEY_VIDEO_CACHE_PARAM_HEADER, jWERecipientInfo.getUnProtectHeader().getJSONObject());
            jSONObject2.add("encrypted_key", new JSONString(jWERecipientInfo.getEncryptedKey()));
            jSONArray.add(jSONObject2);
        }
        jSONObject.add("recipients", jSONArray);
        if (this.aadEncode != null) {
            jSONObject.add("aad", new JSONString(this.aadEncode));
        }
        jSONObject.add(HeaderParameterNames.INITIALIZATION_VECTOR, new JSONString(this.encryptedContent.getIvEncode()));
        jSONObject.add("ciphertext", new JSONString(this.encryptedContent.getChiperEncode()));
        jSONObject.add("tag", new JSONString(this.encryptedContent.getTagEncode()));
        return Utils.getNormalJSONString(jSONObject);
    }

    private byte[] getPartyInfoFromHeaderParams(JWERecipientInfo jWERecipientInfo, String str) throws PkiException {
        JSON headerJsonItem = getHeaderJsonItem(jWERecipientInfo, str);
        if (headerJsonItem == null) {
            return null;
        }
        if (!(headerJsonItem instanceof JSONString)) {
            throw new PkiException(String.valueOf(str) + "header param no JSONString object");
        }
        String jSONString = Utils.getJSONString(headerJsonItem);
        if (jSONString.length() == 0) {
            return null;
        }
        try {
            return Base64Url.decode(false, true, jSONString);
        } catch (PkiException unused) {
            throw new PkiException(String.valueOf(str) + "base64URL decode fail");
        }
    }

    private JWERecipientInfo getRecipientsInfoFromJsonSerialization(JSON json, Header header, Header header2) throws PkiException {
        String str;
        String str2;
        if (!(json instanceof JSONObject)) {
            throw new PkiException("Recipient node  no JSONObject!");
        }
        JSONObject jSONObject = (JSONObject) json;
        JSON value = jSONObject.getValue("encrypted_key");
        if (value == null) {
            str = "";
        } else {
            if (!(value instanceof JSONString)) {
                throw new PkiException("one recipient encrypted_key no JSONString object!");
            }
            str = ((JSONString) value).getString();
        }
        String str3 = str;
        JSON value2 = jSONObject.getValue(TbsVideoCacheTask.KEY_VIDEO_CACHE_PARAM_HEADER);
        Header header3 = new Header();
        if (value2 != null) {
            if (!(value2 instanceof JSONObject)) {
                throw new PkiException("one recipient header no JSON object!");
            }
            header3 = new Header((JSONObject) value2);
        }
        Header header4 = header3;
        int certIdByRegisterParam = Utils.getCertIdByRegisterParam(header4);
        X509Certificate registerParamCert = Utils.getRegisterParamCert(header4);
        String headerStringValue = header4.getHeaderStringValue(HeaderParameterNames.ALGORITHM);
        if (headerStringValue == null || headerStringValue.isEmpty()) {
            String headerStringValue2 = header.getHeaderStringValue(HeaderParameterNames.ALGORITHM);
            if (headerStringValue2 != null && !headerStringValue2.isEmpty()) {
                str2 = headerStringValue2;
            } else {
                if (header2 == null) {
                    throw new PkiException("one recipient no  algo param!");
                }
                String headerStringValue3 = header2.getHeaderStringValue(HeaderParameterNames.ALGORITHM);
                if (headerStringValue3 == null || headerStringValue3.isEmpty()) {
                    throw new PkiException("one recipient no  algo param!");
                }
                str2 = headerStringValue3;
            }
        } else {
            str2 = headerStringValue;
        }
        return new JWERecipientInfo(header4, str3, str2, certIdByRegisterParam, registerParamCert);
    }

    private void initJsonSerialization(String str) throws PkiException {
        String str2;
        JSON decode = JSON.decode(str);
        if (!(decode instanceof JSONObject)) {
            throw new PkiException("bad json object string!");
        }
        Header header = new Header();
        Header header2 = null;
        JSONObject jSONObject = (JSONObject) decode;
        JSON value = jSONObject.getValue("protected");
        String str3 = "";
        if (value == null) {
            str2 = "";
        } else {
            if (!(value instanceof JSONString)) {
                throw new PkiException(" protectedheader no JSONString object!");
            }
            str2 = ((JSONString) value).getString();
            if (str2.length() > 0) {
                try {
                    header = new Header(Utils.getArrayFromBase64URLString(value));
                } catch (PkiException unused) {
                    throw new PkiException("get protected Base64URL deocde fail!");
                }
            }
        }
        JSON value2 = jSONObject.getValue("unprotected");
        if (value2 != null) {
            if (!(value2 instanceof JSONObject)) {
                throw new PkiException(" unShareProtectedheader no JSONObject object!");
            }
            header2 = new Header((JSONObject) value2);
        }
        JSON value3 = jSONObject.getValue("recipients");
        ArrayList<JWERecipientInfo> arrayList = new ArrayList<>();
        if (value3 == null) {
            JSON value4 = jSONObject.getValue("encrypted_key");
            if (value4 != null) {
                if (!(value4 instanceof JSONString)) {
                    throw new PkiException("one recipient encrypted_key no JSONString object!");
                }
                str3 = ((JSONString) value4).getString();
            }
            String str4 = str3;
            JSON value5 = jSONObject.getValue(TbsVideoCacheTask.KEY_VIDEO_CACHE_PARAM_HEADER);
            Header header3 = new Header();
            if (value5 != null) {
                if (!(value5 instanceof JSONObject)) {
                    throw new PkiException("one recipient header no JSON object!");
                }
                header3 = new Header((JSONObject) value5);
            }
            Header header4 = header3;
            int certIdByRegisterParam = Utils.getCertIdByRegisterParam(header4);
            X509Certificate registerParamCert = Utils.getRegisterParamCert(header4);
            String headerStringValue = header4.getHeaderStringValue(HeaderParameterNames.ALGORITHM);
            if (headerStringValue == null || headerStringValue.isEmpty()) {
                headerStringValue = header.getHeaderStringValue(HeaderParameterNames.ALGORITHM);
                if ((headerStringValue == null || headerStringValue.isEmpty()) && header2 != null) {
                    headerStringValue = header2.getHeaderStringValue(HeaderParameterNames.ALGORITHM);
                }
                if (headerStringValue == null || headerStringValue.isEmpty()) {
                    throw new PkiException("no algo");
                }
            }
            arrayList.add(new JWERecipientInfo(header4, str4, headerStringValue, certIdByRegisterParam, registerParamCert));
        } else {
            if (!(value3 instanceof JSONArray)) {
                throw new PkiException("recipients object is not arrayobject!");
            }
            JSONArray jSONArray = (JSONArray) value3;
            int size = jSONArray.size();
            if (size <= 0) {
                throw new PkiException("recipients size is zero!");
            }
            for (int i2 = 0; i2 < size; i2++) {
                arrayList.add(getRecipientsInfoFromJsonSerialization(jSONArray.get(i2), header, header2));
            }
        }
        this.type = 2;
        this.recipientInfolist = arrayList;
        this.protectedHeader = header;
        this.protectHeaderEncode = str2;
        this.sharedUnprotectedHeader = header2;
        this.encryptedContent = getEncryptedContentInfoFromJsonSerialization(jSONObject, str2);
        this.contentEncryptedAlgo = getEncrytedContentAlgoFromHeader();
    }

    private Header initProtectedHeader(String str) throws PkiException {
        try {
            try {
                JSON decode = JSON.decode(new String(Base64Url.decode(false, true, str), "UTF-8"));
                if (decode == null || !(decode instanceof JSONObject)) {
                    throw new PkiException("protectedHeader not a JSON Object!");
                }
                return new Header((JSONObject) decode);
            } catch (UnsupportedEncodingException unused) {
                throw new PkiException("protectedHeader not UTF-8 encode!");
            }
        } catch (PkiException unused2) {
            throw new PkiException("protectedHeader not base64url encode!");
        }
    }

    private void initWithCompactSerialization(String str) throws PkiException {
        String[] split = str.split("\\.");
        if (split.length != 5) {
            throw new PkiException("JWE CompactEncode Invalid!");
        }
        Header initProtectedHeader = initProtectedHeader(split[0]);
        checkAlgoParams(initProtectedHeader);
        String str2 = split[1];
        if (str2.length() > 0 && !Utils.checkBase64Url(split[1])) {
            throw new PkiException("Encrypted Key  not base64url encode!");
        }
        try {
            byte[] decode = Base64Url.decode(false, true, split[2]);
            try {
                byte[] decode2 = Base64Url.decode(false, true, split[3]);
                try {
                    byte[] decode3 = Base64Url.decode(false, true, split[4]);
                    ArrayList<JWERecipientInfo> arrayList = new ArrayList<>();
                    arrayList.add(new JWERecipientInfo(null, str2, initProtectedHeader.getHeaderStringValue(HeaderParameterNames.ALGORITHM), Utils.getCertIdByRegisterParam(this.protectedHeader), Utils.getRegisterParamCert(initProtectedHeader)));
                    this.type = 1;
                    this.recipientInfolist = arrayList;
                    this.protectedHeader = initProtectedHeader;
                    this.protectHeaderEncode = split[0];
                    this.sharedUnprotectedHeader = null;
                    this.aadEncode = null;
                    this.encryptedContent = new JWEEncryptedContentInfo(decode, decode2, decode3);
                    this.contentEncryptedAlgo = getEncrytedContentAlgoFromHeader();
                } catch (PkiException unused) {
                    throw new PkiException("Authentication Tag  no base64url encode!");
                }
            } catch (PkiException unused2) {
                throw new PkiException("Ciphertext not base64url encode!");
            }
        } catch (PkiException unused3) {
            throw new PkiException("Initialization Vector  no base64url encode!");
        }
    }

    private byte[] pkcs5PBES2DecryptKey(JWERecipientInfo jWERecipientInfo) throws PkiException {
        byte[] decryptKey = jWERecipientInfo.getDecryptKey();
        String cekAlgo = jWERecipientInfo.getCekAlgo();
        if (decryptKey == null) {
            throw new PkiException("recInfo no set DecryptKey!");
        }
        if (!Utils.IsKEKAlgoMatchKeyLength(cekAlgo, decryptKey.length)) {
            throw new PkiException("key length " + decryptKey.length + "no match algo " + cekAlgo);
        }
        if (this.keyunwrapObj == null) {
            throw new PkiException("no set IJWEKeyUnWrap implement!");
        }
        if (this.kdfObj == null) {
            throw new PkiException("no set IJWEKDF implement!");
        }
        byte[] arrayFromBase64URLString = Utils.getArrayFromBase64URLString(getHeaderJsonItem(jWERecipientInfo, HeaderParameterNames.PBES2_SALT_INPUT));
        if (arrayFromBase64URLString == null) {
            throw new PkiException("get inputSalt fail");
        }
        int interger = Utils.getInterger(getHeaderJsonItem(jWERecipientInfo, HeaderParameterNames.PBES2_ITERATION_COUNT));
        byte[] pkcs5PBKDF2 = this.kdfObj.pkcs5PBKDF2(Utils.getPBES2KeyWrapDeriveHashAlgo(cekAlgo), decryptKey, Utils.genPBES2Salt(cekAlgo, arrayFromBase64URLString), interger, Utils.getPBES2KeyWrapDeriveKeyLength(cekAlgo));
        byte[] decode = Base64Url.decode(false, true, jWERecipientInfo.getEncryptedKey());
        if (decode != null) {
            return this.keyunwrapObj.keyunwrap(cekAlgo, pkcs5PBKDF2, decode);
        }
        throw new PkiException("no encrypted_key or encrypted_key is no base64URL");
    }

    public byte[] decrypt() throws PkiException {
        this.decryptIndex = -1;
        if (this.symDecrypter == null) {
            throw new PkiException("symDecrypter is null");
        }
        if (this.recipientInfolist.size() == 0) {
            throw new PkiException("no recipientInfo");
        }
        int canDecryptCekKeyRecipientInfoIndex = getCanDecryptCekKeyRecipientInfoIndex();
        if (canDecryptCekKeyRecipientInfoIndex == -1) {
            throw new PkiException("getCanDecryptCekKeyRecipientInfo fail,no set certAndPrivateKey or cert no match or decrypt key");
        }
        JWERecipientInfo jWERecipientInfo = this.recipientInfolist.get(canDecryptCekKeyRecipientInfoIndex);
        if (!Utils.isKEKAlgoMatchCEKAlgo(jWERecipientInfo.getCekAlgo(), this.contentEncryptedAlgo)) {
            throw new PkiException("contentEncryptedAlgo" + this.contentEncryptedAlgo + "no match cek algo!" + jWERecipientInfo.getCekAlgo());
        }
        byte[] decryptEncryptedKey = decryptEncryptedKey(jWERecipientInfo);
        if (decryptEncryptedKey == null) {
            throw new PkiException("decryptCekKey fail,no set certAndPrivateKey or decrypt key");
        }
        try {
            if (Utils.matchCEKLen(this.contentEncryptedAlgo, decryptEncryptedKey.length)) {
                byte[] decryptEncryptedContentInfo = this.encryptedContent.decryptEncryptedContentInfo(this.contentEncryptedAlgo, decryptEncryptedKey, getEncryptedContentInfoAad(), this.symDecrypter);
                this.decryptIndex = canDecryptCekKeyRecipientInfoIndex;
                return decryptEncryptedContentInfo;
            }
            throw new PkiException("cekkey length " + decryptEncryptedKey.length + " no match contentEncryptedAlgo " + this.contentEncryptedAlgo);
        } finally {
            Arrays.fill(decryptEncryptedKey, (byte) 0);
        }
    }

    public String encode() throws PkiException {
        ArrayList<JWERecipientInfo> arrayList = this.recipientInfolist;
        if (arrayList == null || arrayList.size() <= 0) {
            throw new PkiException("no set recipientInfo  !");
        }
        if (this.encryptedContent != null) {
            return this.type == 1 ? getCompactSerialization() : this.recipientInfolist.size() == 1 ? getFlattenedJSONSerialization() : getJSONSerialization();
        }
        throw new PkiException("no set EncryptedContentInfo  !");
    }

    public String getContentEncAlgo() {
        return this.contentEncryptedAlgo;
    }

    public int getCritHeaderCount(int i2) throws PkiException {
        JSON headerJsonItem = getHeaderJsonItem(getRecipientInfo(i2), HeaderParameterNames.CRITICAL);
        if (headerJsonItem != null && (headerJsonItem instanceof JSONArray)) {
            return ((JSONArray) headerJsonItem).size();
        }
        return 0;
    }

    public JSON getCritHeaderValue(int i2, int i3) throws PkiException {
        JSON headerJsonItem = getHeaderJsonItem(getRecipientInfo(i2), HeaderParameterNames.CRITICAL);
        if (headerJsonItem == null || !(headerJsonItem instanceof JSONArray)) {
            return null;
        }
        JSONArray jSONArray = (JSONArray) headerJsonItem;
        if (jSONArray.size() <= i3 || i3 < 0) {
            throw new PkiException("crit index out of range!");
        }
        return jSONArray.get(i3);
    }

    public String getDecryptCekAlgo() throws PkiException {
        return getDecryptRecipientInfo().getCekAlgo();
    }

    public X509Certificate getDecryptCert() {
        return this.decryptCert;
    }

    public JWERecipientInfo getDecryptRecipientInfo() throws PkiException {
        int i2 = this.decryptIndex;
        if (i2 != -1) {
            return this.recipientInfolist.get(i2);
        }
        throw new PkiException("not decrypt");
    }

    public String getProtectHeaderEncode() throws PkiException {
        String encode;
        Header header = this.protectedHeader;
        if (header == null) {
            return null;
        }
        if (this.protectHeaderEncode == null) {
            if (header.getCount() == 0) {
                encode = "";
            } else {
                byte[] normalize = this.protectedHeader.getJSONObject().normalize();
                encode = Base64Url.encode(false, false, 0, null, normalize, 0, normalize.length);
            }
            this.protectHeaderEncode = encode;
        }
        return this.protectHeaderEncode;
    }

    public JSON getProtectedHeader(String str) {
        Header header = this.protectedHeader;
        if (header == null) {
            return null;
        }
        return header.getHeaderJsonValue(str);
    }

    public String getProtectedHeaderString(String str) {
        Header header = this.protectedHeader;
        if (header != null && (header.getHeaderJsonValue(str) instanceof JSONString)) {
            return ((JSONString) this.protectedHeader.getHeaderJsonValue(str)).getString();
        }
        return null;
    }

    public int getRecipientCount() {
        ArrayList<JWERecipientInfo> arrayList = this.recipientInfolist;
        if (arrayList == null) {
            return 0;
        }
        return arrayList.size();
    }

    public JWERecipientInfo getRecipientInfo(int i2) throws PkiException {
        if (i2 < 0 || i2 >= this.recipientInfolist.size()) {
            throw new PkiException("index out of range!");
        }
        return this.recipientInfolist.get(i2);
    }

    public JSON getSharedUnProtectedHeader(String str) {
        if (this.protectedHeader == null) {
            return null;
        }
        return this.sharedUnprotectedHeader.getHeaderJsonValue(str);
    }

    public String getSharedUnProtectedHeaderString(String str) {
        Header header = this.sharedUnprotectedHeader;
        if (header != null && (header.getHeaderJsonValue(str) instanceof JSONString)) {
            return ((JSONString) this.sharedUnprotectedHeader.getHeaderJsonValue(str)).getString();
        }
        return null;
    }

    public int getType() {
        return this.type;
    }

    public JWE setHashImplement(IHash iHash) {
        this.hashInterface = iHash;
        return this;
    }

    public JWE setKDFImplement(IJWEKDF ijwekdf) {
        this.kdfObj = ijwekdf;
        return this;
    }

    public JWE setKeyUnWrapImplement(IJWEKeyUnwarp iJWEKeyUnwarp) {
        this.keyunwrapObj = iJWEKeyUnwarp;
        return this;
    }

    public JWE setSymEncrypter(IJWECipher iJWECipher) {
        this.symDecrypter = iJWECipher;
        return this;
    }

    public JWE setX509CertificateAndPrivateKey(JWEX509CertificateAndPrivateKey jWEX509CertificateAndPrivateKey) {
        this.certAndPrivateKey = jWEX509CertificateAndPrivateKey;
        return this;
    }

    public JWE setX509CertificateAndPrivateKeys(Iterator<JWEX509CertificateAndPrivateKey> it) {
        this.certAndPrivateKeyList.clear();
        while (it.hasNext()) {
            this.certAndPrivateKeyList.add(it.next());
        }
        return this;
    }

    public JWE setX509CertificateAndPrivateKeys(List<JWEX509CertificateAndPrivateKey> list) {
        this.certAndPrivateKeyList.clear();
        Iterator<JWEX509CertificateAndPrivateKey> it = list.iterator();
        while (it.hasNext()) {
            this.certAndPrivateKeyList.add(it.next());
        }
        return this;
    }
}
