package net.netca.pki.encoding.asn1.pki.cms;

import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.Integer;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.ObjectIdentifierType;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.SequenceType;
import net.netca.pki.encoding.asn1.Unknown;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.PrivateKeyDecrypter;
import net.netca.pki.encoding.asn1.pki.PublicKeyEncrypter;
import net.netca.pki.encoding.asn1.pki.X509Certificate;

/* loaded from: classes3.dex */
public final class KeyTransRecipientInfo {
    private static final SequenceType type = (SequenceType) ASN1TypeManager.getInstance().get("KeyTransRecipientInfo");
    private Sequence seq;

    public KeyTransRecipientInfo(int i2, int i3, X509Certificate x509Certificate, byte[] bArr, PublicKeyEncrypter publicKeyEncrypter) throws PkiException {
        if (publicKeyEncrypter == null) {
            throw new PkiException("publicKeyEncrypter is null");
        }
        RecipientIdentifier recipientIdentifier = new RecipientIdentifier(i3, x509Certificate);
        AlgorithmIdentifier keyEncryptionAlgorithm = getKeyEncryptionAlgorithm(x509Certificate);
        init(i2, recipientIdentifier, keyEncryptionAlgorithm, publicKeyEncrypter.encrypt(x509Certificate.getSubjectPublicKeyInfo().getPublicKey(), keyEncryptionAlgorithm, bArr, 0, bArr.length));
    }

    public KeyTransRecipientInfo(int i2, X509Certificate x509Certificate, byte[] bArr, PublicKeyEncrypter publicKeyEncrypter) throws PkiException {
        if (publicKeyEncrypter == null) {
            throw new PkiException("publicKeyEncrypter is null");
        }
        RecipientIdentifier recipientIdentifier = new RecipientIdentifier(i2, x509Certificate);
        AlgorithmIdentifier keyEncryptionAlgorithm = getKeyEncryptionAlgorithm(x509Certificate);
        init(i2 == 1 ? 0 : 2, recipientIdentifier, keyEncryptionAlgorithm, publicKeyEncrypter.encrypt(x509Certificate.getSubjectPublicKeyInfo().getPublicKey(), keyEncryptionAlgorithm, bArr, 0, bArr.length));
    }

    public KeyTransRecipientInfo(int i2, RecipientIdentifier recipientIdentifier, AlgorithmIdentifier algorithmIdentifier, byte[] bArr) throws PkiException {
        init(i2, recipientIdentifier, algorithmIdentifier, bArr);
    }

    public KeyTransRecipientInfo(Sequence sequence) throws PkiException {
        if (!type.match(sequence)) {
            throw new PkiException("not KeyTransRecipientInfo");
        }
        this.seq = sequence;
    }

    private KeyTransRecipientInfo(byte[] bArr) throws PkiException {
        this.seq = (Sequence) ASN1Object.decode(bArr, type);
    }

    public static KeyTransRecipientInfo decode(byte[] bArr) throws PkiException {
        return new KeyTransRecipientInfo(bArr);
    }

    public static SequenceType getASN1Type() {
        return type;
    }

    private AlgorithmIdentifier getKeyEncryptionAlgorithm(X509Certificate x509Certificate) throws PkiException {
        AlgorithmIdentifier algorithm = x509Certificate.getSubjectPublicKeyInfo().getAlgorithm();
        String oid = algorithm.getOid();
        if (oid.equals(AlgorithmIdentifier.RSAEncrypt_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(oid);
        }
        if (oid.equals(AlgorithmIdentifier.ECPubKey_OID)) {
            ASN1Object param = algorithm.getParam();
            if (param instanceof ObjectIdentifier) {
                if (((ObjectIdentifier) param).getString().equals(AlgorithmIdentifier.SM2Curve_OID)) {
                    return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SM2ENC_OID);
                }
            } else if ((param instanceof Unknown) && ((ObjectIdentifier) param.to(ObjectIdentifierType.getInstance())).getString().equals(AlgorithmIdentifier.SM2Curve_OID)) {
                return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SM2ENC_OID);
            }
        }
        throw new PkiException("unknown pubkey algorithm");
    }

    private void init(int i2, RecipientIdentifier recipientIdentifier, AlgorithmIdentifier algorithmIdentifier, byte[] bArr) throws PkiException {
        if (recipientIdentifier == null) {
            throw new PkiException("rid is null");
        }
        if (algorithmIdentifier == null) {
            throw new PkiException("keyEncryptionAlgorithm is null");
        }
        if (bArr == null) {
            throw new PkiException("encryptedKey is null");
        }
        Sequence sequence = new Sequence(type);
        this.seq = sequence;
        sequence.add(new Integer(i2));
        this.seq.add(recipientIdentifier.getASN1Object());
        this.seq.add(algorithmIdentifier.getASN1Object());
        this.seq.add(new OctetString(bArr));
    }

    public byte[] decrypt(PrivateKeyDecrypter privateKeyDecrypter) throws PkiException {
        if (privateKeyDecrypter == null) {
            throw new PkiException("decrypter is null");
        }
        byte[] encryptedKey = getEncryptedKey();
        return privateKeyDecrypter.decrypt(getKeyEncryptionAlgorithm(), encryptedKey, 0, encryptedKey.length);
    }

    public Sequence getASN1Object() throws PkiException {
        return this.seq;
    }

    public byte[] getEncryptedKey() throws PkiException {
        return ((OctetString) this.seq.get(3)).getValue();
    }

    public AlgorithmIdentifier getKeyEncryptionAlgorithm() throws PkiException {
        return new AlgorithmIdentifier((Sequence) this.seq.get(2));
    }

    public RecipientIdentifier getRid() throws PkiException {
        return new RecipientIdentifier(this.seq.get(1));
    }

    public int getVersion() throws PkiException {
        return ((Integer) this.seq.get(0)).getIntegerValue();
    }

    public boolean match(X509Certificate x509Certificate) {
        try {
            return getRid().match(x509Certificate);
        } catch (PkiException unused) {
            return false;
        }
    }
}
