package net.netca.pki.encoding.asn1.pki.cms;

import com.huawei.hms.support.hianalytics.HiAnalyticsConstant;
import java.util.Arrays;
import java.util.Date;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.ASN1Data;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.GeneralizedTime;
import net.netca.pki.encoding.asn1.Integer;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.ObjectIdentifierType;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.SequenceOf;
import net.netca.pki.encoding.asn1.SequenceType;
import net.netca.pki.encoding.asn1.TaggedValue;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Extension;
import net.netca.pki.encoding.asn1.pki.Extensions;
import net.netca.pki.encoding.asn1.pki.IKDF;
import net.netca.pki.encoding.asn1.pki.IKeyAgreement;
import net.netca.pki.encoding.asn1.pki.IKeyUnwrap;
import net.netca.pki.encoding.asn1.pki.IKeyWrap;
import net.netca.pki.encoding.asn1.pki.OctetStringExtension;
import net.netca.pki.encoding.asn1.pki.PublicKey;
import net.netca.pki.encoding.asn1.pki.SubjectPublicKeyInfo;
import net.netca.pki.encoding.asn1.pki.X509Certificate;

/* loaded from: classes3.dex */
public final class KeyAgreeRecipientInfo {
    private static final SequenceType type = (SequenceType) ASN1TypeManager.getInstance().get("KeyAgreeRecipientInfo");
    private ASN1Data data;
    private int index = -1;

    public KeyAgreeRecipientInfo(int i2, OriginatorIdentifierOrKey originatorIdentifierOrKey, byte[] bArr, AlgorithmIdentifier algorithmIdentifier, RecipientEncryptedKeys recipientEncryptedKeys) throws PkiException {
        if (originatorIdentifierOrKey == null) {
            throw new PkiException("originator is NULL");
        }
        if (algorithmIdentifier == null) {
            throw new PkiException("keyEncryptionAlgorithm is NULL");
        }
        if (recipientEncryptedKeys == null) {
            throw new PkiException("recipientEncryptedKeys is NULL");
        }
        Sequence sequence = new Sequence(type);
        sequence.add(new Integer(i2));
        sequence.add(new TaggedValue(128, 0, false, originatorIdentifierOrKey.getASN1Object()));
        if (bArr != null) {
            sequence.add(new TaggedValue(128, 1, false, new OctetString(bArr)));
        }
        sequence.add(algorithmIdentifier.getASN1Object());
        sequence.add(recipientEncryptedKeys.getASN1Object());
        this.data = new ASN1Data("KeyAgreeRecipientInfo", sequence);
    }

    public KeyAgreeRecipientInfo(Sequence sequence) throws PkiException {
        if (!type.match(sequence)) {
            throw new PkiException("not KeyAgreeRecipientInfo");
        }
        this.data = new ASN1Data("KeyAgreeRecipientInfo", sequence);
    }

    private KeyAgreeRecipientInfo(byte[] bArr) throws PkiException {
        this.data = new ASN1Data("KeyAgreeRecipientInfo", (Sequence) ASN1Object.decode(bArr, type));
    }

    public static KeyAgreeRecipientInfo buildECCKeyAgreeRecipientInfo(IKeyAgreement iKeyAgreement, IKDF ikdf, IKeyWrap iKeyWrap, byte[] bArr, byte[] bArr2, AlgorithmIdentifier algorithmIdentifier, X509Certificate x509Certificate, int i2) throws PkiException {
        return buildECCKeyAgreeRecipientInfo(iKeyAgreement, ikdf, iKeyWrap, bArr, bArr2, algorithmIdentifier, x509Certificate, i2, null, null);
    }

    public static KeyAgreeRecipientInfo buildECCKeyAgreeRecipientInfo(IKeyAgreement iKeyAgreement, IKDF ikdf, IKeyWrap iKeyWrap, byte[] bArr, byte[] bArr2, AlgorithmIdentifier algorithmIdentifier, X509Certificate x509Certificate, int i2, Date date, OtherKeyAttribute otherKeyAttribute) throws PkiException {
        KeyAgreeRecipientIdentifier NewRecipientKeyIdentifier;
        if (iKeyAgreement == null) {
            throw new PkiException("keyAgreementObj is null");
        }
        if (x509Certificate == null) {
            throw new PkiException("cert is null");
        }
        if (algorithmIdentifier == null) {
            throw new PkiException("keyEncryptionAlgorithm is null");
        }
        if (bArr == null) {
            throw new PkiException("cek is null");
        }
        if (ikdf == null) {
            throw new PkiException("kdfObj is null");
        }
        if (iKeyWrap == null) {
            throw new PkiException("keywrapObj is null");
        }
        SubjectPublicKeyInfo subjectPublicKeyInfo = x509Certificate.getSubjectPublicKeyInfo();
        PublicKey generateTempKeyPair = iKeyAgreement.generateTempKeyPair(subjectPublicKeyInfo.getAlgorithm());
        byte[] keyAgreement = iKeyAgreement.keyAgreement(algorithmIdentifier, subjectPublicKeyInfo.getPublicKey());
        OriginatorIdentifierOrKey NewOriginatorPublicKey = OriginatorIdentifierOrKey.NewOriginatorPublicKey(generateTempKeyPair.toSubjectPublicKeyInfo());
        if (i2 != 1 && i2 != 2) {
            throw new PkiException("bad certId:" + i2);
        }
        if (i2 == 1) {
            NewRecipientKeyIdentifier = KeyAgreeRecipientIdentifier.NewIssuerAndSerialNumber(new IssuerAndSerialNumber(x509Certificate));
        } else {
            Extensions extensions = x509Certificate.getExtensions();
            if (extensions == null) {
                throw new PkiException("cert has not subject key identifier extension");
            }
            Extension extension = extensions.get(Extension.SUBJECT_KEYIDENTIFIER_OID);
            if (extension == null) {
                throw new PkiException("cert has not subject key identifier extension");
            }
            NewRecipientKeyIdentifier = KeyAgreeRecipientIdentifier.NewRecipientKeyIdentifier(new RecipientKeyIdentifier(((OctetStringExtension) extension.getExtensionObject()).getValue(), date == null ? null : new GeneralizedTime(date), otherKeyAttribute));
        }
        ECCCMSSharedInfo buildSharedInfo = ECCCMSSharedInfo.buildSharedInfo(algorithmIdentifier, bArr2);
        ASN1Object param = algorithmIdentifier.getParam();
        if (param == null) {
            throw new PkiException("keyEncryptionAlgorithm no param");
        }
        AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier((Sequence) param.to(AlgorithmIdentifier.getASN1Type()));
        byte[] kdf = ikdf.kdf(algorithmIdentifier, keyAgreement, buildSharedInfo.getASN1Object().encode(), (getKekBits(algorithmIdentifier2) + 7) / 8);
        byte[] keywrap = iKeyWrap.keywrap(algorithmIdentifier2, kdf, bArr);
        Arrays.fill(kdf, (byte) 0);
        RecipientEncryptedKey recipientEncryptedKey = new RecipientEncryptedKey(NewRecipientKeyIdentifier, keywrap);
        RecipientEncryptedKeys recipientEncryptedKeys = new RecipientEncryptedKeys();
        recipientEncryptedKeys.add(recipientEncryptedKey);
        return new KeyAgreeRecipientInfo(3, NewOriginatorPublicKey, bArr2, algorithmIdentifier, recipientEncryptedKeys);
    }

    public static KeyAgreeRecipientInfo decode(byte[] bArr) throws PkiException {
        return new KeyAgreeRecipientInfo(bArr);
    }

    public static SequenceType getASN1Type() {
        return type;
    }

    public static int getKekBits(AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        String oid = algorithmIdentifier.getOid();
        if (oid.equals(AlgorithmIdentifier.AES128_WRAP)) {
            return 128;
        }
        if (!oid.equals(AlgorithmIdentifier.AES192_WRAP)) {
            if (oid.equals(AlgorithmIdentifier.AES256_WRAP)) {
                return 256;
            }
            if (!oid.equals(AlgorithmIdentifier.TDES_WRAP) && !oid.equals(AlgorithmIdentifier.HMAC_3DES_WRAP)) {
                throw new PkiException("unknown keywrap algo:" + oid);
            }
        }
        return 192;
    }

    public byte[] decrypt(int i2, X509Certificate x509Certificate, IKeyAgreement iKeyAgreement, IKDF ikdf, IKeyUnwrap iKeyUnwrap) throws PkiException {
        AlgorithmIdentifier CreateAlgorithmIdentifier;
        byte[] keyunwrap;
        if (x509Certificate == null) {
            throw new PkiException("cert is null");
        }
        if (iKeyAgreement == null) {
            throw new PkiException("keyAgreementObj is null");
        }
        if (ikdf == null) {
            throw new PkiException("kdfObj is null");
        }
        if (iKeyUnwrap == null) {
            throw new PkiException("keyunwrapObj is null");
        }
        RecipientEncryptedKey recipientEncryptedKey = getRecipientEncryptedKeys().get(i2);
        OriginatorIdentifierOrKey originator = getOriginator();
        byte[] ukm = getUkm();
        AlgorithmIdentifier keyEncryptionAlgorithm = getKeyEncryptionAlgorithm();
        SubjectPublicKeyInfo originatorKey = originator.getOriginatorKey();
        if (originatorKey == null) {
            throw new PkiException("originatorKey no key");
        }
        AlgorithmIdentifier algorithm = originatorKey.getAlgorithm();
        ASN1Object param = x509Certificate.getSubjectPublicKeyInfo().getAlgorithm().getParam();
        if (param == null) {
            throw new PkiException("no cert spki algorithm param");
        }
        ObjectIdentifier objectIdentifier = (ObjectIdentifier) param.to(ObjectIdentifierType.getInstance());
        if (!algorithm.hasParam() || algorithm.hasNullParam()) {
            originatorKey = new SubjectPublicKeyInfo(new AlgorithmIdentifier(algorithm.getOid(), param), originatorKey.getSubjectPublicKey());
        } else if (!((ObjectIdentifier) algorithm.getParam().to(ObjectIdentifierType.getInstance())).getString().equals(objectIdentifier.getString())) {
            throw new PkiException("originatorKey bad key,match curve");
        }
        byte[] keyAgreement = iKeyAgreement.keyAgreement(keyEncryptionAlgorithm, originatorKey.getPublicKey());
        ECCCMSSharedInfo buildSharedInfo = ECCCMSSharedInfo.buildSharedInfo(keyEncryptionAlgorithm, ukm);
        byte[] encryptedKey = recipientEncryptedKey.getEncryptedKey();
        ASN1Object param2 = keyEncryptionAlgorithm.getParam();
        if (param2 == null) {
            throw new PkiException("keyEncryptionAlgorithm no param");
        }
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier((Sequence) param2.to(AlgorithmIdentifier.getASN1Type()));
        int kekBits = (getKekBits(algorithmIdentifier) + 7) / 8;
        byte[] kdf = ikdf.kdf(keyEncryptionAlgorithm, keyAgreement, buildSharedInfo.getASN1Object().encode(), kekBits);
        try {
            keyunwrap = iKeyUnwrap.keyunwrap(algorithmIdentifier, kdf, encryptedKey);
        } catch (PkiException e2) {
            if (!algorithmIdentifier.hasParam()) {
                CreateAlgorithmIdentifier = AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(algorithmIdentifier.getOid());
            } else {
                if (!algorithmIdentifier.hasNullParam()) {
                    Arrays.fill(kdf, (byte) 0);
                    throw e2;
                }
                CreateAlgorithmIdentifier = AlgorithmIdentifier.CreateAlgorithmIdentifier(algorithmIdentifier.getOid());
            }
            AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(keyEncryptionAlgorithm.getOid(), CreateAlgorithmIdentifier.getASN1Object());
            ECCCMSSharedInfo buildSharedInfo2 = ECCCMSSharedInfo.buildSharedInfo(algorithmIdentifier2, ukm);
            Arrays.fill(kdf, (byte) 0);
            kdf = ikdf.kdf(algorithmIdentifier2, keyAgreement, buildSharedInfo2.getASN1Object().encode(), kekBits);
            keyunwrap = iKeyUnwrap.keyunwrap(CreateAlgorithmIdentifier, kdf, encryptedKey);
        }
        Arrays.fill(kdf, (byte) 0);
        return keyunwrap;
    }

    public ASN1Object getASN1Object() throws PkiException {
        return this.data.getValue();
    }

    public AlgorithmIdentifier getKeyEncryptionAlgorithm() throws PkiException {
        return new AlgorithmIdentifier((Sequence) this.data.getValue("keyEncryptionAlgorithm"));
    }

    public int getMatchIndex() {
        return this.index;
    }

    public OriginatorIdentifierOrKey getOriginator() throws PkiException {
        return new OriginatorIdentifierOrKey(this.data.getValue("originator.value"));
    }

    public RecipientEncryptedKeys getRecipientEncryptedKeys() throws PkiException {
        return new RecipientEncryptedKeys((SequenceOf) this.data.getValue("recipientEncryptedKeys"));
    }

    public byte[] getUkm() throws PkiException {
        ASN1Object value = this.data.getValue("ukm.value");
        if (value == null) {
            return null;
        }
        return ((OctetString) value).getValue();
    }

    public int getVersion() throws PkiException {
        return ((Integer) this.data.getValue(HiAnalyticsConstant.HaKey.BI_KEY_VERSION)).getIntegerValue();
    }

    public boolean match(X509Certificate x509Certificate) {
        try {
            RecipientEncryptedKeys recipientEncryptedKeys = getRecipientEncryptedKeys();
            int size = recipientEncryptedKeys.size();
            for (int i2 = 0; i2 < size; i2++) {
                if (recipientEncryptedKeys.get(i2).getRid().match(x509Certificate)) {
                    this.index = i2;
                    return true;
                }
            }
            return false;
        } catch (PkiException unused) {
            return false;
        }
    }
}
