package ext.org.bouncycastle.cms.jcajce;

import ext.org.bouncycastle.asn1.ASN1Encodable;
import ext.org.bouncycastle.asn1.ASN1EncodableVector;
import ext.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import ext.org.bouncycastle.asn1.ASN1Sequence;
import ext.org.bouncycastle.asn1.DERObjectIdentifier;
import ext.org.bouncycastle.asn1.DEROctetString;
import ext.org.bouncycastle.asn1.DERSequence;
import ext.org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import ext.org.bouncycastle.asn1.cms.KeyAgreeRecipientIdentifier;
import ext.org.bouncycastle.asn1.cms.RecipientEncryptedKey;
import ext.org.bouncycastle.asn1.cms.RecipientKeyIdentifier;
import ext.org.bouncycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
import ext.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import ext.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import ext.org.bouncycastle.asn1.x509.X509CertificateStructure;
import ext.org.bouncycastle.cms.CMSAlgorithm;
import ext.org.bouncycastle.cms.CMSEnvelopedGenerator;
import ext.org.bouncycastle.cms.CMSException;
import ext.org.bouncycastle.cms.KeyAgreeRecipientInfoGenerator;
import ext.org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import ext.org.bouncycastle.jcajce.DefaultJcaJceHelper;
import ext.org.bouncycastle.jcajce.NamedJcaJceHelper;
import ext.org.bouncycastle.jcajce.ProviderJcaJceHelper;
import ext.org.bouncycastle.jce.spec.MQVPrivateKeySpec;
import ext.org.bouncycastle.jce.spec.MQVPublicKeySpec;
import ext.org.bouncycastle.operator.GenericKey;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;

/* loaded from: classes.dex */
public class JceKeyAgreeRecipientInfoGenerator extends KeyAgreeRecipientInfoGenerator {

    /* renamed from: a, reason: collision with root package name */
    private List f711a;
    private List b;
    private PublicKey c;
    private PrivateKey d;
    private a e;
    private SecureRandom f;
    private KeyPair g;

    public JceKeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier aSN1ObjectIdentifier, PrivateKey privateKey, PublicKey publicKey, ASN1ObjectIdentifier aSN1ObjectIdentifier2) {
        super(aSN1ObjectIdentifier, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()), aSN1ObjectIdentifier2);
        this.f711a = new ArrayList();
        this.b = new ArrayList();
        this.e = new a(new DefaultJcaJceHelper());
        this.c = publicKey;
        this.d = privateKey;
    }

    private void a(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        if (this.f == null) {
            this.f = new SecureRandom();
        }
        if (aSN1ObjectIdentifier.equals(CMSAlgorithm.ECMQV_SHA1KDF) && this.g == null) {
            try {
                ECParameterSpec params = ((ECPublicKey) this.c).getParams();
                KeyPairGenerator a2 = this.e.a((DERObjectIdentifier) aSN1ObjectIdentifier);
                a2.initialize(params, this.f);
                this.g = a2.generateKeyPair();
            } catch (InvalidAlgorithmParameterException e) {
                throw new CMSException("cannot determine MQV ephemeral key pair parameters from public key: " + e);
            }
        }
    }

    public JceKeyAgreeRecipientInfoGenerator addRecipient(X509Certificate x509Certificate) {
        List list = this.f711a;
        X509CertificateStructure x509CertificateStructure = X509CertificateStructure.getInstance(x509Certificate.getEncoded());
        list.add(new KeyAgreeRecipientIdentifier(new IssuerAndSerialNumber(x509CertificateStructure.getIssuer(), x509CertificateStructure.getSerialNumber())));
        this.b.add(x509Certificate.getPublicKey());
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator addRecipient(byte[] bArr, PublicKey publicKey) {
        this.f711a.add(new KeyAgreeRecipientIdentifier(new RecipientKeyIdentifier(bArr)));
        this.b.add(publicKey);
        return this;
    }

    @Override // ext.org.bouncycastle.cms.KeyAgreeRecipientInfoGenerator
    public ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, GenericKey genericKey) {
        a(algorithmIdentifier.getAlgorithm());
        PrivateKey privateKey = this.d;
        ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
        PrivateKey mQVPrivateKeySpec = algorithm.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF) ? new MQVPrivateKeySpec(privateKey, this.g.getPrivate(), this.g.getPublic()) : privateKey;
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 == this.f711a.size()) {
                return new DERSequence(aSN1EncodableVector);
            }
            PublicKey publicKey = (PublicKey) this.b.get(i2);
            KeyAgreeRecipientIdentifier keyAgreeRecipientIdentifier = (KeyAgreeRecipientIdentifier) this.f711a.get(i2);
            if (algorithm.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) {
                publicKey = new MQVPublicKeySpec(publicKey, publicKey);
            }
            try {
                KeyAgreement e = this.e.e(algorithm);
                e.init(mQVPrivateKeySpec, this.f);
                e.doPhase(publicKey, true);
                SecretKey generateSecret = e.generateSecret(algorithmIdentifier2.getAlgorithm().getId());
                Cipher b = this.e.b(algorithmIdentifier2.getAlgorithm());
                b.init(3, generateSecret, this.f);
                aSN1EncodableVector.add(new RecipientEncryptedKey(keyAgreeRecipientIdentifier, new DEROctetString(b.wrap(JcaSimpleSignerInfoVerifierBuilder.a.a(genericKey)))));
                i = i2 + 1;
            } catch (GeneralSecurityException e2) {
                throw new CMSException("cannot perform agreement step: " + e2.getMessage(), e2);
            }
        }
    }

    @Override // ext.org.bouncycastle.cms.KeyAgreeRecipientInfoGenerator
    protected ASN1Encodable getUserKeyingMaterial(AlgorithmIdentifier algorithmIdentifier) {
        a(algorithmIdentifier.getAlgorithm());
        if (this.g != null) {
            return new MQVuserKeyingMaterial(createOriginatorPublicKey(SubjectPublicKeyInfo.getInstance(this.g.getPublic().getEncoded())), null);
        }
        return null;
    }

    public JceKeyAgreeRecipientInfoGenerator setProvider(String str) {
        this.e = new a(new NamedJcaJceHelper(str));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator setProvider(Provider provider) {
        this.e = new a(new ProviderJcaJceHelper(provider));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator setSecureRandom(SecureRandom secureRandom) {
        this.f = secureRandom;
        return this;
    }
}
