package iaik.cms;

import iaik.asn1.ASN;
import iaik.asn1.ASN1Object;
import iaik.asn1.CON_SPEC;
import iaik.asn1.CodingException;
import iaik.asn1.INTEGER;
import iaik.asn1.OCTET_STRING;
import iaik.asn1.SEQUENCE;
import iaik.asn1.structures.AlgorithmID;
import iaik.utils.Util;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Enumeration;
import java.util.Vector;
import javax.crypto.SecretKey;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/iaik_cms-5.1_MOA.jar:iaik/cms/KeyAgreeRecipientInfo.class */
public class KeyAgreeRecipientInfo extends RecipientInfo {
    private static boolean a;
    private KeyIdentifier b;
    private byte[] c;
    private Vector d;
    private PrivateKey e;
    private PublicKey f;
    private AlgorithmID g;
    private int h;

    static {
        a = false;
        a = DebugCMS.getDebugMode() && a;
    }

    public KeyAgreeRecipientInfo() {
        this.version_ = 3;
        this.d = new Vector();
        this.h = -1;
    }

    public KeyAgreeRecipientInfo(ASN1Object aSN1Object) throws CodingException {
        this();
        decode(aSN1Object);
    }

    public KeyAgreeRecipientInfo(ASN1Object aSN1Object, SecurityProvider securityProvider) throws CodingException {
        this();
        this.securityProvider_ = securityProvider;
        decode(aSN1Object);
    }

    public KeyAgreeRecipientInfo(AlgorithmID algorithmID, AlgorithmID algorithmID2, int i) {
        this();
        this.keyEncryptionAlgorithm_ = (AlgorithmID) algorithmID.clone();
        this.g = (AlgorithmID) algorithmID2.clone();
        this.h = i;
    }

    public KeyAgreeRecipientInfo(KeyIdentifier keyIdentifier, AlgorithmID algorithmID, byte[] bArr) {
        this();
        if (keyIdentifier.getKeyIdType() != 0 && keyIdentifier.getKeyIdType() != 1 && keyIdentifier.getKeyIdType() != 4) {
            throw new IllegalArgumentException("Invalid originator identifier. Expected IssuerAndSerialNumber, SubjectKeyID or OriginatorPublicKey!");
        }
        this.b = keyIdentifier;
        this.keyEncryptionAlgorithm_ = (AlgorithmID) algorithmID.clone();
        this.c = bArr;
    }

    public KeyAgreeRecipientInfo(X509Certificate x509Certificate, PrivateKey privateKey, int i, AlgorithmID algorithmID, AlgorithmID algorithmID2, int i2, byte[] bArr) throws X509ExtensionException {
        this();
        a(x509Certificate, privateKey, i, algorithmID, algorithmID2, i2, bArr);
    }

    public KeyPair addRecipient(CertificateIdentifier certificateIdentifier, PublicKey publicKey) throws InvalidKeyException {
        KeyPair keyPair;
        SecurityProvider securityProvider = this.securityProvider_;
        if (securityProvider == null) {
            securityProvider = SecurityProvider.getSecurityProvider();
        }
        if (certificateIdentifier.getKeyIdType() != 0 && certificateIdentifier.getKeyIdType() != 2) {
            throw new IllegalArgumentException("Invalid recipient identifier. Expected IssuerAndSerialNumber or RecipientKeyIdentifier!");
        }
        if (this.e == null) {
            try {
                keyPair = securityProvider.generateKeyAgreementKeyPair(this.keyEncryptionAlgorithm_, publicKey);
                this.e = keyPair.getPrivate();
                this.f = keyPair.getPublic();
                this.b = new OriginatorPublicKey(keyPair.getPublic());
            } catch (Exception e) {
                throw new InvalidKeyException(new StringBuffer("Cannot create ephemeral originator key: ").append(e.getMessage()).toString());
            }
        } else {
            try {
                if (this.e == null) {
                    throw new NullPointerException("Cannot add recipient; originator private key not set.");
                }
                securityProvider.checkDomainParameters(this.e, publicKey);
                keyPair = new KeyPair(this.f, this.e);
            } catch (Exception e2) {
                throw new InvalidKeyException(new StringBuffer("Cannot add recipient key: ").append(e2.getMessage()).toString());
            }
        }
        this.d.addElement(new y(certificateIdentifier, publicKey));
        return keyPair;
    }

    public void addRecipient(CertificateIdentifier certificateIdentifier, byte[] bArr) throws CMSException {
        if (certificateIdentifier.getKeyIdType() != 0 && certificateIdentifier.getKeyIdType() != 2) {
            throw new IllegalArgumentException("Invalid recipient identifier. Expected IssuerAndSerialNumber or RecipientKeyIdentifier!");
        }
        if (this.b == null) {
            throw new CMSException("Cannot add already encrypted key; the originator field of this KeyAgreeRecipientInfo is not set!");
        }
        this.d.addElement(new y(certificateIdentifier, bArr));
    }

    public KeyPair addRecipient(X509Certificate x509Certificate, int i) throws InvalidKeyException, X509ExtensionException {
        return addRecipient(a(x509Certificate, i), x509Certificate.getPublicKey());
    }

    public int countRecipientEncryptedKeys() {
        return this.d.size();
    }

    @Override // iaik.cms.RecipientInfo, iaik.asn1.ASN1Type
    public void decode(ASN1Object aSN1Object) throws CodingException {
        this.version_ = ((BigInteger) aSN1Object.getComponentAt(0).getValue()).intValue();
        this.b = new x((ASN1Object) aSN1Object.getComponentAt(1).getValue(), this.securityProvider_).a();
        int i = 2;
        if (aSN1Object.getComponentAt(2).isA(ASN.CON_SPEC)) {
            i = 2 + 1;
            this.c = (byte[]) ((ASN1Object) aSN1Object.getComponentAt(2).getValue()).getValue();
        }
        int i2 = i;
        int i3 = i + 1;
        this.keyEncryptionAlgorithm_ = new AlgorithmID(aSN1Object.getComponentAt(i2));
        try {
            ASN1Object parameter = this.keyEncryptionAlgorithm_.getParameter();
            if (parameter != null) {
                this.g = new AlgorithmID(parameter);
            }
        } catch (Exception unused) {
            if (a) {
                System.out.println("Missing key wrap algorithm id parameter in key agree algorithm id!");
            }
        }
        ASN1Object componentAt = aSN1Object.getComponentAt(i3);
        for (int i4 = 0; i4 < componentAt.countComponents(); i4++) {
            this.d.addElement(new y(componentAt.getComponentAt(i4)));
        }
    }

    @Override // iaik.cms.RecipientInfo
    public SecretKey decryptKey(Key key) throws CMSException, InvalidKeyException {
        return decryptKey(key, (KeyIdentifier) null, "RAW");
    }

    @Override // iaik.cms.RecipientInfo
    public SecretKey decryptKey(Key key, KeyIdentifier keyIdentifier, String str) throws CMSException, InvalidKeyException {
        SecretKey decryptKey;
        if (key != null && !(key instanceof PrivateKey)) {
            throw new InvalidKeyException("Need a private key for decrypting the content encryption key!");
        }
        if (this.f != null) {
            decryptKey = decryptKey((PrivateKey) key, keyIdentifier, this.f, str);
        } else {
            if (this.b.getKeyIdType() != 4) {
                throw new CMSException("Cannot decrypt content encryption key. Need originator public key!");
            }
            decryptKey = decryptKey((PrivateKey) key, keyIdentifier, ((OriginatorPublicKey) this.b).getPublicKey(), str);
        }
        return decryptKey;
    }

    public SecretKey decryptKey(PrivateKey privateKey, KeyIdentifier keyIdentifier, PublicKey publicKey, String str) throws CMSException, InvalidKeyException {
        if (this.d.isEmpty()) {
            throw new CMSException("No encrypted key included in this KeyAgreeRecipientInfo!");
        }
        if (publicKey == null) {
            throw new CMSException("Cannot decrypt content encryption key. Need originator public key!");
        }
        Enumeration elements = this.d.elements();
        if (keyIdentifier == null) {
            while (elements.hasMoreElements()) {
                try {
                    return ((y) elements.nextElement()).a(this.keyEncryptionAlgorithm_, this.g, privateKey, publicKey, this.c, str, this.securityProvider_);
                } catch (Exception e) {
                    if (a) {
                        System.out.println(new StringBuffer("Error decrypting key: ").append(e.getMessage()).toString());
                        System.out.println("Try the next recipient encrypted key...");
                    }
                }
            }
            throw new InvalidKeyException("Cannot decrypt any of the encrypted content encryption keys of this KeyAgreeRecipientInfo with the given private key!");
        }
        while (elements.hasMoreElements()) {
            y yVar = (y) elements.nextElement();
            if (yVar.a((CertificateIdentifier) keyIdentifier)) {
                return yVar.a(this.keyEncryptionAlgorithm_, this.g, privateKey, publicKey, this.c, str, this.securityProvider_);
            }
        }
        throw new CMSException("No encrypted key found for this recipientIdentifier");
    }

    public SecretKey decryptKey(PrivateKey privateKey, X509Certificate x509Certificate, String str) throws CMSException, InvalidKeyException {
        SecretKey decryptKey;
        if (this.f != null) {
            decryptKey = decryptKey(privateKey, x509Certificate, this.f, str);
        } else {
            if (this.b.getKeyIdType() != 4) {
                throw new CMSException("Cannot decrypt content encryption key. Need originator public key!");
            }
            decryptKey = decryptKey(privateKey, x509Certificate, ((OriginatorPublicKey) this.b).getPublicKey(), str);
        }
        return decryptKey;
    }

    public SecretKey decryptKey(PrivateKey privateKey, X509Certificate x509Certificate, PublicKey publicKey, String str) throws CMSException, InvalidKeyException {
        y yVar;
        CertificateIdentifier b;
        Enumeration elements = this.d.elements();
        CertificateIdentifier certificateIdentifier = null;
        while (elements.hasMoreElements()) {
            try {
                yVar = (y) elements.nextElement();
                b = yVar.b();
                if (certificateIdentifier == null || certificateIdentifier.getKeyIdType() != b.getKeyIdType()) {
                    certificateIdentifier = a(x509Certificate, b.getKeyIdType());
                }
            } catch (X509ExtensionException unused) {
            }
            if (certificateIdentifier.equals(b)) {
                return yVar.a(this.keyEncryptionAlgorithm_, this.g, privateKey, publicKey, this.c, str, this.securityProvider_);
            }
            continue;
        }
        throw new CMSException("No recipient encrypted key included for this recipient!");
    }

    @Override // iaik.cms.RecipientInfo
    public void encryptKey(SecretKey secretKey) throws CMSException {
        if (this.keyEncryptionAlgorithm_ == null) {
            throw new NullPointerException("Unable to encrypt symmetric key. Key-encryption algorithm is not set!");
        }
        if (this.b == null) {
            throw new NullPointerException("Unable to encrypt symmetric key. Originator not set!");
        }
        if (this.d.isEmpty()) {
            throw new NullPointerException("Unable to encrypt symmetric key. No recipient information added!");
        }
        if (secretKey == null) {
            throw new NullPointerException("Cannot encrypt a null key!");
        }
        Enumeration elements = this.d.elements();
        while (elements.hasMoreElements()) {
            ((y) elements.nextElement()).a(secretKey, this.keyEncryptionAlgorithm_, this.e, this.g, this.h, this.c, this.securityProvider_);
        }
    }

    @Override // iaik.cms.RecipientInfo
    public byte[] getEncryptedKey(KeyIdentifier keyIdentifier) throws CMSException {
        byte[] bArr = null;
        if (this.d.size() > 0) {
            if (keyIdentifier != null) {
                Enumeration elements = this.d.elements();
                while (true) {
                    if (!elements.hasMoreElements()) {
                        break;
                    }
                    y yVar = (y) elements.nextElement();
                    if (keyIdentifier.equals(yVar.b())) {
                        bArr = yVar.a();
                        break;
                    }
                }
            } else {
                bArr = ((y) this.d.firstElement()).a();
            }
        }
        return bArr;
    }

    public AlgorithmID getKeyWrapAlgorithm() {
        return this.g;
    }

    public KeyIdentifier getOriginator() {
        return this.b;
    }

    private static CertificateIdentifier a(X509Certificate x509Certificate, int i) throws X509ExtensionException {
        if (i == 0) {
            return new IssuerAndSerialNumber(x509Certificate);
        }
        if (i == 2) {
            return new RecipientKeyIdentifier(new SubjectKeyID(x509Certificate));
        }
        throw new IllegalArgumentException("Invalid recipient identifier. Expected IssuerAndSerialNumber or RecipientKeyIdentifier!");
    }

    @Override // iaik.cms.RecipientInfo
    public KeyIdentifier[] getRecipientIdentifiers() {
        int countRecipientEncryptedKeys = countRecipientEncryptedKeys();
        CertificateIdentifier[] certificateIdentifierArr = new CertificateIdentifier[countRecipientEncryptedKeys];
        for (int i = 0; i < countRecipientEncryptedKeys; i++) {
            certificateIdentifierArr[i] = ((y) this.d.elementAt(i)).b();
        }
        return certificateIdentifierArr;
    }

    public byte[] getUKM() {
        return this.c;
    }

    private void a(X509Certificate x509Certificate, PrivateKey privateKey, int i, AlgorithmID algorithmID, AlgorithmID algorithmID2, int i2, byte[] bArr) throws X509ExtensionException {
        this.e = privateKey;
        this.f = x509Certificate.getPublicKey();
        if (i == 0) {
            this.b = new IssuerAndSerialNumber(x509Certificate);
        } else {
            if (i != 1) {
                throw new IllegalArgumentException(new StringBuffer("Cannot create KeyAgreeRecipientInfo: illegal originator identifier type: ").append(i).toString());
            }
            this.b = new SubjectKeyID(x509Certificate);
        }
        this.keyEncryptionAlgorithm_ = (AlgorithmID) algorithmID.clone();
        this.g = (AlgorithmID) algorithmID2.clone();
        this.h = i2;
        this.c = bArr;
    }

    @Override // iaik.cms.RecipientInfo
    public boolean isRecipientInfoFor(KeyIdentifier keyIdentifier) {
        Enumeration elements = this.d.elements();
        while (elements.hasMoreElements()) {
            if (keyIdentifier.equals(((y) elements.nextElement()).b())) {
                return true;
            }
        }
        return false;
    }

    @Override // iaik.cms.RecipientInfo
    public CertificateIdentifier isRecipientInfoFor(X509Certificate x509Certificate) {
        CertificateIdentifier b;
        Enumeration elements = this.d.elements();
        CertificateIdentifier certificateIdentifier = null;
        while (elements.hasMoreElements()) {
            try {
                b = ((y) elements.nextElement()).b();
                if (certificateIdentifier == null || certificateIdentifier.getKeyIdType() != b.getKeyIdType()) {
                    certificateIdentifier = a(x509Certificate, b.getKeyIdType());
                }
            } catch (X509ExtensionException unused) {
            }
            if (certificateIdentifier.equals(b)) {
                return certificateIdentifier;
            }
            continue;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(PublicKey publicKey, PrivateKey privateKey) {
        this.f = publicKey;
        this.e = privateKey;
    }

    @Override // iaik.cms.RecipientInfo
    public void setSecurityProvider(SecurityProvider securityProvider) {
        this.securityProvider_ = securityProvider;
    }

    public void setUKM(byte[] bArr) {
        this.c = bArr;
    }

    @Override // iaik.cms.RecipientInfo, iaik.asn1.ASN1Type
    public ASN1Object toASN1Object() throws CodingException {
        if (this.b == null) {
            throw new NullPointerException("originator field of this KeyAgreeRecipientInfo not set!");
        }
        if (this.keyEncryptionAlgorithm_ == null) {
            throw new NullPointerException("keyEncryptionAlgorithm field of this KeyAgreeRecipientInfo not set!");
        }
        if (this.d.isEmpty()) {
            throw new NullPointerException("No recipientEncryptedKey included!");
        }
        SEQUENCE sequence = new SEQUENCE();
        sequence.addComponent(new INTEGER(this.version_));
        sequence.addComponent(new CON_SPEC(0, new x(this.b).toASN1Object()));
        if (this.c != null && this.c.length > 0) {
            sequence.addComponent(new CON_SPEC(1, new OCTET_STRING(this.c)));
        }
        sequence.addComponent(this.keyEncryptionAlgorithm_.toASN1Object());
        sequence.addComponent(ASN.createSequenceOf(this.d));
        return sequence;
    }

    @Override // iaik.cms.RecipientInfo
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(new StringBuffer("version: ").append(this.version_).append("\n").toString());
        stringBuffer.append(new StringBuffer("originator: ").append(this.b).append("\n").toString());
        if (this.c != null) {
            stringBuffer.append(new StringBuffer("ukm: ").append(Util.toString(this.c, 0, 5)).append("...\n").toString());
        }
        stringBuffer.append(new StringBuffer("keyEncryptionAlgorithm: ").append(this.keyEncryptionAlgorithm_).append("\n").toString());
        stringBuffer.append("recipientEncryptedKeys: {\n");
        Enumeration elements = this.d.elements();
        while (elements.hasMoreElements()) {
            stringBuffer.append(new StringBuffer(String.valueOf(String.valueOf(elements.nextElement()))).append("\n").toString());
        }
        stringBuffer.append("}\n");
        return stringBuffer.toString();
    }
}
