package com.rsa.cryptoj.c;

import com.rsa.jsafe.cms.CMSException;
import com.rsa.jsafe.cms.InfoObjectFactory;
import com.rsa.jsafe.cms.KeyContainer;
import com.rsa.jsafe.cms.KeyTransRecipientInfo;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes3.dex */
public class jf implements jp, KeyTransRecipientInfo {
    private static final String l = "RecipientIdentifier";
    private static final String m = "IssuerAndSerialNumber";
    private static final String n = "Name";
    private final byte[] a;

    /* renamed from: b, reason: collision with root package name */
    private final X500Principal f10236b;

    /* renamed from: e, reason: collision with root package name */
    private final BigInteger f10237e;

    /* renamed from: f, reason: collision with root package name */
    private final String f10238f;

    /* renamed from: g, reason: collision with root package name */
    private PublicKey f10239g;

    /* renamed from: h, reason: collision with root package name */
    private byte[] f10240h;

    /* renamed from: i, reason: collision with root package name */
    private cf f10241i;

    /* renamed from: j, reason: collision with root package name */
    private op f10242j;

    /* renamed from: k, reason: collision with root package name */
    private d f10243k;

    public jf(d dVar, cf cfVar) throws hr {
        this.f10241i = cfVar;
        d a = dVar.a("rid");
        if (a.f(a.b().e()) == 0) {
            this.a = ((ae) a.a("subjectKeyIdentifier")).g();
            this.f10236b = null;
            this.f10237e = null;
        } else {
            this.f10236b = new X500Principal(a.a(a.a("issuer")));
            this.f10237e = ((w) a.a("serialNumber")).g();
            this.a = null;
        }
        oc ocVar = new oc(dVar.a("keyEncryptionAlgorithm"));
        this.f10238f = ob.a(ocVar.d(), ocVar.b());
        if (this.f10238f != null) {
            this.f10240h = ((ae) dVar.a("encryptedKey")).g();
            return;
        }
        throw new hr("Key Encryption algorithm with OID " + ocVar.d() + " not supported");
    }

    public jf(X509Certificate x509Certificate, String str) throws CMSException {
        this.f10236b = x509Certificate.getIssuerX500Principal();
        this.f10237e = x509Certificate.getSerialNumber();
        this.f10238f = str;
        String upperCase = this.f10238f.toUpperCase();
        this.f10242j = Cif.a(str);
        op opVar = this.f10242j;
        if (opVar != null) {
            this.f10243k = (!opVar.equals(op.by) || upperCase.equals(InfoObjectFactory.ENCRYPTION_RSAOAEP.toUpperCase())) ? Cif.a(this.f10242j, null, null) : a(a(upperCase));
            this.f10239g = x509Certificate.getPublicKey();
            this.a = null;
        } else {
            throw new CMSException("Asymmetric algorithm " + this.f10238f + " not supported");
        }
    }

    private d a(op opVar) {
        return a.a("AlgorithmIdentifier", new Object[]{op.by.c(), a.a("RSAES-OAEP-params", new Object[]{new Object[]{opVar.c(), new z()}, null, null})});
    }

    private op a(String str) throws CMSException {
        if (str.equals(InfoObjectFactory.ENCRYPTION_RSAOAEP_SHA256.toUpperCase())) {
            return op.bp;
        }
        if (str.equals(InfoObjectFactory.ENCRYPTION_RSAOAEP_SHA512.toUpperCase())) {
            return op.br;
        }
        throw new CMSException("Encryption Algorithm is not supported: " + str);
    }

    private byte[] a(PrivateKey privateKey) throws CMSException {
        fx fxVar;
        fx fxVar2 = null;
        try {
            try {
                fxVar = (fx) kf.a(this.f10238f, this.f10241i, kb.a);
            } catch (Throwable th) {
                th = th;
            }
        } catch (InvalidKeyException unused) {
        } catch (NoSuchAlgorithmException unused2) {
        } catch (Exception e2) {
            e = e2;
        }
        try {
            fxVar.engineInit(2, privateKey, null);
            byte[] engineDoFinal = fxVar.engineDoFinal(this.f10240h, 0, this.f10240h.length);
            if (fxVar != null) {
                fxVar.c();
            }
            return engineDoFinal;
        } catch (InvalidKeyException unused3) {
            throw new CMSException("Unable to create a cipher for algorithm " + this.f10238f);
        } catch (NoSuchAlgorithmException unused4) {
            throw new CMSException("Unable to create a cipher for algorithm " + this.f10238f);
        } catch (Exception e3) {
            e = e3;
            throw new CMSException(e);
        } catch (Throwable th2) {
            th = th2;
            fxVar2 = fxVar;
            if (fxVar2 != null) {
                fxVar2.c();
            }
            throw th;
        }
    }

    private byte[] b(PrivateKey privateKey, Provider provider) throws CMSException {
        String str = this.f10238f.equalsIgnoreCase("RSA") ? "RSA/ECB/PKCS1Padding" : this.f10238f;
        try {
            Cipher cipher = Cipher.getInstance(str, provider);
            cipher.init(2, privateKey);
            return cipher.doFinal(this.f10240h);
        } catch (InvalidKeyException unused) {
            throw new CMSException("Invalid key for cipher operation using JCE provider: " + provider.getName());
        } catch (NoSuchAlgorithmException unused2) {
            throw new CMSException("NoSuchAlgorithmException creating " + str + " cipher using JCE provider: " + provider.getName());
        } catch (BadPaddingException unused3) {
            throw new CMSException("BadPaddingException creating cipher " + str + " using JCE provider: " + provider.getName());
        } catch (IllegalBlockSizeException unused4) {
            throw new CMSException("IllegalBlockSizeException creating cipher " + str + " using JCE provider: " + provider.getName());
        } catch (NoSuchPaddingException unused5) {
            throw new CMSException("Invalid cipher padding " + str + " for JCE provider: " + provider.getName());
        }
    }

    @Override // com.rsa.cryptoj.c.jp
    public d a(SecretKey secretKey, String str, int i2, SecureRandom secureRandom, cf cfVar) throws IOException {
        d aeVar;
        X500Principal x500Principal = this.f10236b;
        if (x500Principal == null || this.f10237e == null) {
            aeVar = new ae(this.a);
            aeVar.c(0);
        } else {
            aeVar = a.a(m, new Object[]{a.a("Name", x500Principal.getEncoded(), 0), this.f10237e});
        }
        d a = a.a(l, aeVar);
        try {
            fx fxVar = (fx) kf.a(this.f10238f, cfVar, kb.a);
            fxVar.engineInit(1, this.f10239g, secureRandom);
            byte[] encoded = secretKey.getEncoded();
            return a.a(jp.f10277c, a.a(jp.f10278d, new Object[]{this.a != null ? new w(jy.V2.a()) : new w(jy.V0.a()), a, this.f10243k, new ae(fxVar.engineDoFinal(encoded, 0, encoded.length))}));
        } catch (Exception unused) {
            throw new CMSException("Unable to create a cipher for algorithm " + this.f10238f);
        }
    }

    @Override // com.rsa.cryptoj.c.jp
    public byte[] a(KeyContainer keyContainer) throws CMSException {
        PrivateKey privateKey = keyContainer.getPrivateKey();
        Provider cipherJceProvider = keyContainer.getCipherJceProvider();
        if (privateKey != null) {
            return a(privateKey, cipherJceProvider);
        }
        throw new CMSException("Invalid decryptionKey for KeyTransRecipientInfoImpl, expected PrivateKey.");
    }

    public byte[] a(PrivateKey privateKey, Provider provider) throws CMSException {
        return provider == null ? a(privateKey) : b(privateKey, provider);
    }

    @Override // com.rsa.jsafe.cms.KeyTransRecipientInfo
    public X500Principal getIssuer() {
        return this.f10236b;
    }

    @Override // com.rsa.jsafe.cms.KeyTransRecipientInfo
    public BigInteger getSerialNumber() {
        return this.f10237e;
    }

    @Override // com.rsa.jsafe.cms.KeyTransRecipientInfo
    public byte[] getSubjectKeyIdentifier() {
        return this.a;
    }
}
