package uz.yt.cams.pki;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.X509Certificate;
import javax.crypto.KeyAgreement;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.jcajce.util.yt.DefaultAlgParams;
import org.spongycastle.util.Arrays;
import uz.yt.cams.pki.dto.EnvelopInfo;
import uz.yt.cams.pki.exception.DecryptionException;
import uz.yt.cams.pki.exception.EnvelopFormatException;

/* loaded from: classes2.dex */
public class DocumentDecrypter extends MessageDecrypter {
    private static final String DIGEST_ALG = DefaultAlgParams.getDefaultDigestAlg();
    private static final int ENVELOP_MAGIC = -559038242;
    private static final int ENVELOP_VERSION = 2;
    protected PrivateKey privateKey;
    protected Provider provider;

    public DocumentDecrypter(Provider provider, PrivateKey privateKey) {
        this.provider = provider;
        this.privateKey = privateKey;
    }

    public static EnvelopInfo getEnvelopInfo(byte[] bArr) throws EnvelopFormatException {
        try {
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
            int readInt = dataInputStream.readInt();
            int readInt2 = dataInputStream.readInt();
            if (readInt != ENVELOP_MAGIC) {
                throw new Exception("Неверный формат зашифрованных данных");
            }
            if (readInt2 != 2) {
                throw new Exception("Неверная версия формата зашифрованных данных");
            }
            int readInt3 = dataInputStream.readInt();
            int readInt4 = dataInputStream.readInt();
            int readInt5 = dataInputStream.readInt();
            int readInt6 = dataInputStream.readInt();
            int readInt7 = dataInputStream.readInt();
            byte[] bArr2 = new byte[readInt3];
            dataInputStream.read(bArr2);
            byte[] bArr3 = new byte[readInt4];
            dataInputStream.read(bArr3);
            byte[] bArr4 = new byte[readInt5];
            dataInputStream.read(bArr4);
            byte[] bArr5 = new byte[readInt6];
            dataInputStream.read(bArr5);
            byte[] bArr6 = new byte[readInt7];
            dataInputStream.read(bArr6);
            return new EnvelopInfo(readInt2, new X509CertificateHolder(bArr2), new BigInteger(new String(bArr3), 16), bArr4, bArr5, bArr6);
        } catch (Throwable th) {
            throw new EnvelopFormatException(th.getMessage(), th);
        }
    }

    public byte[] openEnvelop(EnvelopInfo envelopInfo) throws DecryptionException {
        try {
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(this.provider).getCertificate(envelopInfo.getSenderCertificate());
            KeyAgreement keyAgreement = this.privateKey.getAlgorithm().equals(certificate.getPublicKey().getAlgorithm()) ? KeyAgreement.getInstance(DefaultAlgParams.getDefaultKeyExchangeAlg(this.privateKey.getAlgorithm()), this.provider) : null;
            if (keyAgreement == null) {
                throw new DecryptionException("Несоответствующий закрытый или открытый ключ");
            }
            keyAgreement.init(this.privateKey);
            keyAgreement.doPhase(certificate.getPublicKey(), true);
            byte[] generateSecret = keyAgreement.generateSecret();
            MessageDigest messageDigest = MessageDigest.getInstance(DIGEST_ALG, this.provider);
            messageDigest.update(envelopInfo.getSeed());
            messageDigest.update(generateSecret);
            byte[] gostDecryptPKCS7Padding = gostDecryptPKCS7Padding(envelopInfo.getEncrypted(), messageDigest.digest());
            messageDigest.reset();
            messageDigest.update(gostDecryptPKCS7Padding);
            if (Arrays.areEqual(envelopInfo.getChecksum(), messageDigest.digest())) {
                return gostDecryptPKCS7Padding;
            }
            throw new Exception("Данные повреждены");
        } catch (Throwable th) {
            throw new DecryptionException(th.getMessage(), th);
        }
    }
}
