package uz.yt.cams.pki;

import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import javax.crypto.KeyAgreement;
import org.spongycastle.jcajce.util.yt.DefaultAlgParams;

/* loaded from: classes2.dex */
public class DocumentEncrypter extends MessageEncrypter {
    private static final String DIGEST_ALG = DefaultAlgParams.getDefaultDigestAlg();
    private static final int ENVELOP_MAGIC = -559038242;
    private static final int ENVELOP_VERSION = 2;
    protected X509Certificate certificate;
    protected PrivateKey privateKey;
    protected Provider provider;

    public DocumentEncrypter(Provider provider, X509Certificate x509Certificate, PrivateKey privateKey) {
        this.provider = provider;
        this.certificate = x509Certificate;
        this.privateKey = privateKey;
    }

    public byte[] createEnvelop(X509Certificate x509Certificate, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException, CertificateEncodingException, IOException {
        KeyAgreement keyAgreement = this.privateKey.getAlgorithm().equals(x509Certificate.getPublicKey().getAlgorithm()) ? KeyAgreement.getInstance(DefaultAlgParams.getDefaultKeyExchangeAlg(this.privateKey.getAlgorithm()), this.provider) : null;
        if (keyAgreement == null) {
            throw new InvalidKeyException("Несоответствующий закрытый или открытый ключ");
        }
        keyAgreement.init(this.privateKey);
        keyAgreement.doPhase(x509Certificate.getPublicKey(), true);
        byte[] generateSecret = keyAgreement.generateSecret();
        byte[] generateSeed = new SecureRandom().generateSeed(32);
        MessageDigest messageDigest = MessageDigest.getInstance(DIGEST_ALG, this.provider);
        messageDigest.update(generateSeed);
        messageDigest.update(generateSecret);
        byte[] digest = messageDigest.digest();
        messageDigest.reset();
        messageDigest.update(bArr);
        byte[] digest2 = messageDigest.digest();
        byte[] gostEncryptPKCS7Padding = gostEncryptPKCS7Padding(bArr, digest);
        byte[] encoded = this.certificate.getEncoded();
        byte[] bytes = x509Certificate.getSerialNumber().toString(16).getBytes();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        dataOutputStream.writeInt(ENVELOP_MAGIC);
        dataOutputStream.writeInt(2);
        dataOutputStream.writeInt(encoded.length);
        dataOutputStream.writeInt(bytes.length);
        dataOutputStream.writeInt(generateSeed.length);
        dataOutputStream.writeInt(gostEncryptPKCS7Padding.length);
        dataOutputStream.writeInt(digest2.length);
        dataOutputStream.write(encoded, 0, encoded.length);
        dataOutputStream.write(bytes, 0, bytes.length);
        dataOutputStream.write(generateSeed, 0, generateSeed.length);
        dataOutputStream.write(gostEncryptPKCS7Padding, 0, gostEncryptPKCS7Padding.length);
        dataOutputStream.write(digest2, 0, digest2.length);
        dataOutputStream.flush();
        return byteArrayOutputStream.toByteArray();
    }
}
