package xch.bouncycastle.operator.jcajce;

import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import xch.bouncycastle.asn1.ASN1ObjectIdentifier;
import xch.bouncycastle.asn1.DERNull;
import xch.bouncycastle.asn1.DEROctetString;
import xch.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import xch.bouncycastle.asn1.cryptopro.Gost2814789EncryptedKey;
import xch.bouncycastle.asn1.cryptopro.GostR3410KeyTransport;
import xch.bouncycastle.asn1.cryptopro.GostR3410TransportParameters;
import xch.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import xch.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import xch.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import xch.bouncycastle.asn1.pkcs.RSAESOAEPparams;
import xch.bouncycastle.asn1.rosstandart.RosstandartObjectIdentifiers;
import xch.bouncycastle.asn1.x509.AlgorithmIdentifier;
import xch.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import xch.bouncycastle.crypto.CryptoServicesRegistrar;
import xch.bouncycastle.jcajce.spec.GOST28147WrapParameterSpec;
import xch.bouncycastle.jcajce.spec.UserKeyingMaterialSpec;
import xch.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import xch.bouncycastle.jcajce.util.NamedJcaJceHelper;
import xch.bouncycastle.jcajce.util.ProviderJcaJceHelper;
import xch.bouncycastle.operator.AsymmetricKeyWrapper;
import xch.bouncycastle.operator.GenericKey;
import xch.bouncycastle.operator.OperatorException;
import xch.bouncycastle.pqc.crypto.sphincs.SPHINCSKeyParameters;
import xch.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import xch.bouncycastle.util.Arrays;

/* loaded from: classes.dex */
public class JceAsymmetricKeyWrapper extends AsymmetricKeyWrapper {
    private static final Set f;
    private static final Map g;

    /* renamed from: b, reason: collision with root package name */
    private l f3207b;

    /* renamed from: c, reason: collision with root package name */
    private Map f3208c;

    /* renamed from: d, reason: collision with root package name */
    private PublicKey f3209d;
    private SecureRandom e;

    static {
        HashSet hashSet = new HashSet();
        f = hashSet;
        hashSet.add(CryptoProObjectIdentifiers.E);
        f.add(CryptoProObjectIdentifiers.m);
        f.add(RosstandartObjectIdentifiers.l);
        f.add(RosstandartObjectIdentifiers.m);
        f.add(RosstandartObjectIdentifiers.g);
        f.add(RosstandartObjectIdentifiers.h);
        HashMap hashMap = new HashMap();
        g = hashMap;
        hashMap.put("SHA1", new AlgorithmIdentifier(OIWObjectIdentifiers.i, DERNull.v5));
        g.put(McElieceCCA2KeyGenParameterSpec.A5, new AlgorithmIdentifier(OIWObjectIdentifiers.i, DERNull.v5));
        g.put("SHA224", new AlgorithmIdentifier(NISTObjectIdentifiers.f, DERNull.v5));
        g.put(McElieceCCA2KeyGenParameterSpec.B5, new AlgorithmIdentifier(NISTObjectIdentifiers.f, DERNull.v5));
        g.put("SHA256", new AlgorithmIdentifier(NISTObjectIdentifiers.f693c, DERNull.v5));
        g.put("SHA-256", new AlgorithmIdentifier(NISTObjectIdentifiers.f693c, DERNull.v5));
        g.put("SHA384", new AlgorithmIdentifier(NISTObjectIdentifiers.f694d, DERNull.v5));
        g.put(McElieceCCA2KeyGenParameterSpec.D5, new AlgorithmIdentifier(NISTObjectIdentifiers.f694d, DERNull.v5));
        g.put("SHA512", new AlgorithmIdentifier(NISTObjectIdentifiers.e, DERNull.v5));
        g.put("SHA-512", new AlgorithmIdentifier(NISTObjectIdentifiers.e, DERNull.v5));
        g.put("SHA512/224", new AlgorithmIdentifier(NISTObjectIdentifiers.g, DERNull.v5));
        g.put("SHA-512/224", new AlgorithmIdentifier(NISTObjectIdentifiers.g, DERNull.v5));
        g.put("SHA-512(224)", new AlgorithmIdentifier(NISTObjectIdentifiers.g, DERNull.v5));
        g.put("SHA512/256", new AlgorithmIdentifier(NISTObjectIdentifiers.h, DERNull.v5));
        g.put(SPHINCSKeyParameters.x5, new AlgorithmIdentifier(NISTObjectIdentifiers.h, DERNull.v5));
        g.put("SHA-512(256)", new AlgorithmIdentifier(NISTObjectIdentifiers.h, DERNull.v5));
    }

    public JceAsymmetricKeyWrapper(AlgorithmParameters algorithmParameters, PublicKey publicKey) {
        super(a(algorithmParameters.getParameterSpec(AlgorithmParameterSpec.class)));
        this.f3207b = new l(new DefaultJcaJceHelper());
        this.f3208c = new HashMap();
        this.f3209d = publicKey;
    }

    public JceAsymmetricKeyWrapper(PublicKey publicKey) {
        super(SubjectPublicKeyInfo.a(publicKey.getEncoded()).h());
        this.f3207b = new l(new DefaultJcaJceHelper());
        this.f3208c = new HashMap();
        this.f3209d = publicKey;
    }

    public JceAsymmetricKeyWrapper(X509Certificate x509Certificate) {
        this(x509Certificate.getPublicKey());
    }

    public JceAsymmetricKeyWrapper(AlgorithmParameterSpec algorithmParameterSpec, PublicKey publicKey) {
        super(a(algorithmParameterSpec));
        this.f3207b = new l(new DefaultJcaJceHelper());
        this.f3208c = new HashMap();
        this.f3209d = publicKey;
    }

    public JceAsymmetricKeyWrapper(AlgorithmIdentifier algorithmIdentifier, PublicKey publicKey) {
        super(algorithmIdentifier);
        this.f3207b = new l(new DefaultJcaJceHelper());
        this.f3208c = new HashMap();
        this.f3209d = publicKey;
    }

    private static AlgorithmIdentifier a(AlgorithmParameterSpec algorithmParameterSpec) {
        if (!(algorithmParameterSpec instanceof OAEPParameterSpec)) {
            StringBuilder a2 = a.a.a.a.a.a("unknown spec: ");
            a2.append(algorithmParameterSpec.getClass().getName());
            throw new IllegalArgumentException(a2.toString());
        }
        OAEPParameterSpec oAEPParameterSpec = (OAEPParameterSpec) algorithmParameterSpec;
        if (!oAEPParameterSpec.getMGFAlgorithm().equals(OAEPParameterSpec.DEFAULT.getMGFAlgorithm())) {
            StringBuilder a3 = a.a.a.a.a.a("unknown MGF: ");
            a3.append(oAEPParameterSpec.getMGFAlgorithm());
            throw new IllegalArgumentException(a3.toString());
        }
        if (oAEPParameterSpec.getPSource() instanceof PSource.PSpecified) {
            return new AlgorithmIdentifier(PKCSObjectIdentifiers.p0, new RSAESOAEPparams(b(oAEPParameterSpec.getDigestAlgorithm()), new AlgorithmIdentifier(PKCSObjectIdentifiers.q0, b(((MGF1ParameterSpec) oAEPParameterSpec.getMGFParameters()).getDigestAlgorithm())), new AlgorithmIdentifier(PKCSObjectIdentifiers.r0, new DEROctetString(((PSource.PSpecified) oAEPParameterSpec.getPSource()).getValue()))));
        }
        StringBuilder a4 = a.a.a.a.a.a("unknown PSource: ");
        a4.append(oAEPParameterSpec.getPSource().getAlgorithm());
        throw new IllegalArgumentException(a4.toString());
    }

    static boolean a(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return f.contains(aSN1ObjectIdentifier);
    }

    private static AlgorithmIdentifier b(String str) {
        AlgorithmIdentifier algorithmIdentifier = (AlgorithmIdentifier) g.get(str);
        if (algorithmIdentifier != null) {
            return algorithmIdentifier;
        }
        throw new IllegalArgumentException(a.a.a.a.a.a("unknown digest name: ", str));
    }

    public JceAsymmetricKeyWrapper a(String str) {
        this.f3207b = new l(new NamedJcaJceHelper(str));
        return this;
    }

    public JceAsymmetricKeyWrapper a(Provider provider) {
        this.f3207b = new l(new ProviderJcaJceHelper(provider));
        return this;
    }

    public JceAsymmetricKeyWrapper a(SecureRandom secureRandom) {
        this.e = secureRandom;
        return this;
    }

    public JceAsymmetricKeyWrapper a(ASN1ObjectIdentifier aSN1ObjectIdentifier, String str) {
        this.f3208c.put(aSN1ObjectIdentifier, str);
        return this;
    }

    @Override // xch.bouncycastle.operator.KeyWrapper
    public byte[] a(GenericKey genericKey) {
        byte[] bArr;
        if (!a(a().h())) {
            Cipher a2 = this.f3207b.a(a().h(), this.f3208c);
            try {
                AlgorithmParameters a3 = this.f3207b.a(a());
                if (a3 != null) {
                    a2.init(3, this.f3209d, a3, this.e);
                } else {
                    a2.init(3, this.f3209d, this.e);
                }
                bArr = a2.wrap(m.a(genericKey));
            } catch (IllegalStateException | UnsupportedOperationException | InvalidKeyException | GeneralSecurityException | ProviderException unused) {
                bArr = null;
            }
            if (bArr != null) {
                return bArr;
            }
            try {
                a2.init(1, this.f3209d, this.e);
                return a2.doFinal(m.a(genericKey).getEncoded());
            } catch (InvalidKeyException e) {
                throw new OperatorException("unable to encrypt contents key", e);
            } catch (GeneralSecurityException e2) {
                throw new OperatorException("unable to encrypt contents key", e2);
            }
        }
        try {
            if (this.e == null) {
                this.e = CryptoServicesRegistrar.a();
            }
            KeyPairGenerator c2 = this.f3207b.c(a().h());
            c2.initialize(((ECPublicKey) this.f3209d).getParams(), this.e);
            KeyPair generateKeyPair = c2.generateKeyPair();
            byte[] bArr2 = new byte[8];
            this.e.nextBytes(bArr2);
            SubjectPublicKeyInfo a4 = SubjectPublicKeyInfo.a(generateKeyPair.getPublic().getEncoded());
            GostR3410TransportParameters gostR3410TransportParameters = a4.h().h().a(RosstandartObjectIdentifiers.f715b) ? new GostR3410TransportParameters(RosstandartObjectIdentifiers.t, a4, bArr2) : new GostR3410TransportParameters(CryptoProObjectIdentifiers.h, a4, bArr2);
            KeyAgreement b2 = this.f3207b.b(a().h());
            b2.init(generateKeyPair.getPrivate(), new UserKeyingMaterialSpec(gostR3410TransportParameters.j()));
            b2.doPhase(this.f3209d, true);
            SecretKey generateSecret = b2.generateSecret(CryptoProObjectIdentifiers.e.l());
            byte[] encoded = m.a(genericKey).getEncoded();
            Cipher a5 = this.f3207b.a(CryptoProObjectIdentifiers.e);
            a5.init(3, generateSecret, new GOST28147WrapParameterSpec(gostR3410TransportParameters.h(), gostR3410TransportParameters.j()));
            byte[] wrap = a5.wrap(new SecretKeySpec(encoded, "GOST"));
            return new GostR3410KeyTransport(new Gost2814789EncryptedKey(Arrays.b(wrap, 0, 32), Arrays.b(wrap, 32, 36)), gostR3410TransportParameters).getEncoded();
        } catch (Exception e3) {
            throw new OperatorException(a.a.a.a.a.a(e3, a.a.a.a.a.a("exception wrapping key: ")), e3);
        }
    }
}
