package com.amazon.coral.internal.org.bouncycastle.cms.jcajce;

import com.amazon.coral.internal.org.bouncycastle.asn1.C$ASN1EncodableVector;
import com.amazon.coral.internal.org.bouncycastle.asn1.C$ASN1ObjectIdentifier;
import com.amazon.coral.internal.org.bouncycastle.asn1.C$ASN1Sequence;
import com.amazon.coral.internal.org.bouncycastle.asn1.C$DEROctetString;
import com.amazon.coral.internal.org.bouncycastle.asn1.C$DERSequence;
import com.amazon.coral.internal.org.bouncycastle.asn1.cms.C$KeyAgreeRecipientIdentifier;
import com.amazon.coral.internal.org.bouncycastle.asn1.cms.C$OriginatorPublicKey;
import com.amazon.coral.internal.org.bouncycastle.asn1.cms.C$RecipientEncryptedKey;
import com.amazon.coral.internal.org.bouncycastle.asn1.cms.C$RecipientKeyIdentifier;
import com.amazon.coral.internal.org.bouncycastle.asn1.cms.ecc.C$MQVuserKeyingMaterial;
import com.amazon.coral.internal.org.bouncycastle.asn1.pkcs.C$PKCSObjectIdentifiers;
import com.amazon.coral.internal.org.bouncycastle.asn1.x509.C$AlgorithmIdentifier;
import com.amazon.coral.internal.org.bouncycastle.asn1.x509.C$SubjectPublicKeyInfo;
import com.amazon.coral.internal.org.bouncycastle.cms.C$CMSException;
import com.amazon.coral.internal.org.bouncycastle.cms.C$KeyAgreeRecipientInfoGenerator;
import com.amazon.coral.internal.org.bouncycastle.jcajce.spec.C$MQVParameterSpec;
import com.amazon.coral.internal.org.bouncycastle.jcajce.spec.C$UserKeyingMaterialSpec;
import com.amazon.coral.internal.org.bouncycastle.operator.C$DefaultSecretKeySizeProvider;
import com.amazon.coral.internal.org.bouncycastle.operator.C$GenericKey;
import com.amazon.coral.internal.org.bouncycastle.operator.C$SecretKeySizeProvider;
import com.amazon.coral.internal.org.bouncycastle.util.C$Arrays;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;

/* renamed from: com.amazon.coral.internal.org.bouncycastle.cms.jcajce.$JceKeyAgreeRecipientInfoGenerator, reason: invalid class name */
/* loaded from: classes3.dex */
public class C$JceKeyAgreeRecipientInfoGenerator extends C$KeyAgreeRecipientInfoGenerator {
    private static C$KeyMaterialGenerator ecc_cms_Generator = new C$RFC5753KeyMaterialGenerator();
    private KeyPair ephemeralKP;
    private C$EnvelopedDataHelper helper;
    private C$SecretKeySizeProvider keySizeProvider;
    private SecureRandom random;
    private List recipientIDs;
    private List recipientKeys;
    private PrivateKey senderPrivateKey;
    private PublicKey senderPublicKey;
    private byte[] userKeyingMaterial;

    public C$JceKeyAgreeRecipientInfoGenerator(C$ASN1ObjectIdentifier c$ASN1ObjectIdentifier, PrivateKey privateKey, PublicKey publicKey, C$ASN1ObjectIdentifier c$ASN1ObjectIdentifier2) {
        super(c$ASN1ObjectIdentifier, C$SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()), c$ASN1ObjectIdentifier2);
        this.keySizeProvider = new C$DefaultSecretKeySizeProvider();
        this.recipientIDs = new ArrayList();
        this.recipientKeys = new ArrayList();
        this.helper = new C$EnvelopedDataHelper(new C$DefaultJcaJceExtHelper());
        this.senderPublicKey = publicKey;
        this.senderPrivateKey = privateKey;
    }

    private void init(C$ASN1ObjectIdentifier c$ASN1ObjectIdentifier) throws C$CMSException {
        if (this.random == null) {
            this.random = new SecureRandom();
        }
        if (C$CMSUtils.isMQV(c$ASN1ObjectIdentifier) && this.ephemeralKP == null) {
            try {
                C$SubjectPublicKeyInfo c$SubjectPublicKeyInfo = C$SubjectPublicKeyInfo.getInstance(this.senderPublicKey.getEncoded());
                AlgorithmParameters createAlgorithmParameters = this.helper.createAlgorithmParameters(c$ASN1ObjectIdentifier);
                createAlgorithmParameters.init(c$SubjectPublicKeyInfo.getAlgorithm().getParameters().toASN1Primitive().getEncoded());
                KeyPairGenerator createKeyPairGenerator = this.helper.createKeyPairGenerator(c$ASN1ObjectIdentifier);
                createKeyPairGenerator.initialize(createAlgorithmParameters.getParameterSpec(AlgorithmParameterSpec.class), this.random);
                this.ephemeralKP = createKeyPairGenerator.generateKeyPair();
            } catch (Exception e) {
                throw new C$CMSException("cannot determine MQV ephemeral key pair parameters from public key: " + e, e);
            }
        }
    }

    public C$JceKeyAgreeRecipientInfoGenerator addRecipient(X509Certificate x509Certificate) throws CertificateEncodingException {
        this.recipientIDs.add(new C$KeyAgreeRecipientIdentifier(C$CMSUtils.getIssuerAndSerialNumber(x509Certificate)));
        this.recipientKeys.add(x509Certificate.getPublicKey());
        return this;
    }

    public C$JceKeyAgreeRecipientInfoGenerator addRecipient(byte[] bArr, PublicKey publicKey) throws CertificateEncodingException {
        this.recipientIDs.add(new C$KeyAgreeRecipientIdentifier(new C$RecipientKeyIdentifier(bArr)));
        this.recipientKeys.add(publicKey);
        return this;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.cms.C$KeyAgreeRecipientInfoGenerator
    public C$ASN1Sequence generateRecipientEncryptedKeys(C$AlgorithmIdentifier c$AlgorithmIdentifier, C$AlgorithmIdentifier c$AlgorithmIdentifier2, C$GenericKey c$GenericKey) throws C$CMSException {
        AlgorithmParameterSpec algorithmParameterSpec;
        if (this.recipientIDs.isEmpty()) {
            throw new C$CMSException("No recipients associated with generator - use addRecipient()");
        }
        init(c$AlgorithmIdentifier.getAlgorithm());
        PrivateKey privateKey = this.senderPrivateKey;
        C$ASN1ObjectIdentifier algorithm = c$AlgorithmIdentifier.getAlgorithm();
        C$ASN1EncodableVector c$ASN1EncodableVector = new C$ASN1EncodableVector();
        for (int i = 0; i != this.recipientIDs.size(); i++) {
            PublicKey publicKey = (PublicKey) this.recipientKeys.get(i);
            C$KeyAgreeRecipientIdentifier c$KeyAgreeRecipientIdentifier = (C$KeyAgreeRecipientIdentifier) this.recipientIDs.get(i);
            try {
                if (C$CMSUtils.isMQV(algorithm)) {
                    algorithmParameterSpec = new C$MQVParameterSpec(this.ephemeralKP, publicKey, this.userKeyingMaterial);
                } else if (C$CMSUtils.isEC(algorithm)) {
                    algorithmParameterSpec = new C$UserKeyingMaterialSpec(ecc_cms_Generator.generateKDFMaterial(c$AlgorithmIdentifier2, this.keySizeProvider.getKeySize(c$AlgorithmIdentifier2.getAlgorithm()), this.userKeyingMaterial));
                } else {
                    if (!C$CMSUtils.isRFC2631(algorithm)) {
                        throw new C$CMSException("Unknown key agreement algorithm: " + algorithm);
                    }
                    if (this.userKeyingMaterial != null) {
                        algorithmParameterSpec = new C$UserKeyingMaterialSpec(this.userKeyingMaterial);
                    } else {
                        if (algorithm.equals(C$PKCSObjectIdentifiers.id_alg_SSDH)) {
                            throw new C$CMSException("User keying material must be set for static keys.");
                        }
                        algorithmParameterSpec = null;
                    }
                }
                KeyAgreement createKeyAgreement = this.helper.createKeyAgreement(algorithm);
                createKeyAgreement.init(privateKey, algorithmParameterSpec, this.random);
                createKeyAgreement.doPhase(publicKey, true);
                SecretKey generateSecret = createKeyAgreement.generateSecret(c$AlgorithmIdentifier2.getAlgorithm().getId());
                Cipher createCipher = this.helper.createCipher(c$AlgorithmIdentifier2.getAlgorithm());
                createCipher.init(3, generateSecret, this.random);
                c$ASN1EncodableVector.add(new C$RecipientEncryptedKey(c$KeyAgreeRecipientIdentifier, new C$DEROctetString(createCipher.wrap(this.helper.getJceKey(c$GenericKey)))));
            } catch (GeneralSecurityException e) {
                throw new C$CMSException("Cannot perform agreement step: " + e.getMessage(), e);
            }
        }
        return new C$DERSequence(c$ASN1EncodableVector);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.cms.C$KeyAgreeRecipientInfoGenerator
    protected byte[] getUserKeyingMaterial(C$AlgorithmIdentifier c$AlgorithmIdentifier) throws C$CMSException {
        init(c$AlgorithmIdentifier.getAlgorithm());
        if (this.ephemeralKP == null) {
            return this.userKeyingMaterial;
        }
        C$OriginatorPublicKey createOriginatorPublicKey = createOriginatorPublicKey(C$SubjectPublicKeyInfo.getInstance(this.ephemeralKP.getPublic().getEncoded()));
        try {
            return this.userKeyingMaterial != null ? new C$MQVuserKeyingMaterial(createOriginatorPublicKey, new C$DEROctetString(this.userKeyingMaterial)).getEncoded() : new C$MQVuserKeyingMaterial(createOriginatorPublicKey, null).getEncoded();
        } catch (IOException e) {
            throw new C$CMSException("unable to encode user keying material: " + e.getMessage(), e);
        }
    }

    public C$JceKeyAgreeRecipientInfoGenerator setProvider(String str) {
        this.helper = new C$EnvelopedDataHelper(new C$NamedJcaJceExtHelper(str));
        return this;
    }

    public C$JceKeyAgreeRecipientInfoGenerator setProvider(Provider provider) {
        this.helper = new C$EnvelopedDataHelper(new C$ProviderJcaJceExtHelper(provider));
        return this;
    }

    public C$JceKeyAgreeRecipientInfoGenerator setSecureRandom(SecureRandom secureRandom) {
        this.random = secureRandom;
        return this;
    }

    public C$JceKeyAgreeRecipientInfoGenerator setUserKeyingMaterial(byte[] bArr) {
        this.userKeyingMaterial = C$Arrays.clone(bArr);
        return this;
    }
}
