package org.jscep.message;

import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.cms.EnvelopedData;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.cms.CMSEnvelopedData;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.RecipientInformation;
import org.spongycastle.cms.RecipientOperator;
import org.spongycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.spongycastle.cms.jcajce.JceKeyTransRecipientId;
import org.spongycastle.operator.InputDecryptor;

/* loaded from: classes2.dex */
public final class f {

    /* renamed from: c, reason: collision with root package name */
    private static final com.sophos.jsceplib.c f13317c = com.sophos.jsceplib.c.a((Class<?>) f.class);

    /* renamed from: a, reason: collision with root package name */
    private final X509Certificate f13318a;

    /* renamed from: b, reason: collision with root package name */
    private final PrivateKey f13319b;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class a extends JceKeyTransEnvelopedRecipient {

        /* renamed from: a, reason: collision with root package name */
        private final PrivateKey f13320a;

        /* renamed from: org.jscep.message.f$a$a, reason: collision with other inner class name */
        /* loaded from: classes2.dex */
        class C0253a implements InputDecryptor {

            /* renamed from: a, reason: collision with root package name */
            final /* synthetic */ AlgorithmIdentifier f13321a;

            /* renamed from: b, reason: collision with root package name */
            final /* synthetic */ Cipher f13322b;

            C0253a(a aVar, AlgorithmIdentifier algorithmIdentifier, Cipher cipher) {
                this.f13321a = algorithmIdentifier;
                this.f13322b = cipher;
            }

            @Override // org.spongycastle.operator.InputDecryptor
            public AlgorithmIdentifier getAlgorithmIdentifier() {
                return this.f13321a;
            }

            @Override // org.spongycastle.operator.InputDecryptor
            public InputStream getInputStream(InputStream inputStream) {
                return new CipherInputStream(inputStream, this.f13322b);
            }
        }

        public a(PrivateKey privateKey) {
            super(privateKey);
            this.f13320a = privateKey;
        }

        private Key a(PrivateKey privateKey, byte[] bArr) throws GeneralSecurityException {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(4, privateKey);
            try {
                return cipher.unwrap(bArr, "DES", 3);
            } catch (InvalidKeyException e2) {
                f.f13317c.b("Cannot unwrap symetric key.  Are you using a valid key pair?");
                throw e2;
            }
        }

        private AlgorithmParameterSpec a(AlgorithmIdentifier algorithmIdentifier) throws GeneralSecurityException {
            return new IvParameterSpec(ASN1OctetString.getInstance(algorithmIdentifier.getParameters()).getOctets());
        }

        @Override // org.spongycastle.cms.jcajce.JceKeyTransEnvelopedRecipient, org.spongycastle.cms.KeyTransRecipient
        public RecipientOperator getRecipientOperator(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, byte[] bArr) throws CMSException {
            if (!"1.3.14.3.2.7".equals(algorithmIdentifier2.getAlgorithm().getId())) {
                return super.getRecipientOperator(algorithmIdentifier, algorithmIdentifier2, bArr);
            }
            try {
                Key a2 = a(this.f13320a, bArr);
                Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
                cipher.init(2, a2, a(algorithmIdentifier2));
                return new RecipientOperator(new C0253a(this, algorithmIdentifier2, cipher));
            } catch (GeneralSecurityException e2) {
                throw new CMSException("Could not create DES cipher", e2);
            }
        }
    }

    public f(X509Certificate x509Certificate, PrivateKey privateKey) {
        this.f13318a = x509Certificate;
        this.f13319b = privateKey;
    }

    private JceKeyTransEnvelopedRecipient b() {
        return new a(this.f13319b);
    }

    private void b(CMSEnvelopedData cMSEnvelopedData) {
        EnvelopedData.getInstance(cMSEnvelopedData.toASN1Structure().getContent());
    }

    public byte[] a(CMSEnvelopedData cMSEnvelopedData) throws MessageDecodingException {
        f13317c.a("Decoding pkcsPkiEnvelope");
        b(cMSEnvelopedData);
        f13317c.a("Decrypting pkcsPkiEnvelope using key belonging to dn=" + this.f13318a.getSubjectDN() + "  serial=" + this.f13318a.getSerialNumber());
        RecipientInformation recipientInformation = cMSEnvelopedData.getRecipientInfos().get(new JceKeyTransRecipientId(this.f13318a));
        if (recipientInformation == null) {
            throw new MessageDecodingException("Missing expected key transfer recipient " + this.f13318a.getSubjectDN());
        }
        try {
            byte[] content = recipientInformation.getContent(b());
            f13317c.a("Finished decoding pkcsPkiEnvelope");
            return content;
        } catch (CMSException e2) {
            throw new MessageDecodingException(e2);
        }
    }
}
