package com.rsa.cryptoj.o;

import com.rsa.jsafe.cms.CMSException;
import com.rsa.jsafe.cms.InfoObjectFactory;
import com.rsa.jsafe.cms.KeyContainer;
import com.rsa.jsafe.cms.KeyTransRecipientInfo;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;
import net.juniper.junos.pulse.android.util.KeyStoreWrapper;

/* loaded from: classes.dex */
public class je implements jo, KeyTransRecipientInfo {

    /* renamed from: l, reason: collision with root package name */
    private static final String f9110l = "RecipientIdentifier";

    /* renamed from: m, reason: collision with root package name */
    private static final String f9111m = "IssuerAndSerialNumber";
    private static final String n = "Name";

    /* renamed from: a, reason: collision with root package name */
    private final byte[] f9112a;

    /* renamed from: b, reason: collision with root package name */
    private final X500Principal f9113b;

    /* renamed from: e, reason: collision with root package name */
    private final BigInteger f9114e;

    /* renamed from: f, reason: collision with root package name */
    private final String f9115f;

    /* renamed from: g, reason: collision with root package name */
    private PublicKey f9116g;

    /* renamed from: h, reason: collision with root package name */
    private byte[] f9117h;

    /* renamed from: i, reason: collision with root package name */
    private cf f9118i;

    /* renamed from: j, reason: collision with root package name */
    private ov f9119j;

    /* renamed from: k, reason: collision with root package name */
    private d f9120k;

    public je(d dVar, cf cfVar) {
        this.f9118i = cfVar;
        d a2 = dVar.a("rid");
        if (a.f(a2.b().e()) == 0) {
            this.f9112a = ((ad) a2.a("subjectKeyIdentifier")).g();
            this.f9113b = null;
            this.f9114e = null;
        } else {
            this.f9113b = new X500Principal(a.a(a2.a("issuer")));
            this.f9114e = ((v) a2.a("serialNumber")).g();
            this.f9112a = null;
        }
        oi oiVar = new oi(dVar.a("keyEncryptionAlgorithm"));
        this.f9115f = oh.a(oiVar.d(), oiVar.b());
        if (this.f9115f != null) {
            this.f9117h = ((ad) dVar.a("encryptedKey")).g();
            return;
        }
        throw new hq("Key Encryption algorithm with OID " + oiVar.d() + " not supported");
    }

    public je(X509Certificate x509Certificate, String str) {
        this.f9113b = x509Certificate.getIssuerX500Principal();
        this.f9114e = x509Certificate.getSerialNumber();
        this.f9115f = str;
        String upperCase = this.f9115f.toUpperCase();
        this.f9119j = ie.a(str);
        ov ovVar = this.f9119j;
        if (ovVar != null) {
            this.f9120k = (!ovVar.equals(ov.bA) || upperCase.equals(InfoObjectFactory.ENCRYPTION_RSAOAEP.toUpperCase())) ? ie.a(this.f9119j, null, null) : a(a(upperCase));
            this.f9116g = x509Certificate.getPublicKey();
            this.f9112a = null;
        } else {
            throw new CMSException("Asymmetric algorithm " + this.f9115f + " not supported");
        }
    }

    private d a(ov ovVar) {
        return a.a("AlgorithmIdentifier", new Object[]{ov.bA.c(), a.a("RSAES-OAEP-params", new Object[]{new Object[]{ovVar.c(), new y()}, null, null})});
    }

    private ov a(String str) {
        if (str.equals(InfoObjectFactory.ENCRYPTION_RSAOAEP_SHA256.toUpperCase())) {
            return ov.br;
        }
        if (str.equals(InfoObjectFactory.ENCRYPTION_RSAOAEP_SHA512.toUpperCase())) {
            return ov.bt;
        }
        throw new CMSException("Encryption Algorithm is not supported: " + str);
    }

    private byte[] a(PrivateKey privateKey) {
        fw fwVar;
        fw fwVar2 = null;
        try {
            try {
                fwVar = (fw) ke.a(this.f9115f, this.f9118i, ka.f9235a);
            } catch (Throwable th) {
                th = th;
            }
        } catch (InvalidKeyException unused) {
        } catch (NoSuchAlgorithmException unused2) {
        } catch (Exception e2) {
            e = e2;
        }
        try {
            fwVar.engineInit(2, privateKey, null);
            byte[] engineDoFinal = fwVar.engineDoFinal(this.f9117h, 0, this.f9117h.length);
            if (fwVar != null) {
                fwVar.c();
            }
            return engineDoFinal;
        } catch (InvalidKeyException unused3) {
            throw new CMSException("Unable to create a cipher for algorithm " + this.f9115f);
        } catch (NoSuchAlgorithmException unused4) {
            throw new CMSException("Unable to create a cipher for algorithm " + this.f9115f);
        } catch (Exception e3) {
            e = e3;
            throw new CMSException(e);
        } catch (Throwable th2) {
            th = th2;
            fwVar2 = fwVar;
            if (fwVar2 != null) {
                fwVar2.c();
            }
            throw th;
        }
    }

    private byte[] b(PrivateKey privateKey, Provider provider) {
        String str = this.f9115f.equalsIgnoreCase("RSA") ? KeyStoreWrapper.TRANSFORMATION : this.f9115f;
        try {
            Cipher cipher = Cipher.getInstance(str, provider);
            cipher.init(2, privateKey);
            return cipher.doFinal(this.f9117h);
        } catch (InvalidKeyException unused) {
            throw new CMSException("Invalid key for cipher operation using JCE provider: " + provider.getName());
        } catch (NoSuchAlgorithmException unused2) {
            throw new CMSException("NoSuchAlgorithmException creating " + str + " cipher using JCE provider: " + provider.getName());
        } catch (BadPaddingException unused3) {
            throw new CMSException("BadPaddingException creating cipher " + str + " using JCE provider: " + provider.getName());
        } catch (IllegalBlockSizeException unused4) {
            throw new CMSException("IllegalBlockSizeException creating cipher " + str + " using JCE provider: " + provider.getName());
        } catch (NoSuchPaddingException unused5) {
            throw new CMSException("Invalid cipher padding " + str + " for JCE provider: " + provider.getName());
        }
    }

    @Override // com.rsa.cryptoj.o.jo
    public d a(SecretKey secretKey, String str, int i2, SecureRandom secureRandom, cf cfVar) {
        d adVar;
        X500Principal x500Principal = this.f9113b;
        if (x500Principal == null || this.f9114e == null) {
            adVar = new ad(this.f9112a);
            adVar.c(0);
        } else {
            adVar = a.a(f9111m, new Object[]{a.a(n, x500Principal.getEncoded(), 0), this.f9114e});
        }
        d a2 = a.a(f9110l, adVar);
        try {
            fw fwVar = (fw) ke.a(this.f9115f, cfVar, ka.f9235a);
            fwVar.engineInit(1, this.f9116g, secureRandom);
            byte[] encoded = secretKey.getEncoded();
            return a.a(jo.f9163c, a.a(jo.f9164d, new Object[]{this.f9112a != null ? new v(jx.V2.a()) : new v(jx.V0.a()), a2, this.f9120k, new ad(fwVar.engineDoFinal(encoded, 0, encoded.length))}));
        } catch (Exception unused) {
            throw new CMSException("Unable to create a cipher for algorithm " + this.f9115f);
        }
    }

    @Override // com.rsa.cryptoj.o.jo
    public byte[] a(KeyContainer keyContainer) {
        PrivateKey privateKey = keyContainer.getPrivateKey();
        Provider cipherJceProvider = keyContainer.getCipherJceProvider();
        if (privateKey != null) {
            return a(privateKey, cipherJceProvider);
        }
        throw new CMSException("Invalid decryptionKey for KeyTransRecipientInfoImpl, expected PrivateKey.");
    }

    public byte[] a(PrivateKey privateKey, Provider provider) {
        return provider == null ? a(privateKey) : b(privateKey, provider);
    }

    @Override // com.rsa.jsafe.cms.KeyTransRecipientInfo
    public X500Principal getIssuer() {
        return this.f9113b;
    }

    @Override // com.rsa.jsafe.cms.KeyTransRecipientInfo
    public BigInteger getSerialNumber() {
        return this.f9114e;
    }

    @Override // com.rsa.jsafe.cms.KeyTransRecipientInfo
    public byte[] getSubjectKeyIdentifier() {
        return this.f9112a;
    }
}
