package j.d.c;

import com.rsa.crypto.AlgorithmStrings;
import com.rsa.jsafe.cms.ParameterFactory;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import net.juniper.junos.pulse.android.util.KeyStoreWrapper;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.cms.EnvelopedData;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.cms.CMSEnvelopedData;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.RecipientInformation;
import org.spongycastle.cms.RecipientOperator;
import org.spongycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.spongycastle.cms.jcajce.JceKeyTransRecipientId;
import org.spongycastle.operator.InputDecryptor;

/* compiled from: PkcsPkiEnvelopeDecoder.java */
/* loaded from: classes2.dex */
public final class h {

    /* renamed from: c, reason: collision with root package name */
    private static final j.f.c f14841c = j.f.d.a((Class<?>) h.class);

    /* renamed from: a, reason: collision with root package name */
    private final X509Certificate f14842a;

    /* renamed from: b, reason: collision with root package name */
    private final PrivateKey f14843b;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: PkcsPkiEnvelopeDecoder.java */
    /* loaded from: classes2.dex */
    public static class a extends JceKeyTransEnvelopedRecipient {

        /* renamed from: a, reason: collision with root package name */
        private final PrivateKey f14844a;

        /* compiled from: PkcsPkiEnvelopeDecoder.java */
        /* renamed from: j.d.c.h$a$a, reason: collision with other inner class name */
        /* loaded from: classes2.dex */
        class C0266a implements InputDecryptor {

            /* renamed from: a, reason: collision with root package name */
            final /* synthetic */ AlgorithmIdentifier f14845a;

            /* renamed from: b, reason: collision with root package name */
            final /* synthetic */ Cipher f14846b;

            C0266a(a aVar, AlgorithmIdentifier algorithmIdentifier, Cipher cipher) {
                this.f14845a = algorithmIdentifier;
                this.f14846b = cipher;
            }

            @Override // org.spongycastle.operator.InputDecryptor
            public AlgorithmIdentifier getAlgorithmIdentifier() {
                return this.f14845a;
            }

            @Override // org.spongycastle.operator.InputDecryptor
            public InputStream getInputStream(InputStream inputStream) {
                return new CipherInputStream(inputStream, this.f14846b);
            }
        }

        public a(PrivateKey privateKey) {
            super(privateKey);
            this.f14844a = privateKey;
        }

        private Key a(PrivateKey privateKey, byte[] bArr) {
            Cipher cipher = Cipher.getInstance(KeyStoreWrapper.TRANSFORMATION);
            cipher.init(4, privateKey);
            try {
                return cipher.unwrap(bArr, AlgorithmStrings.DES, 3);
            } catch (InvalidKeyException e2) {
                h.f14841c.q("Cannot unwrap symetric key.  Are you using a valid key pair?");
                throw e2;
            }
        }

        private AlgorithmParameterSpec a(AlgorithmIdentifier algorithmIdentifier) {
            return new IvParameterSpec(ASN1OctetString.getInstance(algorithmIdentifier.getParameters()).getOctets());
        }

        @Override // org.spongycastle.cms.jcajce.JceKeyTransEnvelopedRecipient, org.spongycastle.cms.KeyTransRecipient
        public RecipientOperator getRecipientOperator(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, byte[] bArr) {
            if (!"1.3.14.3.2.7".equals(algorithmIdentifier2.getAlgorithm().getId())) {
                return super.getRecipientOperator(algorithmIdentifier, algorithmIdentifier2, bArr);
            }
            try {
                Key a2 = a(this.f14844a, bArr);
                Cipher cipher = Cipher.getInstance(ParameterFactory.ENCRYPTION_ALG_DES_CBC_PKCS5PAD);
                cipher.init(2, a2, a(algorithmIdentifier2));
                return new RecipientOperator(new C0266a(this, algorithmIdentifier2, cipher));
            } catch (GeneralSecurityException e2) {
                throw new CMSException("Could not create DES cipher", e2);
            }
        }
    }

    public h(X509Certificate x509Certificate, PrivateKey privateKey) {
        this.f14842a = x509Certificate;
        this.f14843b = privateKey;
    }

    private JceKeyTransEnvelopedRecipient b() {
        return new a(this.f14843b);
    }

    private void b(CMSEnvelopedData cMSEnvelopedData) {
        EnvelopedData envelopedData = EnvelopedData.getInstance(cMSEnvelopedData.toASN1Structure().getContent());
        f14841c.d("pkcsPkiEnvelope version: {}", envelopedData.getVersion());
        f14841c.d("pkcsPkiEnvelope encryptedContentInfo contentType: {}", envelopedData.getEncryptedContentInfo().getContentType());
    }

    public byte[] a(CMSEnvelopedData cMSEnvelopedData) {
        f14841c.s("Decoding pkcsPkiEnvelope");
        b(cMSEnvelopedData);
        f14841c.a("Decrypting pkcsPkiEnvelope using key belonging to [dn={}; serial={}]", this.f14842a.getSubjectDN(), this.f14842a.getSerialNumber());
        RecipientInformation recipientInformation = cMSEnvelopedData.getRecipientInfos().get(new JceKeyTransRecipientId(this.f14842a));
        if (recipientInformation == null) {
            throw new f("Missing expected key transfer recipient " + this.f14842a.getSubjectDN());
        }
        f14841c.d("pkcsPkiEnvelope encryption algorithm: {}", recipientInformation.getKeyEncryptionAlgorithm().getAlgorithm());
        try {
            byte[] content = recipientInformation.getContent(b());
            f14841c.s("Finished decoding pkcsPkiEnvelope");
            return content;
        } catch (CMSException e2) {
            throw new f(e2);
        }
    }
}
