package com.rsa.cryptoj.o;

import com.rsa.crypto.AlgorithmStrings;
import com.rsa.cryptoj.o.ie;
import com.rsa.jsafe.cms.CMSException;
import com.rsa.jsafe.cms.KeyContainer;
import com.rsa.jsafe.cms.PasswordRecipientInfo;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.SecretKey;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class jl implements jo, PasswordRecipientInfo {

    /* renamed from: a, reason: collision with root package name */
    public static final int f6512a = 100000;

    /* renamed from: b, reason: collision with root package name */
    public static final String f6513b = "PBKDF2withSHA256";

    /* renamed from: e, reason: collision with root package name */
    private static final String f6514e = "AlgorithmIdentifier";

    /* renamed from: f, reason: collision with root package name */
    private static final String f6515f = "PBKDF2withSHA512";

    /* renamed from: g, reason: collision with root package name */
    private static final String f6516g = "PBKDF2withSHA384";

    /* renamed from: h, reason: collision with root package name */
    private static final String f6517h = "PBKDF2withSHA256";

    /* renamed from: i, reason: collision with root package name */
    private static final String f6518i = "PBKDF2withSHA224";

    /* renamed from: j, reason: collision with root package name */
    private static final String f6519j = "PBKDF2withSHA1";

    /* renamed from: k, reason: collision with root package name */
    private static final String f6520k = "PBKDF2withSHA512-224";

    /* renamed from: l, reason: collision with root package name */
    private static final String f6521l = "PBKDF2withSHA512-256";

    /* renamed from: m, reason: collision with root package name */
    private static final y f6522m;

    /* renamed from: n, reason: collision with root package name */
    private static final d f6523n;

    /* renamed from: o, reason: collision with root package name */
    private static final String f6524o = "SHA1";

    /* renamed from: p, reason: collision with root package name */
    private static final String f6525p = "NoPadding";

    /* renamed from: q, reason: collision with root package name */
    private static final String f6526q = "CBC";

    /* renamed from: r, reason: collision with root package name */
    private static final String f6527r = "PBKDF2-Params";

    /* renamed from: t, reason: collision with root package name */
    private static final ov f6528t;

    /* renamed from: u, reason: collision with root package name */
    private static final int f6529u = 16;
    private int A;
    private String B;
    private AlgorithmParameterSpec C;
    private ie.a D;
    private int E;
    private byte[] F;
    private int G;
    private d H;
    private String I;

    /* renamed from: s, reason: collision with root package name */
    private final String f6530s;

    /* renamed from: v, reason: collision with root package name */
    private byte[] f6531v;

    /* renamed from: w, reason: collision with root package name */
    private char[] f6532w;

    /* renamed from: x, reason: collision with root package name */
    private boolean f6533x;

    /* renamed from: y, reason: collision with root package name */
    private cf f6534y;

    /* renamed from: z, reason: collision with root package name */
    private byte[] f6535z;

    static {
        y yVar = new y();
        f6522m = yVar;
        f6523n = a.a(f6514e, new Object[]{ov.bm.c(), yVar});
        f6528t = new ov("1.2.840.113549.1.9.16.3.9");
    }

    public jl(d dVar, cf cfVar) throws CMSException {
        this.f6530s = "PasswordRecipientInfo";
        this.G = f6512a;
        this.H = f6523n;
        this.I = "PBKDF2withSHA512";
        this.f6534y = cfVar;
        d b4 = dVar.b(a.c(0));
        if (b4 != null) {
            a(b4);
        } else {
            this.f6533x = true;
        }
        oi oiVar = new oi(a.a(f6514e, new oi(dVar.a("keyEncryptionAlgorithm")).b()));
        ie.a a4 = ie.a(oiVar.d());
        this.D = a4;
        this.C = a4.a((int[]) null, oiVar.b());
        ad adVar = (ad) dVar.a("encryptedKey");
        if (adVar == null) {
            throw new CMSException("The encryption key is not part of the PasswordRecipientInfoInternal ASN1Value passed in as input");
        }
        this.f6535z = adVar.g();
    }

    public jl(char[] cArr, String str, int i3) throws CMSException {
        this.f6530s = "PasswordRecipientInfo";
        this.G = f6512a;
        this.H = f6523n;
        this.I = "PBKDF2withSHA512";
        a(cArr, str);
        this.f6532w = dc.a(cArr);
        a(str);
        this.G = i3;
    }

    private d a() {
        return a.a(f6527r, new Object[]{new ad(this.f6531v), new v(this.G), null, this.H});
    }

    private void a(d dVar) throws CMSException {
        String a4 = ou.a(new ov((aa) dVar.a("algorithm")), (byte[]) null);
        if (a4 == null || !a4.toUpperCase().startsWith(AlgorithmStrings.PBKDF2)) {
            throw new CMSException("The algorithm " + a4 + " is not supported. Only PBKDF2 algorithm supported.");
        }
        d a5 = dVar.a(1);
        if (a5 == null) {
            throw new CMSException("The parameters component of Derivation Algorithm Identifier not found");
        }
        d a6 = a.a(f6527r, a.c(a5));
        d a7 = a6.a(0);
        if (!(a7 instanceof ad)) {
            throw new CMSException("The salt component has to be specified as an OCTET STRING");
        }
        this.F = ((ad) a7).g();
        this.E = ((v) a6.a("iterationCount")).i();
        if (a6.a("keyLength") != null) {
            this.A = ((v) a6.a("keyLength")).i() * 8;
        }
        d a8 = a6.a("prf");
        this.B = a4 + "With" + (a8 != null ? new oi(a8).c().substring(4) : "SHA1");
    }

    private void a(String str) {
        d a4;
        String str2 = "PBKDF2withSHA512";
        if (str.equalsIgnoreCase("PBKDF2withSHA512")) {
            a4 = f6523n;
        } else {
            str2 = "PBKDF2withSHA1";
            if (str.equalsIgnoreCase("PBKDF2withSHA1")) {
                a4 = null;
            } else {
                str2 = "PBKDF2withSHA224";
                if (str.equalsIgnoreCase("PBKDF2withSHA224")) {
                    a4 = a.a(f6514e, new Object[]{ov.bj.c(), f6522m});
                } else {
                    str2 = "PBKDF2withSHA256";
                    if (str.equalsIgnoreCase("PBKDF2withSHA256")) {
                        a4 = a.a(f6514e, new Object[]{ov.bk.c(), f6522m});
                    } else {
                        str2 = "PBKDF2withSHA384";
                        if (str.equalsIgnoreCase("PBKDF2withSHA384")) {
                            a4 = a.a(f6514e, new Object[]{ov.bl.c(), f6522m});
                        } else {
                            str2 = "PBKDF2withSHA512-224";
                            if (str.equalsIgnoreCase("PBKDF2withSHA512-224")) {
                                a4 = a.a(f6514e, new Object[]{ov.bn.c(), f6522m});
                            } else {
                                str2 = "PBKDF2withSHA512-256";
                                if (!str.equalsIgnoreCase("PBKDF2withSHA512-256")) {
                                    throw new IllegalArgumentException(str + " is not a valid PRF algorithm");
                                }
                                a4 = a.a(f6514e, new Object[]{ov.bo.c(), f6522m});
                            }
                        }
                    }
                }
            }
        }
        this.H = a4;
        this.I = str2;
    }

    private void a(char[] cArr, String str) throws CMSException {
        if (cArr == null || cArr.length == 0 || str == null) {
            throw new CMSException("Password and PRF algorithm cannot be empty.");
        }
    }

    private byte[] a(SecretKey secretKey, int i3) throws CMSException {
        gc gcVar;
        gc gcVar2 = null;
        try {
            try {
                gcVar = (gc) ke.a(this.D.b(), this.f6534y, ka.f6625a);
            } catch (Exception e4) {
                e = e4;
            }
        } catch (Throwable th) {
            th = th;
        }
        try {
            gcVar.engineSetMode("CBC");
            gcVar.engineSetPadding(f6525p);
            int d4 = this.D.d();
            byte[] bArr = this.f6535z;
            int length = bArr.length;
            int i4 = length / d4;
            byte[] bArr2 = new byte[length];
            byte[] bArr3 = new byte[d4];
            System.arraycopy(bArr, (i4 - 2) * d4, bArr3, 0, d4);
            gcVar.engineInit(2, secretKey, this.D.a(i3, bArr3), (SecureRandom) null);
            int i5 = (i4 - 1) * d4;
            gcVar.engineUpdate(this.f6535z, i5, d4, bArr2, i5);
            System.arraycopy(bArr2, i5, bArr3, 0, d4);
            gcVar.engineInit(2, secretKey, this.D.a(i3, bArr3), (SecureRandom) null);
            gcVar.engineUpdate(this.f6535z, 0, length - d4, bArr2, 0);
            gcVar.engineInit(2, secretKey, this.C, (SecureRandom) null);
            byte[] engineUpdate = gcVar.engineUpdate(bArr2, 0, length);
            int i6 = engineUpdate[0];
            if (i6 < 5 || i6 > length - 4 || engineUpdate[1] != (~engineUpdate[4]) || engineUpdate[2] != (~engineUpdate[5]) || engineUpdate[3] != (~engineUpdate[6])) {
                throw new CMSException("Unsuccessful in unwrapping the Content Encryption Key");
            }
            byte[] bArr4 = new byte[i6];
            System.arraycopy(engineUpdate, 4, bArr4, 0, i6);
            gcVar.c();
            return bArr4;
        } catch (Exception e5) {
            e = e5;
            gcVar2 = gcVar;
            throw new CMSException(e);
        } catch (Throwable th2) {
            th = th2;
            gcVar2 = gcVar;
            if (gcVar2 != null) {
                gcVar2.c();
            }
            throw th;
        }
    }

    private byte[] a(SecretKey secretKey, ie.a aVar, int i3, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom, char[] cArr, cf cfVar) {
        nx nxVar;
        gc gcVar;
        gc gcVar2 = null;
        try {
            nxVar = ke.b(this.I, cfVar, ka.f6625a, null);
        } catch (NoSuchAlgorithmException unused) {
            nxVar = null;
        }
        byte[] bArr = new byte[16];
        this.f6531v = bArr;
        secureRandom.nextBytes(bArr);
        if (i3 == 0) {
            i3 = aVar.a();
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(nxVar.engineGenerateSecret(new PBEKeySpec(cArr, this.f6531v, this.G, i3)).getEncoded(), aVar.b());
            try {
                try {
                    gcVar = (gc) ke.a(aVar.b(), cfVar, ka.f6625a);
                } catch (Throwable th) {
                    th = th;
                }
            } catch (Exception unused2) {
            }
            try {
                gcVar.engineSetMode("CBC");
                gcVar.engineSetPadding(f6525p);
                gcVar.engineInit(1, secretKeySpec, algorithmParameterSpec, secureRandom);
                byte[] a4 = a(secretKey, aVar, secureRandom);
                byte[] engineUpdate = gcVar.engineUpdate(gcVar.engineUpdate(a4, 0, a4.length), 0, a4.length);
                gcVar.c();
                return engineUpdate;
            } catch (Exception unused3) {
                throw new RuntimeException();
            } catch (Throwable th2) {
                th = th2;
                gcVar2 = gcVar;
                if (gcVar2 != null) {
                    gcVar2.c();
                }
                throw th;
            }
        } catch (NullPointerException unused4) {
            throw new RuntimeException();
        } catch (InvalidKeySpecException unused5) {
            throw new RuntimeException();
        }
    }

    private byte[] a(SecretKey secretKey, ie.a aVar, SecureRandom secureRandom) {
        byte[] encoded = secretKey.getEncoded();
        int d4 = aVar.d();
        int length = encoded.length + 4;
        int i3 = d4 - (length % d4);
        int i4 = length + i3;
        if (i4 < d4 * 2) {
            i3 += d4;
            i4 += d4;
        }
        byte[] bArr = new byte[i4];
        bArr[0] = (byte) encoded.length;
        bArr[1] = (byte) (~encoded[0]);
        bArr[2] = (byte) (~encoded[1]);
        bArr[3] = (byte) (~encoded[2]);
        System.arraycopy(encoded, 0, bArr, 4, encoded.length);
        byte[] bArr2 = new byte[i3];
        secureRandom.nextBytes(bArr2);
        System.arraycopy(bArr2, 0, bArr, length, i3);
        return bArr;
    }

    @Override // com.rsa.cryptoj.o.jo
    public d a(SecretKey secretKey, String str, int i3, SecureRandom secureRandom, cf cfVar) throws IOException {
        int i4;
        int i5;
        v vVar = new v(jx.V0.a());
        ie.a a4 = ie.a(str, i3);
        if (a4 == null) {
            a4 = ie.a.f6314c;
            i5 = 256;
        } else {
            if (a4 != ie.a.f6321j) {
                i4 = i3;
                AlgorithmParameterSpec a5 = a4.a(new int[]{i4}, secureRandom);
                return a.a("PasswordRecipientInfo", new Object[]{vVar, a.a(f6514e, new Object[]{ov.aP.c(), a()}).d(a.c(0)), a.a(f6514e, new Object[]{f6528t.c(), ie.a(a4.e(), a5, null)}), new ad(a(secretKey, a4, i4, a5, secureRandom, this.f6532w, cfVar))}).d(a.c(3));
            }
            a4 = ie.a.f6312a;
            i5 = 128;
        }
        i4 = i5;
        AlgorithmParameterSpec a52 = a4.a(new int[]{i4}, secureRandom);
        return a.a("PasswordRecipientInfo", new Object[]{vVar, a.a(f6514e, new Object[]{ov.aP.c(), a()}).d(a.c(0)), a.a(f6514e, new Object[]{f6528t.c(), ie.a(a4.e(), a52, null)}), new ad(a(secretKey, a4, i4, a52, secureRandom, this.f6532w, cfVar))}).d(a.c(3));
    }

    @Override // com.rsa.cryptoj.o.jo
    public byte[] a(KeyContainer keyContainer) throws CMSException {
        char[] password = keyContainer.getPassword();
        if (password != null) {
            return a(password);
        }
        SecretKey secretKey = keyContainer.getSecretKey();
        if (secretKey != null) {
            return a(secretKey);
        }
        throw new CMSException("Invalid decryption key for PasswordRecipientInfo, expected eitherchar[] password or byte[] secretKeyBytes.");
    }

    public byte[] a(SecretKey secretKey) throws CMSException {
        return a(new SecretKeySpec(secretKey.getEncoded(), this.D.b()), secretKey.getEncoded().length * 8);
    }

    public byte[] a(char[] cArr) throws CMSException {
        int a4;
        int i3;
        SecretKeySpec secretKeySpec;
        try {
            if (this.f6533x) {
                throw new CMSException("The key encryption key needs to be provided. Use method decryptSecretKey(SecretKey) instead.");
            }
            nx b4 = ke.b(this.B, this.f6534y, ka.f6625a, null);
            ie.a aVar = this.D;
            if (aVar != ie.a.f6321j || (a4 = this.A) == 0) {
                a4 = aVar.a();
            }
            try {
                return a(new SecretKeySpec(b4.engineGenerateSecret(new PBEKeySpec(cArr, this.F, this.E, a4)).getEncoded(), this.D.b()), a4);
            } catch (CMSException e4) {
                ie.a aVar2 = this.D;
                if (aVar2 == ie.a.f6323l) {
                    i3 = 128;
                    secretKeySpec = new SecretKeySpec(b4.engineGenerateSecret(new PBEKeySpec(cArr, this.F, this.E, 128)).getEncoded(), this.D.b());
                } else {
                    if (aVar2 != ie.a.f6321j || this.A != 0) {
                        throw e4;
                    }
                    i3 = 64;
                    secretKeySpec = new SecretKeySpec(b4.engineGenerateSecret(new PBEKeySpec(cArr, this.F, this.E, 64)).getEncoded(), this.D.b());
                }
                return a(secretKeySpec, i3);
            }
        } catch (Exception e5) {
            throw new CMSException(e5);
        }
    }
}
