package org.jscep.message;

import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.cms.EnvelopedData;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.cms.CMSEnvelopedData;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.RecipientInformation;
import org.spongycastle.cms.RecipientOperator;
import org.spongycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.spongycastle.cms.jcajce.JceKeyTransRecipientId;
import org.spongycastle.operator.InputDecryptor;

/* loaded from: classes2.dex */
public final class f {

    /* renamed from: a, reason: collision with root package name */
    private static final com.sophos.jsceplib.c f4150a = com.sophos.jsceplib.c.a((Class<?>) f.class);
    private final X509Certificate b;
    private final PrivateKey c;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class a extends JceKeyTransEnvelopedRecipient {

        /* renamed from: a, reason: collision with root package name */
        private final PrivateKey f4151a;

        public a(PrivateKey privateKey) {
            super(privateKey);
            this.f4151a = privateKey;
        }

        private Key a(PrivateKey privateKey, byte[] bArr) throws GeneralSecurityException {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(4, privateKey);
            try {
                return cipher.unwrap(bArr, "DES", 3);
            } catch (InvalidKeyException e) {
                f.f4150a.c("Cannot unwrap symetric key.  Are you using a valid key pair?");
                throw e;
            }
        }

        private AlgorithmParameterSpec a(AlgorithmIdentifier algorithmIdentifier) throws GeneralSecurityException {
            return new IvParameterSpec(ASN1OctetString.getInstance(algorithmIdentifier.getParameters()).getOctets());
        }

        @Override // org.spongycastle.cms.jcajce.JceKeyTransEnvelopedRecipient, org.spongycastle.cms.KeyTransRecipient
        public RecipientOperator getRecipientOperator(AlgorithmIdentifier algorithmIdentifier, final AlgorithmIdentifier algorithmIdentifier2, byte[] bArr) throws CMSException {
            if (!"1.3.14.3.2.7".equals(algorithmIdentifier2.getAlgorithm().getId())) {
                return super.getRecipientOperator(algorithmIdentifier, algorithmIdentifier2, bArr);
            }
            try {
                Key a2 = a(this.f4151a, bArr);
                final Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
                cipher.init(2, a2, a(algorithmIdentifier2));
                return new RecipientOperator(new InputDecryptor() { // from class: org.jscep.message.f.a.1
                    @Override // org.spongycastle.operator.InputDecryptor
                    public AlgorithmIdentifier getAlgorithmIdentifier() {
                        return algorithmIdentifier2;
                    }

                    @Override // org.spongycastle.operator.InputDecryptor
                    public InputStream getInputStream(InputStream inputStream) {
                        return new CipherInputStream(inputStream, cipher);
                    }
                });
            } catch (GeneralSecurityException e) {
                throw new CMSException("Could not create DES cipher", e);
            }
        }
    }

    public f(X509Certificate x509Certificate, PrivateKey privateKey) {
        this.b = x509Certificate;
        this.c = privateKey;
    }

    private JceKeyTransEnvelopedRecipient b() {
        return new a(this.c);
    }

    private void b(CMSEnvelopedData cMSEnvelopedData) {
        EnvelopedData.getInstance(cMSEnvelopedData.toASN1Structure().getContent());
    }

    public byte[] a(CMSEnvelopedData cMSEnvelopedData) throws MessageDecodingException {
        f4150a.a("Decoding pkcsPkiEnvelope");
        b(cMSEnvelopedData);
        f4150a.a("Decrypting pkcsPkiEnvelope using key belonging to dn=" + this.b.getSubjectDN() + "  serial=" + this.b.getSerialNumber());
        RecipientInformation recipientInformation = cMSEnvelopedData.getRecipientInfos().get(new JceKeyTransRecipientId(this.b));
        if (recipientInformation == null) {
            throw new MessageDecodingException("Missing expected key transfer recipient " + this.b.getSubjectDN());
        }
        try {
            byte[] content = recipientInformation.getContent(b());
            f4150a.a("Finished decoding pkcsPkiEnvelope");
            return content;
        } catch (CMSException e) {
            throw new MessageDecodingException(e);
        }
    }
}
