package signgate.crypto.pkcs7;

import java.security.AlgorithmParameters;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import signgate.crypto.asn1.Asn1Exception;
import signgate.crypto.x509.AlgorithmId;
import signgate.javax.crypto.Cipher;
import signgate.javax.crypto.KeyGenerator;
import signgate.javax.crypto.SecretKey;
import signgate.javax.crypto.SecretKeyFactory;
import signgate.javax.crypto.spec.IvParameterSpec;
import signgate.javax.crypto.spec.RC2ParameterSpec;
import signgate.javax.crypto.spec.SecretKeySpec;
import signgate.provider.oid.OID;

/* loaded from: input_file:signgate/crypto/pkcs7/EnvelopedMessage.class */
public class EnvelopedMessage {
    private Set recipients;
    private Set recipientInfos;
    private String encryptionAlg;
    private String encryptionAlgMode;
    private String encryptionAlgModePad;
    private String encryptionAlgOid;
    private String paramSpecClassName;
    private Originator originator;
    private byte[] message;
    private SecretKey sessionKey;
    private SecureRandom rand;
    private Cipher cipher;
    private AlgorithmParameters params;
    private byte[] encryptedContent;
    private ContentInfo contentInfo;

    public EnvelopedMessage(SecureRandom secureRandom) {
        this.originator = null;
        this.message = null;
        this.sessionKey = null;
        this.rand = new SecureRandom(new byte[16]);
        this.recipients = new HashSet();
        this.recipientInfos = new HashSet();
        this.rand = secureRandom;
    }

    public EnvelopedMessage(Originator originator, byte[] bArr, SecureRandom secureRandom) {
        this.originator = null;
        this.message = null;
        this.sessionKey = null;
        this.rand = new SecureRandom(new byte[16]);
        this.recipients = new HashSet();
        this.originator = originator;
        this.message = bArr;
        this.rand = secureRandom;
    }

    public EnvelopedMessage(byte[] bArr) throws Asn1Exception, CMSException {
        this.originator = null;
        this.message = null;
        this.sessionKey = null;
        this.rand = new SecureRandom(new byte[16]);
        this.contentInfo = new ContentInfo(bArr);
        EnvelopedData envelopedData = new EnvelopedData(this.contentInfo.getContent().encode());
        OriginatorInfo originatorInfo = envelopedData.getOriginatorInfo();
        if (originatorInfo != null) {
            this.originator = new Originator(originatorInfo);
        }
        this.recipientInfos = envelopedData.getRecipientInfos();
        this.recipients = new HashSet();
        Iterator it = this.recipientInfos.iterator();
        while (it.hasNext()) {
            this.recipients.add(new Recipient((RecipientInfo) it.next()));
        }
        EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
        this.encryptedContent = encryptedContentInfo.getEncryptedContent();
        String oid = encryptedContentInfo.getContentEncryptionAlgorithm().getOid();
        this.params = encryptedContentInfo.getContentEncryptionAlgorithm().getParams();
        if (oid.equals(OID.seed_cbc)) {
            this.encryptionAlgModePad = "SEED/CBC/PKCS5Padding";
            this.encryptionAlgMode = "SEED/CBC";
            this.encryptionAlg = "SEED";
            this.paramSpecClassName = "signgate.javax.crypto.spec.IvParameterSpec";
        }
    }

    public void setMessage(byte[] bArr) {
        this.message = bArr;
    }

    public byte[] getMessage() throws CMSException {
        if (this.message == null) {
            throw new CMSException("Message not yet decrypted");
        }
        return this.message;
    }

    public Set getOriginatorCerts() {
        if (this.originator == null) {
            return null;
        }
        return this.originator.getCerts();
    }

    public void setEncryptionAlgorithm(String str) throws CMSException {
        if (str.equals("SEED")) {
            this.encryptionAlgModePad = "SEED/CBC/PKCS5Padding";
            this.encryptionAlgMode = "SEED/CBC";
            this.encryptionAlg = "SEED";
            this.encryptionAlgOid = OID.seed_cbc;
            this.paramSpecClassName = "signgate.javax.crypto.spec.IvParameterSpec";
            this.sessionKey = generateSessionKey(128);
        }
    }

    public String getCipherAlgorithm() {
        return this.encryptionAlgModePad;
    }

    public void addRecipient(Recipient recipient) throws CMSException {
        if (this.sessionKey == null) {
            throw new CMSException("Encryption algorithm not yet set");
        }
        this.recipients.add(recipient);
        this.recipientInfos.add(recipient.encryptKey(this.sessionKey.getEncoded()));
    }

    public Set getRecipients() {
        return this.recipients;
    }

    public byte[] getEncoded() {
        return this.contentInfo.encode();
    }

    public void encrypt() throws CMSException {
        this.contentInfo = new ContentInfo(OID.id_envelopedData, new EnvelopedData(0, null, this.recipientInfos, encryptContent()));
    }

    public void decrypt(X509Certificate x509Certificate, PrivateKey privateKey) throws CMSException {
        try {
            this.sessionKey = SecretKeyFactory.getInstance(this.encryptionAlg).translateKey(new SecretKeySpec(getRecipient(x509Certificate).decryptKey(privateKey), this.encryptionAlg));
            this.cipher = Cipher.getInstance(getCipherAlgorithm());
            this.cipher.init(2, this.sessionKey, this.params.getParameterSpec(Class.forName(this.paramSpecClassName)), (SecureRandom) null);
            this.message = this.cipher.doFinal(this.encryptedContent);
        } catch (Exception e) {
            throw new CMSException(e.toString());
        }
    }

    private EncryptedContentInfo encryptContent() throws CMSException {
        if (this.sessionKey == null) {
            throw new CMSException("Encryption algorithm not yet set");
        }
        if (this.message == null) {
            throw new CMSException("Message not yet set");
        }
        this.encryptedContent = encrypt(this.message);
        try {
            return new EncryptedContentInfo(OID.id_data, new AlgorithmId(this.encryptionAlgOid, this.params), this.encryptedContent);
        } catch (Exception e) {
            throw new CMSException(e.toString());
        }
    }

    private byte[] encrypt(byte[] bArr) throws CMSException {
        if (this.sessionKey == null) {
            throw new CMSException("Encryption algorithm not yet set");
        }
        try {
            this.cipher = Cipher.getInstance(getCipherAlgorithm());
            byte[] bytes = "0123456789012345".getBytes();
            this.params = AlgorithmParameters.getInstance(this.encryptionAlgMode);
            AlgorithmParameterSpec algorithmParameterSpec = null;
            if (this.encryptionAlg.equals("RC2")) {
                algorithmParameterSpec = new RC2ParameterSpec(128, bytes);
            } else if (this.encryptionAlg.equals("DESede")) {
                algorithmParameterSpec = new IvParameterSpec(bytes);
            } else if (this.encryptionAlg.equals("SEED")) {
                algorithmParameterSpec = new IvParameterSpec(bytes);
            }
            this.params.init(algorithmParameterSpec);
            this.cipher.init(1, this.sessionKey, algorithmParameterSpec, this.rand);
            return this.cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new CMSException(e.toString());
        }
    }

    private SecretKey generateSessionKey(int i) throws CMSException {
        if (this.encryptionAlg == null) {
            throw new CMSException("Encryption algorithm not yet set");
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(this.encryptionAlg);
            keyGenerator.init(i, this.rand);
            return keyGenerator.generateKey();
        } catch (Exception e) {
            e.printStackTrace();
            throw new CMSException(e.toString());
        }
    }

    private Recipient getRecipient(X509Certificate x509Certificate) throws CMSException {
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(x509Certificate);
        for (Recipient recipient : getRecipients()) {
            if (issuerAndSerialNumber.equals(recipient.getIssuerAndSerialNumber())) {
                return recipient;
            }
        }
        throw new CMSException("Wrong certificate for this Enveloped message");
    }
}
