package com.cryptoarm.Pkcs11Caller;

import com.cryptoarm.Pkcs11Caller.bcprimitives.RtGostKeyTransEnvelopedRecipient;
import com.cryptoarm.Pkcs11Caller.bcprimitives.RtRsaKeyTransEnvelopedRecipient;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.KeyTransRecipient;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.RecipientInformationStore;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
import ru.rutoken.pkcs11wrapper.main.Pkcs11Session;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class CmsDecryptor {
    private final long mSessionHandle;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CmsDecryptor(Pkcs11Session pkcs11Session) {
        this.mSessionHandle = pkcs11Session.getSessionHandle();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ IllegalStateException lambda$decrypt$2() {
        return new IllegalStateException("Corresponding RecipientInformation is absent");
    }

    private KeyTransRecipient makeKeyTransEnvelopedRecipient(CMSEnvelopedData cMSEnvelopedData, long j) {
        AlgorithmIdentifier contentEncryptionAlgorithm = cMSEnvelopedData.getContentEncryptionAlgorithm();
        if (contentEncryptionAlgorithm.getAlgorithm() == CMSAlgorithm.GOST28147_GCFB) {
            return new RtGostKeyTransEnvelopedRecipient(this.mSessionHandle, j);
        }
        byte[] encryptionAlgParams = cMSEnvelopedData.getEncryptionAlgParams();
        return new RtRsaKeyTransEnvelopedRecipient(this.mSessionHandle, j, Arrays.copyOfRange(encryptionAlgParams, contentEncryptionAlgorithm.getAlgorithm() == PKCSObjectIdentifiers.RC2_CBC ? 7 : 2, encryptionAlgParams.length), contentEncryptionAlgorithm);
    }

    private Collection<RecipientInformation> matchRecipients(RecipientInformationStore recipientInformationStore, X509Certificate x509Certificate) {
        return recipientInformationStore.getRecipients(new JceKeyTransRecipientId(x509Certificate));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] decrypt(byte[] bArr, final long j, List<X509Certificate> list) throws CMSException {
        final CMSEnvelopedData cMSEnvelopedData = new CMSEnvelopedData(bArr);
        final RecipientInformationStore recipientInfos = cMSEnvelopedData.getRecipientInfos();
        return (byte[]) list.stream().filter(new Predicate() { // from class: com.cryptoarm.Pkcs11Caller.CmsDecryptor$$ExternalSyntheticLambda1
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                return CmsDecryptor.this.m79lambda$decrypt$0$comcryptoarmPkcs11CallerCmsDecryptor(recipientInfos, (X509Certificate) obj);
            }
        }).findAny().map(new Function() { // from class: com.cryptoarm.Pkcs11Caller.CmsDecryptor$$ExternalSyntheticLambda0
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return CmsDecryptor.this.m80lambda$decrypt$1$comcryptoarmPkcs11CallerCmsDecryptor(recipientInfos, cMSEnvelopedData, j, (X509Certificate) obj);
            }
        }).orElseThrow(new Supplier() { // from class: com.cryptoarm.Pkcs11Caller.CmsDecryptor$$ExternalSyntheticLambda2
            @Override // java.util.function.Supplier
            public final Object get() {
                return CmsDecryptor.lambda$decrypt$2();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$decrypt$0$com-cryptoarm-Pkcs11Caller-CmsDecryptor, reason: not valid java name */
    public /* synthetic */ boolean m79lambda$decrypt$0$comcryptoarmPkcs11CallerCmsDecryptor(RecipientInformationStore recipientInformationStore, X509Certificate x509Certificate) {
        return !matchRecipients(recipientInformationStore, x509Certificate).isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$decrypt$1$com-cryptoarm-Pkcs11Caller-CmsDecryptor, reason: not valid java name */
    public /* synthetic */ byte[] m80lambda$decrypt$1$comcryptoarmPkcs11CallerCmsDecryptor(RecipientInformationStore recipientInformationStore, CMSEnvelopedData cMSEnvelopedData, long j, X509Certificate x509Certificate) {
        try {
            return matchRecipients(recipientInformationStore, x509Certificate).iterator().next().getContent(makeKeyTransEnvelopedRecipient(cMSEnvelopedData, j));
        } catch (CMSException e) {
            throw new RuntimeException(e);
        }
    }
}
