package ru.CryptoPro.CAdES;

import com.objsys.asn1j.runtime.Asn1BerDecodeBuffer;
import com.objsys.asn1j.runtime.Asn1Exception;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSEnvelopedDataParser;
import org.bouncycastle.cms.CMSEnvelopedDataStreamGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSTypedStream;
import org.bouncycastle.cms.KeyAgreeRecipientInformation;
import org.bouncycastle.cms.KeyTransRecipientInformation;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.util.io.Streams;
import ru.CryptoPro.CAdES.exception.EnvelopedException;
import ru.CryptoPro.CAdES.exception.EnvelopedInvalidRecipientException;
import ru.CryptoPro.CAdES.exception.EnvelopedInvalidRecipientFormatException;
import ru.CryptoPro.CAdES.exception.EnvelopedWrongRecipientException;
import ru.CryptoPro.CAdES.tools.CAdESUtility;
import ru.CryptoPro.JCP.ASN.PKIX1Explicit88.SubjectPublicKeyInfo;
import ru.CryptoPro.JCP.params.AlgIdSpec;
import ru.CryptoPro.JCP.params.EllipticParamsInterface;
import ru.CryptoPro.JCP.tools.JCPLogger;

/* loaded from: classes4.dex */
public final class EnvelopedSignature {
    private CMSEnvelopedDataStreamGenerator a;
    private ru.CryptoPro.CAdES.pc_1.cl_1 b;
    private OutputStream c;
    private CMSEnvelopedDataParser d;
    private EncryptionKeyAlgorithm e;
    private EllipticParamsInterface f;
    private ru.CryptoPro.CAdES.pc_1.cl_4 g;

    public EnvelopedSignature() {
        this.a = null;
        this.b = null;
        this.c = null;
        this.d = null;
        this.e = EncryptionKeyAlgorithm.ekaDefault;
        this.f = null;
        this.g = null;
        JCPLogger.subEnter();
        this.a = new CMSEnvelopedDataStreamGenerator();
        this.b = new ru.CryptoPro.CAdES.pc_1.cl_1();
        JCPLogger.subExit();
    }

    public EnvelopedSignature(InputStream inputStream) throws EnvelopedException {
        this.a = null;
        this.b = null;
        this.c = null;
        this.d = null;
        this.e = EncryptionKeyAlgorithm.ekaDefault;
        this.f = null;
        this.g = null;
        JCPLogger.subEnter();
        try {
            this.d = new CMSEnvelopedDataParser(inputStream);
            this.g = new ru.CryptoPro.CAdES.pc_1.cl_4(this.d);
            JCPLogger.subExit();
        } catch (IOException e) {
            throw new EnvelopedException("Decoding of encrypted data failed", e);
        } catch (CMSException e2) {
            throw new EnvelopedException("Decoding of encrypted data failed", e2);
        }
    }

    public EnvelopedSignature(EncryptionKeyAlgorithm encryptionKeyAlgorithm) {
        this();
        if (encryptionKeyAlgorithm != null) {
            this.e = encryptionKeyAlgorithm;
        }
    }

    private static InputStream a(RecipientInformation recipientInformation, X509Certificate x509Certificate, PrivateKey privateKey, ru.CryptoPro.CAdES.pc_1.cl_4 cl_4Var) throws EnvelopedException, EnvelopedInvalidRecipientFormatException, EnvelopedWrongRecipientException {
        JCPLogger.subEnter();
        boolean z = recipientInformation instanceof KeyTransRecipientInformation;
        if (!z && !(recipientInformation instanceof KeyAgreeRecipientInformation)) {
            throw new EnvelopedInvalidRecipientFormatException();
        }
        if (x509Certificate != null) {
            try {
                if (!recipientInformation.getRID().match(new X509CertificateHolder(x509Certificate.getEncoded()))) {
                    throw new EnvelopedWrongRecipientException();
                }
            } catch (IOException e) {
                throw new EnvelopedException("Decoding of recipient certificate failed", e);
            } catch (CertificateEncodingException e2) {
                throw new EnvelopedException("Decoding of recipient certificate failed", e2);
            }
        }
        try {
            CMSTypedStream contentStream = recipientInformation.getContentStream(z ? new ru.CryptoPro.CAdES.pc_1.pc_1.cl_2(privateKey, cl_4Var) : new ru.CryptoPro.CAdES.pc_1.pc_0.cl_2(privateKey, cl_4Var));
            JCPLogger.subExit();
            return contentStream.getContentStream();
        } catch (IOException e3) {
            throw new EnvelopedException("Decoding of encrypted context into stream failed", e3);
        } catch (CMSException e4) {
            throw new EnvelopedException("Decoding of encrypted context into stream failed", e4);
        }
    }

    private void a(X509Certificate x509Certificate) throws EnvelopedException {
        JCPLogger.subEnter();
        if (this.f == null) {
            SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo();
            Asn1BerDecodeBuffer asn1BerDecodeBuffer = new Asn1BerDecodeBuffer(x509Certificate.getPublicKey().getEncoded());
            try {
                subjectPublicKeyInfo.decode(asn1BerDecodeBuffer);
                asn1BerDecodeBuffer.reset();
                this.f = (EllipticParamsInterface) new AlgIdSpec(subjectPublicKeyInfo.algorithm).getSignParams();
            } catch (Asn1Exception e) {
                throw new EnvelopedException(e.getMessage());
            } catch (IOException e2) {
                throw new EnvelopedException(e2.getMessage());
            }
        }
        JCPLogger.subExit();
    }

    private static void a(RecipientInformation recipientInformation, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream, ru.CryptoPro.CAdES.pc_1.cl_4 cl_4Var) throws EnvelopedException, EnvelopedInvalidRecipientFormatException, EnvelopedWrongRecipientException {
        JCPLogger.subEnter();
        InputStream inputStream = null;
        try {
            try {
                inputStream = a(recipientInformation, x509Certificate, privateKey, cl_4Var);
                outputStream.write(Streams.readAll(inputStream));
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException unused) {
                    }
                }
                JCPLogger.subExit();
            } catch (IOException e) {
                throw new EnvelopedException("Decoding of encrypted context failed", e);
            } catch (CMSException e2) {
                throw new EnvelopedException("Decoding of encrypted context failed", e2);
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException unused2) {
                }
            }
            throw th;
        }
    }

    public static InputStream decryptOne(RecipientInformation recipientInformation, X509Certificate x509Certificate, PrivateKey privateKey) throws EnvelopedException, EnvelopedInvalidRecipientFormatException, EnvelopedWrongRecipientException {
        return a(recipientInformation, x509Certificate, privateKey, null);
    }

    public static void decryptOne(RecipientInformation recipientInformation, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) throws EnvelopedException, EnvelopedInvalidRecipientFormatException, EnvelopedWrongRecipientException {
        a(recipientInformation, x509Certificate, privateKey, outputStream, null);
    }

    public void addKeyAgreeRecipient(X509Certificate x509Certificate) throws EnvelopedException {
        JCPLogger.subEnter();
        if (this.a == null) {
            throw new EnvelopedException("Enveloped generator is undefined");
        }
        if (x509Certificate == null) {
            throw new EnvelopedException("Recipient certificate is undefined");
        }
        if (!CAdESUtility.ifKeyUsageIsKeyAgreementInCertificate(x509Certificate)) {
            throw new EnvelopedException("Wrong key usage.");
        }
        a(x509Certificate);
        this.a.addRecipientInfoGenerator(new ru.CryptoPro.CAdES.pc_1.pc_0.cl_3(x509Certificate, this.b));
        JCPLogger.subExit();
    }

    public void addKeyTransRecipient(X509Certificate x509Certificate) throws EnvelopedException {
        JCPLogger.subEnter();
        if (this.a == null) {
            throw new EnvelopedException("Enveloped generator is undefined");
        }
        if (x509Certificate == null) {
            throw new EnvelopedException("Recipient certificate is undefined");
        }
        if (!CAdESUtility.ifKeyUsageIsKeyAgreementInCertificate(x509Certificate)) {
            throw new EnvelopedException("Wrong key usage.");
        }
        a(x509Certificate);
        this.a.addRecipientInfoGenerator(new ru.CryptoPro.CAdES.pc_1.pc_1.cl_3(x509Certificate, this.b));
        JCPLogger.subExit();
    }

    public void close() throws EnvelopedException {
        CMSEnvelopedDataStreamGenerator cMSEnvelopedDataStreamGenerator;
        JCPLogger.subEnter();
        ru.CryptoPro.CAdES.pc_1.cl_1 cl_1Var = this.b;
        if (cl_1Var != null && cl_1Var.a() && (cMSEnvelopedDataStreamGenerator = this.a) != null) {
            cMSEnvelopedDataStreamGenerator.setUnprotectedAttributeGenerator(this.b);
        }
        OutputStream outputStream = this.c;
        if (outputStream == null) {
            throw new EnvelopedException("Encryption output stream  not set. Did you forget to open and update?");
        }
        try {
            outputStream.close();
            JCPLogger.subExit();
        } catch (IOException e) {
            throw new EnvelopedException("Closing of output context failed", e);
        }
    }

    public InputStream decrypt(X509Certificate x509Certificate, PrivateKey privateKey) throws EnvelopedException, EnvelopedInvalidRecipientException {
        JCPLogger.subEnter();
        Iterator it = getRecipients().iterator();
        while (it.hasNext()) {
            try {
                InputStream decrypt = decrypt((RecipientInformation) it.next(), x509Certificate, privateKey);
                JCPLogger.subExit();
                return decrypt;
            } catch (EnvelopedInvalidRecipientFormatException unused) {
                JCPLogger.warning("Invalid key transport recipient format (stream)");
            } catch (EnvelopedWrongRecipientException unused2) {
                if (x509Certificate != null) {
                    JCPLogger.fineFormat("Wrong certificate sn {0}, subject {1} (stream)", x509Certificate.getSerialNumber().toString(16), x509Certificate.getSubjectDN().toString());
                } else {
                    JCPLogger.fine("Wrong recipient");
                }
            }
        }
        throw new EnvelopedInvalidRecipientException();
    }

    public InputStream decrypt(RecipientInformation recipientInformation, X509Certificate x509Certificate, PrivateKey privateKey) throws EnvelopedException, EnvelopedInvalidRecipientFormatException, EnvelopedWrongRecipientException {
        return a(recipientInformation, x509Certificate, privateKey, this.g);
    }

    public void decrypt(X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) throws EnvelopedException, EnvelopedInvalidRecipientException {
        JCPLogger.subEnter();
        if (outputStream == null) {
            throw new EnvelopedException("Output data stream  not set");
        }
        Iterator it = getRecipients().iterator();
        while (it.hasNext()) {
            try {
                decrypt((RecipientInformation) it.next(), x509Certificate, privateKey, outputStream);
                JCPLogger.subExit();
                return;
            } catch (EnvelopedInvalidRecipientFormatException unused) {
                JCPLogger.warning("Invalid key transport recipient format");
            } catch (EnvelopedWrongRecipientException unused2) {
                if (x509Certificate != null) {
                    JCPLogger.fineFormat("Wrong certificate sn {0}, subject {1}", x509Certificate.getSerialNumber().toString(16), x509Certificate.getSubjectDN().toString());
                } else {
                    JCPLogger.fine("Wrong recipient");
                }
            }
        }
        throw new EnvelopedInvalidRecipientException();
    }

    public void decrypt(RecipientInformation recipientInformation, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) throws EnvelopedException, EnvelopedInvalidRecipientFormatException, EnvelopedWrongRecipientException {
        a(recipientInformation, x509Certificate, privateKey, outputStream, this.g);
    }

    public Collection getRecipients() throws EnvelopedException {
        CMSEnvelopedDataParser cMSEnvelopedDataParser = this.d;
        if (cMSEnvelopedDataParser != null) {
            return cMSEnvelopedDataParser.getRecipientInfos().getRecipients();
        }
        throw new EnvelopedException("Enveloped data decoder not set. Did you forget to open?");
    }

    public void open(OutputStream outputStream) throws EnvelopedException {
        JCPLogger.subEnter();
        if (this.a == null) {
            throw new EnvelopedException("Enveloped generator not set");
        }
        if (outputStream == null) {
            throw new EnvelopedException("Enveloped output stream not set");
        }
        try {
            this.c = this.a.open(outputStream, new ru.CryptoPro.CAdES.pc_1.cl_5(this.e, this.f, this.b));
            JCPLogger.subExit();
        } catch (IOException e) {
            throw new EnvelopedException("Opening of output context failed", e);
        } catch (CMSException e2) {
            throw new EnvelopedException("Opening of output context failed", e2);
        }
    }

    public void update(byte[] bArr) throws Exception {
        this.c.write(bArr, 0, bArr.length);
    }

    public void update(byte[] bArr, int i, int i2) throws Exception {
        this.c.write(bArr, i, i2);
    }
}
