package com.google.code.jscep.pkcs7;

import com.google.code.jscep.util.AlgorithmDictionary;
import com.google.code.jscep.util.LoggingUtil;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BERConstructedOctetString;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.OriginatorInfo;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;

/* loaded from: input_file:com/google/code/jscep/pkcs7/PkcsPkiEnvelopeGenerator.class */
public class PkcsPkiEnvelopeGenerator {
    private static Logger LOGGER;
    private X509Certificate recipient;
    private String cipherAlgorithm;
    private String cipherTransformation;
    private String keyAlgorithm;
    private MessageData msgData;
    static final /* synthetic */ boolean $assertionsDisabled;

    public void setMessageData(MessageData messageData) {
        this.msgData = messageData;
    }

    public void setKeyAlgorithm(String str) {
        this.keyAlgorithm = str;
    }

    public void setRecipient(X509Certificate x509Certificate) {
        this.recipient = x509Certificate;
    }

    public void setCipherAlgorithm(String str) {
        this.cipherAlgorithm = str;
        this.cipherTransformation = AlgorithmDictionary.getTransformation(str);
    }

    public PkcsPkiEnvelope generate() throws IOException {
        LOGGER.entering(getClass().getName(), "generate");
        try {
            Cipher cipher = Cipher.getInstance(this.cipherTransformation);
            SecretKey generateKey = KeyGenerator.getInstance(this.keyAlgorithm).generateKey();
            AlgorithmParameters generateParameters = generateParameters();
            AlgorithmIdentifier algorithmIdentifier = getAlgorithmIdentifier(AlgorithmDictionary.getOid(this.cipherTransformation), generateParameters);
            cipher.init(1, generateKey, generateParameters);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(this.msgData.getContent().getDEREncoded());
            cipherOutputStream.close();
            BERConstructedOctetString bERConstructedOctetString = new BERConstructedOctetString(byteArrayOutputStream.toByteArray());
            RecipientInfo recipientInfo = toRecipientInfo(this.recipient, generateKey);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(recipientInfo);
            EnvelopedData envelopedData = new EnvelopedData((OriginatorInfo) null, new DERSet(aSN1EncodableVector), new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmIdentifier, bERConstructedOctetString), (ASN1Set) null);
            if (!$assertionsDisabled && !envelopedData.getVersion().getValue().equals(BigInteger.ZERO)) {
                throw new AssertionError();
            }
            PkcsPkiEnvelope pkcsPkiEnvelope = new PkcsPkiEnvelope(new ContentInfo(PKCSObjectIdentifiers.envelopedData, envelopedData));
            pkcsPkiEnvelope.setMessageData(this.msgData);
            LOGGER.exiting(getClass().getName(), "generate", pkcsPkiEnvelope);
            return pkcsPkiEnvelope;
        } catch (Exception e) {
            IOException iOException = new IOException(e);
            LOGGER.throwing(getClass().getName(), "parse", iOException);
            throw iOException;
        }
    }

    private AlgorithmParameters generateParameters() throws GeneralSecurityException {
        byte[] bArr = new byte[8];
        new SecureRandom().nextBytes(bArr);
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(this.cipherAlgorithm);
        algorithmParameters.init(new IvParameterSpec(bArr));
        return algorithmParameters;
    }

    private AlgorithmIdentifier getAlgorithmIdentifier(DERObjectIdentifier dERObjectIdentifier, AlgorithmParameters algorithmParameters) throws IOException {
        return new AlgorithmIdentifier(dERObjectIdentifier, new ASN1InputStream(algorithmParameters.getEncoded()).readObject());
    }

    private RecipientInfo toRecipientInfo(X509Certificate x509Certificate, SecretKey secretKey) throws CertificateEncodingException, IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        AlgorithmIdentifier algorithmId = TBSCertificateStructure.getInstance(ASN1Object.fromByteArray(x509Certificate.getTBSCertificate())).getSubjectPublicKeyInfo().getAlgorithmId();
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(3, publicKey);
        DEROctetString dEROctetString = new DEROctetString(cipher.wrap(secretKey));
        TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(new ASN1InputStream(x509Certificate.getTBSCertificate()).readObject());
        return new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier(new IssuerAndSerialNumber(tBSCertificateStructure.getIssuer(), tBSCertificateStructure.getSerialNumber().getValue())), algorithmId, dEROctetString));
    }

    static {
        $assertionsDisabled = !PkcsPkiEnvelopeGenerator.class.desiredAssertionStatus();
        LOGGER = LoggingUtil.getLogger("com.google.code.jscep.pkcs7");
    }
}
