package org.xipki.scep.message;

import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.KeyTransRecipientId;
import org.bouncycastle.cms.Recipient;
import org.bouncycastle.cms.RecipientId;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.RecipientInformationStore;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.xipki.security.X509Cert;
import org.xipki.util.Args;
import org.xipki.util.exception.DecodeException;

/* loaded from: input_file:org/xipki/scep/message/EnvelopedDataDecryptor.class */
public final class EnvelopedDataDecryptor {
    private final List<EnvelopedDataDecryptorInstance> decryptors;

    /* loaded from: input_file:org/xipki/scep/message/EnvelopedDataDecryptor$EnvelopedDataDecryptorInstance.class */
    public static final class EnvelopedDataDecryptorInstance {
        private final RecipientId recipientId;
        private final Recipient recipient;

        public EnvelopedDataDecryptorInstance(X509Cert x509Cert, PrivateKey privateKey) {
            Args.notNull(x509Cert, "recipientCert");
            Args.notNull(privateKey, "privKey");
            this.recipientId = new KeyTransRecipientId(x509Cert.getIssuer(), x509Cert.getSerialNumber(), x509Cert.getSubjectKeyId());
            this.recipient = new JceKeyTransEnvelopedRecipient(privateKey);
        }

        public Recipient getRecipient() {
            return this.recipient;
        }

        public RecipientId getRecipientId() {
            return this.recipientId;
        }
    }

    public EnvelopedDataDecryptor(List<EnvelopedDataDecryptorInstance> list) {
        this.decryptors = new ArrayList(Args.notEmpty(list, "decryptors"));
    }

    public EnvelopedDataDecryptor(EnvelopedDataDecryptorInstance envelopedDataDecryptorInstance) {
        this.decryptors = Collections.singletonList((EnvelopedDataDecryptorInstance) Args.notNull(envelopedDataDecryptorInstance, "decryptor"));
    }

    public byte[] decrypt(CMSEnvelopedData cMSEnvelopedData) throws DecodeException {
        Args.notNull(cMSEnvelopedData, "envData");
        RecipientInformationStore recipientInfos = cMSEnvelopedData.getRecipientInfos();
        RecipientInformation recipientInformation = null;
        EnvelopedDataDecryptorInstance envelopedDataDecryptorInstance = null;
        Iterator<EnvelopedDataDecryptorInstance> it = this.decryptors.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            EnvelopedDataDecryptorInstance next = it.next();
            recipientInformation = recipientInfos.get(next.getRecipientId());
            if (recipientInformation != null) {
                envelopedDataDecryptorInstance = next;
                break;
            }
        }
        if (recipientInformation == null) {
            throw new DecodeException("missing expected key transfer recipient");
        }
        try {
            return recipientInformation.getContent(envelopedDataDecryptorInstance.getRecipient());
        } catch (CMSException e) {
            throw new DecodeException("could not decrypt the envelopedData");
        }
    }
}
