package iaik.cms;

import com.telventi.afirma.cliente.CryptographicConstants;
import com.telventi.afirma.wsclient.utils.Base64Coder;
import iaik.asn1.ASN;
import iaik.asn1.ASN1;
import iaik.asn1.ASN1Object;
import iaik.asn1.BIT_STRING;
import iaik.asn1.CodingException;
import iaik.asn1.INTEGER;
import iaik.asn1.OCTET_STRING;
import iaik.asn1.ObjectID;
import iaik.asn1.SEQUENCE;
import iaik.asn1.UTF8String;
import iaik.asn1.structures.AlgorithmID;
import iaik.java.security.AlgorithmParameters;
import iaik.java.security.InvalidAlgorithmParameterException;
import iaik.java.security.InvalidKeyException;
import iaik.java.security.InvalidParameterException;
import iaik.java.security.Key;
import iaik.java.security.KeyPair;
import iaik.java.security.KeyPairGenerator;
import iaik.java.security.MessageDigest;
import iaik.java.security.NoSuchAlgorithmException;
import iaik.java.security.NoSuchProviderException;
import iaik.java.security.PrivateKey;
import iaik.java.security.Provider;
import iaik.java.security.PublicKey;
import iaik.java.security.SecureRandom;
import iaik.java.security.Security;
import iaik.java.security.Signature;
import iaik.java.security.SignatureException;
import iaik.java.security.spec.AlgorithmParameterSpec;
import iaik.java.security.spec.InvalidKeySpecException;
import iaik.java.security.spec.InvalidParameterSpecException;
import iaik.javax.crypto.BadPaddingException;
import iaik.javax.crypto.Cipher;
import iaik.javax.crypto.IllegalBlockSizeException;
import iaik.javax.crypto.KeyAgreement;
import iaik.javax.crypto.Mac;
import iaik.javax.crypto.NoSuchPaddingException;
import iaik.javax.crypto.SecretKey;
import iaik.javax.crypto.interfaces.DHPublicKey;
import iaik.javax.crypto.spec.IvParameterSpec;
import iaik.javax.crypto.spec.PBEParameterSpec;
import iaik.javax.crypto.spec.RC2ParameterSpec;
import iaik.javax.crypto.spec.RC5ParameterSpec;
import iaik.javax.crypto.spec.SecretKeySpec;
import iaik.pkcs.pkcs1.MGF1ParameterSpec;
import iaik.pkcs.pkcs1.MaskGenerationAlgorithm;
import iaik.pkcs.pkcs1.RSAPssParameterSpec;
import iaik.security.cipher.CAST128ParameterSpec;
import iaik.security.cipher.PBEKey;
import iaik.security.cipher.PBEKeyBMP;
import iaik.security.dh.DHKeyPairGenerator;
import iaik.security.dh.ESDHKEKParameterSpec;
import iaik.security.dh.ESDHKeyPairGenerator;
import iaik.security.dh.ESDHParameterSpec;
import iaik.security.dh.ESDHPrivateKey;
import iaik.security.dh.ESDHPublicKey;
import iaik.security.provider.IAIK;
import iaik.security.random.SecRandom;
import iaik.security.spec.PBEKeyAndParameterSpec;
import iaik.utils.CryptoUtils;
import iaik.utils.Util;
import java.math.BigInteger;
import java.util.StringTokenizer;

/* loaded from: input_file:firmaFichero5/clienteFirmaAFirma5.zip:iaik_cms_ae.jar:iaik/cms/IaikProvider.class */
public class IaikProvider extends SecurityProvider {
    static Class f;
    static Class g;
    static Class d;
    static Class e;
    private boolean b;
    private double a;
    private static final double i = 3.1d;
    private static final String h = "IAIK";
    public static final String ALG_SIGNATURE_RAWRSA = "RawRSA";
    private static boolean c = true;
    private static byte[] j = {-1, -1, -1};

    @Override // iaik.cms.SecurityProvider
    public byte[] wrapKey(SecretKey secretKey, AlgorithmID algorithmID, Key key, AlgorithmParameters algorithmParameters) throws BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException {
        byte[] wrapKey;
        if (algorithmID == null) {
            throw new NullPointerException("Cannot wrap key with null key encryption algorithm!");
        }
        String implementationName = algorithmID.getImplementationName();
        if (implementationName == null || !implementationName.equalsIgnoreCase(SecurityProvider.IMPLEMENTATION_NAME_PWRI_KEK)) {
            wrapKey = super.wrapKey(secretKey, algorithmID, key, algorithmParameters);
        } else {
            ASN1Object parameter = algorithmID.getParameter();
            if (parameter == null) {
                throw new InvalidAlgorithmParameterException("Cannot wrap key with PWRI_WRAP! Missing kek encryption algorihtmID parameter!");
            }
            AlgorithmID algorithmID2 = null;
            try {
                algorithmID2 = new AlgorithmID(parameter);
                String b = b(algorithmID2);
                AlgorithmParameters algorithmParameters2 = getAlgorithmParameters(algorithmID2);
                Cipher cipher = getCipher(b, 1, key, algorithmParameters2);
                int blockSize = cipher.getBlockSize();
                byte[] encoded = secretKey.getEncoded();
                int length = encoded.length;
                int i2 = 4 + length;
                int i3 = i2 + (blockSize - (i2 % blockSize));
                if (i3 < 2 * blockSize) {
                    i3 = 2 * blockSize;
                }
                byte[] bArr = new byte[i3];
                bArr[0] = (byte) length;
                CryptoUtils.xorBlock(j, 0, encoded, 0, bArr, 1, 3);
                System.arraycopy(encoded, 0, bArr, 4, length);
                CryptoUtils.zeroBlock(encoded);
                byte[] bArr2 = new byte[(i3 - length) - 4];
                getSecureRandom().nextBytes(bArr2);
                System.arraycopy(bArr2, 0, bArr, 4 + length, bArr2.length);
                CryptoUtils.zeroBlock(bArr2);
                byte[] update = cipher.update(bArr);
                if (algorithmParameters2 == null) {
                    AlgorithmParameters parameters = cipher.getParameters();
                    if (parameters != null) {
                        algorithmID2.setAlgorithmParameters(parameters);
                        algorithmID.setParameter(algorithmID2.toASN1Object());
                    } else {
                        byte[] iv = cipher.getIV();
                        if (iv != null) {
                            algorithmID2.setParameter(new OCTET_STRING(iv));
                            algorithmID.setParameter(algorithmID2.toASN1Object());
                        }
                    }
                }
                wrapKey = cipher.doFinal(update);
                CryptoUtils.zeroBlock(update);
            } catch (CodingException e2) {
                throw new InvalidAlgorithmParameterException(new StringBuffer("Invalid parameter encoding: ").append(e2.getMessage()).toString());
            } catch (NoSuchAlgorithmException e3) {
                throw new NoSuchAlgorithmException(new StringBuffer("No implementation available for kek encryption algorithm ").append(algorithmID2.getAlgorithm().getName()).append(". ").append(e3.getMessage()).toString());
            }
        }
        return wrapKey;
    }

    @Override // iaik.cms.SecurityProvider
    public boolean verifySignatureFromSignedAttributes(AlgorithmID algorithmID, AlgorithmID algorithmID2, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        if (algorithmID.equals(CMSAlgorithmID.rsassaPss) && algorithmID.getParameter() == null) {
            AlgorithmParameters a = a(algorithmID2);
            algorithmID = (AlgorithmID) algorithmID.clone();
            algorithmID.setAlgorithmParameters(a);
        }
        return super.verifySignatureFromSignedAttributes(algorithmID, algorithmID2, publicKey, bArr, bArr2);
    }

    @Override // iaik.cms.SecurityProvider
    public boolean verifySignatureFromHash(AlgorithmID algorithmID, AlgorithmID algorithmID2, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        boolean verify;
        String implementationName = algorithmID.getImplementationName();
        if (implementationName == "RSA" || implementationName.endsWith("/RSA")) {
            byte[] byteArray = new DigestInfo(algorithmID2, bArr).toByteArray();
            Signature signature = getSignature(ALG_SIGNATURE_RAWRSA, 2, publicKey);
            signature.update(byteArray);
            verify = signature.verify(bArr2);
        } else {
            if (implementationName.equals(SecurityProvider.IMPLEMENTATION_NAME_RSA_PSS) && algorithmID.getParameter() == null) {
                AlgorithmParameters a = a(algorithmID2);
                algorithmID = (AlgorithmID) algorithmID.clone();
                algorithmID.setAlgorithmParameters(a);
            }
            verify = super.verifySignatureFromHash(algorithmID, algorithmID2, publicKey, bArr, bArr2);
        }
        return verify;
    }

    @Override // iaik.cms.SecurityProvider
    public SecretKey unwrapKey(byte[] bArr, AlgorithmID algorithmID, Key key, AlgorithmParameters algorithmParameters, String str) throws InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException {
        SecretKey unwrapKey;
        if (algorithmID == null) {
            throw new NullPointerException("Cannot wrap key with null key encryption algorithm!");
        }
        String implementationName = algorithmID.getImplementationName();
        if (implementationName == null || !implementationName.equalsIgnoreCase(SecurityProvider.IMPLEMENTATION_NAME_PWRI_KEK)) {
            unwrapKey = super.unwrapKey(bArr, algorithmID, key, algorithmParameters, str);
        } else {
            ASN1Object parameter = algorithmID.getParameter();
            if (parameter == null) {
                throw new InvalidAlgorithmParameterException("Cannot wrap key with PWRI_WRAP! Missing kek encryption algorihtmID parameter!");
            }
            AlgorithmID algorithmID2 = null;
            try {
                algorithmID2 = new AlgorithmID(parameter);
                String b = b(algorithmID2);
                AlgorithmParameters algorithmParameters2 = getAlgorithmParameters(algorithmID2);
                Cipher cipher = getCipher(b, 0, (Key) null, (AlgorithmParameters) null);
                int blockSize = cipher.getBlockSize();
                byte[] bArr2 = new byte[blockSize];
                if (bArr.length < 2 * blockSize) {
                    throw new InvalidKeyException("Wrapped key too short!");
                }
                System.arraycopy(bArr, bArr.length - (2 * blockSize), bArr2, 0, blockSize);
                try {
                    cipher.init(2, key, setIv(algorithmParameters2, bArr2));
                    byte[] doFinal = cipher.doFinal(bArr, bArr.length - blockSize, blockSize);
                    cipher.init(2, key, setIv(algorithmParameters2, doFinal));
                    byte[] doFinal2 = cipher.doFinal(bArr, 0, bArr.length - blockSize);
                    byte[] bArr3 = new byte[doFinal2.length + doFinal.length];
                    System.arraycopy(doFinal2, 0, bArr3, 0, doFinal2.length);
                    System.arraycopy(doFinal, 0, bArr3, doFinal2.length, doFinal.length);
                    CryptoUtils.zeroBlock(doFinal2);
                    CryptoUtils.zeroBlock(doFinal);
                    cipher.init(2, key, algorithmParameters2);
                    byte[] doFinal3 = cipher.doFinal(bArr3);
                    CryptoUtils.zeroBlock(bArr3);
                    int i2 = doFinal3[0] & j[0];
                    if (i2 > doFinal3.length - 4) {
                        throw new InvalidKeyException(new StringBuffer("Key Unwrap error: one byte cek len count (").append(i2).append(") to great!").toString());
                    }
                    byte[] bArr4 = new byte[3];
                    CryptoUtils.xorBlock(j, 0, doFinal3, 1, bArr4, 0, 3);
                    if (!CryptoUtils.equalsBlock(bArr4, 0, doFinal3, 4, 3)) {
                        throw new InvalidKeyException("Key Unwrap error: invalid key check value!");
                    }
                    byte[] bArr5 = new byte[i2];
                    System.arraycopy(doFinal3, 4, bArr5, 0, i2);
                    unwrapKey = new SecretKeySpec(bArr5, str);
                    CryptoUtils.zeroBlock(bArr5);
                    CryptoUtils.zeroBlock(doFinal3);
                    CryptoUtils.zeroBlock(bArr4);
                } catch (InvalidParameterSpecException unused) {
                    throw new InvalidAlgorithmParameterException(new StringBuffer("Cannot set iv for kek algorithm ").append(algorithmID2.getAlgorithm().getName()).toString());
                } catch (BadPaddingException e2) {
                    throw new InvalidKeyException(new StringBuffer("Cannot unwrap key: ").append(e2.toString()).toString());
                } catch (IllegalBlockSizeException e3) {
                    throw new InvalidKeyException(new StringBuffer("Cannot unwrap key: ").append(e3.toString()).toString());
                }
            } catch (CodingException e4) {
                throw new InvalidAlgorithmParameterException(new StringBuffer("Invalid parameter encoding: ").append(e4.getMessage()).toString());
            } catch (NoSuchAlgorithmException e5) {
                throw new NoSuchAlgorithmException(new StringBuffer("No implementation available for kek encryption algorithm ").append(algorithmID2.getAlgorithm().getName()).append(". ").append(e5.getMessage()).toString());
            }
        }
        return unwrapKey;
    }

    public static void turnOffIAIKProviderVersionCheck() {
        c = false;
    }

    public AlgorithmParameterSpec setIv(AlgorithmParameters algorithmParameters, byte[] bArr) throws InvalidParameterSpecException {
        Class a;
        Class a2;
        Class a3;
        AlgorithmParameterSpec algorithmParameterSpec = null;
        byte[] bArr2 = (byte[]) bArr.clone();
        if (algorithmParameters != null) {
            String upperCase = algorithmParameters.getAlgorithm().toUpperCase();
            if (upperCase.equals("CAST128") || upperCase.equals(CryptographicConstants.CAST5)) {
                if (d != null) {
                    a = d;
                } else {
                    a = SecurityProvider.a("iaik.security.cipher.CAST128ParameterSpec");
                    d = a;
                }
                CAST128ParameterSpec cAST128ParameterSpec = (CAST128ParameterSpec) algorithmParameters.getParameterSpec(a);
                if (cAST128ParameterSpec != null) {
                    algorithmParameterSpec = new CAST128ParameterSpec(cAST128ParameterSpec.getKeyLength(), bArr2);
                }
            } else if (upperCase.equals("RC2")) {
                if (g != null) {
                    a3 = g;
                } else {
                    a3 = SecurityProvider.a("iaik.javax.crypto.spec.RC2ParameterSpec");
                    g = a3;
                }
                RC2ParameterSpec rC2ParameterSpec = (RC2ParameterSpec) algorithmParameters.getParameterSpec(a3);
                if (rC2ParameterSpec != null) {
                    algorithmParameterSpec = new RC2ParameterSpec(rC2ParameterSpec.getEffectiveKeyBits(), bArr2);
                }
            } else if (upperCase.equals(CryptographicConstants.RC5)) {
                if (f != null) {
                    a2 = f;
                } else {
                    a2 = SecurityProvider.a("iaik.javax.crypto.spec.RC5ParameterSpec");
                    f = a2;
                }
                RC5ParameterSpec rC5ParameterSpec = (RC5ParameterSpec) algorithmParameters.getParameterSpec(a2);
                if (rC5ParameterSpec != null) {
                    algorithmParameterSpec = new RC5ParameterSpec(rC5ParameterSpec.getVersion(), rC5ParameterSpec.getRounds(), rC5ParameterSpec.getWordSize(), bArr2);
                }
            } else {
                algorithmParameterSpec = new IvParameterSpec(bArr2);
            }
        }
        if (algorithmParameterSpec == null) {
            algorithmParameterSpec = new IvParameterSpec(bArr2);
        }
        return algorithmParameterSpec;
    }

    @Override // iaik.cms.SecurityProvider
    public SecureRandom getSecureRandom() {
        if (super.b == null) {
            setSecureRandom(SecRandom.getDefault());
        }
        return super.b;
    }

    @Override // iaik.cms.SecurityProvider
    public Key getPBEKey(char[] cArr, AlgorithmID algorithmID) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return algorithmID.equals(AlgorithmID.pbeWithMD5AndDES_CBC) ? new PBEKey(cArr) : (algorithmID.equals(AlgorithmID.pbeWithSHAAnd3_KeyTripleDES_CBC) || algorithmID.equals(AlgorithmID.pbeWithSHAAnd40BitRC2_CBC)) ? new PBEKeyBMP(cArr) : super.getPBEKey(cArr, algorithmID);
    }

    private static String b(AlgorithmID algorithmID) throws NoSuchAlgorithmException {
        String implementationName = algorithmID.getImplementationName();
        if (implementationName == null) {
            throw new NoSuchAlgorithmException();
        }
        if (implementationName.indexOf("/") == -1) {
            throw new NoSuchAlgorithmException("Cannot get kek encryption engine without mode/padding specification.");
        }
        if (!implementationName.toUpperCase().endsWith("NOPADDING")) {
            StringTokenizer stringTokenizer = new StringTokenizer(implementationName, "/");
            implementationName = new StringBuffer(String.valueOf(stringTokenizer.nextToken())).append("/").append(stringTokenizer.hasMoreTokens() ? stringTokenizer.nextToken() : "").append("/").append("NoPadding").toString();
        }
        return implementationName;
    }

    @Override // iaik.cms.SecurityProvider
    public AlgorithmParameterSpec getAlgorithmParameterSpec(AlgorithmID algorithmID) throws InvalidParameterSpecException {
        AlgorithmParameterSpec algorithmParameterSpec;
        Class a;
        if (!algorithmID.equals(CMSAlgorithmID.rsassaPss) || algorithmID.getParameter() == null) {
            algorithmParameterSpec = super.getAlgorithmParameterSpec(algorithmID);
        } else {
            try {
                AlgorithmParameters algorithmParameters = getAlgorithmParameters(algorithmID, SecurityProvider.IMPLEMENTATION_NAME_RSA_PSS);
                if (e != null) {
                    a = e;
                } else {
                    a = SecurityProvider.a("iaik.pkcs.pkcs1.RSAPssParameterSpec");
                    e = a;
                }
                algorithmParameterSpec = algorithmParameters.getParameterSpec(a);
            } catch (NoSuchAlgorithmException unused) {
                throw new InvalidParameterSpecException("No AlgorithmParameters implementation available for RSASSA-PSS");
            }
        }
        return algorithmParameterSpec;
    }

    @Override // iaik.cms.SecurityProvider
    public ASN1Object getASN1OriginatorPublicKey(PublicKey publicKey) throws CMSException {
        ASN1Object sequence;
        if (publicKey instanceof ESDHPublicKey) {
            try {
                sequence = new SEQUENCE();
                sequence.addComponent(((AlgorithmID) AlgorithmID.esdh.clone()).toASN1Object(false));
                sequence.addComponent(new BIT_STRING(new ASN1(new INTEGER(((ESDHPublicKey) publicKey).getY())).toByteArray()));
            } catch (CodingException e2) {
                throw new CMSException(e2.toString());
            }
        } else {
            sequence = super.getASN1OriginatorPublicKey(publicKey);
        }
        return sequence;
    }

    private SecretKey a(AlgorithmID algorithmID, int i2) throws NoSuchAlgorithmException {
        String implementationName = algorithmID.getImplementationName();
        int i3 = i2;
        if (i3 <= 0) {
            String upperCase = implementationName.toUpperCase();
            if (upperCase.equals("HMAC/SHA") || upperCase.equals("HMAC/SHA1") || upperCase.equals("HMAC/SHA-1") || upperCase.equals("HMMACSHA") || upperCase.equals("HMMACSHA1") || upperCase.equals("HMAC/SHA256") || upperCase.equals("HMMACSHA256") || upperCase.equals("HMAC/SHA224") || upperCase.equals("HMMACSHA224") || upperCase.equals("HMAC/MD5") || upperCase.equals("HMACMD5") || upperCase.equals("HMAC/RIPEMD128") || upperCase.equals("HMACRIPEMD128") || upperCase.equals("HMAC/RIPEMD160") || upperCase.equals("HMACRIPEMD160")) {
                i3 = 64;
            } else if (upperCase.equals("HMAC/SHA384") || upperCase.equals("HMMACSHA384") || upperCase.equals("HMAC/SHA512") || upperCase.equals("HMMACSHA512")) {
                i3 = 128;
            }
        }
        if (i3 <= 0) {
            i3 = Mac.getInstance(implementationName).getMacLength();
        }
        if (i3 <= 0) {
            throw new NoSuchAlgorithmException(new StringBuffer("No key generator available for MAC algorithm ").append(implementationName).toString());
        }
        byte[] bArr = new byte[i3];
        getSecureRandom().nextBytes(bArr);
        return new SecretKeySpec(bArr, implementationName);
    }

    @Override // iaik.cms.SecurityProvider
    public KeyPair generateKeyAgreementKeyPair(AlgorithmID algorithmID, PublicKey publicKey) throws InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException {
        String algorithm = publicKey.getAlgorithm();
        KeyPairGenerator keyPairGenerator = null;
        if (!(publicKey instanceof ESDHPublicKey)) {
            if (!(publicKey instanceof DHPublicKey)) {
                throw new NoSuchAlgorithmException(new StringBuffer("No implementation for algorithm ").append(algorithmID.getAlgorithm().getName()).toString());
            }
            KeyPairGenerator keyPairGenerator2 = getKeyPairGenerator(algorithmID);
            if (!algorithm.equalsIgnoreCase(keyPairGenerator2.getAlgorithm())) {
                throw new InvalidKeyException("Public key of other party does not match do key agreement algorithm!");
            }
            DHKeyPairGenerator dHKeyPairGenerator = (DHKeyPairGenerator) keyPairGenerator2;
            dHKeyPairGenerator.initialize(((DHPublicKey) publicKey).getParams(), getSecureRandom());
            return dHKeyPairGenerator.generateKeyPair();
        }
        try {
            keyPairGenerator = getKeyPairGenerator(algorithmID);
            if (!algorithm.equalsIgnoreCase(keyPairGenerator.getAlgorithm())) {
                throw new InvalidKeyException("Public key of other party does not match do key agreement algorithm!");
            }
        } catch (NoSuchAlgorithmException e2) {
            if (algorithmID.equals(AlgorithmID.ssdhKeyAgreement)) {
                try {
                    keyPairGenerator = getKeyPairGenerator(AlgorithmID.esdhKeyAgreement);
                } catch (Exception unused) {
                    throw e2;
                }
            }
        }
        ESDHKeyPairGenerator eSDHKeyPairGenerator = (ESDHKeyPairGenerator) keyPairGenerator;
        eSDHKeyPairGenerator.initialize(((ESDHPublicKey) publicKey).getParams(), getSecureRandom());
        return eSDHKeyPairGenerator.generateKeyPair();
    }

    @Override // iaik.cms.SecurityProvider
    public SecretKey generateKey(AlgorithmID algorithmID, int i2) throws NoSuchAlgorithmException {
        SecretKey secretKey = null;
        if (algorithmID.getImplementationName().toUpperCase().indexOf("HMAC") != -1) {
            try {
                secretKey = a(algorithmID, i2);
            } catch (NoSuchAlgorithmException unused) {
            }
        }
        if (secretKey == null) {
            secretKey = super.generateKey(algorithmID, i2);
        }
        return secretKey;
    }

    @Override // iaik.cms.SecurityProvider
    public Key deriveKey(char[] cArr, AlgorithmID algorithmID, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        SecretKey secretKey = null;
        if (algorithmID == null) {
            throw new NullPointerException("Cannot derive key with null key derivation function!");
        }
        String implementationName = algorithmID.getImplementationName();
        if (implementationName != null && implementationName.equalsIgnoreCase(SecurityProvider.IMPLEMENTATION_NAME_PBKDF2)) {
            PBEKeyAndParameterSpec pBEKeyAndParameterSpec = null;
            ASN1Object parameter = algorithmID.getParameter();
            if (algorithmParameterSpec != null) {
                if (algorithmParameterSpec instanceof PBEKeyAndParameterSpec) {
                    pBEKeyAndParameterSpec = (PBEKeyAndParameterSpec) algorithmParameterSpec;
                } else if (algorithmParameterSpec instanceof PBEParameterSpec) {
                    PBEParameterSpec pBEParameterSpec = (PBEParameterSpec) algorithmParameterSpec;
                    try {
                        pBEKeyAndParameterSpec = new PBEKeyAndParameterSpec(UTF8String.getUTF8EncodingFromCharArray(cArr), pBEParameterSpec.getSalt(), pBEParameterSpec.getIterationCount(), 32);
                    } catch (Exception e2) {
                        throw new InvalidAlgorithmParameterException(new StringBuffer("Error encoding password: ").append(e2.toString()).toString());
                    }
                }
                if (parameter == null && pBEKeyAndParameterSpec != null) {
                    try {
                        SEQUENCE sequence = new SEQUENCE();
                        sequence.addComponent(new OCTET_STRING(pBEKeyAndParameterSpec.getSalt()));
                        sequence.addComponent(new INTEGER(pBEKeyAndParameterSpec.getIterationCount()));
                        sequence.addComponent(new INTEGER(pBEKeyAndParameterSpec.getDerivedKeyLength()));
                        algorithmID.setParameter(sequence);
                    } catch (Exception e3) {
                        throw new InvalidAlgorithmParameterException(new StringBuffer("Cannot build ASN.1 parameters: ").append(e3.toString()).toString());
                    }
                }
            } else if (parameter != null) {
                try {
                    int countComponents = parameter.countComponents();
                    int i2 = 0 + 1;
                    byte[] bArr = (byte[]) parameter.getComponentAt(0).getValue();
                    int i3 = i2 + 1;
                    int intValue = ((BigInteger) parameter.getComponentAt(i2).getValue()).intValue();
                    if (countComponents > 4) {
                        throw new InvalidAlgorithmParameterException(new StringBuffer("Invalid PBKDF2 parameter encoding: Too many (").append(countComponents).append(") components. Maximum 4 allowed!").toString());
                    }
                    int i4 = 32;
                    while (i3 < countComponents) {
                        int i5 = i3;
                        i3++;
                        ASN1Object componentAt = parameter.getComponentAt(i5);
                        if (componentAt.isA(ASN.INTEGER)) {
                            i4 = ((BigInteger) componentAt.getValue()).intValue();
                        } else if (componentAt.isA(ASN.SEQUENCE)) {
                            ObjectID algorithm = new AlgorithmID(componentAt).getAlgorithm();
                            if (!algorithm.equals(AlgorithmID.hMAC_SHA1.getAlgorithm()) && !algorithm.equals(AlgorithmID.hMAC_SHA1.getAlgorithm())) {
                                throw new InvalidAlgorithmParameterException(new StringBuffer("Prf algorithm ").append(algorithm.getName()).append(" not supported for PBKDF2!").toString());
                            }
                        } else {
                            continue;
                        }
                    }
                    pBEKeyAndParameterSpec = new PBEKeyAndParameterSpec(UTF8String.getUTF8EncodingFromCharArray(cArr), bArr, intValue, i4);
                } catch (Exception e4) {
                    throw new InvalidAlgorithmParameterException(new StringBuffer("Invalid PBKDF2 parameter encoding: ").append(e4.toString()).toString());
                }
            } else {
                try {
                    byte[] bArr2 = new byte[16];
                    getSecureRandom().nextBytes(bArr2);
                    pBEKeyAndParameterSpec = new PBEKeyAndParameterSpec(UTF8String.getUTF8EncodingFromCharArray(cArr), bArr2, Base64Coder.SIZE_1KB, 32);
                } catch (Exception e5) {
                    throw new InvalidAlgorithmParameterException(new StringBuffer("Error encoding password: ").append(e5.toString()).toString());
                }
            }
            if (pBEKeyAndParameterSpec != null) {
                secretKey = getKeyGenerator(algorithmID, pBEKeyAndParameterSpec).generateKey();
            }
        }
        if (secretKey == null) {
            secretKey = super.deriveKey(cArr, algorithmID, algorithmParameterSpec);
        }
        return secretKey;
    }

    @Override // iaik.cms.SecurityProvider
    public SecretKey decryptKey(byte[] bArr, AlgorithmID algorithmID, PrivateKey privateKey, String str) throws BadPaddingException, NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException {
        if (algorithmID.getImplementationName() != "RSA") {
            return super.decryptKey(bArr, algorithmID, privateKey, str);
        }
        try {
            return new iaik.security.cipher.SecretKey(getCipher(SecurityProvider.ALG_CIPHER_RSA_DECRYPT, 2, privateKey, (AlgorithmParameters) null).doFinal(bArr), str);
        } catch (InvalidAlgorithmParameterException e2) {
            throw new InvalidKeyException(new StringBuffer("Invalid parameters: ").append(e2.getMessage()).toString());
        } catch (IllegalBlockSizeException e3) {
            throw new InvalidKeyException(new StringBuffer("Illegal block size: ").append(e3.getMessage()).toString());
        }
    }

    @Override // iaik.cms.SecurityProvider
    public SecretKey createSharedKeyEncryptionKey(AlgorithmID algorithmID, PrivateKey privateKey, PublicKey publicKey, AlgorithmID algorithmID2, int i2, byte[] bArr, String str) throws InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException {
        KeyAgreement keyAgreement;
        if (!algorithmID.equals(AlgorithmID.esdhKeyAgreement) && !algorithmID.equals(AlgorithmID.ssdhKeyAgreement)) {
            throw new NoSuchAlgorithmException(new StringBuffer("Key Agreement method ").append(algorithmID.getAlgorithm().getName()).append(" not supported!").toString());
        }
        ESDHKEKParameterSpec eSDHKEKParameterSpec = new ESDHKEKParameterSpec(algorithmID2.getAlgorithm(), i2);
        eSDHKEKParameterSpec.setPartyAInfo(bArr);
        if (algorithmID.equals(AlgorithmID.ssdhKeyAgreement)) {
            AlgorithmID algorithmID3 = (AlgorithmID) AlgorithmID.esdhKeyAgreement.clone();
            algorithmID3.setParameter(algorithmID.getParameter());
            keyAgreement = getKeyAgreement(algorithmID3, privateKey, eSDHKEKParameterSpec);
            if (algorithmID3.getParameter() != null) {
                algorithmID.setParameter(algorithmID3.getParameter());
            }
        } else {
            keyAgreement = getKeyAgreement(algorithmID, privateKey, eSDHKEKParameterSpec);
        }
        keyAgreement.doPhase(publicKey, true);
        return keyAgreement.generateSecret(str);
    }

    private static AlgorithmParameters a(AlgorithmID algorithmID) throws NoSuchAlgorithmException {
        RSAPssParameterSpec rSAPssParameterSpec;
        if (algorithmID == null) {
            rSAPssParameterSpec = new RSAPssParameterSpec();
        } else {
            AlgorithmID algorithmID2 = (AlgorithmID) AlgorithmID.mgf1.clone();
            algorithmID2.setParameter(algorithmID.toASN1Object());
            int digestLength = Util.getDigestLength(algorithmID);
            if (digestLength == 0) {
                digestLength = 20;
            }
            rSAPssParameterSpec = new RSAPssParameterSpec(algorithmID, algorithmID2, digestLength);
            MessageDigest messageDigestInstance = algorithmID.getMessageDigestInstance(h);
            rSAPssParameterSpec.setHashEngine(messageDigestInstance);
            MaskGenerationAlgorithm maskGenerationAlgorithmInstance = algorithmID2.getMaskGenerationAlgorithmInstance(h);
            MGF1ParameterSpec mGF1ParameterSpec = new MGF1ParameterSpec(algorithmID);
            mGF1ParameterSpec.setHashEngine(messageDigestInstance);
            try {
                maskGenerationAlgorithmInstance.setParameters(mGF1ParameterSpec);
                rSAPssParameterSpec.setMGFEngine(maskGenerationAlgorithmInstance);
            } catch (InvalidAlgorithmParameterException e2) {
                throw new NoSuchAlgorithmException(new StringBuffer("Cannot init PSS params: ").append(e2.toString()).toString());
            }
        }
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(SecurityProvider.IMPLEMENTATION_NAME_RSA_PSS, h);
            algorithmParameters.init(rSAPssParameterSpec);
            return algorithmParameters;
        } catch (NoSuchProviderException unused) {
            throw new NoSuchAlgorithmException("RSA-PSS implementation of provider IAIK not available!");
        } catch (InvalidParameterSpecException e3) {
            throw new NoSuchAlgorithmException(new StringBuffer("Cannot init PSS params: ").append(e3.toString()).toString());
        }
    }

    @Override // iaik.cms.SecurityProvider
    public void checkDomainParameters(PrivateKey privateKey, PublicKey publicKey) throws InvalidParameterException {
        if (!privateKey.getAlgorithm().equalsIgnoreCase(SecurityProvider.ALG_KEYEX_ESDH)) {
            super.checkDomainParameters(privateKey, publicKey);
            return;
        }
        ESDHParameterSpec eSDHParameterSpec = (ESDHParameterSpec) ((ESDHPrivateKey) privateKey).getParams();
        ESDHParameterSpec eSDHParameterSpec2 = (ESDHParameterSpec) ((ESDHPublicKey) publicKey).getParams();
        if (eSDHParameterSpec != null && eSDHParameterSpec2 != null && !eSDHParameterSpec.equals(eSDHParameterSpec2)) {
            throw new InvalidParameterException("Different domain parameters for ESDH!");
        }
    }

    @Override // iaik.cms.SecurityProvider
    public byte[] calculateSignatureFromSignedAttributes(AlgorithmID algorithmID, AlgorithmID algorithmID2, PrivateKey privateKey, byte[] bArr) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        if (algorithmID.equals(CMSAlgorithmID.rsassaPss) && algorithmID.getParameter() == null) {
            algorithmID.setAlgorithmParameters(a(algorithmID2));
        }
        return super.calculateSignatureFromSignedAttributes(algorithmID, algorithmID2, privateKey, bArr);
    }

    @Override // iaik.cms.SecurityProvider
    public byte[] calculateSignatureFromHash(AlgorithmID algorithmID, AlgorithmID algorithmID2, PrivateKey privateKey, byte[] bArr) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        byte[] sign;
        String implementationName = algorithmID.getImplementationName();
        if (implementationName == "RSA" || implementationName.endsWith("/RSA")) {
            byte[] byteArray = new DigestInfo(algorithmID2, bArr).toByteArray();
            Signature signature = getSignature(ALG_SIGNATURE_RAWRSA, 1, privateKey);
            signature.update(byteArray);
            sign = signature.sign();
        } else {
            if (implementationName.equals(SecurityProvider.IMPLEMENTATION_NAME_RSA_PSS) && algorithmID.getParameter() == null) {
                algorithmID.setAlgorithmParameters(a(algorithmID2));
            }
            sign = super.calculateSignatureFromHash(algorithmID, algorithmID2, privateKey, bArr);
        }
        return sign;
    }

    public IaikProvider() {
        super(h);
        if (Security.getProvider(h) == null) {
            IAIK.addAsJDK14Provider(false);
        }
        Provider provider = Security.getProvider(h);
        if (provider == null) {
            System.err.println("Could not add IAIK provider!");
            throw new RuntimeException("Could not add IAIK provider!");
        }
        if (c) {
            this.a = provider.getVersion();
            if (this.a < 3.0999d) {
                System.err.println();
                System.err.println("WARNING: This version of IAIK-CMS should only be used with IAIK JCE");
                System.err.println(new StringBuffer("WARNING: version ").append(i).append(" and later! You are using IAIK JCE ").append(this.a).append(".").toString());
                System.err.println();
            }
        }
    }
}
