package com.sg.openews.api.cmp2.impl;

import com.kica.security.asn1.ASN1Encodable;
import com.kica.security.asn1.ASN1OctetString;
import com.kica.security.asn1.cmp.CertRepMessage;
import com.kica.security.asn1.cmp.CertResponse;
import com.kica.security.asn1.cmp.CertifiedKeyPair;
import com.kica.security.asn1.crmf.EncryptedValue;
import com.kica.security.asn1.kisa.KISAObjectIdentifiers;
import com.kica.security.asn1.oid.NISTObjectIdentifiers;
import com.kica.security.asn1.pkcs.PKCSObjectIdentifiers;
import com.sg.openews.api.exception.SGCryptoException;
import com.sg.openews.api.exception.SGException;
import com.sg.openews.api.key.SGPrivateKey;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

/* loaded from: classes3.dex */
public class CertRepMessageParser extends CertRepMessageCommon {
    protected SGPrivateKey kmPriKey;
    protected byte[] kmPriKeyBytes;
    protected SGPrivateKey signPriKey;
    protected byte[] symmKey;
    protected List certs = new ArrayList();
    protected byte[] caPubs = null;

    public CertRepMessageParser(SGPrivateKey sGPrivateKey, SGPrivateKey sGPrivateKey2) throws IOException {
        this.signPriKey = sGPrivateKey;
        this.kmPriKey = sGPrivateKey2;
    }

    byte[] decrypt(EncryptedValue encryptedValue, SGPrivateKey sGPrivateKey) throws SGException {
        if (encryptedValue.getEncValue() == null) {
            throw new IllegalStateException("cannot get Km Certificate!");
        }
        byte[] decryptRSA = encryptedValue.getKeyAlg() != null ? encryptedValue.getKeyAlg().getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption) ? CipherFuncs.decryptRSA(sGPrivateKey, encryptedValue.getEncSymmKey().getBytes()) : null : CipherFuncs.decryptRSA(sGPrivateKey, encryptedValue.getEncSymmKey().getBytes());
        if (encryptedValue.getSymmAlg() == null) {
            return CipherFuncs.decryptDES_OFB(decryptRSA, "012345678901245".getBytes(), encryptedValue.getEncValue().getBytes());
        }
        ASN1OctetString aSN1OctetString = ASN1OctetString.getInstance(encryptedValue.getSymmAlg().getParameters());
        byte[] octets = aSN1OctetString != null ? aSN1OctetString.getOctets() : "012345678901245".getBytes();
        if (encryptedValue.getSymmAlg().getObjectId().equals(KISAObjectIdentifiers.id_seedCBC)) {
            return CipherFuncs.decryptSEED_CBC(decryptRSA, octets, encryptedValue.getEncValue().getBytes());
        }
        if (encryptedValue.getSymmAlg().getObjectId().equals(NISTObjectIdentifiers.id_aes128_CBC) || encryptedValue.getSymmAlg().getObjectId().equals(NISTObjectIdentifiers.id_aes192_CBC) || encryptedValue.getSymmAlg().getObjectId().equals(NISTObjectIdentifiers.id_aes256_CBC)) {
            return CipherFuncs.decryptAES_CBC(decryptRSA, octets, encryptedValue.getEncValue().getBytes());
        }
        throw new SGCryptoException("Not Supported Algorithm OID: " + encryptedValue.getSymmAlg().getObjectId().getId());
    }

    public byte[] getCaPubs() {
        return this.caPubs;
    }

    public byte[] getCertificate(CertifiedKeyPair certifiedKeyPair) throws SGCryptoException, SGException {
        setEncPrivateKey(certifiedKeyPair);
        if (certifiedKeyPair.getCertOrEncCert().getCertificate() != null) {
            return certifiedKeyPair.getCertOrEncCert().getCertificate().getX509v3PKCert().getDEREncoded();
        }
        EncryptedValue encryptedCert = certifiedKeyPair.getCertOrEncCert().getEncryptedCert();
        if (encryptedCert != null) {
            return decrypt(encryptedCert, this.kmPriKey);
        }
        throw new IllegalStateException("Invalid CertOrEncCert data.");
    }

    public List getCertificates() {
        return this.certs;
    }

    public byte[] getKMPrivateKey() {
        return this.kmPriKeyBytes;
    }

    public byte[] getSessionKey() {
        return this.symmKey;
    }

    public void parse(ASN1Encodable aSN1Encodable) throws SGCryptoException, SGException, IOException {
        CertRepMessage certRepMessage = CertRepMessage.getInstance(aSN1Encodable);
        this.caPubs = certRepMessage.getCaPubsBytes();
        CertResponse[] response = certRepMessage.getResponse();
        for (int i6 = 0; i6 < response.length; i6++) {
            checkPKIStatusInfo(response[i6].getStatus());
            this.certs.add(getCertificate(response[i6].getCertifiedKeyPair()));
        }
    }

    void setEncPrivateKey(CertifiedKeyPair certifiedKeyPair) throws SGException {
        if (certifiedKeyPair.getPrivateKey() != null) {
            this.kmPriKeyBytes = decrypt(certifiedKeyPair.getPrivateKey(), this.signPriKey);
        }
    }
}
