package es.gob.afirma.envelopers.cms;

import es.gob.afirma.core.AOException;
import es.gob.afirma.core.ciphers.CipherConstants;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.spongycastle.asn1.ASN1Encoding;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.cms.AuthenticatedData;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;

/* loaded from: input_file:es/gob/afirma/envelopers/cms/CMSDecipherAuthenticatedData.class */
final class CMSDecipherAuthenticatedData {
    private SecretKey cipherKey;
    private CipherConstants.AOCipherAlgorithm macAlgorithmConfig;

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] decipherAuthenticatedData(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry) throws IOException, CertificateEncodingException, AOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
        byte[] bArr2 = new byte[0];
        try {
            AuthenticatedData authenticatedData = AuthenticatedData.getInstance(Utils.fetchWrappedData(bArr));
            EncryptedKeyDatas fetchEncryptedKeyDatas = Utils.fetchEncryptedKeyDatas((X509Certificate) privateKeyEntry.getCertificate(), authenticatedData.getRecipientInfos().getObjects());
            assignKey(fetchEncryptedKeyDatas.getEncryptedKey(), privateKeyEntry, fetchEncryptedKeyDatas.getAlgEncryptedKey());
            if (Arrays.equals(Utils.genMac(this.macAlgorithmConfig.getName(), authenticatedData.getAuthAttrs().getEncoded(ASN1Encoding.DER), this.cipherKey), authenticatedData.getMac().getOctets())) {
                bArr2 = ((DEROctetString) authenticatedData.getEncapsulatedContentInfo().getContent()).getOctets();
            }
            return bArr2;
        } catch (Exception e) {
            throw new AOException("El fichero no contiene un tipo EnvelopedData", e);
        }
    }

    private void assignKey(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry, AlgorithmIdentifier algorithmIdentifier) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
        CipherConstants.AOCipherAlgorithm aOCipherAlgorithm = null;
        CipherConstants.AOCipherAlgorithm[] values = CipherConstants.AOCipherAlgorithm.values();
        int length = values.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            CipherConstants.AOCipherAlgorithm aOCipherAlgorithm2 = values[i];
            if (aOCipherAlgorithm2.getOid().equals(algorithmIdentifier.getAlgorithm().toString())) {
                aOCipherAlgorithm = aOCipherAlgorithm2;
                break;
            }
            i++;
        }
        if (aOCipherAlgorithm == null) {
            throw new NoSuchAlgorithmException("No se ha podido obtener el algoritmo para cifrar la contrasena");
        }
        this.macAlgorithmConfig = aOCipherAlgorithm;
        Cipher createCipher = createCipher(privateKeyEntry.getPrivateKey().getAlgorithm());
        createCipher.init(4, privateKeyEntry.getPrivateKey());
        this.cipherKey = (SecretKey) createCipher.unwrap(bArr, aOCipherAlgorithm.getName(), 3);
    }

    private static Cipher createCipher(String str) throws NoSuchAlgorithmException, NoSuchPaddingException {
        return Cipher.getInstance(str);
    }
}
