package de.tk.opensource.secon;

import java.security.InvalidKeyException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
import java.util.concurrent.Callable;
import org.bouncycastle.cms.RecipientInfoGenerator;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:de/tk/opensource/secon/RecipientInfoGeneratorFactory.class */
public class RecipientInfoGeneratorFactory {
    public static RecipientInfoGenerator create(Callable<X509Certificate> callable) {
        try {
            X509Certificate call = callable.call();
            return keySize(call) < 4096 ? new JceKeyTransRecipientInfoGenerator(call).setProvider(BouncyCastleProvider.PROVIDER_NAME) : new JceKeyTransRecipientInfoGenerator(call, KksAlgorithms.ENCRYPTION_ALGORITHM_RSAES_OAEP).setProvider(BouncyCastleProvider.PROVIDER_NAME);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static int keySize(X509Certificate x509Certificate) throws InvalidKeyException {
        if (x509Certificate == null || !(x509Certificate.getPublicKey() instanceof RSAKey)) {
            throw new InvalidKeyException("Only RSA keys are supported");
        }
        return ((RSAKey) x509Certificate.getPublicKey()).getModulus().bitLength();
    }
}
