package com.nimbusds.jose.crypto.impl;

import com.google.common.util.concurrent.internal.InternalFutures;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.jca.JWEJCAContext;
import com.nimbusds.jose.shaded.gson.internal.ReflectionAccessFilterHelper;
import com.nimbusds.jose.shaded.gson.internal.Streams;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.Container;
import com.nimbusds.jose.util.IntegerOverflowException;
import com.nimbusds.jose.util.StandardCharset;
import com.sun.jna.platform.win32.WinError;
import java.nio.ByteBuffer;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/nimbusds/jose/crypto/impl/ContentCryptoProvider.class */
public final class ContentCryptoProvider {
    public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS;

    public static SecretKey generateCEK(EncryptionMethod encryptionMethod, SecureRandom secureRandom) throws JOSEException {
        if (!SUPPORTED_ENCRYPTION_METHODS.contains(encryptionMethod)) {
            throw new JOSEException(InternalFutures.unsupportedEncryptionMethod(encryptionMethod, SUPPORTED_ENCRYPTION_METHODS));
        }
        byte[] bArr = new byte[encryptionMethod.cekBitLength() / 8];
        secureRandom.nextBytes(bArr);
        return new SecretKeySpec(bArr, "AES");
    }

    private static void checkCEKLength(SecretKey secretKey, EncryptionMethod encryptionMethod) throws KeyLengthException {
        try {
            int safeBitLength = InternalFutures.safeBitLength(secretKey.getEncoded());
            if (safeBitLength != 0 && encryptionMethod.cekBitLength() != safeBitLength) {
                throw new KeyLengthException("The Content Encryption Key (CEK) length for " + encryptionMethod + " must be " + encryptionMethod.cekBitLength() + " bits");
            }
        } catch (IntegerOverflowException e) {
            throw new KeyLengthException("The Content Encryption Key (CEK) is too long: " + e.getMessage());
        }
    }

    public static InternalFutures encrypt$77cff513(JWEHeader jWEHeader, byte[] bArr, byte[] bArr2, SecretKey secretKey, Base64URL base64URL, JWEJCAContext jWEJCAContext) throws JOSEException {
        byte[] generateIV;
        ReflectionAccessFilterHelper reflectionAccessFilterHelper;
        while (bArr2 == null) {
            base64URL = base64URL;
            secretKey = secretKey;
            bArr2 = InternalFutures.compute(jWEHeader);
            bArr = bArr;
            jWEHeader = jWEHeader;
        }
        checkCEKLength(secretKey, jWEHeader.getEncryptionMethod());
        byte[] applyCompression = InternalFutures.applyCompression(jWEHeader, bArr);
        if (jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A128CBC_HS256) || jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A192CBC_HS384) || jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A256CBC_HS512)) {
            generateIV = InternalFutures.generateIV(jWEJCAContext.getSecureRandom());
            byte[] bArr3 = bArr2;
            Provider contentEncryptionProvider = jWEJCAContext.getContentEncryptionProvider();
            Provider mACProvider = jWEJCAContext.getMACProvider();
            Streams streams = new Streams(secretKey);
            byte[] encrypt = InternalFutures.encrypt(streams.getAESKey(), generateIV, applyCompression, contentEncryptionProvider);
            byte[] computeLength = InternalFutures.computeLength(bArr3);
            reflectionAccessFilterHelper = new ReflectionAccessFilterHelper(encrypt, Arrays.copyOf(InternalFutures.compute(streams.getMACKey(), ByteBuffer.allocate(bArr3.length + generateIV.length + encrypt.length + computeLength.length).put(bArr3).put(generateIV).put(encrypt).put(computeLength).array(), mACProvider), streams.getTruncatedMACByteLength()));
        } else if (jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A128GCM) || jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A192GCM) || jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A256GCM)) {
            byte[] bArr4 = new byte[12];
            jWEJCAContext.getSecureRandom().nextBytes(bArr4);
            Container container = new Container(bArr4);
            reflectionAccessFilterHelper = ReflectionAccessFilterHelper.encrypt$6fbfc8da(secretKey, container, applyCompression, bArr2, jWEJCAContext.getContentEncryptionProvider());
            generateIV = (byte[]) container.get();
        } else if (jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) || jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)) {
            generateIV = InternalFutures.generateIV(jWEJCAContext.getSecureRandom());
            JWEHeader jWEHeader2 = jWEHeader;
            SecretKey secretKey2 = secretKey;
            Base64URL base64URL2 = base64URL;
            Provider contentEncryptionProvider2 = jWEJCAContext.getContentEncryptionProvider();
            Provider mACProvider2 = jWEJCAContext.getMACProvider();
            byte[] bArr5 = null;
            if (jWEHeader2.getCustomParam("epu") instanceof String) {
                bArr5 = new Base64URL((String) jWEHeader2.getCustomParam("epu")).decode();
            }
            byte[] bArr6 = null;
            if (jWEHeader2.getCustomParam("epv") instanceof String) {
                bArr6 = new Base64URL((String) jWEHeader2.getCustomParam("epv")).decode();
            }
            byte[] encrypt2 = InternalFutures.encrypt(LegacyConcatKDF.generateCEK(secretKey2, jWEHeader2.getEncryptionMethod(), bArr5, bArr6), generateIV, applyCompression, contentEncryptionProvider2);
            reflectionAccessFilterHelper = new ReflectionAccessFilterHelper(encrypt2, InternalFutures.compute(LegacyConcatKDF.generateCIK(secretKey2, jWEHeader2.getEncryptionMethod(), bArr5, bArr6), (jWEHeader2.toBase64URL() + "." + base64URL2 + "." + Base64URL.encode(generateIV) + "." + Base64URL.encode(encrypt2)).getBytes(StandardCharset.UTF_8), mACProvider2));
        } else {
            if (!jWEHeader.getEncryptionMethod().equals(EncryptionMethod.XC20P)) {
                throw new JOSEException(InternalFutures.unsupportedEncryptionMethod(jWEHeader.getEncryptionMethod(), SUPPORTED_ENCRYPTION_METHODS));
            }
            Container container2 = new Container(null);
            reflectionAccessFilterHelper = InternalFutures.encryptAuthenticated$2df26ca2(secretKey, container2, applyCompression, bArr2);
            generateIV = (byte[]) container2.get();
        }
        return new InternalFutures(jWEHeader, base64URL, Base64URL.encode(generateIV), Base64URL.encode(reflectionAccessFilterHelper.getCipherText()), Base64URL.encode(reflectionAccessFilterHelper.getAuthenticationTag()));
    }

    public static byte[] decrypt(JWEHeader jWEHeader, byte[] bArr, Base64URL base64URL, Base64URL base64URL2, Base64URL base64URL3, Base64URL base64URL4, SecretKey secretKey, JWEJCAContext jWEJCAContext) throws JOSEException {
        byte[] decrypt;
        while (bArr == null) {
            JWEHeader jWEHeader2 = jWEHeader;
            secretKey = secretKey;
            base64URL4 = base64URL4;
            base64URL3 = base64URL3;
            base64URL2 = base64URL2;
            base64URL = base64URL;
            bArr = InternalFutures.compute(jWEHeader2);
            jWEHeader = jWEHeader2;
        }
        checkCEKLength(secretKey, jWEHeader.getEncryptionMethod());
        if (jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A128CBC_HS256) || jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A192CBC_HS384) || jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A256CBC_HS512)) {
            byte[] decode = base64URL2.decode();
            byte[] decode2 = base64URL3.decode();
            byte[] bArr2 = bArr;
            byte[] decode3 = base64URL4.decode();
            Provider contentEncryptionProvider = jWEJCAContext.getContentEncryptionProvider();
            Provider mACProvider = jWEJCAContext.getMACProvider();
            Streams streams = new Streams(secretKey);
            byte[] computeLength = InternalFutures.computeLength(bArr2);
            if (!InternalFutures.areEqual(Arrays.copyOf(InternalFutures.compute(streams.getMACKey(), ByteBuffer.allocate(bArr2.length + decode.length + decode2.length + computeLength.length).put(bArr2).put(decode).put(decode2).put(computeLength).array(), mACProvider), streams.getTruncatedMACByteLength()), decode3)) {
                throw new JOSEException("MAC check failed");
            }
            decrypt = InternalFutures.decrypt(streams.getAESKey(), decode, decode2, contentEncryptionProvider);
        } else if (jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A128GCM) || jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A192GCM) || jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A256GCM)) {
            decrypt = ReflectionAccessFilterHelper.decrypt(secretKey, base64URL2.decode(), base64URL3.decode(), bArr, base64URL4.decode(), jWEJCAContext.getContentEncryptionProvider());
        } else if (jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) || jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)) {
            JWEHeader jWEHeader3 = jWEHeader;
            SecretKey secretKey2 = secretKey;
            Base64URL base64URL5 = base64URL;
            Base64URL base64URL6 = base64URL2;
            Base64URL base64URL7 = base64URL3;
            Base64URL base64URL8 = base64URL4;
            Provider contentEncryptionProvider2 = jWEJCAContext.getContentEncryptionProvider();
            Provider mACProvider2 = jWEJCAContext.getMACProvider();
            byte[] bArr3 = null;
            if (jWEHeader3.getCustomParam("epu") instanceof String) {
                bArr3 = new Base64URL((String) jWEHeader3.getCustomParam("epu")).decode();
            }
            byte[] bArr4 = null;
            if (jWEHeader3.getCustomParam("epv") instanceof String) {
                bArr4 = new Base64URL((String) jWEHeader3.getCustomParam("epv")).decode();
            }
            if (!InternalFutures.areEqual(base64URL8.decode(), InternalFutures.compute(LegacyConcatKDF.generateCIK(secretKey2, jWEHeader3.getEncryptionMethod(), bArr3, bArr4), (jWEHeader3.toBase64URL().toString() + "." + base64URL5.toString() + "." + base64URL6.toString() + "." + base64URL7.toString()).getBytes(StandardCharset.UTF_8), mACProvider2))) {
                throw new JOSEException("MAC check failed");
            }
            decrypt = InternalFutures.decrypt(LegacyConcatKDF.generateCEK(secretKey2, jWEHeader3.getEncryptionMethod(), bArr3, bArr4), base64URL6.decode(), base64URL7.decode(), contentEncryptionProvider2);
        } else {
            if (!jWEHeader.getEncryptionMethod().equals(EncryptionMethod.XC20P)) {
                throw new JOSEException(InternalFutures.unsupportedEncryptionMethod(jWEHeader.getEncryptionMethod(), SUPPORTED_ENCRYPTION_METHODS));
            }
            decrypt = InternalFutures.decryptAuthenticated(secretKey, base64URL2.decode(), base64URL3.decode(), bArr, base64URL4.decode());
        }
        return InternalFutures.applyDecompression(jWEHeader, decrypt);
    }

    static {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(EncryptionMethod.A128CBC_HS256);
        linkedHashSet.add(EncryptionMethod.A192CBC_HS384);
        linkedHashSet.add(EncryptionMethod.A256CBC_HS512);
        linkedHashSet.add(EncryptionMethod.A128GCM);
        linkedHashSet.add(EncryptionMethod.A192GCM);
        linkedHashSet.add(EncryptionMethod.A256GCM);
        linkedHashSet.add(EncryptionMethod.A128CBC_HS256_DEPRECATED);
        linkedHashSet.add(EncryptionMethod.A256CBC_HS512_DEPRECATED);
        linkedHashSet.add(EncryptionMethod.XC20P);
        SUPPORTED_ENCRYPTION_METHODS = Collections.unmodifiableSet(linkedHashSet);
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        HashSet hashSet4 = new HashSet();
        HashSet hashSet5 = new HashSet();
        hashSet.add(EncryptionMethod.A128GCM);
        hashSet2.add(EncryptionMethod.A192GCM);
        hashSet3.add(EncryptionMethod.A256GCM);
        hashSet3.add(EncryptionMethod.A128CBC_HS256);
        hashSet3.add(EncryptionMethod.A128CBC_HS256_DEPRECATED);
        hashSet3.add(EncryptionMethod.XC20P);
        hashSet4.add(EncryptionMethod.A192CBC_HS384);
        hashSet5.add(EncryptionMethod.A256CBC_HS512);
        hashSet5.add(EncryptionMethod.A256CBC_HS512_DEPRECATED);
        hashMap.put(128, Collections.unmodifiableSet(hashSet));
        hashMap.put(Integer.valueOf(WinError.ERROR_EXE_MARKED_INVALID), Collections.unmodifiableSet(hashSet2));
        hashMap.put(256, Collections.unmodifiableSet(hashSet3));
        hashMap.put(384, Collections.unmodifiableSet(hashSet4));
        hashMap.put(512, Collections.unmodifiableSet(hashSet5));
        Collections.unmodifiableMap(hashMap);
    }
}
