package org.keycloak.crypto.fips;

import java.security.Key;
import java.security.SecureRandom;
import org.bouncycastle.crypto.asymmetric.AsymmetricRSAPrivateKey;
import org.bouncycastle.crypto.asymmetric.AsymmetricRSAPublicKey;
import org.bouncycastle.crypto.fips.FipsRSA;
import org.keycloak.jose.jwe.JWEHeader;
import org.keycloak.jose.jwe.JWEKeyStorage;
import org.keycloak.jose.jwe.alg.JWEAlgorithmProvider;
import org.keycloak.jose.jwe.enc.JWEEncryptionProvider;

/* loaded from: input_file:org/keycloak/crypto/fips/FIPSRsaKeyEncryptionJWEAlgorithmProvider.class */
public class FIPSRsaKeyEncryptionJWEAlgorithmProvider implements JWEAlgorithmProvider {
    private final FipsRSA.WrapParameters wrapParameters;

    public FIPSRsaKeyEncryptionJWEAlgorithmProvider(FipsRSA.WrapParameters wrapParameters) {
        this.wrapParameters = wrapParameters;
    }

    public byte[] decodeCek(byte[] bArr, Key key, JWEHeader jWEHeader, JWEEncryptionProvider jWEEncryptionProvider) throws Exception {
        return new FipsRSA.KeyWrapOperatorFactory().createKeyUnwrapper(new AsymmetricRSAPrivateKey(FipsRSA.ALGORITHM, key.getEncoded()), this.wrapParameters).withSecureRandom(SecureRandom.getInstance("DEFAULT")).unwrap(bArr, 0, bArr.length);
    }

    public byte[] encodeCek(JWEEncryptionProvider jWEEncryptionProvider, JWEKeyStorage jWEKeyStorage, Key key, JWEHeader.JWEHeaderBuilder jWEHeaderBuilder) throws Exception {
        AsymmetricRSAPublicKey asymmetricRSAPublicKey = new AsymmetricRSAPublicKey(FipsRSA.ALGORITHM, key.getEncoded());
        byte[] cekBytes = jWEKeyStorage.getCekBytes();
        return new FipsRSA.KeyWrapOperatorFactory().createKeyWrapper(asymmetricRSAPublicKey, this.wrapParameters).withSecureRandom(SecureRandom.getInstance("DEFAULT")).wrap(cekBytes, 0, cekBytes.length);
    }
}
