package at.atrust.mobsig.library.jws;

import at.atrust.mobsig.library.util.KeyType;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.nist.NISTNamedCurves;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.asn1.x9.X9ECParameters;
import org.spongycastle.crypto.AsymmetricCipherKeyPair;
import org.spongycastle.crypto.agreement.ECDHBasicAgreement;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.encodings.OAEPEncoding;
import org.spongycastle.crypto.engines.AESEngine;
import org.spongycastle.crypto.engines.RSAEngine;
import org.spongycastle.crypto.generators.ECKeyPairGenerator;
import org.spongycastle.crypto.modes.GCMBlockCipher;
import org.spongycastle.crypto.params.ECDomainParameters;
import org.spongycastle.crypto.params.ECKeyGenerationParameters;
import org.spongycastle.crypto.params.ECPublicKeyParameters;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.crypto.params.ParametersWithIV;
import org.spongycastle.crypto.params.RSAKeyParameters;
import org.spongycastle.util.Arrays;

/* loaded from: classes.dex */
public class JweEncryption {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) JweEncryption.class);
    private String authenticationTag;
    private String cipherText;
    private String encryptedKey;
    private String initializationVector;
    private JoseHeader joseHeader;

    private byte[] getAAD() {
        return JwHelper.base64UrlEncode(this.joseHeader.toString()).getBytes(StandardCharsets.US_ASCII);
    }

    public byte[] decryptWithkey(byte[] bArr) {
        byte[] base64UrlDecode;
        byte[] aad;
        byte[] base64UrlDecode2;
        byte[] base64UrlDecode3;
        try {
            base64UrlDecode = JwHelper.base64UrlDecode(this.initializationVector);
            aad = getAAD();
            base64UrlDecode2 = JwHelper.base64UrlDecode(this.cipherText);
            base64UrlDecode3 = JwHelper.base64UrlDecode(this.authenticationTag);
        } catch (Exception e) {
            LOGGER.error("exception decryptWithkey", (Throwable) e);
        }
        if (JoseEnc.A128GCM != this.joseHeader.enc && JoseEnc.A256GCM != this.joseHeader.enc) {
            LOGGER.error("decryption algorithm not supported");
            return null;
        }
        if (JoseEnc.A128GCM == this.joseHeader.enc) {
            byte[] bArr2 = new byte[16];
            System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
            bArr = bArr2;
        }
        GCMBlockCipher gCMBlockCipher = new GCMBlockCipher(new AESEngine());
        gCMBlockCipher.init(false, new ParametersWithIV(new KeyParameter(bArr), base64UrlDecode));
        gCMBlockCipher.processAADBytes(aad, 0, aad.length);
        byte[] bArr3 = new byte[base64UrlDecode2.length + base64UrlDecode3.length];
        System.arraycopy(base64UrlDecode2, 0, bArr3, 0, base64UrlDecode2.length);
        System.arraycopy(base64UrlDecode3, 0, bArr3, base64UrlDecode2.length, base64UrlDecode3.length);
        byte[] bArr4 = new byte[gCMBlockCipher.getOutputSize(bArr3.length)];
        gCMBlockCipher.doFinal(bArr4, gCMBlockCipher.processBytes(bArr3, 0, bArr3.length, bArr4, 0));
        if (Arrays.areEqual(gCMBlockCipher.getMac(), base64UrlDecode3)) {
            return bArr4;
        }
        LOGGER.error("auth tag mismatch");
        return null;
    }

    public boolean encrypt(String str, X509Certificate x509Certificate) {
        return encrypt(str.getBytes(StandardCharsets.UTF_8), x509Certificate);
    }

    public boolean encrypt(byte[] bArr, X509Certificate x509Certificate) {
        try {
            this.joseHeader = new JoseHeader();
            this.joseHeader.enc = JoseEnc.A256GCM;
            PublicKey publicKey = x509Certificate.getPublicKey();
            if (publicKey instanceof ECPublicKey) {
                this.joseHeader.alg = JoseAlg.ECDH_ES;
            } else {
                if (!(publicKey instanceof RSAPublicKey)) {
                    LOGGER.error("unsupported public key type");
                    return false;
                }
                this.joseHeader.alg = JoseAlg.RSA_OAEP_256;
            }
            SecureRandom secureRandom = new SecureRandom();
            byte[] bArr2 = new byte[32];
            secureRandom.nextBytes(bArr2);
            byte[] bArr3 = new byte[32];
            secureRandom.nextBytes(bArr3);
            this.initializationVector = JwHelper.base64UrlEncode(bArr3);
            if (JoseAlg.RSA_OAEP_256 == this.joseHeader.alg) {
                OAEPEncoding oAEPEncoding = new OAEPEncoding(new RSAEngine(), new SHA256Digest());
                RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
                oAEPEncoding.init(true, new RSAKeyParameters(false, rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
                this.encryptedKey = JwHelper.base64UrlEncode(oAEPEncoding.processBlock(bArr2, 0, bArr2.length));
            } else {
                if (JoseAlg.ECDH_ES != this.joseHeader.alg) {
                    return false;
                }
                ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
                ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(eCPublicKey.getEncoded())).getAlgorithm().getParameters();
                String name = NISTNamedCurves.getName(aSN1ObjectIdentifier);
                X9ECParameters byOID = NISTNamedCurves.getByOID(aSN1ObjectIdentifier);
                ECDomainParameters eCDomainParameters = new ECDomainParameters(byOID.getCurve(), byOID.getG(), byOID.getN(), byOID.getH());
                ECKeyPairGenerator eCKeyPairGenerator = new ECKeyPairGenerator();
                eCKeyPairGenerator.init(new ECKeyGenerationParameters(eCDomainParameters, secureRandom));
                AsymmetricCipherKeyPair generateKeyPair = eCKeyPairGenerator.generateKeyPair();
                ECPublicKeyParameters eCPublicKeyParameters = (ECPublicKeyParameters) generateKeyPair.getPublic();
                byte[] encoded = eCPublicKeyParameters.getQ().getAffineXCoord().getEncoded();
                byte[] encoded2 = eCPublicKeyParameters.getQ().getAffineYCoord().getEncoded();
                this.joseHeader.epk = new Jwk();
                this.joseHeader.epk.kty = KeyType.EC;
                this.joseHeader.epk.ec_crv = name;
                this.joseHeader.epk.ec_x = JwHelper.base64UrlEncode(encoded);
                this.joseHeader.epk.ec_y = JwHelper.base64UrlEncode(encoded2);
                ECPublicKeyParameters eCPublicKeyParameters2 = new ECPublicKeyParameters(byOID.getCurve().createPoint(eCPublicKey.getW().getAffineX(), eCPublicKey.getW().getAffineY()), eCDomainParameters);
                ECDHBasicAgreement eCDHBasicAgreement = new ECDHBasicAgreement();
                eCDHBasicAgreement.init(generateKeyPair.getPrivate());
                BigInteger calculateAgreement = eCDHBasicAgreement.calculateAgreement(eCPublicKeyParameters2);
                ECDHKeyDerivationData eCDHKeyDerivationData = new ECDHKeyDerivationData();
                eCDHKeyDerivationData.setAgrrementData(calculateAgreement);
                eCDHKeyDerivationData.keyLenBits = 256;
                eCDHKeyDerivationData.EncAlgoId = "A256GCM";
                eCDHKeyDerivationData.setApu(this.joseHeader.apu);
                eCDHKeyDerivationData.setApv(this.joseHeader.apv);
                bArr2 = eCDHKeyDerivationData.GetCek();
                this.encryptedKey = "";
            }
            byte[] aad = getAAD();
            GCMBlockCipher gCMBlockCipher = new GCMBlockCipher(new AESEngine());
            gCMBlockCipher.init(true, new ParametersWithIV(new KeyParameter(bArr2), bArr3));
            gCMBlockCipher.processAADBytes(aad, 0, aad.length);
            byte[] bArr4 = new byte[gCMBlockCipher.getOutputSize(bArr.length)];
            gCMBlockCipher.doFinal(bArr4, gCMBlockCipher.processBytes(bArr, 0, bArr.length, bArr4, 0));
            byte[] mac = gCMBlockCipher.getMac();
            this.authenticationTag = JwHelper.base64UrlEncode(mac);
            byte[] bArr5 = new byte[bArr4.length - mac.length];
            System.arraycopy(bArr4, 0, bArr5, 0, bArr5.length);
            this.cipherText = JwHelper.base64UrlEncode(bArr5);
            return true;
        } catch (Exception e) {
            LOGGER.error("exception in JweEncryption.encrypt()", (Throwable) e);
            return false;
        }
    }

    public JoseAlg getAlg() {
        return this.joseHeader.alg;
    }

    public byte[] getDataToDecrypt() {
        if (JoseAlg.RSA1_5 == this.joseHeader.alg || JoseAlg.RSA_OAEP == this.joseHeader.alg || JoseAlg.RSA_OAEP_256 == this.joseHeader.alg) {
            return JwHelper.base64UrlDecode(this.encryptedKey);
        }
        LOGGER.error("jwe algorithm not supported");
        return null;
    }

    public String getProtectedHeader() {
        return JwHelper.base64UrlEncode(this.joseHeader.toString());
    }

    public boolean parse(String str) {
        if (str != null) {
            try {
                if (!str.isEmpty()) {
                    String[] split = str.split("\\.");
                    if (5 != split.length) {
                        return false;
                    }
                    this.joseHeader = JoseHeader.fromJSON(JwHelper.base64UrlDecodeToString(split[0]));
                    this.encryptedKey = split[1];
                    this.initializationVector = split[2];
                    this.cipherText = split[3];
                    this.authenticationTag = split[4];
                    return true;
                }
            } catch (Exception e) {
                LOGGER.error("exception in JweEncryption.parse()", (Throwable) e);
            }
        }
        return false;
    }

    public String toString() {
        return getProtectedHeader() + "." + this.encryptedKey + "." + this.initializationVector + "." + this.cipherText + "." + this.authenticationTag;
    }
}
