package com.nimbusds.jose.crypto.impl;

import com.linkedin.android.video.conferencing.view.BR;
import com.microsoft.did.sdk.util.Constants;
import com.nimbusds.jose.CompressionAlgorithm;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWECryptoParts;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.crypto.utils.ConstantTimeUtils;
import com.nimbusds.jose.jca.JWEJCAContext;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.ByteUtils;
import com.nimbusds.jose.util.DeflateUtils;
import com.nimbusds.jose.util.IntegerOverflowException;
import com.nimbusds.jose.util.StandardCharset;
import java.io.ByteArrayOutputStream;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes6.dex */
public final class ContentCryptoProvider {
    public static final Map<Integer, Set<EncryptionMethod>> COMPATIBLE_ENCRYPTION_METHODS;
    public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS;

    static {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        EncryptionMethod encryptionMethod = EncryptionMethod.A128CBC_HS256;
        linkedHashSet.add(encryptionMethod);
        EncryptionMethod encryptionMethod2 = EncryptionMethod.A192CBC_HS384;
        linkedHashSet.add(encryptionMethod2);
        EncryptionMethod encryptionMethod3 = EncryptionMethod.A256CBC_HS512;
        linkedHashSet.add(encryptionMethod3);
        EncryptionMethod encryptionMethod4 = EncryptionMethod.A128GCM;
        linkedHashSet.add(encryptionMethod4);
        EncryptionMethod encryptionMethod5 = EncryptionMethod.A192GCM;
        linkedHashSet.add(encryptionMethod5);
        EncryptionMethod encryptionMethod6 = EncryptionMethod.A256GCM;
        linkedHashSet.add(encryptionMethod6);
        EncryptionMethod encryptionMethod7 = EncryptionMethod.A128CBC_HS256_DEPRECATED;
        linkedHashSet.add(encryptionMethod7);
        EncryptionMethod encryptionMethod8 = EncryptionMethod.A256CBC_HS512_DEPRECATED;
        linkedHashSet.add(encryptionMethod8);
        SUPPORTED_ENCRYPTION_METHODS = Collections.unmodifiableSet(linkedHashSet);
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        HashSet hashSet4 = new HashSet();
        HashSet hashSet5 = new HashSet();
        hashSet.add(encryptionMethod4);
        hashSet2.add(encryptionMethod5);
        hashSet3.add(encryptionMethod6);
        hashSet3.add(encryptionMethod);
        hashSet3.add(encryptionMethod7);
        hashSet4.add(encryptionMethod2);
        hashSet5.add(encryptionMethod3);
        hashSet5.add(encryptionMethod8);
        hashMap.put(Integer.valueOf(BR.feedbackText), Collections.unmodifiableSet(hashSet));
        hashMap.put(Integer.valueOf(BR.isEditFlow), Collections.unmodifiableSet(hashSet2));
        hashMap.put(Integer.valueOf(BR.learnMoreOnClick), Collections.unmodifiableSet(hashSet3));
        hashMap.put(Integer.valueOf(BR.secondaryButtonCtaText), Collections.unmodifiableSet(hashSet4));
        hashMap.put(Integer.valueOf(BR.userSelection), Collections.unmodifiableSet(hashSet5));
        COMPATIBLE_ENCRYPTION_METHODS = Collections.unmodifiableMap(hashMap);
    }

    public static void checkCEKLength(SecretKey secretKey, EncryptionMethod encryptionMethod) throws KeyLengthException {
        try {
            if (encryptionMethod.cekBitLength == ByteUtils.safeBitLength(secretKey.getEncoded())) {
                return;
            }
            throw new KeyLengthException("The Content Encryption Key (CEK) length for " + encryptionMethod + " must be " + encryptionMethod.cekBitLength + " bits");
        } catch (IntegerOverflowException e) {
            throw new KeyLengthException("The Content Encryption Key (CEK) is too long: " + e.getMessage());
        }
    }

    public static byte[] decrypt(JWEHeader jWEHeader, Base64URL base64URL, Base64URL base64URL2, Base64URL base64URL3, Base64URL base64URL4, SecretKey secretKey, JWEJCAContext jWEJCAContext) throws JOSEException {
        SecretKeySpec secretKeySpec;
        SecretKeySpec secretKeySpec2;
        byte[] doFinal;
        checkCEKLength(secretKey, jWEHeader.enc);
        byte[] bytes = jWEHeader.toBase64URL().value.getBytes(StandardCharsets.US_ASCII);
        EncryptionMethod encryptionMethod = jWEHeader.enc;
        if (encryptionMethod.equals(EncryptionMethod.A128CBC_HS256) || encryptionMethod.equals(EncryptionMethod.A192CBC_HS384) || encryptionMethod.equals(EncryptionMethod.A256CBC_HS512)) {
            byte[] decode = base64URL2.decode();
            byte[] decode2 = base64URL3.decode();
            byte[] decode3 = base64URL4.decode();
            Provider contentEncryptionProvider = jWEJCAContext.getContentEncryptionProvider();
            Provider mACProvider = jWEJCAContext.getMACProvider();
            byte[] encoded = secretKey.getEncoded();
            int i = 32;
            if (encoded.length == 32) {
                i = 16;
                secretKeySpec = new SecretKeySpec(encoded, 0, 16, "HMACSHA256");
                secretKeySpec2 = new SecretKeySpec(encoded, 16, 16, Constants.AES_KEY);
            } else if (encoded.length == 48) {
                i = 24;
                secretKeySpec = new SecretKeySpec(encoded, 0, 24, "HMACSHA384");
                secretKeySpec2 = new SecretKeySpec(encoded, 24, 24, Constants.AES_KEY);
            } else {
                if (encoded.length != 64) {
                    throw new KeyLengthException("Unsupported AES/CBC/PKCS5Padding/HMAC-SHA2 key length, must be 256, 384 or 512 bits");
                }
                secretKeySpec = new SecretKeySpec(encoded, 0, 32, "HMACSHA512");
                secretKeySpec2 = new SecretKeySpec(encoded, 32, 32, Constants.AES_KEY);
            }
            byte[] array = ByteBuffer.allocate(8).putLong(ByteUtils.safeBitLength(bytes)).array();
            if (!ConstantTimeUtils.areEqual(Arrays.copyOf(HMAC.compute(secretKeySpec, ByteBuffer.allocate(bytes.length + decode.length + decode2.length + array.length).put(bytes).put(decode).put(decode2).put(array).array(), mACProvider), i), decode3)) {
                throw new JOSEException("MAC check failed");
            }
            try {
                doFinal = AESCBC.createAESCBCCipher(secretKeySpec2, false, decode, contentEncryptionProvider).doFinal(decode2);
            } catch (Exception e) {
                throw new JOSEException(e.getMessage(), e);
            }
        } else if (encryptionMethod.equals(EncryptionMethod.A128GCM) || encryptionMethod.equals(EncryptionMethod.A192GCM) || encryptionMethod.equals(EncryptionMethod.A256GCM)) {
            doFinal = AESGCM.decrypt(secretKey, base64URL2.decode(), base64URL3.decode(), bytes, base64URL4.decode(), jWEJCAContext.getContentEncryptionProvider());
        } else {
            if (!encryptionMethod.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) && !encryptionMethod.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)) {
                throw new JOSEException(AlgorithmSupportMessage.unsupportedEncryptionMethod(encryptionMethod, SUPPORTED_ENCRYPTION_METHODS));
            }
            Provider contentEncryptionProvider2 = jWEJCAContext.getContentEncryptionProvider();
            Provider mACProvider2 = jWEJCAContext.getMACProvider();
            byte[] decode4 = jWEHeader.getCustomParam("epu") instanceof String ? new Base64URL((String) jWEHeader.getCustomParam("epu")).decode() : null;
            byte[] decode5 = jWEHeader.getCustomParam("epv") instanceof String ? new Base64URL((String) jWEHeader.getCustomParam("epv")).decode() : null;
            if (!ConstantTimeUtils.areEqual(base64URL4.decode(), HMAC.compute(LegacyConcatKDF.generateCIK(secretKey, encryptionMethod, decode4, decode5), (jWEHeader.toBase64URL().value + "." + base64URL.value + "." + base64URL2.value + "." + base64URL3.value).getBytes(StandardCharset.UTF_8), mACProvider2))) {
                throw new JOSEException("MAC check failed");
            }
            try {
                doFinal = AESCBC.createAESCBCCipher(LegacyConcatKDF.generateCEK(secretKey, encryptionMethod, decode4, decode5), false, base64URL2.decode(), contentEncryptionProvider2).doFinal(base64URL3.decode());
            } catch (Exception e2) {
                throw new JOSEException(e2.getMessage(), e2);
            }
        }
        CompressionAlgorithm compressionAlgorithm = jWEHeader.zip;
        if (compressionAlgorithm == null) {
            return doFinal;
        }
        if (!compressionAlgorithm.equals(CompressionAlgorithm.DEF)) {
            throw new JOSEException("Unsupported compression algorithm: " + compressionAlgorithm);
        }
        try {
            return DeflateUtils.decompress(doFinal);
        } catch (Exception e3) {
            throw new JOSEException("Couldn't decompress plain text: " + e3.getMessage(), e3);
        }
    }

    public static JWECryptoParts encrypt(JWEHeader jWEHeader, byte[] bArr, SecretKey secretKey, Base64URL base64URL, JWEJCAContext jWEJCAContext) throws JOSEException {
        SecretKeySpec secretKeySpec;
        SecretKeySpec secretKeySpec2;
        AuthenticatedCipherText authenticatedCipherText;
        byte[] bArr2;
        Deflater deflater;
        checkCEKLength(secretKey, jWEHeader.enc);
        r2 = null;
        DeflaterOutputStream deflaterOutputStream = null;
        CompressionAlgorithm compressionAlgorithm = jWEHeader.zip;
        if (compressionAlgorithm != null) {
            if (!compressionAlgorithm.equals(CompressionAlgorithm.DEF)) {
                throw new JOSEException("Unsupported compression algorithm: " + compressionAlgorithm);
            }
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    deflater = new Deflater(8, true);
                    try {
                        DeflaterOutputStream deflaterOutputStream2 = new DeflaterOutputStream(byteArrayOutputStream, deflater);
                        try {
                            deflaterOutputStream2.write(bArr);
                            deflaterOutputStream2.close();
                            deflater.end();
                            bArr = byteArrayOutputStream.toByteArray();
                        } catch (Throwable th) {
                            th = th;
                            deflaterOutputStream = deflaterOutputStream2;
                            if (deflaterOutputStream != null) {
                                deflaterOutputStream.close();
                            }
                            if (deflater != null) {
                                deflater.end();
                            }
                            throw th;
                        }
                    } catch (Throwable th2) {
                        th = th2;
                    }
                } catch (Throwable th3) {
                    th = th3;
                    deflater = null;
                }
            } catch (Exception e) {
                throw new JOSEException("Couldn't compress plain text: " + e.getMessage(), e);
            }
        }
        byte[] bytes = jWEHeader.toBase64URL().value.getBytes(StandardCharsets.US_ASCII);
        EncryptionMethod encryptionMethod = jWEHeader.enc;
        if (encryptionMethod.equals(EncryptionMethod.A128CBC_HS256) || encryptionMethod.equals(EncryptionMethod.A192CBC_HS384) || encryptionMethod.equals(EncryptionMethod.A256CBC_HS512)) {
            byte[] bArr3 = new byte[16];
            jWEJCAContext.getSecureRandom().nextBytes(bArr3);
            Provider contentEncryptionProvider = jWEJCAContext.getContentEncryptionProvider();
            Provider mACProvider = jWEJCAContext.getMACProvider();
            byte[] encoded = secretKey.getEncoded();
            int i = 32;
            if (encoded.length == 32) {
                secretKeySpec = new SecretKeySpec(encoded, 0, 16, "HMACSHA256");
                secretKeySpec2 = new SecretKeySpec(encoded, 16, 16, Constants.AES_KEY);
                i = 16;
            } else if (encoded.length == 48) {
                i = 24;
                secretKeySpec = new SecretKeySpec(encoded, 0, 24, "HMACSHA384");
                secretKeySpec2 = new SecretKeySpec(encoded, 24, 24, Constants.AES_KEY);
            } else {
                if (encoded.length != 64) {
                    throw new KeyLengthException("Unsupported AES/CBC/PKCS5Padding/HMAC-SHA2 key length, must be 256, 384 or 512 bits");
                }
                secretKeySpec = new SecretKeySpec(encoded, 0, 32, "HMACSHA512");
                secretKeySpec2 = new SecretKeySpec(encoded, 32, 32, Constants.AES_KEY);
            }
            try {
                byte[] doFinal = AESCBC.createAESCBCCipher(secretKeySpec2, true, bArr3, contentEncryptionProvider).doFinal(bArr);
                byte[] array = ByteBuffer.allocate(8).putLong(ByteUtils.safeBitLength(bytes)).array();
                authenticatedCipherText = new AuthenticatedCipherText(doFinal, Arrays.copyOf(HMAC.compute(secretKeySpec, ByteBuffer.allocate(bytes.length + 16 + doFinal.length + array.length).put(bytes).put(bArr3).put(doFinal).put(array).array(), mACProvider), i));
                bArr2 = bArr3;
            } catch (Exception e2) {
                throw new JOSEException(e2.getMessage(), e2);
            }
        } else if (encryptionMethod.equals(EncryptionMethod.A128GCM) || encryptionMethod.equals(EncryptionMethod.A192GCM) || encryptionMethod.equals(EncryptionMethod.A256GCM)) {
            byte[] bArr4 = new byte[12];
            jWEJCAContext.getSecureRandom().nextBytes(bArr4);
            Provider contentEncryptionProvider2 = jWEJCAContext.getContentEncryptionProvider();
            SecretKeySpec secretKeySpec3 = new SecretKeySpec(secretKey.getEncoded(), Constants.AES_KEY);
            try {
                Cipher cipher = contentEncryptionProvider2 != null ? Cipher.getInstance("AES/GCM/NoPadding", contentEncryptionProvider2) : Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(1, secretKeySpec3, new GCMParameterSpec(BR.feedbackText, bArr4));
                cipher.updateAAD(bytes);
                try {
                    byte[] doFinal2 = cipher.doFinal(bArr);
                    int length = doFinal2.length - 16;
                    byte[] bArr5 = new byte[length];
                    System.arraycopy(doFinal2, 0, bArr5, 0, length);
                    byte[] bArr6 = new byte[16];
                    System.arraycopy(doFinal2, length, bArr6, 0, 16);
                    AlgorithmParameters parameters = cipher.getParameters();
                    if (parameters == null) {
                        throw new JOSEException("AES GCM ciphers are expected to make use of algorithm parameters");
                    }
                    try {
                        GCMParameterSpec gCMParameterSpec = (GCMParameterSpec) parameters.getParameterSpec(GCMParameterSpec.class);
                        bArr2 = gCMParameterSpec.getIV();
                        int tLen = gCMParameterSpec.getTLen();
                        if (ByteUtils.safeBitLength(bArr2) != 96) {
                            throw new JOSEException(String.format("IV length of %d bits is required, got %d", 96, Integer.valueOf(ByteUtils.safeBitLength(bArr2))));
                        }
                        if (tLen != 128) {
                            throw new JOSEException(String.format("Authentication tag length of %d bits is required, got %d", Integer.valueOf(BR.feedbackText), Integer.valueOf(tLen)));
                        }
                        authenticatedCipherText = new AuthenticatedCipherText(bArr5, bArr6);
                    } catch (InvalidParameterSpecException e3) {
                        throw new JOSEException(e3.getMessage(), e3);
                    }
                } catch (BadPaddingException | IllegalBlockSizeException e4) {
                    throw new JOSEException("Couldn't encrypt with AES/GCM/NoPadding: " + e4.getMessage(), e4);
                }
            } catch (NoClassDefFoundError unused) {
                authenticatedCipherText = LegacyAESGCM.encrypt(secretKeySpec3, bArr4, bArr, bytes);
                bArr2 = bArr4;
            } catch (InvalidAlgorithmParameterException e5) {
                e = e5;
                throw new JOSEException("Couldn't create AES/GCM/NoPadding cipher: " + e.getMessage(), e);
            } catch (InvalidKeyException e6) {
                e = e6;
                throw new JOSEException("Couldn't create AES/GCM/NoPadding cipher: " + e.getMessage(), e);
            } catch (NoSuchAlgorithmException e7) {
                e = e7;
                throw new JOSEException("Couldn't create AES/GCM/NoPadding cipher: " + e.getMessage(), e);
            } catch (NoSuchPaddingException e8) {
                e = e8;
                throw new JOSEException("Couldn't create AES/GCM/NoPadding cipher: " + e.getMessage(), e);
            }
        } else {
            if (!encryptionMethod.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) && !encryptionMethod.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)) {
                throw new JOSEException(AlgorithmSupportMessage.unsupportedEncryptionMethod(encryptionMethod, SUPPORTED_ENCRYPTION_METHODS));
            }
            bArr2 = new byte[16];
            jWEJCAContext.getSecureRandom().nextBytes(bArr2);
            Provider contentEncryptionProvider3 = jWEJCAContext.getContentEncryptionProvider();
            Provider mACProvider2 = jWEJCAContext.getMACProvider();
            byte[] decode = jWEHeader.getCustomParam("epu") instanceof String ? new Base64URL((String) jWEHeader.getCustomParam("epu")).decode() : null;
            byte[] decode2 = jWEHeader.getCustomParam("epv") instanceof String ? new Base64URL((String) jWEHeader.getCustomParam("epv")).decode() : null;
            try {
                byte[] doFinal3 = AESCBC.createAESCBCCipher(LegacyConcatKDF.generateCEK(secretKey, encryptionMethod, decode, decode2), true, bArr2, contentEncryptionProvider3).doFinal(bArr);
                authenticatedCipherText = new AuthenticatedCipherText(doFinal3, HMAC.compute(LegacyConcatKDF.generateCIK(secretKey, encryptionMethod, decode, decode2), (jWEHeader.toBase64URL().value + "." + base64URL.value + "." + Base64URL.encode(bArr2).value + "." + Base64URL.encode(doFinal3)).getBytes(StandardCharset.UTF_8), mACProvider2));
            } catch (Exception e9) {
                throw new JOSEException(e9.getMessage(), e9);
            }
        }
        return new JWECryptoParts(jWEHeader, base64URL, Base64URL.encode(bArr2), Base64URL.encode(authenticatedCipherText.cipherText), Base64URL.encode(authenticatedCipherText.authenticationTag));
    }

    public static SecretKeySpec generateCEK(EncryptionMethod encryptionMethod, SecureRandom secureRandom) throws JOSEException {
        Set<EncryptionMethod> set = SUPPORTED_ENCRYPTION_METHODS;
        if (!set.contains(encryptionMethod)) {
            throw new JOSEException(AlgorithmSupportMessage.unsupportedEncryptionMethod(encryptionMethod, set));
        }
        byte[] bArr = new byte[encryptionMethod.cekBitLength / 8];
        secureRandom.nextBytes(bArr);
        return new SecretKeySpec(bArr, Constants.AES_KEY);
    }
}
