package com.squareup.encryption;

import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class JweEncryptor<K> extends AbstractCryptoPrimitive<K> {
    private static final String AES_CBC = "AES/CBC/PKCS5Padding";
    private static final Charset ASCII;
    private static final int AUTH_TAG_BYTES = 16;
    private static final int BASE64_FLAGS = 11;
    private static final Map<String, String> HEADER_VALUES;
    private static final String HMAC_SHA256 = "HmacSHA256";
    private static final String KEY_ID_FIELD = "kid";
    private static final String RSA_PKCS15 = "RSA/ECB/PKCS1Padding";
    private final byte[] header;
    private final RSAPublicKey publicKey;
    private final SecureRandom secureRandom;

    static {
        HashMap hashMap = new HashMap();
        HEADER_VALUES = hashMap;
        hashMap.put("alg", "RSA1_5");
        HEADER_VALUES.put("enc", "A128CBC-HS256");
        ASCII = Charset.forName("US-ASCII");
    }

    public JweEncryptor(K k, CryptoKeyAdapter<K> cryptoKeyAdapter) {
        super(k, cryptoKeyAdapter);
        this.publicKey = (RSAPublicKey) ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(cryptoKeyAdapter.getRawKey(k)))).getPublicKey();
        this.secureRandom = SecureRandomProvider.get();
        this.header = buildHeader(cryptoKeyAdapter.getKeyId(k));
    }

    private byte[] aesEncrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            Cipher cipher = Cipher.getInstance(AES_CBC);
            cipher.init(1, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(bArr2));
            return cipher.doFinal(bArr3);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new RuntimeException(e);
        }
    }

    private static byte[] buildHeader(String str) {
        JSONObject jSONObject = new JSONObject();
        try {
            for (Map.Entry<String, String> entry : HEADER_VALUES.entrySet()) {
                jSONObject.put(entry.getKey(), entry.getValue());
            }
            if (str != null) {
                jSONObject.put(KEY_ID_FIELD, str);
            }
            return jSONObject.toString().getBytes(ASCII);
        } catch (JSONException e) {
            throw new RuntimeException(e);
        }
    }

    private byte[] hmacSha256(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance(HMAC_SHA256);
            mac.init(new SecretKeySpec(bArr, "HMAC"));
            return ByteBuffer.allocate(16).put(mac.doFinal(bArr2), 0, 16).array();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private byte[] rsaEncrypt(RSAPublicKey rSAPublicKey, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(RSA_PKCS15);
            cipher.init(1, rSAPublicKey, this.secureRandom);
            return cipher.doFinal(bArr);
        } catch (NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.squareup.encryption.AbstractCryptoPrimitive
    protected CryptoResult<K> doCompute(byte[] bArr) {
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[16];
        byte[] bArr4 = new byte[16];
        this.secureRandom.nextBytes(bArr2);
        this.secureRandom.nextBytes(bArr3);
        this.secureRandom.nextBytes(bArr4);
        ByteBuffer allocate = ByteBuffer.allocate(32);
        allocate.put(bArr4);
        allocate.put(bArr3);
        byte[] rsaEncrypt = rsaEncrypt(this.publicKey, allocate.array());
        byte[] aesEncrypt = aesEncrypt(bArr3, bArr2, bArr);
        byte[] encode = Base64.encode(this.header, 11);
        return new CryptoResult<>(getKey(), String.format("%s.%s.%s.%s.%s", Base64.encodeToString(this.header, 11), Base64.encodeToString(rsaEncrypt, 11), Base64.encodeToString(bArr2, 11), Base64.encodeToString(aesEncrypt, 11), Base64.encodeToString(hmacSha256(bArr4, ByteBuffer.allocate(encode.length + bArr2.length + aesEncrypt.length + 8).put(encode).put(bArr2).put(aesEncrypt).putLong(encode.length * 8).array()), 11)).getBytes(ASCII));
    }
}
