package issuance;

import com.google.android.material.motion.MotionUtils;
import com.idemia.mobileid.issuance.IssuanceDecryption;
import com.idemia.mobileid.issuance.IssuanceEncryption;
import com.idemia.mobileid.sdk.core.security.keys.EncryptionKeyPair;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.crypto.ECDHDecrypter;
import com.nimbusds.jose.crypto.ECDHEncrypter;
import com.nimbusds.jose.crypto.impl.ECDH;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import java.security.interfaces.ECPublicKey;
import javax.crypto.SecretKey;
import kotlin.jvm.internal.Intrinsics;
import org.conscrypt.Conscrypt;

/* loaded from: classes9.dex */
public final class b implements IssuanceEncryption, IssuanceDecryption {
    public final EncryptionKeyPair a;

    public b(EncryptionKeyPair encryptionKeyPair) {
        Intrinsics.checkNotNullParameter(encryptionKeyPair, "encryptionKeyPair");
        this.a = encryptionKeyPair;
    }

    @Override // com.idemia.mobileid.issuance.IssuanceDecryption
    public final byte[] decrypt(String compatJwe) {
        Intrinsics.checkNotNullParameter(compatJwe, "compatJwe");
        EncryptedJWT parse = EncryptedJWT.parse(compatJwe);
        String keyID = parse.getHeader().getKeyID();
        if (!Intrinsics.areEqual(keyID, this.a.getAlias())) {
            throw new IllegalStateException("JWE encryption keyId is not valid (expected: " + this.a.getAlias() + ", actual: " + keyID + MotionUtils.EASING_TYPE_FORMAT_END);
        }
        parse.decrypt(new ECDHDecrypter(this.a.getPrivate()));
        byte[] bytes = parse.getPayload().toBytes();
        Intrinsics.checkNotNullExpressionValue(bytes, "jwe.payload.toBytes()");
        return bytes;
    }

    @Override // com.idemia.mobileid.issuance.IssuanceEncryption
    public final String encrypt(ECPublicKey recipientPublicKey, String recipientKid, String payload) {
        Intrinsics.checkNotNullParameter(recipientPublicKey, "recipientPublicKey");
        Intrinsics.checkNotNullParameter(recipientKid, "recipientKid");
        Intrinsics.checkNotNullParameter(payload, "payload");
        JWTClaimsSet claims = JWTClaimsSet.parse(payload);
        Intrinsics.checkNotNullExpressionValue(claims, "claims");
        JWEHeader build = new JWEHeader.Builder(JWEAlgorithm.ECDH_ES_A256KW, EncryptionMethod.A256GCM).keyID(recipientKid).senderKeyID(this.a.getAlias()).build();
        SecretKey deriveSharedSecret = ECDH.deriveSharedSecret(recipientPublicKey, this.a.getPrivate(), Conscrypt.newProvider());
        Intrinsics.checkNotNullExpressionValue(deriveSharedSecret, "deriveSharedSecret(recip… Conscrypt.newProvider())");
        EncryptedJWT encryptedJWT = new EncryptedJWT(build, claims);
        encryptedJWT.encrypt(new ECDHEncrypter(recipientPublicKey, deriveSharedSecret));
        String serialize = encryptedJWT.serialize();
        Intrinsics.checkNotNullExpressionValue(serialize, "jwe.serialize()");
        return serialize;
    }
}
