package com.nimbusds.jose.crypto;

import com.nimbusds.jose.CompressionAlgorithm;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWECryptoParts;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.crypto.impl.AESCBC;
import com.nimbusds.jose.crypto.impl.AlgorithmSupportMessage;
import com.nimbusds.jose.crypto.impl.AuthenticatedCipherText;
import com.nimbusds.jose.crypto.impl.CompositeKey;
import com.nimbusds.jose.crypto.impl.ContentCryptoProvider;
import com.nimbusds.jose.crypto.impl.HMAC;
import com.nimbusds.jose.crypto.impl.LegacyConcatKDF;
import com.nimbusds.jose.crypto.impl.RSACryptoProvider;
import com.nimbusds.jose.jca.JWEJCAContext;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.Container;
import com.nimbusds.jose.util.IntegerOverflowException;
import com.nimbusds.jose.util.IntegerUtils;
import com.nimbusds.jose.util.StandardCharset;
import defpackage.b;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.MGF1ParameterSpec;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.modes.GCMBlockCipher;
import org.bouncycastle.crypto.modes.gcm.Tables8kGCMMultiplier;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.util.Pack;

/* loaded from: classes2.dex */
public class RSAEncrypter extends RSACryptoProvider {
    public final RSAPublicKey e;

    public RSAEncrypter(RSAPublicKey rSAPublicKey) {
        this.e = rSAPublicKey;
    }

    public final JWECryptoParts d(JWEHeader jWEHeader, byte[] bArr) {
        Base64URL c7;
        int i;
        Deflater deflater;
        byte[] byteArray;
        Base64URL base64URL;
        byte[] bArr2;
        int i7;
        AuthenticatedCipherText authenticatedCipherText;
        AuthenticatedCipherText authenticatedCipherText2;
        byte[] bArr3;
        byte[] bArr4;
        AlgorithmParameters parameters;
        int i8;
        int i9;
        JWEAlgorithm jWEAlgorithm = (JWEAlgorithm) jWEHeader.f9667a;
        SecureRandom secureRandom = c().b;
        if (secureRandom == null) {
            secureRandom = new SecureRandom();
        }
        Set set = ContentCryptoProvider.f9702a;
        EncryptionMethod encryptionMethod = jWEHeader.o;
        if (!set.contains(encryptionMethod)) {
            throw new JOSEException("Unsupported JWE encryption method " + encryptionMethod + ", must be " + AlgorithmSupportMessage.a(set));
        }
        byte[] bArr5 = new byte[encryptionMethod.f9666c / 8];
        secureRandom.nextBytes(bArr5);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr5, "AES");
        boolean equals = jWEAlgorithm.equals(JWEAlgorithm.f9671c);
        RSAPublicKey rSAPublicKey = this.e;
        if (equals) {
            Provider provider = c().f9707a;
            try {
                Cipher cipher = provider == null ? Cipher.getInstance("RSA/ECB/PKCS1Padding") : Cipher.getInstance("RSA/ECB/PKCS1Padding", provider);
                cipher.init(1, rSAPublicKey);
                c7 = Base64URL.c(cipher.doFinal(secretKeySpec.getEncoded()));
            } catch (IllegalBlockSizeException e) {
                throw new JOSEException("RSA block size exception: The RSA key is too short, try a longer one", e);
            } catch (Exception e2) {
                throw new JOSEException("Couldn't encrypt Content Encryption Key (CEK): " + e2.getMessage(), e2);
            }
        } else if (jWEAlgorithm.equals(JWEAlgorithm.d)) {
            Provider provider2 = c().f9707a;
            try {
                Cipher cipher2 = provider2 == null ? Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding") : Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", provider2);
                cipher2.init(1, rSAPublicKey, new SecureRandom());
                c7 = Base64URL.c(cipher2.doFinal(secretKeySpec.getEncoded()));
            } catch (IllegalBlockSizeException e6) {
                throw new JOSEException("RSA block size exception: The RSA key is too short, try a longer one", e6);
            } catch (Exception e7) {
                throw new JOSEException(e7.getMessage(), e7);
            }
        } else {
            if (!jWEAlgorithm.equals(JWEAlgorithm.e)) {
                throw new JOSEException("Unsupported JWE algorithm " + jWEAlgorithm + ", must be " + AlgorithmSupportMessage.a(RSACryptoProvider.d));
            }
            Provider provider3 = c().f9707a;
            try {
                AlgorithmParameters algorithmParameters = provider3 == null ? AlgorithmParameters.getInstance("OAEP") : AlgorithmParameters.getInstance("OAEP", provider3);
                algorithmParameters.init(new OAEPParameterSpec(MessageDigestAlgorithms.SHA_256, "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT));
                Cipher cipher3 = provider3 == null ? Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding") : Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", provider3);
                cipher3.init(1, rSAPublicKey, algorithmParameters);
                c7 = Base64URL.c(cipher3.doFinal(secretKeySpec.getEncoded()));
            } catch (IllegalBlockSizeException e8) {
                throw new JOSEException("RSA block size exception: The RSA key is too short, try a longer one", e8);
            } catch (Exception e9) {
                throw new JOSEException(e9.getMessage(), e9);
            }
        }
        Base64URL base64URL2 = c7;
        JWEJCAContext c8 = c();
        try {
            int i10 = encryptionMethod.f9666c;
            if (secretKeySpec.getEncoded() == null) {
                i = 0;
            } else {
                long length = r11.length * 8;
                i = (int) length;
                if (i != length) {
                    throw new IntegerOverflowException();
                }
            }
            if (i10 != i) {
                throw new KeyLengthException("The Content Encryption Key (CEK) length for " + encryptionMethod + " must be " + encryptionMethod.f9666c + " bits");
            }
            DeflaterOutputStream deflaterOutputStream = null;
            deflaterOutputStream = null;
            CompressionAlgorithm compressionAlgorithm = jWEHeader.f9678q;
            if (compressionAlgorithm == null) {
                byteArray = bArr;
            } else {
                if (!compressionAlgorithm.equals(CompressionAlgorithm.f9665a)) {
                    throw new JOSEException("Unsupported compression algorithm: " + compressionAlgorithm);
                }
                try {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    try {
                        deflater = new Deflater(8, true);
                        try {
                            DeflaterOutputStream deflaterOutputStream2 = new DeflaterOutputStream(byteArrayOutputStream, deflater);
                            try {
                                deflaterOutputStream2.write(bArr);
                                deflaterOutputStream2.close();
                                deflater.end();
                                byteArray = byteArrayOutputStream.toByteArray();
                            } catch (Throwable th) {
                                th = th;
                                deflaterOutputStream = deflaterOutputStream2;
                                if (deflaterOutputStream != null) {
                                    deflaterOutputStream.close();
                                }
                                if (deflater != null) {
                                    deflater.end();
                                }
                                throw th;
                            }
                        } catch (Throwable th2) {
                            th = th2;
                        }
                    } catch (Throwable th3) {
                        th = th3;
                        deflater = null;
                    }
                } catch (Exception e10) {
                    throw new JOSEException("Couldn't compress plain text: " + e10.getMessage(), e10);
                }
            }
            byte[] bytes = jWEHeader.a().toString().getBytes(StandardCharsets.US_ASCII);
            boolean equals2 = encryptionMethod.equals(EncryptionMethod.d);
            String str = encryptionMethod.f9663a;
            if (equals2 || encryptionMethod.equals(EncryptionMethod.e) || encryptionMethod.equals(EncryptionMethod.f)) {
                base64URL = base64URL2;
                SecureRandom secureRandom2 = c8.b;
                if (secureRandom2 == null) {
                    secureRandom2 = new SecureRandom();
                }
                bArr2 = new byte[16];
                secureRandom2.nextBytes(bArr2);
                CompositeKey compositeKey = new CompositeKey(secretKeySpec);
                SecretKeySpec secretKeySpec2 = compositeKey.b;
                Provider provider4 = c8.f9707a;
                byte[] a5 = AESCBC.a(secretKeySpec2, bArr2, byteArray, provider4);
                if (bytes == null) {
                    i7 = 0;
                } else {
                    long length2 = bytes.length * 8;
                    i7 = (int) length2;
                    if (i7 != length2) {
                        throw new IntegerOverflowException();
                    }
                }
                byte[] array = ByteBuffer.allocate(8).putLong(i7).array();
                authenticatedCipherText = new AuthenticatedCipherText(a5, Arrays.copyOf(HMAC.a(compositeKey.f9699a, ByteBuffer.allocate(bytes.length + 16 + a5.length + array.length).put(bytes).put(bArr2).put(a5).put(array).array(), provider4), compositeKey.f9700c));
            } else if (encryptionMethod.equals(EncryptionMethod.i) || encryptionMethod.equals(EncryptionMethod.j) || encryptionMethod.equals(EncryptionMethod.k)) {
                base64URL = base64URL2;
                SecureRandom secureRandom3 = c8.b;
                if (secureRandom3 == null) {
                    secureRandom3 = new SecureRandom();
                }
                byte[] bArr6 = new byte[12];
                secureRandom3.nextBytes(bArr6);
                Container container = new Container(bArr6);
                SecretKeySpec secretKeySpec3 = new SecretKeySpec(secretKeySpec.getEncoded(), "AES");
                byte[] bArr7 = (byte[]) container.f9754a;
                Provider provider5 = c8.f9707a;
                try {
                    Cipher cipher4 = provider5 != null ? Cipher.getInstance("AES/GCM/NoPadding", provider5) : Cipher.getInstance("AES/GCM/NoPadding");
                    cipher4.init(1, secretKeySpec3, new GCMParameterSpec(128, bArr7));
                    cipher4.updateAAD(bytes);
                    try {
                        byte[] doFinal = cipher4.doFinal(byteArray);
                        int length3 = doFinal.length - 16;
                        bArr3 = new byte[length3];
                        System.arraycopy(doFinal, 0, bArr3, 0, length3);
                        bArr4 = new byte[16];
                        System.arraycopy(doFinal, length3, bArr4, 0, 16);
                        parameters = cipher4.getParameters();
                    } catch (BadPaddingException | IllegalBlockSizeException e11) {
                        throw new JOSEException("Couldn't encrypt with AES/GCM/NoPadding: " + e11.getMessage(), e11);
                    }
                } catch (NoClassDefFoundError unused) {
                    AESEngine aESEngine = new AESEngine();
                    aESEngine.a(new KeyParameter(secretKeySpec3.getEncoded()));
                    GCMBlockCipher gCMBlockCipher = new GCMBlockCipher(aESEngine);
                    KeyParameter keyParameter = new KeyParameter(secretKeySpec3.getEncoded());
                    gCMBlockCipher.f16353c = true;
                    gCMBlockCipher.k = null;
                    gCMBlockCipher.e = bArr7;
                    gCMBlockCipher.f = bytes;
                    gCMBlockCipher.d = 16;
                    gCMBlockCipher.j = new byte[16];
                    if (bArr7 == null || bArr7.length < 1) {
                        throw new IllegalArgumentException("IV must be at least 1 byte");
                    }
                    if (bytes == null) {
                        gCMBlockCipher.f = new byte[0];
                    }
                    AESEngine aESEngine2 = (AESEngine) gCMBlockCipher.f16352a;
                    aESEngine2.a(keyParameter);
                    byte[] bArr8 = new byte[16];
                    gCMBlockCipher.g = bArr8;
                    aESEngine2.c(GCMBlockCipher.p, bArr8);
                    byte[] bArr9 = gCMBlockCipher.g;
                    Tables8kGCMMultiplier tables8kGCMMultiplier = (Tables8kGCMMultiplier) gCMBlockCipher.b;
                    tables8kGCMMultiplier.a(bArr9);
                    gCMBlockCipher.h = gCMBlockCipher.c(gCMBlockCipher.f);
                    byte[] bArr10 = gCMBlockCipher.e;
                    if (bArr10.length == 12) {
                        byte[] bArr11 = new byte[16];
                        gCMBlockCipher.i = bArr11;
                        System.arraycopy(bArr10, 0, bArr11, 0, bArr10.length);
                        gCMBlockCipher.i[15] = 1;
                    } else {
                        gCMBlockCipher.i = gCMBlockCipher.c(bArr10);
                        byte[] bArr12 = new byte[16];
                        long length4 = gCMBlockCipher.e.length * 8;
                        Pack.b((int) (length4 >>> 32), bArr12, 8);
                        Pack.b((int) length4, bArr12, 12);
                        GCMBlockCipher.d(gCMBlockCipher.i, bArr12);
                        tables8kGCMMultiplier.b(gCMBlockCipher.i);
                    }
                    gCMBlockCipher.f16354l = org.bouncycastle.util.Arrays.b(gCMBlockCipher.h);
                    gCMBlockCipher.m = org.bouncycastle.util.Arrays.b(gCMBlockCipher.i);
                    gCMBlockCipher.n = 0;
                    gCMBlockCipher.o = 0L;
                    int length5 = byteArray.length;
                    boolean z = gCMBlockCipher.f16353c;
                    int i11 = length5 + 0;
                    int i12 = gCMBlockCipher.d;
                    byte[] bArr13 = new byte[z ? i11 + i12 : i11 - i12];
                    int length6 = byteArray.length;
                    int i13 = 0;
                    for (int i14 = 0; i14 != length6; i14++) {
                        byte[] bArr14 = gCMBlockCipher.j;
                        int i15 = gCMBlockCipher.n;
                        int i16 = i15 + 1;
                        gCMBlockCipher.n = i16;
                        bArr14[i15] = byteArray[i14 + 0];
                        if (i16 == bArr14.length) {
                            gCMBlockCipher.b(16, i13 + 0, bArr14, bArr13);
                            if (!gCMBlockCipher.f16353c) {
                                byte[] bArr15 = gCMBlockCipher.j;
                                System.arraycopy(bArr15, 16, bArr15, 0, gCMBlockCipher.d);
                            }
                            gCMBlockCipher.n = gCMBlockCipher.j.length - 16;
                            i13 += 16;
                        }
                    }
                    try {
                        int a7 = (i13 + gCMBlockCipher.a(i13, bArr13)) - 16;
                        byte[] bArr16 = new byte[a7];
                        byte[] bArr17 = new byte[16];
                        System.arraycopy(bArr13, 0, bArr16, 0, a7);
                        System.arraycopy(bArr13, a7, bArr17, 0, 16);
                        authenticatedCipherText2 = new AuthenticatedCipherText(bArr16, bArr17);
                    } catch (InvalidCipherTextException e12) {
                        throw new JOSEException("Couldn't generate GCM authentication tag: " + e12.getMessage(), e12);
                    }
                } catch (InvalidAlgorithmParameterException e13) {
                    e = e13;
                    throw new JOSEException("Couldn't create AES/GCM/NoPadding cipher: " + e.getMessage(), e);
                } catch (InvalidKeyException e14) {
                    e = e14;
                    throw new JOSEException("Couldn't create AES/GCM/NoPadding cipher: " + e.getMessage(), e);
                } catch (NoSuchAlgorithmException e15) {
                    e = e15;
                    throw new JOSEException("Couldn't create AES/GCM/NoPadding cipher: " + e.getMessage(), e);
                } catch (NoSuchPaddingException e16) {
                    e = e16;
                    throw new JOSEException("Couldn't create AES/GCM/NoPadding cipher: " + e.getMessage(), e);
                }
                if (parameters == null) {
                    throw new JOSEException("AES GCM ciphers are expected to make use of algorithm parameters");
                }
                try {
                    GCMParameterSpec gCMParameterSpec = (GCMParameterSpec) parameters.getParameterSpec(GCMParameterSpec.class);
                    byte[] iv = gCMParameterSpec.getIV();
                    int tLen = gCMParameterSpec.getTLen();
                    if (iv == null) {
                        i8 = 0;
                    } else {
                        long length7 = iv.length * 8;
                        i8 = (int) length7;
                        if (i8 != length7) {
                            throw new IntegerOverflowException();
                        }
                    }
                    if (i8 != 96) {
                        Object[] objArr = new Object[2];
                        objArr[0] = 96;
                        if (iv != null) {
                            long length8 = iv.length * 8;
                            i9 = (int) length8;
                            if (i9 != length8) {
                                throw new IntegerOverflowException();
                            }
                        } else {
                            i9 = 0;
                        }
                        objArr[1] = Integer.valueOf(i9);
                        throw new JOSEException(String.format("IV length of %d bits is required, got %d", objArr));
                    }
                    if (tLen != 128) {
                        throw new JOSEException(String.format("Authentication tag length of %d bits is required, got %d", 128, Integer.valueOf(tLen)));
                    }
                    container.f9754a = iv;
                    authenticatedCipherText2 = new AuthenticatedCipherText(bArr3, bArr4);
                    authenticatedCipherText = authenticatedCipherText2;
                    bArr2 = (byte[]) container.f9754a;
                } catch (InvalidParameterSpecException e17) {
                    throw new JOSEException(e17.getMessage(), e17);
                }
            } else {
                if (!encryptionMethod.equals(EncryptionMethod.g) && !encryptionMethod.equals(EncryptionMethod.h)) {
                    throw new JOSEException("Unsupported JWE encryption method " + encryptionMethod + ", must be " + AlgorithmSupportMessage.a(set));
                }
                SecureRandom secureRandom4 = c8.b;
                if (secureRandom4 == null) {
                    secureRandom4 = new SecureRandom();
                }
                bArr2 = new byte[16];
                secureRandom4.nextBytes(bArr2);
                Map map = jWEHeader.e;
                byte[] a8 = map.get("epu") instanceof String ? new Base64URL((String) map.get("epu")).a() : null;
                byte[] a9 = map.get("epv") instanceof String ? new Base64URL((String) map.get("epv")).a() : null;
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                try {
                    byte[] bArr18 = LegacyConcatKDF.f9705a;
                    byteArrayOutputStream2.write(bArr18);
                    byte[] encoded = secretKeySpec.getEncoded();
                    byteArrayOutputStream2.write(encoded);
                    int length9 = encoded.length * 8;
                    byteArrayOutputStream2.write(IntegerUtils.a(length9 / 2));
                    Charset charset = StandardCharset.f9755a;
                    byteArrayOutputStream2.write(str.getBytes(charset));
                    byte[] bArr19 = LegacyConcatKDF.b;
                    if (a8 != null) {
                        byteArrayOutputStream2.write(IntegerUtils.a(a8.length));
                        byteArrayOutputStream2.write(a8);
                    } else {
                        byteArrayOutputStream2.write(bArr19);
                    }
                    if (a9 != null) {
                        byteArrayOutputStream2.write(IntegerUtils.a(a9.length));
                        byteArrayOutputStream2.write(a9);
                    } else {
                        byteArrayOutputStream2.write(bArr19);
                    }
                    byteArrayOutputStream2.write(LegacyConcatKDF.f9706c);
                    try {
                        byte[] digest = MessageDigest.getInstance("SHA-" + length9).digest(byteArrayOutputStream2.toByteArray());
                        int length10 = digest.length / 2;
                        byte[] bArr20 = new byte[length10];
                        base64URL = base64URL2;
                        System.arraycopy(digest, 0, bArr20, 0, length10);
                        SecretKeySpec secretKeySpec4 = new SecretKeySpec(bArr20, "AES");
                        Provider provider6 = c8.f9707a;
                        byte[] a10 = AESCBC.a(secretKeySpec4, bArr2, byteArray, provider6);
                        ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
                        try {
                            byteArrayOutputStream3.write(bArr18);
                            byte[] encoded2 = secretKeySpec.getEncoded();
                            byteArrayOutputStream3.write(encoded2);
                            int length11 = encoded2.length * 8;
                            byteArrayOutputStream3.write(IntegerUtils.a(length11));
                            byteArrayOutputStream3.write(str.getBytes(charset));
                            if (a8 != null) {
                                byteArrayOutputStream3.write(IntegerUtils.a(a8.length));
                                byteArrayOutputStream3.write(a8);
                            } else {
                                byteArrayOutputStream3.write(bArr19);
                            }
                            if (a9 != null) {
                                byteArrayOutputStream3.write(IntegerUtils.a(a9.length));
                                byteArrayOutputStream3.write(a9);
                            } else {
                                byteArrayOutputStream3.write(bArr19);
                            }
                            byteArrayOutputStream3.write(LegacyConcatKDF.d);
                            try {
                                authenticatedCipherText = new AuthenticatedCipherText(a10, HMAC.a(new SecretKeySpec(MessageDigest.getInstance("SHA-" + length11).digest(byteArrayOutputStream3.toByteArray()), b.l("HMACSHA", length11)), (jWEHeader.a().toString() + "." + base64URL.toString() + "." + Base64URL.c(bArr2).f9753a + "." + Base64URL.c(a10)).getBytes(charset), provider6));
                            } catch (NoSuchAlgorithmException e18) {
                                throw new JOSEException(e18.getMessage(), e18);
                            }
                        } catch (IOException e19) {
                            throw new JOSEException(e19.getMessage(), e19);
                        }
                    } catch (NoSuchAlgorithmException e20) {
                        throw new JOSEException(e20.getMessage(), e20);
                    }
                } catch (IOException e21) {
                    throw new JOSEException(e21.getMessage(), e21);
                }
            }
            return new JWECryptoParts(jWEHeader, base64URL, Base64URL.c(bArr2), Base64URL.c(authenticatedCipherText.f9695a), Base64URL.c(authenticatedCipherText.b));
        } catch (IntegerOverflowException e22) {
            throw new KeyLengthException("The Content Encryption Key (CEK) is too long: " + e22.getMessage());
        }
    }
}
