package com.netflix.msl.keyx;

import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslException;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.MslKeyExchangeException;
import com.netflix.msl.MslMasterTokenException;
import com.netflix.msl.crypto.AsymmetricCryptoContext;
import com.netflix.msl.crypto.CryptoCache;
import com.netflix.msl.crypto.ICryptoContext;
import com.netflix.msl.crypto.JcaAlgorithm;
import com.netflix.msl.crypto.JsonWebEncryptionCryptoContext;
import com.netflix.msl.crypto.JsonWebKey;
import com.netflix.msl.crypto.SessionCryptoContext;
import com.netflix.msl.entityauth.EntityAuthenticationData;
import com.netflix.msl.io.MslEncoderException;
import com.netflix.msl.io.MslEncoderFactory;
import com.netflix.msl.io.MslEncoderFormat;
import com.netflix.msl.io.MslObject;
import com.netflix.msl.keyx.KeyExchangeFactory;
import com.netflix.msl.tokens.MasterToken;
import com.netflix.msl.util.AuthenticationUtils;
import com.netflix.msl.util.MslContext;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:WEB-INF/lib/msl-core-1.1223.0.jar:com/netflix/msl/keyx/AsymmetricWrappedExchange.class */
public class AsymmetricWrappedExchange extends KeyExchangeFactory {
    private static final Set<JsonWebKey.KeyOp> ENCRYPT_DECRYPT = new HashSet(Arrays.asList(JsonWebKey.KeyOp.encrypt, JsonWebKey.KeyOp.decrypt));
    private static final Set<JsonWebKey.KeyOp> SIGN_VERIFY = new HashSet(Arrays.asList(JsonWebKey.KeyOp.sign, JsonWebKey.KeyOp.verify));
    private final AuthenticationUtils authutils;

    /* loaded from: input_file:WEB-INF/lib/msl-core-1.1223.0.jar:com/netflix/msl/keyx/AsymmetricWrappedExchange$RequestData.class */
    public static class RequestData extends KeyRequestData {
        private static final String KEY_KEY_PAIR_ID = "keypairid";
        private static final String KEY_MECHANISM = "mechanism";
        private static final String KEY_PUBLIC_KEY = "publickey";
        private final String keyPairId;
        private final Mechanism mechanism;
        private final PublicKey publicKey;
        private final PrivateKey privateKey;

        /* loaded from: input_file:WEB-INF/lib/msl-core-1.1223.0.jar:com/netflix/msl/keyx/AsymmetricWrappedExchange$RequestData$Mechanism.class */
        public enum Mechanism {
            RSA,
            ECC,
            JWE_RSA,
            JWEJS_RSA,
            JWK_RSA,
            JWK_RSAES
        }

        public RequestData(String str, Mechanism mechanism, PublicKey publicKey, PrivateKey privateKey) {
            super(KeyExchangeScheme.ASYMMETRIC_WRAPPED);
            this.keyPairId = str;
            this.mechanism = mechanism;
            this.publicKey = publicKey;
            this.privateKey = privateKey;
        }

        public RequestData(MslObject mslObject) throws MslEncodingException, MslCryptoException, MslKeyExchangeException {
            super(KeyExchangeScheme.ASYMMETRIC_WRAPPED);
            try {
                this.keyPairId = mslObject.getString(KEY_KEY_PAIR_ID);
                String string = mslObject.getString(KEY_MECHANISM);
                try {
                    this.mechanism = Mechanism.valueOf(string);
                    byte[] bytes = mslObject.getBytes(KEY_PUBLIC_KEY);
                    try {
                        switch (this.mechanism) {
                            case RSA:
                            case JWE_RSA:
                            case JWEJS_RSA:
                            case JWK_RSA:
                            case JWK_RSAES:
                                this.publicKey = CryptoCache.getKeyFactory("RSA").generatePublic(new X509EncodedKeySpec(bytes));
                                this.privateKey = null;
                                return;
                            default:
                                throw new MslCryptoException(MslError.UNSUPPORTED_KEYX_MECHANISM, this.mechanism.name());
                        }
                    } catch (NullPointerException e) {
                        throw new MslCryptoException(MslError.INVALID_PUBLIC_KEY, "keydata " + mslObject.toString(), e);
                    } catch (NoSuchAlgorithmException e2) {
                        throw new MslCryptoException(MslError.UNSUPPORTED_KEYX_MECHANISM, "keydata " + mslObject.toString(), e2);
                    } catch (InvalidKeySpecException e3) {
                        throw new MslCryptoException(MslError.INVALID_PUBLIC_KEY, "keydata " + mslObject.toString(), e3);
                    }
                } catch (IllegalArgumentException e4) {
                    throw new MslKeyExchangeException(MslError.UNIDENTIFIED_KEYX_MECHANISM, string, e4);
                }
            } catch (MslEncoderException e5) {
                throw new MslEncodingException(MslError.MSL_PARSE_ERROR, "keydata " + mslObject, e5);
            }
        }

        public String getKeyPairId() {
            return this.keyPairId;
        }

        public Mechanism getMechanism() {
            return this.mechanism;
        }

        public PublicKey getPublicKey() {
            return this.publicKey;
        }

        public PrivateKey getPrivateKey() {
            return this.privateKey;
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        protected MslObject getKeydata(MslEncoderFactory mslEncoderFactory, MslEncoderFormat mslEncoderFormat) {
            MslObject createObject = mslEncoderFactory.createObject();
            createObject.put(KEY_KEY_PAIR_ID, this.keyPairId);
            createObject.put(KEY_MECHANISM, this.mechanism.name());
            createObject.put(KEY_PUBLIC_KEY, this.publicKey.getEncoded());
            return createObject;
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof RequestData)) {
                return false;
            }
            RequestData requestData = (RequestData) obj;
            return super.equals(obj) && this.keyPairId.equals(requestData.keyPairId) && this.mechanism.equals(requestData.mechanism) && Arrays.equals(this.publicKey.getEncoded(), requestData.publicKey.getEncoded()) && (this.privateKey == requestData.privateKey || (this.privateKey != null && requestData.privateKey != null && Arrays.equals(this.privateKey.getEncoded(), requestData.privateKey.getEncoded())));
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        public int hashCode() {
            return (((super.hashCode() ^ this.keyPairId.hashCode()) ^ this.mechanism.hashCode()) ^ Arrays.hashCode(this.publicKey.getEncoded())) ^ (this.privateKey != null ? Arrays.hashCode(this.privateKey.getEncoded()) : 0);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/msl-core-1.1223.0.jar:com/netflix/msl/keyx/AsymmetricWrappedExchange$ResponseData.class */
    public static class ResponseData extends KeyResponseData {
        private static final String KEY_KEY_PAIR_ID = "keypairid";
        private static final String KEY_ENCRYPTION_KEY = "encryptionkey";
        private static final String KEY_HMAC_KEY = "hmackey";
        private final String keyPairId;
        private final byte[] encryptionKey;
        private final byte[] hmacKey;

        public ResponseData(MasterToken masterToken, String str, byte[] bArr, byte[] bArr2) {
            super(masterToken, KeyExchangeScheme.ASYMMETRIC_WRAPPED);
            this.keyPairId = str;
            this.encryptionKey = bArr;
            this.hmacKey = bArr2;
        }

        public ResponseData(MasterToken masterToken, MslObject mslObject) throws MslEncodingException, MslKeyExchangeException {
            super(masterToken, KeyExchangeScheme.ASYMMETRIC_WRAPPED);
            try {
                this.keyPairId = mslObject.getString(KEY_KEY_PAIR_ID);
                this.encryptionKey = mslObject.getBytes(KEY_ENCRYPTION_KEY);
                this.hmacKey = mslObject.getBytes(KEY_HMAC_KEY);
            } catch (MslEncoderException e) {
                throw new MslEncodingException(MslError.MSL_PARSE_ERROR, "keydata " + mslObject, e);
            }
        }

        public String getKeyPairId() {
            return this.keyPairId;
        }

        public byte[] getEncryptionKey() {
            return this.encryptionKey;
        }

        public byte[] getHmacKey() {
            return this.hmacKey;
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        protected MslObject getKeydata(MslEncoderFactory mslEncoderFactory, MslEncoderFormat mslEncoderFormat) throws MslEncoderException {
            MslObject createObject = mslEncoderFactory.createObject();
            createObject.put(KEY_KEY_PAIR_ID, this.keyPairId);
            createObject.put(KEY_ENCRYPTION_KEY, this.encryptionKey);
            createObject.put(KEY_HMAC_KEY, this.hmacKey);
            return createObject;
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ResponseData)) {
                return false;
            }
            ResponseData responseData = (ResponseData) obj;
            return super.equals(obj) && this.keyPairId.equals(responseData.keyPairId) && Arrays.equals(this.encryptionKey, responseData.encryptionKey) && Arrays.equals(this.hmacKey, responseData.hmacKey);
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        public int hashCode() {
            return ((super.hashCode() ^ this.keyPairId.hashCode()) ^ Arrays.hashCode(this.encryptionKey)) ^ Arrays.hashCode(this.hmacKey);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/msl-core-1.1223.0.jar:com/netflix/msl/keyx/AsymmetricWrappedExchange$RsaWrappingCryptoContext.class */
    public static class RsaWrappingCryptoContext extends AsymmetricCryptoContext {
        private final String wrapTransform;
        private final AlgorithmParameterSpec wrapParams;

        /* loaded from: input_file:WEB-INF/lib/msl-core-1.1223.0.jar:com/netflix/msl/keyx/AsymmetricWrappedExchange$RsaWrappingCryptoContext$Mode.class */
        public enum Mode {
            WRAP_UNWRAP_OAEP,
            WRAP_UNWRAP_PKCS1
        }

        public RsaWrappingCryptoContext(MslContext mslContext, String str, PrivateKey privateKey, PublicKey publicKey, Mode mode) {
            super(str, privateKey, publicKey, "nullOp", null, "nullOp");
            switch (mode) {
                case WRAP_UNWRAP_OAEP:
                    this.wrapTransform = "RSA/ECB/OAEPPadding";
                    this.wrapParams = OAEPParameterSpec.DEFAULT;
                    return;
                case WRAP_UNWRAP_PKCS1:
                    this.wrapTransform = "RSA/ECB/PKCS1Padding";
                    this.wrapParams = null;
                    return;
                default:
                    throw new MslInternalException("RSA wrapping crypto context mode " + mode + " not supported.");
            }
        }

        @Override // com.netflix.msl.crypto.AsymmetricCryptoContext, com.netflix.msl.crypto.ICryptoContext
        public byte[] wrap(byte[] bArr, MslEncoderFactory mslEncoderFactory, MslEncoderFormat mslEncoderFormat) throws MslCryptoException {
            if ("nullOp".equals(this.wrapTransform)) {
                return bArr;
            }
            if (this.publicKey == null) {
                throw new MslCryptoException(MslError.WRAP_NOT_SUPPORTED, "no public key");
            }
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    try {
                                        try {
                                            Cipher cipher = CryptoCache.getCipher(this.wrapTransform);
                                            cipher.init(1, this.publicKey, this.wrapParams);
                                            byte[] doFinal = cipher.doFinal(bArr);
                                            if (0 != 0) {
                                                CryptoCache.resetCipher(this.wrapTransform);
                                            }
                                            return doFinal;
                                        } catch (InvalidAlgorithmParameterException e) {
                                            throw new MslCryptoException(MslError.INVALID_ALGORITHM_PARAMS, e);
                                        }
                                    } catch (InvalidKeyException e2) {
                                        throw new MslCryptoException(MslError.INVALID_PUBLIC_KEY, e2);
                                    }
                                } catch (RuntimeException e3) {
                                    throw e3;
                                }
                            } catch (NoSuchAlgorithmException e4) {
                                throw new MslInternalException("Invalid cipher algorithm specified.", e4);
                            }
                        } catch (BadPaddingException e5) {
                            throw new MslCryptoException(MslError.PLAINTEXT_BAD_PADDING, "not expected when encrypting", e5);
                        }
                    } catch (NoSuchPaddingException e6) {
                        throw new MslInternalException("Unsupported padding exception.", e6);
                    }
                } catch (IllegalBlockSizeException e7) {
                    throw new MslCryptoException(MslError.PLAINTEXT_ILLEGAL_BLOCK_SIZE, "not expected when padding is specified", e7);
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    CryptoCache.resetCipher(this.wrapTransform);
                }
                throw th;
            }
        }

        @Override // com.netflix.msl.crypto.AsymmetricCryptoContext, com.netflix.msl.crypto.ICryptoContext
        public byte[] unwrap(byte[] bArr, MslEncoderFactory mslEncoderFactory) throws MslCryptoException {
            if ("nullOp".equals(this.wrapTransform)) {
                return bArr;
            }
            if (this.privateKey == null) {
                throw new MslCryptoException(MslError.DECRYPT_NOT_SUPPORTED, "no private key");
            }
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    try {
                                        Cipher cipher = CryptoCache.getCipher(this.wrapTransform);
                                        cipher.init(2, this.privateKey, this.wrapParams);
                                        byte[] doFinal = cipher.doFinal(bArr);
                                        if (0 != 0) {
                                            CryptoCache.resetCipher(this.wrapTransform);
                                        }
                                        return doFinal;
                                    } catch (InvalidKeyException e) {
                                        throw new MslCryptoException(MslError.INVALID_PRIVATE_KEY, e);
                                    }
                                } catch (InvalidAlgorithmParameterException e2) {
                                    throw new MslCryptoException(MslError.INVALID_ALGORITHM_PARAMS, e2);
                                }
                            } catch (BadPaddingException e3) {
                                throw new MslCryptoException(MslError.CIPHERTEXT_BAD_PADDING, e3);
                            }
                        } catch (RuntimeException e4) {
                            throw e4;
                        }
                    } catch (NoSuchPaddingException e5) {
                        throw new MslInternalException("Unsupported padding exception.", e5);
                    }
                } catch (NoSuchAlgorithmException e6) {
                    throw new MslInternalException("Invalid cipher algorithm specified.", e6);
                } catch (IllegalBlockSizeException e7) {
                    throw new MslCryptoException(MslError.CIPHERTEXT_ILLEGAL_BLOCK_SIZE, e7);
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    CryptoCache.resetCipher(this.wrapTransform);
                }
                throw th;
            }
        }
    }

    private static ICryptoContext createCryptoContext(MslContext mslContext, String str, RequestData.Mechanism mechanism, PrivateKey privateKey, PublicKey publicKey) throws MslCryptoException {
        switch (mechanism) {
            case RSA:
            case JWK_RSA:
                return new RsaWrappingCryptoContext(mslContext, str, privateKey, publicKey, RsaWrappingCryptoContext.Mode.WRAP_UNWRAP_OAEP);
            case JWE_RSA:
                return new JsonWebEncryptionCryptoContext(mslContext, new JsonWebEncryptionCryptoContext.RsaOaepCryptoContext(privateKey, publicKey), JsonWebEncryptionCryptoContext.Encryption.A128GCM, JsonWebEncryptionCryptoContext.Format.JWE_CS);
            case JWEJS_RSA:
                return new JsonWebEncryptionCryptoContext(mslContext, new JsonWebEncryptionCryptoContext.RsaOaepCryptoContext(privateKey, publicKey), JsonWebEncryptionCryptoContext.Encryption.A128GCM, JsonWebEncryptionCryptoContext.Format.JWE_JS);
            case JWK_RSAES:
                return new RsaWrappingCryptoContext(mslContext, str, privateKey, publicKey, RsaWrappingCryptoContext.Mode.WRAP_UNWRAP_PKCS1);
            default:
                throw new MslCryptoException(MslError.UNSUPPORTED_KEYX_MECHANISM, mechanism.name());
        }
    }

    public AsymmetricWrappedExchange(AuthenticationUtils authenticationUtils) {
        super(KeyExchangeScheme.ASYMMETRIC_WRAPPED);
        this.authutils = authenticationUtils;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyRequestData createRequestData(MslContext mslContext, MslObject mslObject) throws MslEncodingException, MslCryptoException, MslKeyExchangeException {
        return new RequestData(mslObject);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyResponseData createResponseData(MslContext mslContext, MasterToken masterToken, MslObject mslObject) throws MslEncodingException, MslKeyExchangeException {
        return new ResponseData(masterToken, mslObject);
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyExchangeFactory.KeyExchangeData generateResponse(MslContext mslContext, MslEncoderFormat mslEncoderFormat, KeyRequestData keyRequestData, MasterToken masterToken) throws MslKeyExchangeException, MslCryptoException, MslMasterTokenException, MslEncodingException, MslException {
        byte[] wrap;
        byte[] wrap2;
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        if (!masterToken.isVerified()) {
            throw new MslMasterTokenException(MslError.MASTERTOKEN_UNTRUSTED, masterToken);
        }
        String identity = masterToken.getIdentity();
        if (!this.authutils.isSchemePermitted(identity, getScheme())) {
            throw new MslKeyExchangeException(MslError.KEYX_INCORRECT_DATA, "Authentication scheme for entity not permitted " + identity + ":" + getScheme()).setMasterToken(masterToken);
        }
        byte[] bArr = new byte[16];
        byte[] bArr2 = new byte[32];
        mslContext.getRandom().nextBytes(bArr);
        mslContext.getRandom().nextBytes(bArr2);
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr2, JcaAlgorithm.HMAC_SHA256);
            MslEncoderFactory mslEncoderFactory = mslContext.getMslEncoderFactory();
            String keyPairId = requestData.getKeyPairId();
            RequestData.Mechanism mechanism = requestData.getMechanism();
            ICryptoContext createCryptoContext = createCryptoContext(mslContext, keyPairId, mechanism, null, requestData.getPublicKey());
            switch (mechanism) {
                case JWE_RSA:
                case JWEJS_RSA:
                    JsonWebKey jsonWebKey = new JsonWebKey(JsonWebKey.Usage.enc, JsonWebKey.Algorithm.A128CBC, false, (String) null, (SecretKey) secretKeySpec);
                    JsonWebKey jsonWebKey2 = new JsonWebKey(JsonWebKey.Usage.sig, JsonWebKey.Algorithm.HS256, false, (String) null, (SecretKey) secretKeySpec2);
                    byte[] mslEncoding = jsonWebKey.toMslEncoding(mslEncoderFactory, MslEncoderFormat.JSON);
                    byte[] mslEncoding2 = jsonWebKey2.toMslEncoding(mslEncoderFactory, MslEncoderFormat.JSON);
                    wrap = createCryptoContext.wrap(mslEncoding, mslEncoderFactory, mslEncoderFormat);
                    wrap2 = createCryptoContext.wrap(mslEncoding2, mslEncoderFactory, mslEncoderFormat);
                    break;
                case JWK_RSA:
                case JWK_RSAES:
                    JsonWebKey jsonWebKey3 = new JsonWebKey(ENCRYPT_DECRYPT, JsonWebKey.Algorithm.A128CBC, false, (String) null, (SecretKey) secretKeySpec);
                    JsonWebKey jsonWebKey4 = new JsonWebKey(SIGN_VERIFY, JsonWebKey.Algorithm.HS256, false, (String) null, (SecretKey) secretKeySpec2);
                    byte[] mslEncoding3 = jsonWebKey3.toMslEncoding(mslEncoderFactory, MslEncoderFormat.JSON);
                    byte[] mslEncoding4 = jsonWebKey4.toMslEncoding(mslEncoderFactory, MslEncoderFormat.JSON);
                    wrap = createCryptoContext.wrap(mslEncoding3, mslEncoderFactory, mslEncoderFormat);
                    wrap2 = createCryptoContext.wrap(mslEncoding4, mslEncoderFactory, mslEncoderFormat);
                    break;
                default:
                    wrap = createCryptoContext.wrap(bArr, mslEncoderFactory, mslEncoderFormat);
                    wrap2 = createCryptoContext.wrap(bArr2, mslEncoderFactory, mslEncoderFormat);
                    break;
            }
            MasterToken renewMasterToken = mslContext.getTokenFactory().renewMasterToken(mslContext, masterToken, secretKeySpec, secretKeySpec2, null);
            return new KeyExchangeFactory.KeyExchangeData(new ResponseData(renewMasterToken, requestData.getKeyPairId(), wrap, wrap2), new SessionCryptoContext(mslContext, renewMasterToken));
        } catch (IllegalArgumentException e) {
            throw new MslCryptoException(MslError.SESSION_KEY_CREATION_FAILURE, e).setMasterToken(masterToken);
        }
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyExchangeFactory.KeyExchangeData generateResponse(MslContext mslContext, MslEncoderFormat mslEncoderFormat, KeyRequestData keyRequestData, EntityAuthenticationData entityAuthenticationData) throws MslException {
        byte[] wrap;
        byte[] wrap2;
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        String identity = entityAuthenticationData.getIdentity();
        if (!this.authutils.isSchemePermitted(identity, getScheme())) {
            throw new MslKeyExchangeException(MslError.KEYX_INCORRECT_DATA, "Authentication scheme for entity not permitted " + identity + ":" + getScheme()).setEntityAuthenticationData(entityAuthenticationData);
        }
        byte[] bArr = new byte[16];
        byte[] bArr2 = new byte[32];
        mslContext.getRandom().nextBytes(bArr);
        mslContext.getRandom().nextBytes(bArr2);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr2, JcaAlgorithm.HMAC_SHA256);
        MslEncoderFactory mslEncoderFactory = mslContext.getMslEncoderFactory();
        String keyPairId = requestData.getKeyPairId();
        RequestData.Mechanism mechanism = requestData.getMechanism();
        ICryptoContext createCryptoContext = createCryptoContext(mslContext, keyPairId, mechanism, null, requestData.getPublicKey());
        switch (mechanism) {
            case JWE_RSA:
            case JWEJS_RSA:
                JsonWebKey jsonWebKey = new JsonWebKey(JsonWebKey.Usage.enc, JsonWebKey.Algorithm.A128CBC, false, (String) null, (SecretKey) secretKeySpec);
                JsonWebKey jsonWebKey2 = new JsonWebKey(JsonWebKey.Usage.sig, JsonWebKey.Algorithm.HS256, false, (String) null, (SecretKey) secretKeySpec2);
                byte[] mslEncoding = jsonWebKey.toMslEncoding(mslEncoderFactory, MslEncoderFormat.JSON);
                byte[] mslEncoding2 = jsonWebKey2.toMslEncoding(mslEncoderFactory, MslEncoderFormat.JSON);
                wrap = createCryptoContext.wrap(mslEncoding, mslEncoderFactory, mslEncoderFormat);
                wrap2 = createCryptoContext.wrap(mslEncoding2, mslEncoderFactory, mslEncoderFormat);
                break;
            case JWK_RSA:
            case JWK_RSAES:
                JsonWebKey jsonWebKey3 = new JsonWebKey(ENCRYPT_DECRYPT, JsonWebKey.Algorithm.A128CBC, false, (String) null, (SecretKey) secretKeySpec);
                JsonWebKey jsonWebKey4 = new JsonWebKey(SIGN_VERIFY, JsonWebKey.Algorithm.HS256, false, (String) null, (SecretKey) secretKeySpec2);
                byte[] mslEncoding3 = jsonWebKey3.toMslEncoding(mslEncoderFactory, MslEncoderFormat.JSON);
                byte[] mslEncoding4 = jsonWebKey4.toMslEncoding(mslEncoderFactory, MslEncoderFormat.JSON);
                wrap = createCryptoContext.wrap(mslEncoding3, mslEncoderFactory, mslEncoderFormat);
                wrap2 = createCryptoContext.wrap(mslEncoding4, mslEncoderFactory, mslEncoderFormat);
                break;
            default:
                wrap = createCryptoContext.wrap(bArr, mslEncoderFactory, mslEncoderFormat);
                wrap2 = createCryptoContext.wrap(bArr2, mslEncoderFactory, mslEncoderFormat);
                break;
        }
        MasterToken createMasterToken = mslContext.getTokenFactory().createMasterToken(mslContext, entityAuthenticationData, secretKeySpec, secretKeySpec2, null);
        try {
            return new KeyExchangeFactory.KeyExchangeData(new ResponseData(createMasterToken, requestData.getKeyPairId(), wrap, wrap2), new SessionCryptoContext(mslContext, createMasterToken));
        } catch (MslMasterTokenException e) {
            throw new MslInternalException("Master token constructed by token factory is not trusted.", e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v50, types: [javax.crypto.SecretKey] */
    /* JADX WARN: Type inference failed for: r0v52, types: [javax.crypto.SecretKey] */
    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public ICryptoContext getCryptoContext(MslContext mslContext, KeyRequestData keyRequestData, KeyResponseData keyResponseData, MasterToken masterToken) throws MslKeyExchangeException, MslCryptoException, MslEncodingException {
        SecretKeySpec secretKeySpec;
        SecretKeySpec secretKeySpec2;
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        if (!(keyResponseData instanceof ResponseData)) {
            throw new MslInternalException("Key response data " + keyResponseData.getClass().getName() + " was not created by this factory.");
        }
        ResponseData responseData = (ResponseData) keyResponseData;
        String keyPairId = requestData.getKeyPairId();
        String keyPairId2 = responseData.getKeyPairId();
        if (!keyPairId.equals(keyPairId2)) {
            throw new MslKeyExchangeException(MslError.KEYX_RESPONSE_REQUEST_MISMATCH, "request " + keyPairId + "; response " + keyPairId2);
        }
        MslEncoderFactory mslEncoderFactory = mslContext.getMslEncoderFactory();
        PrivateKey privateKey = requestData.getPrivateKey();
        if (privateKey == null) {
            throw new MslKeyExchangeException(MslError.KEYX_PRIVATE_KEY_MISSING, "request Asymmetric private key");
        }
        RequestData.Mechanism mechanism = requestData.getMechanism();
        ICryptoContext createCryptoContext = createCryptoContext(mslContext, keyPairId, mechanism, privateKey, null);
        switch (mechanism) {
            case JWE_RSA:
            case JWEJS_RSA:
            case JWK_RSA:
            case JWK_RSAES:
                byte[] unwrap = createCryptoContext.unwrap(responseData.getEncryptionKey(), mslEncoderFactory);
                byte[] unwrap2 = createCryptoContext.unwrap(responseData.getHmacKey(), mslEncoderFactory);
                try {
                    MslObject parseObject = mslEncoderFactory.parseObject(unwrap);
                    MslObject parseObject2 = mslEncoderFactory.parseObject(unwrap2);
                    secretKeySpec = new JsonWebKey(parseObject).getSecretKey();
                    secretKeySpec2 = new JsonWebKey(parseObject2).getSecretKey();
                    break;
                } catch (MslEncoderException e) {
                    throw new MslCryptoException(MslError.SESSION_KEY_CREATION_FAILURE, e).setMasterToken(masterToken);
                }
            default:
                byte[] unwrap3 = createCryptoContext.unwrap(responseData.getEncryptionKey(), mslEncoderFactory);
                byte[] unwrap4 = createCryptoContext.unwrap(responseData.getHmacKey(), mslEncoderFactory);
                try {
                    secretKeySpec = new SecretKeySpec(unwrap3, "AES");
                    secretKeySpec2 = new SecretKeySpec(unwrap4, JcaAlgorithm.HMAC_SHA256);
                    break;
                } catch (IllegalArgumentException e2) {
                    throw new MslCryptoException(MslError.SESSION_KEY_CREATION_FAILURE, e2).setMasterToken(masterToken);
                }
        }
        return new SessionCryptoContext(mslContext, responseData.getMasterToken(), mslContext.getEntityAuthenticationData(null).getIdentity(), secretKeySpec, secretKeySpec2);
    }
}
