package com.nimbusds.jose.crypto;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWECryptoParts;
import com.nimbusds.jose.JWEEncrypter;
import com.nimbusds.jose.ReadOnlyJWEHeader;
import com.nimbusds.jose.crypto.AESGCM;
import com.nimbusds.jose.util.Base64URL;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.util.Set;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.encodings.OAEPEncoding;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.params.RSAKeyParameters;

/* loaded from: input_file:com/nimbusds/jose/crypto/RSAEncrypter.class */
public class RSAEncrypter extends RSAProvider implements JWEEncrypter {
    private final SecureRandom randomGen;
    private final RSAPublicKey pubKey;

    public RSAEncrypter(RSAPublicKey rSAPublicKey) {
        this.pubKey = rSAPublicKey;
        try {
            this.randomGen = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            throw new ProviderException("Java Security provider doesn't support SHA1PRNG");
        }
    }

    @Override // com.nimbusds.jose.JWEEncrypter
    public JWECryptoParts encrypt(ReadOnlyJWEHeader readOnlyJWEHeader, byte[] bArr) throws JOSEException {
        Base64URL encode;
        JWEAlgorithm algorithm = readOnlyJWEHeader.getAlgorithm();
        EncryptionMethod encryptionMethod = readOnlyJWEHeader.getEncryptionMethod();
        try {
            SecretKey generateAESCMK = generateAESCMK(keyLengthForMethod(encryptionMethod));
            if (algorithm.equals(JWEAlgorithm.RSA1_5)) {
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                cipher.init(1, this.pubKey);
                encode = Base64URL.encode(cipher.doFinal(generateAESCMK.getEncoded()));
            } else {
                if (!algorithm.equals(JWEAlgorithm.RSA_OAEP)) {
                    throw new JOSEException("Algorithm must be RSA1_5 or RSA_OAEP");
                }
                try {
                    OAEPEncoding oAEPEncoding = new OAEPEncoding(new RSAEngine());
                    oAEPEncoding.init(true, new RSAKeyParameters(false, this.pubKey.getModulus(), this.pubKey.getPublicExponent()));
                    oAEPEncoding.getInputBlockSize();
                    oAEPEncoding.getOutputBlockSize();
                    byte[] encoded = generateAESCMK.getEncoded();
                    encode = Base64URL.encode(oAEPEncoding.processBlock(encoded, 0, encoded.length));
                } catch (InvalidCipherTextException e) {
                    throw new JOSEException(e.getMessage(), e);
                }
            }
            if (encode == null) {
                throw new JOSEException("Couldn't generate encrypted key");
            }
            if (!encryptionMethod.equals(EncryptionMethod.A128GCM) && !encryptionMethod.equals(EncryptionMethod.A256GCM)) {
                throw new JOSEException("Unsupported encryption method");
            }
            byte[] generateAESGCMIV = generateAESGCMIV();
            AESGCM.Result encrypt = AESGCM.encrypt(generateAESCMK, bArr, (readOnlyJWEHeader.toBase64URL().toString() + "." + encode.toString() + "." + Base64URL.encode(generateAESGCMIV).toString()).getBytes("UTF-8"), generateAESGCMIV);
            return new JWECryptoParts(encode, Base64URL.encode(generateAESGCMIV), Base64URL.encode(encrypt.getCipherText()), Base64URL.encode(encrypt.getAuthenticationTag()));
        } catch (UnsupportedEncodingException e2) {
            throw new JOSEException(e2.getMessage(), e2);
        } catch (InvalidKeyException e3) {
            throw new JOSEException("Invalid Key Exception", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new JOSEException("Java Security Provider doesn't support the algorithm specified", e4);
        } catch (BadPaddingException e5) {
            throw new JOSEException("Bad padding exception", e5);
        } catch (IllegalBlockSizeException e6) {
            throw new JOSEException("Illegal Block Size exception", e6);
        } catch (NoSuchPaddingException e7) {
            throw new JOSEException("No such padding Exception", e7);
        }
    }

    protected static SecretKey generateAESCMK(int i) throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(i);
        return keyGenerator.generateKey();
    }

    protected byte[] generateAESGCMIV() {
        byte[] bArr = new byte[96];
        this.randomGen.nextBytes(bArr);
        return bArr;
    }

    @Override // com.nimbusds.jose.crypto.RSAProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ Set supportedEncryptionMethods() {
        return super.supportedEncryptionMethods();
    }

    @Override // com.nimbusds.jose.crypto.RSAProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ Set supportedAlgorithms() {
        return super.supportedAlgorithms();
    }
}
