package dev.paseto.jpaseto.crypto.bouncycastle;

import dev.paseto.jpaseto.InvalidMacException;
import dev.paseto.jpaseto.impl.crypto.Hmacs;
import dev.paseto.jpaseto.impl.crypto.PreAuthEncoder;
import dev.paseto.jpaseto.impl.crypto.V1LocalCryptoProvider;
import dev.paseto.jpaseto.impl.lang.Bytes;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.Arrays;
import javax.crypto.SecretKey;
import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
import org.bouncycastle.crypto.params.HKDFParameters;
import org.bouncycastle.crypto.util.DigestFactory;

/* loaded from: input_file:dev/paseto/jpaseto/crypto/bouncycastle/BouncyCastleV1LocalCryptoProvider.class */
public class BouncyCastleV1LocalCryptoProvider implements V1LocalCryptoProvider {
    private static final byte[] HEADER_BYTES = "v1.local.".getBytes(StandardCharsets.UTF_8);

    /* JADX WARN: Type inference failed for: r0v11, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r0v16, types: [byte[], byte[][]] */
    public byte[] encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, SecretKey secretKey) {
        byte[] copyOf = Arrays.copyOf(bArr3, 16);
        byte[] copyOfRange = Arrays.copyOfRange(bArr3, 16, bArr3.length);
        byte[] encryptionKey = encryptionKey(secretKey, copyOf);
        byte[] authenticationKey = authenticationKey(secretKey, copyOf);
        byte[] doCipher = V1LocalCryptoProvider.doCipher(1, encryptionKey, copyOfRange, bArr);
        return Bytes.concat((byte[][]) new byte[]{bArr3, doCipher, Hmacs.hmacSha384(authenticationKey, PreAuthEncoder.encode((byte[][]) new byte[]{HEADER_BYTES, bArr3, doCipher, bArr2}))});
    }

    /* JADX WARN: Type inference failed for: r0v13, types: [byte[], byte[][]] */
    public byte[] decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, SecretKey secretKey) {
        byte[] copyOf = Arrays.copyOf(bArr3, 16);
        byte[] copyOfRange = Arrays.copyOfRange(bArr3, 16, bArr3.length);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 32, bArr.length - 48);
        byte[] copyOfRange3 = Arrays.copyOfRange(bArr, bArr.length - 48, bArr.length);
        byte[] encryptionKey = encryptionKey(secretKey, copyOf);
        if (MessageDigest.isEqual(Hmacs.hmacSha384(authenticationKey(secretKey, copyOf), PreAuthEncoder.encode((byte[][]) new byte[]{HEADER_BYTES, bArr3, copyOfRange2, bArr2})), copyOfRange3)) {
            return V1LocalCryptoProvider.doCipher(2, encryptionKey, copyOfRange, copyOfRange2);
        }
        throw new InvalidMacException("Failed to validate mac in token");
    }

    private byte[] hkdfSha384(SecretKey secretKey, byte[] bArr, String str) {
        HKDFBytesGenerator hKDFBytesGenerator = new HKDFBytesGenerator(DigestFactory.createSHA384());
        hKDFBytesGenerator.init(new HKDFParameters(secretKey.getEncoded(), bArr, str.getBytes(StandardCharsets.UTF_8)));
        byte[] bArr2 = new byte[32];
        hKDFBytesGenerator.generateBytes(bArr2, 0, bArr2.length);
        return bArr2;
    }

    private byte[] encryptionKey(SecretKey secretKey, byte[] bArr) {
        return hkdfSha384(secretKey, bArr, "paseto-encryption-key");
    }

    private byte[] authenticationKey(SecretKey secretKey, byte[] bArr) {
        return hkdfSha384(secretKey, bArr, "paseto-auth-key-for-aead");
    }
}
