package com.nimbusds.jose.crypto;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWECryptoParts;
import com.nimbusds.jose.JWEEncrypter;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.StringUtils;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import net.jcip.annotations.ThreadSafe;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/nimbus-jose-jwt-3.8.jar:com/nimbusds/jose/crypto/AESEncrypter.class */
public class AESEncrypter extends AESCryptoProvider implements JWEEncrypter {
    private final SecretKey kek;

    /* loaded from: input_file:WEB-INF/lib/nimbus-jose-jwt-3.8.jar:com/nimbusds/jose/crypto/AESEncrypter$AlgFamily.class */
    private enum AlgFamily {
        AESKW,
        AESGCMKW
    }

    public AESEncrypter(SecretKey secretKey) {
        if (secretKey == null) {
            throw new IllegalArgumentException("The Key Encrypting Key must not be null");
        }
        this.kek = secretKey;
    }

    public AESEncrypter(byte[] bArr) {
        this(new SecretKeySpec(bArr, "AES"));
    }

    public SecretKey getKey() {
        return this.kek;
    }

    @Override // com.nimbusds.jose.JWEEncrypter
    public JWECryptoParts encrypt(JWEHeader jWEHeader, byte[] bArr) throws JOSEException {
        AlgFamily algFamily;
        Base64URL encode;
        JWEHeader build;
        byte[] generateIV;
        AuthenticatedCipherText encryptAuthenticated;
        JWEAlgorithm algorithm = jWEHeader.getAlgorithm();
        EncryptionMethod encryptionMethod = jWEHeader.getEncryptionMethod();
        SecureRandom secureRandom = getSecureRandom();
        SecretKey generateKey = AES.generateKey(encryptionMethod.cekBitLength(), secureRandom);
        if (algorithm.equals(JWEAlgorithm.A128KW)) {
            if (this.kek.getEncoded().length != 16) {
                throw new JOSEException("The Key Encryption Key (KEK) length must be 128 bits for A128KW encryption");
            }
            algFamily = AlgFamily.AESKW;
        } else if (algorithm.equals(JWEAlgorithm.A192KW)) {
            if (this.kek.getEncoded().length != 24) {
                throw new JOSEException("The Key Encryption Key (KEK) length must be 192 bits for A192KW encryption");
            }
            algFamily = AlgFamily.AESKW;
        } else if (algorithm.equals(JWEAlgorithm.A256KW)) {
            if (this.kek.getEncoded().length != 32) {
                throw new JOSEException("The Key Encryption Key (KEK) length must be 256 bits for A256KW encryption");
            }
            algFamily = AlgFamily.AESKW;
        } else if (algorithm.equals(JWEAlgorithm.A128GCMKW)) {
            if (this.kek.getEncoded().length != 16) {
                throw new JOSEException("The Key Encryption Key (KEK) length must be 128 bits for A128GCMKW encryption");
            }
            algFamily = AlgFamily.AESGCMKW;
        } else if (algorithm.equals(JWEAlgorithm.A192GCMKW)) {
            if (this.kek.getEncoded().length != 24) {
                throw new JOSEException("The Key Encryption Key (KEK) length must be 192 bits for A192GCMKW encryption");
            }
            algFamily = AlgFamily.AESGCMKW;
        } else {
            if (!algorithm.equals(JWEAlgorithm.A256GCMKW)) {
                throw new JOSEException("Unsupported JWE algorithm, must be A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW orA256GCMKW");
            }
            if (this.kek.getEncoded().length != 32) {
                throw new JOSEException("The Key Encryption Key (KEK) length must be 256 bits for A256GCMKW encryption");
            }
            algFamily = AlgFamily.AESGCMKW;
        }
        if (AlgFamily.AESKW.equals(algFamily)) {
            encode = Base64URL.encode(AESKW.encryptCEK(generateKey, this.kek));
            build = jWEHeader;
        } else {
            if (!AlgFamily.AESGCMKW.equals(algFamily)) {
                throw new JOSEException("Unsupported JWE algorithm, must be A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW orA256GCMKW");
            }
            byte[] generateIV2 = AESGCM.generateIV(secureRandom);
            AuthenticatedCipherText encryptCEK = AESGCMKW.encryptCEK(generateKey, generateIV2, this.kek, this.keyEncryptionProvider);
            encode = Base64URL.encode(encryptCEK.getCipherText());
            build = new JWEHeader.Builder(jWEHeader).iv(Base64URL.encode(generateIV2)).authTag(Base64URL.encode(encryptCEK.getAuthenticationTag())).build();
        }
        byte[] applyCompression = DeflateHelper.applyCompression(build, bArr);
        byte[] byteArray = StringUtils.toByteArray(build.toBase64URL().toString());
        if (encryptionMethod.equals(EncryptionMethod.A128CBC_HS256) || encryptionMethod.equals(EncryptionMethod.A192CBC_HS384) || encryptionMethod.equals(EncryptionMethod.A256CBC_HS512)) {
            generateIV = AESCBC.generateIV(secureRandom);
            encryptAuthenticated = AESCBC.encryptAuthenticated(generateKey, generateIV, applyCompression, byteArray, this.contentEncryptionProvider, this.macProvider);
        } else if (encryptionMethod.equals(EncryptionMethod.A128GCM) || encryptionMethod.equals(EncryptionMethod.A192GCM) || encryptionMethod.equals(EncryptionMethod.A256GCM)) {
            generateIV = AESGCM.generateIV(secureRandom);
            encryptAuthenticated = AESGCM.encrypt(generateKey, generateIV, applyCompression, byteArray, this.contentEncryptionProvider);
        } else {
            if (!encryptionMethod.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) && !encryptionMethod.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)) {
                throw new JOSEException("Unsupported encryption method, must be A128CBC_HS256, A192CBC_HS384, A256CBC_HS512, A128GCM, A192GCM or A256GCM");
            }
            generateIV = AESCBC.generateIV(secureRandom);
            encryptAuthenticated = AESCBC.encryptWithConcatKDF(build, generateKey, encode, generateIV, applyCompression, this.contentEncryptionProvider, this.macProvider);
        }
        return new JWECryptoParts(build, encode, Base64URL.encode(generateIV), Base64URL.encode(encryptAuthenticated.getCipherText()), Base64URL.encode(encryptAuthenticated.getAuthenticationTag()));
    }

    @Override // com.nimbusds.jose.crypto.BaseJWEProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ void setSecureRandom(SecureRandom secureRandom) {
        super.setSecureRandom(secureRandom);
    }

    @Override // com.nimbusds.jose.crypto.BaseJWEProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ void setMACProvider(Provider provider) {
        super.setMACProvider(provider);
    }

    @Override // com.nimbusds.jose.crypto.BaseJWEProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ void setContentEncryptionProvider(Provider provider) {
        super.setContentEncryptionProvider(provider);
    }

    @Override // com.nimbusds.jose.crypto.BaseJWEProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ void setKeyEncryptionProvider(Provider provider) {
        super.setKeyEncryptionProvider(provider);
    }

    @Override // com.nimbusds.jose.crypto.BaseJWEProvider, com.nimbusds.jose.AlgorithmProvider
    public /* bridge */ /* synthetic */ void setProvider(Provider provider) {
        super.setProvider(provider);
    }

    @Override // com.nimbusds.jose.crypto.BaseJWEProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ Set supportedEncryptionMethods() {
        return super.supportedEncryptionMethods();
    }

    @Override // com.nimbusds.jose.crypto.BaseJWEProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ Set supportedAlgorithms() {
        return super.supportedAlgorithms();
    }
}
