package com.nimbusds.jose.crypto;

import com.nimbusds.jose.CompressionAlgorithm;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWECryptoParts;
import com.nimbusds.jose.JWEEncrypter;
import com.nimbusds.jose.ReadOnlyJWEHeader;
import com.nimbusds.jose.crypto.AESGCM;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.DeflateUtils;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.util.Set;
import javax.crypto.SecretKey;

/* loaded from: input_file:WEB-INF/lib/nimbus-jose-jwt-2.13.1.jar:com/nimbusds/jose/crypto/RSAEncrypter.class */
public class RSAEncrypter extends RSACryptoProvider implements JWEEncrypter {
    private final SecureRandom randomGen;
    private final RSAPublicKey publicKey;

    public RSAEncrypter(RSAPublicKey rSAPublicKey) throws JOSEException {
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("The public RSA key must not be null");
        }
        this.publicKey = rSAPublicKey;
        try {
            this.randomGen = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            throw new JOSEException(e.getMessage(), e);
        }
    }

    public RSAPublicKey getPublicKey() {
        return this.publicKey;
    }

    private static final byte[] applyCompression(ReadOnlyJWEHeader readOnlyJWEHeader, byte[] bArr) throws JOSEException {
        CompressionAlgorithm compressionAlgorithm = readOnlyJWEHeader.getCompressionAlgorithm();
        if (compressionAlgorithm == null) {
            return bArr;
        }
        if (!compressionAlgorithm.equals(CompressionAlgorithm.DEF)) {
            throw new JOSEException("Unsupported compression algorithm: " + compressionAlgorithm);
        }
        try {
            return DeflateUtils.compress(bArr);
        } catch (Exception e) {
            throw new JOSEException("Couldn't compress plain text: " + e.getMessage(), e);
        }
    }

    @Override // com.nimbusds.jose.JWEEncrypter
    public JWECryptoParts encrypt(ReadOnlyJWEHeader readOnlyJWEHeader, byte[] bArr) throws JOSEException {
        Base64URL encode;
        JWEAlgorithm algorithm = readOnlyJWEHeader.getAlgorithm();
        EncryptionMethod encryptionMethod = readOnlyJWEHeader.getEncryptionMethod();
        SecretKey generateAESCMK = AES.generateAESCMK(RSACryptoProvider.cmkBitLength(encryptionMethod));
        if (algorithm.equals(JWEAlgorithm.RSA1_5)) {
            encode = Base64URL.encode(RSA1_5.encryptCMK(this.publicKey, generateAESCMK));
        } else {
            if (!algorithm.equals(JWEAlgorithm.RSA_OAEP)) {
                throw new JOSEException("Unsupported algorithm, must be RSA1_5 or RSA_OAEP");
            }
            encode = Base64URL.encode(RSA_OAEP.encryptCMK(this.publicKey, generateAESCMK));
        }
        if (encode == null) {
            throw new JOSEException("Couldn't generate encrypted key");
        }
        byte[] applyCompression = applyCompression(readOnlyJWEHeader, bArr);
        if (!encryptionMethod.equals(EncryptionMethod.A128CBC_HS256) && !encryptionMethod.equals(EncryptionMethod.A256CBC_HS512)) {
            if (!encryptionMethod.equals(EncryptionMethod.A128GCM) && !encryptionMethod.equals(EncryptionMethod.A256GCM)) {
                throw new JOSEException("Unsupported encryption method, must be A128CBC_HS256, A256CBC_HS512, A128GCM or A128GCM");
            }
            byte[] generateIV = AESGCM.generateIV(this.randomGen);
            try {
                AESGCM.Result encrypt = AESGCM.encrypt(generateAESCMK, generateIV, applyCompression, (readOnlyJWEHeader.toBase64URL().toString() + "." + encode.toString() + "." + Base64URL.encode(generateIV).toString()).getBytes("UTF-8"));
                return new JWECryptoParts(encode, Base64URL.encode(generateIV), Base64URL.encode(encrypt.getCipherText()), Base64URL.encode(encrypt.getAuthenticationTag()));
            } catch (UnsupportedEncodingException e) {
                throw new JOSEException(e.getMessage(), e);
            }
        }
        byte[] bArr2 = null;
        if (readOnlyJWEHeader.getEncryptionPartyUInfo() != null) {
            bArr2 = readOnlyJWEHeader.getEncryptionPartyUInfo().decode();
        }
        byte[] bArr3 = null;
        if (readOnlyJWEHeader.getEncryptionPartyVInfo() != null) {
            bArr3 = readOnlyJWEHeader.getEncryptionPartyVInfo().decode();
        }
        SecretKey generateCEK = ConcatKDF.generateCEK(generateAESCMK, encryptionMethod, bArr2, bArr3);
        byte[] generateIV2 = AESCBC.generateIV(this.randomGen);
        byte[] encrypt2 = AESCBC.encrypt(generateCEK, generateIV2, applyCompression);
        return new JWECryptoParts(encode, Base64URL.encode(generateIV2), Base64URL.encode(encrypt2), Base64URL.encode(HMAC.compute(ConcatKDF.generateCIK(generateAESCMK, encryptionMethod, bArr2, bArr3), (readOnlyJWEHeader.toBase64URL().toString() + "." + encode.toString() + "." + Base64URL.encode(generateIV2).toString() + "." + Base64URL.encode(encrypt2)).getBytes())));
    }

    @Override // com.nimbusds.jose.crypto.BaseJWEProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ Set supportedEncryptionMethods() {
        return super.supportedEncryptionMethods();
    }

    @Override // com.nimbusds.jose.crypto.BaseJWEProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ Set supportedAlgorithms() {
        return super.supportedAlgorithms();
    }
}
