package org.forgerock.json.jose.jwe.handlers.encryption;

import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import org.forgerock.json.jose.exceptions.JweDecryptionException;
import org.forgerock.json.jose.exceptions.JweEncryptionException;
import org.forgerock.json.jose.jwe.EncryptionMethod;
import org.forgerock.json.jose.jwe.JweEncryption;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/forgerock/json/jose/jwe/handlers/encryption/AESGCMContentEncryptionHandler.class */
public final class AESGCMContentEncryptionHandler extends ContentEncryptionHandler {
    private static final Logger LOGGER = Logger.getLogger(AESGCMContentEncryptionHandler.class.getName());
    private static final int TAG_LENGTH = 128;
    private static final int IV_LENGTH = 12;
    private final EncryptionMethod encryptionMethod;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AESGCMContentEncryptionHandler(EncryptionMethod encryptionMethod) {
        this.encryptionMethod = encryptionMethod;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.forgerock.json.jose.jwe.handlers.encryption.ContentEncryptionHandler
    public JweEncryption encrypt(Key key, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            Cipher cipher = Cipher.getInstance(this.encryptionMethod.getTransformation());
            cipher.init(1, key, new GCMParameterSpec(TAG_LENGTH, bArr));
            cipher.updateAAD(bArr3);
            byte[] doFinal = cipher.doFinal(bArr2);
            int length = doFinal.length - 16;
            return new JweEncryption(Arrays.copyOfRange(doFinal, 0, length), Arrays.copyOfRange(doFinal, length, doFinal.length));
        } catch (GeneralSecurityException e) {
            throw new JweEncryptionException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.forgerock.json.jose.jwe.handlers.encryption.ContentEncryptionHandler
    public byte[] decrypt(Key key, byte[] bArr, JweEncryption jweEncryption, byte[] bArr2) {
        try {
            Cipher cipher = Cipher.getInstance(this.encryptionMethod.getTransformation());
            cipher.init(2, key, new GCMParameterSpec(TAG_LENGTH, bArr));
            cipher.updateAAD(bArr2);
            cipher.update(jweEncryption.getCiphertext());
            return cipher.doFinal(jweEncryption.getAuthenticationTag());
        } catch (GeneralSecurityException e) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Decryption failed: " + e, (Throwable) e);
            }
            throw new JweDecryptionException();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.forgerock.json.jose.jwe.handlers.encryption.ContentEncryptionHandler
    public Key generateEncryptionKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(this.encryptionMethod.getEncryptionAlgorithm());
            keyGenerator.init(this.encryptionMethod.getKeySize());
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new JweEncryptionException("Unsupported Encryption Algorithm, " + this.encryptionMethod.getEncryptionAlgorithm(), e);
        }
    }

    @Override // org.forgerock.json.jose.jwe.handlers.encryption.ContentEncryptionHandler
    int getIVByteLength() {
        return IV_LENGTH;
    }
}
