package org.keycloak.jose.jwe;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.BouncyIntegration;
import org.keycloak.jose.jwe.JWEKeyStorage;
import org.keycloak.jose.jwe.alg.JWEAlgorithmProvider;
import org.keycloak.jose.jwe.enc.JWEEncryptionProvider;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:WEB-INF/lib/keycloak-core-12.0.3.jar:org/keycloak/jose/jwe/JWE.class */
public class JWE {
    private JWEHeader header;
    private String base64Header;
    private JWEKeyStorage keyStorage = new JWEKeyStorage();
    private String base64Cek;
    private byte[] initializationVector;
    private byte[] content;
    private byte[] encryptedContent;
    private byte[] authenticationTag;

    public JWE header(JWEHeader jWEHeader) {
        this.header = jWEHeader;
        this.base64Header = null;
        return this;
    }

    JWEHeader getHeader() {
        if (this.header == null && this.base64Header != null) {
            try {
                this.header = (JWEHeader) JsonSerialization.readValue(Base64Url.decode(this.base64Header), JWEHeader.class);
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        return this.header;
    }

    public String getBase64Header() throws IOException {
        if (this.base64Header == null && this.header != null) {
            this.base64Header = Base64Url.encode(JsonSerialization.writeValueAsBytes(this.header));
        }
        return this.base64Header;
    }

    public JWEKeyStorage getKeyStorage() {
        return this.keyStorage;
    }

    public byte[] getInitializationVector() {
        return this.initializationVector;
    }

    public JWE content(byte[] bArr) {
        this.content = bArr;
        return this;
    }

    public byte[] getContent() {
        return this.content;
    }

    public byte[] getEncryptedContent() {
        return this.encryptedContent;
    }

    public byte[] getAuthenticationTag() {
        return this.authenticationTag;
    }

    public void setEncryptedContentInfo(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        this.initializationVector = bArr;
        this.encryptedContent = bArr2;
        this.authenticationTag = bArr3;
    }

    public String encodeJwe() throws JWEException {
        try {
            if (this.header == null) {
                throw new IllegalStateException("Header must be set");
            }
            return encodeJwe(JWERegistry.getAlgProvider(this.header.getAlgorithm()), JWERegistry.getEncProvider(this.header.getEncryptionAlgorithm()));
        } catch (Exception e) {
            throw new JWEException(e);
        }
    }

    public String encodeJwe(JWEAlgorithmProvider jWEAlgorithmProvider, JWEEncryptionProvider jWEEncryptionProvider) throws JWEException {
        try {
            if (this.header == null) {
                throw new IllegalStateException("Header must be set");
            }
            if (this.content == null) {
                throw new IllegalStateException("Content must be set");
            }
            if (jWEAlgorithmProvider == null) {
                throw new IllegalArgumentException("No provider for alg '" + this.header.getAlgorithm() + "'");
            }
            if (jWEEncryptionProvider == null) {
                throw new IllegalArgumentException("No provider for enc '" + this.header.getEncryptionAlgorithm() + "'");
            }
            this.keyStorage.setEncryptionProvider(jWEEncryptionProvider);
            this.keyStorage.getCEKKey(JWEKeyStorage.KeyUse.ENCRYPTION, true);
            this.base64Cek = Base64Url.encode(jWEAlgorithmProvider.encodeCek(jWEEncryptionProvider, this.keyStorage, this.keyStorage.getEncryptionKey()));
            jWEEncryptionProvider.encodeJwe(this);
            return getEncodedJweString();
        } catch (Exception e) {
            throw new JWEException(e);
        }
    }

    private String getEncodedJweString() {
        StringBuilder sb = new StringBuilder();
        sb.append(this.base64Header).append(".").append(this.base64Cek).append(".").append(Base64Url.encode(this.initializationVector)).append(".").append(Base64Url.encode(this.encryptedContent)).append(".").append(Base64Url.encode(this.authenticationTag));
        return sb.toString();
    }

    private void setupJWEHeader(String str) throws IllegalStateException {
        String[] split = str.split("\\.");
        if (split.length != 5) {
            throw new IllegalStateException("Not a JWE String");
        }
        this.base64Header = split[0];
        this.base64Cek = split[1];
        this.initializationVector = Base64Url.decode(split[2]);
        this.encryptedContent = Base64Url.decode(split[3]);
        this.authenticationTag = Base64Url.decode(split[4]);
        this.header = getHeader();
    }

    private JWE getProcessedJWE(JWEAlgorithmProvider jWEAlgorithmProvider, JWEEncryptionProvider jWEEncryptionProvider) throws Exception {
        if (jWEAlgorithmProvider == null) {
            throw new IllegalArgumentException("No provider for alg ");
        }
        if (jWEEncryptionProvider == null) {
            throw new IllegalArgumentException("No provider for enc ");
        }
        this.keyStorage.setEncryptionProvider(jWEEncryptionProvider);
        this.keyStorage.setCEKBytes(jWEAlgorithmProvider.decodeCek(Base64Url.decode(this.base64Cek), this.keyStorage.getDecryptionKey()));
        jWEEncryptionProvider.verifyAndDecodeJwe(this);
        return this;
    }

    public JWE verifyAndDecodeJwe(String str) throws JWEException {
        try {
            setupJWEHeader(str);
            return getProcessedJWE(JWERegistry.getAlgProvider(this.header.getAlgorithm()), JWERegistry.getEncProvider(this.header.getEncryptionAlgorithm()));
        } catch (Exception e) {
            throw new JWEException(e);
        }
    }

    public JWE verifyAndDecodeJwe(String str, JWEAlgorithmProvider jWEAlgorithmProvider, JWEEncryptionProvider jWEEncryptionProvider) throws JWEException {
        try {
            setupJWEHeader(str);
            return getProcessedJWE(jWEAlgorithmProvider, jWEEncryptionProvider);
        } catch (Exception e) {
            throw new JWEException(e);
        }
    }

    public static String encryptUTF8(String str, String str2, String str3) {
        return encrypt(str, str2, str3.getBytes(StandardCharsets.UTF_8));
    }

    public static String encrypt(String str, String str2, byte[] bArr) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(new PBEKeySpec(str.toCharArray(), Base64.decode(str2), 100, 128)).getEncoded(), "AES");
            JWE content = new JWE().header(new JWEHeader(JWEConstants.A128KW, JWEConstants.A128CBC_HS256, null)).content(bArr);
            content.getKeyStorage().setEncryptionKey(secretKeySpec);
            return content.encodeJwe();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] decrypt(String str, String str2, String str3) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(new PBEKeySpec(str.toCharArray(), Base64.decode(str2), 100, 128)).getEncoded(), "AES");
            JWE jwe = new JWE();
            jwe.getKeyStorage().setDecryptionKey(secretKeySpec);
            jwe.verifyAndDecodeJwe(str3);
            return jwe.getContent();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static String decryptUTF8(String str, String str2, String str3) {
        return new String(decrypt(str, str2, str3), StandardCharsets.UTF_8);
    }

    static {
        BouncyIntegration.init();
    }
}
