package org.picketlink.json.jose.crypto;

import java.nio.charset.Charset;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.SecretKey;
import org.picketlink.json.JsonConstants;
import org.picketlink.json.jose.JWE;
import org.picketlink.json.util.JsonUtil;

/* loaded from: input_file:org/picketlink/json/jose/crypto/JWEEncrypter.class */
public class JWEEncrypter {
    private final RSAPublicKey publicKey;

    public JWEEncrypter(RSAPublicKey rSAPublicKey) {
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("The public RSA key must not be null");
        }
        this.publicKey = rSAPublicKey;
    }

    public RSAPublicKey getPublicKey() {
        return this.publicKey;
    }

    public String encrypt(JWE jwe, byte[] bArr) {
        byte[] encryptCEK;
        byte[] generateIV;
        AuthenticatedCipherText encryptAuthenticated;
        String algorithm = jwe.getAlgorithm();
        String encryptionAlgorithm = jwe.getEncryptionAlgorithm();
        SecureRandom secureRandom = new SecureRandom();
        SecretKey generateKey = AES.generateKey(Integer.parseInt(jwe.getCEKBitLength()), secureRandom);
        if (algorithm.equals(JsonConstants.JWE.ALG_RSA1_5)) {
            encryptCEK = RSA1_5.encryptCEK(this.publicKey, generateKey);
        } else if (algorithm.equals(JsonConstants.JWE.ALG_RSA_OAEP)) {
            encryptCEK = RSA_OAEP.encryptCEK(this.publicKey, generateKey);
        } else {
            if (!algorithm.equals(JsonConstants.JWE.ALG_RSA_OAEP_256)) {
                throw new RuntimeException("Unsupported JWE algorithm, must be RSA1_5, RSA-OAEP, or RSA-OAEP-256");
            }
            encryptCEK = RSA_OAEP_256.encryptCEK(this.publicKey, generateKey);
        }
        byte[] bArr2 = bArr;
        if (jwe.getCompressionAlgorithm().equals("DEF")) {
            try {
                bArr2 = DeflateUtils.compress(bArr);
            } catch (Exception e) {
                throw new RuntimeException("Failed to compress plainText");
            }
        }
        byte[] bytes = JsonUtil.b64Encode(jwe.toString()).getBytes(Charset.forName("UTF-8"));
        if (encryptionAlgorithm.equals(JsonConstants.JWE.ENC_A128CBC_HS256) || encryptionAlgorithm.equals(JsonConstants.JWE.ENC_A192CBC_HS384) || encryptionAlgorithm.equals(JsonConstants.JWE.ENC_A256CBC_HS512)) {
            generateIV = AESCBC.generateIV(secureRandom);
            encryptAuthenticated = AESCBC.encryptAuthenticated(generateKey, generateIV, bArr2, bytes);
        } else {
            if (!encryptionAlgorithm.equals(JsonConstants.JWE.ENC_A128GCM) && !encryptionAlgorithm.equals(JsonConstants.JWE.ENC_A192GCM) && !encryptionAlgorithm.equals(JsonConstants.JWE.ENC_A256GCM)) {
                throw new RuntimeException("Unsupported encryption method, must be A128CBC_HS256, A192CBC_HS384, A256CBC_HS512, A128GCM, A192GCM or A256GCM");
            }
            generateIV = AESGCM.generateIV(secureRandom);
            encryptAuthenticated = AESGCM.encrypt(generateKey, generateIV, bArr2, bytes);
        }
        return JsonUtil.b64Encode(jwe.toString()) + JsonConstants.COMMON.PERIOD + JsonUtil.b64Encode(encryptCEK) + JsonConstants.COMMON.PERIOD + JsonUtil.b64Encode(generateIV) + JsonConstants.COMMON.PERIOD + JsonUtil.b64Encode(encryptAuthenticated.getCipherText()) + JsonConstants.COMMON.PERIOD + JsonUtil.b64Encode(encryptAuthenticated.getAuthenticationTag());
    }
}
