package org.apache.cxf.rs.security.jose.jwe;

import java.security.NoSuchAlgorithmException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.JweException;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.apache.cxf.rt.security.crypto.KeyProperties;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-406.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-rs-security-jose-3.1.5.redhat-630406.jar:org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.class */
public abstract class AbstractJweEncryption implements JweEncryptionProvider {
    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractJweEncryption.class);
    protected static final int DEFAULT_AUTH_TAG_LENGTH = 128;
    private ContentEncryptionProvider contentEncryptionAlgo;
    private KeyEncryptionProvider keyEncryptionAlgo;
    private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-406.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-rs-security-jose-3.1.5.redhat-630406.jar:org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption$JweEncryptionInternal.class */
    public static class JweEncryptionInternal {
        JweHeaders theHeaders;
        byte[] jweContentEncryptionKey;
        byte[] theIv;
        KeyProperties keyProps;
        byte[] secretKey;
        String protectedHeadersJson;
        byte[] aad;

        protected JweEncryptionInternal() {
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractJweEncryption(ContentEncryptionProvider contentEncryptionProvider, KeyEncryptionProvider keyEncryptionProvider) {
        this.keyEncryptionAlgo = keyEncryptionProvider;
        this.contentEncryptionAlgo = contentEncryptionProvider;
    }

    protected ContentEncryptionProvider getContentEncryptionAlgorithm() {
        return this.contentEncryptionAlgo;
    }

    protected AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] bArr) {
        return getContentEncryptionAlgorithm().getAlgorithmParameterSpec(bArr);
    }

    protected byte[] getContentEncryptionKey(JweHeaders jweHeaders) {
        byte[] providedContentEncryptionKey = getProvidedContentEncryptionKey(jweHeaders);
        if (providedContentEncryptionKey == null) {
            providedContentEncryptionKey = CryptoUtils.getSecretKey(AlgorithmUtils.stripAlgoProperties(getContentEncryptionAlgoJava()), getCekSize(getContentEncryptionAlgoJwt())).getEncoded();
        }
        return providedContentEncryptionKey;
    }

    protected int getCekSize(String str) {
        return ContentAlgorithm.valueOf(str.replace('-', '_')).getKeySizeBits();
    }

    protected byte[] getProvidedContentEncryptionKey(JweHeaders jweHeaders) {
        return getContentEncryptionAlgorithm().getContentEncryptionKey(jweHeaders);
    }

    protected byte[] getEncryptedContentEncryptionKey(JweHeaders jweHeaders, byte[] bArr) {
        return getKeyEncryptionAlgo().getEncryptedContentEncryptionKey(jweHeaders, bArr);
    }

    protected String getContentEncryptionAlgoJwt() {
        return getContentEncryptionAlgorithm().getAlgorithm().getJwaName();
    }

    protected String getContentEncryptionAlgoJava() {
        return getContentEncryptionAlgorithm().getAlgorithm().getJavaName();
    }

    protected byte[] getAAD(String str, byte[] bArr) {
        return getContentEncryptionAlgorithm().getAdditionalAuthenticationData(str, bArr);
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider
    public String encrypt(byte[] bArr, JweHeaders jweHeaders) {
        JweEncryptionInternal internalState = getInternalState(jweHeaders, null);
        byte[] encryptInternal = encryptInternal(internalState, bArr);
        return new JweCompactProducer(internalState.protectedHeadersJson, internalState.jweContentEncryptionKey, internalState.theIv, getActualCipher(encryptInternal), getAuthenticationTag(internalState, encryptInternal)).getJweContent();
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider
    public JweEncryptionOutput getEncryptionOutput(JweEncryptionInput jweEncryptionInput) {
        JweEncryptionInternal internalState = getInternalState(jweEncryptionInput.getJweHeaders(), jweEncryptionInput);
        Cipher cipher = null;
        AuthenticationTagProducer authenticationTagProducer = null;
        byte[] bArr = null;
        byte[] bArr2 = null;
        if (jweEncryptionInput.getContent() == null) {
            cipher = CryptoUtils.initCipher(createCekSecretKey(internalState), internalState.keyProps, 1);
            authenticationTagProducer = getAuthenticationTagProducer(internalState);
        } else {
            byte[] encryptInternal = encryptInternal(internalState, jweEncryptionInput.getContent());
            bArr = getActualCipher(encryptInternal);
            bArr2 = getAuthenticationTag(internalState, encryptInternal);
        }
        return new JweEncryptionOutput(cipher, internalState.theHeaders, internalState.jweContentEncryptionKey, internalState.theIv, authenticationTagProducer, internalState.keyProps, bArr, bArr2);
    }

    protected byte[] encryptInternal(JweEncryptionInternal jweEncryptionInternal, byte[] bArr) {
        try {
            return CryptoUtils.encryptBytes(bArr, createCekSecretKey(jweEncryptionInternal), jweEncryptionInternal.keyProps);
        } catch (SecurityException e) {
            LOG.fine(e.getMessage());
            if (!(e.getCause() instanceof NoSuchAlgorithmException)) {
                throw new JweException(JweException.Error.CONTENT_ENCRYPTION_FAILURE);
            }
            LOG.warning("Unsupported algorithm: " + jweEncryptionInternal.keyProps.getKeyAlgo());
            throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
        }
    }

    protected byte[] getActualCipher(byte[] bArr) {
        return Arrays.copyOf(bArr, bArr.length - 16);
    }

    protected byte[] getAuthenticationTag(JweEncryptionInternal jweEncryptionInternal, byte[] bArr) {
        return Arrays.copyOfRange(bArr, bArr.length - 16, bArr.length);
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.JweKeyProperties
    public KeyAlgorithm getKeyAlgorithm() {
        KeyAlgorithm algorithm = getKeyEncryptionAlgo().getAlgorithm();
        if (algorithm != null) {
            return algorithm;
        }
        return null;
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.JweKeyProperties
    public ContentAlgorithm getContentAlgorithm() {
        return getContentEncryptionAlgorithm().getAlgorithm();
    }

    protected JsonMapObjectReaderWriter getJwtHeadersWriter() {
        return this.writer;
    }

    protected AuthenticationTagProducer getAuthenticationTagProducer(JweEncryptionInternal jweEncryptionInternal) {
        return null;
    }

    protected SecretKey createCekSecretKey(JweEncryptionInternal jweEncryptionInternal) {
        return CryptoUtils.createSecretKeySpec(getActualCek(jweEncryptionInternal.secretKey, getContentEncryptionAlgoJwt()), jweEncryptionInternal.keyProps.getKeyAlgo());
    }

    protected byte[] getActualCek(byte[] bArr, String str) {
        return bArr;
    }

    private JweEncryptionInternal getInternalState(JweHeaders jweHeaders, JweEncryptionInput jweEncryptionInput) {
        JweHeaders jweHeaders2;
        JweHeaders jweHeaders3 = new JweHeaders();
        if (getKeyAlgorithm() != null) {
            jweHeaders3.setKeyEncryptionAlgorithm(getKeyAlgorithm());
        }
        jweHeaders3.setContentEncryptionAlgorithm(getContentEncryptionAlgorithm().getAlgorithm());
        if (jweHeaders == null) {
            jweHeaders2 = jweHeaders3;
        } else {
            if (jweHeaders.getKeyEncryptionAlgorithm() != null && (getKeyAlgorithm() == null || !getKeyAlgorithm().equals(jweHeaders.getKeyEncryptionAlgorithm()))) {
                LOG.warning("Invalid key encryption algorithm");
                throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
            }
            if (jweHeaders.getContentEncryptionAlgorithm() != null && !getContentEncryptionAlgoJwt().equals(jweHeaders.getContentEncryptionAlgorithm().getJwaName())) {
                LOG.warning("Invalid content encryption algorithm");
                throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
            }
            jweHeaders3.asMap().putAll(jweHeaders.asMap());
            jweHeaders2 = jweHeaders.getProtectedHeaders() != null ? jweHeaders.getProtectedHeaders() : jweHeaders3;
        }
        byte[] contentEncryptionKey = (jweEncryptionInput == null || jweEncryptionInput.getCek() == null) ? getContentEncryptionKey(jweHeaders3) : jweEncryptionInput.getCek();
        KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgoJava());
        keyProperties.setCompressionSupported(compressionRequired(jweHeaders3));
        byte[] initVector = (jweEncryptionInput == null || jweEncryptionInput.getIv() == null) ? getContentEncryptionAlgorithm().getInitVector() : jweEncryptionInput.getIv();
        keyProperties.setAlgoSpec(getAlgorithmParameterSpec(initVector));
        byte[] encryptedContentEncryptionKey = getEncryptedContentEncryptionKey(jweHeaders3, contentEncryptionKey);
        String json2 = this.writer.toJson(jweHeaders2);
        keyProperties.setAdditionalData(getAAD(json2, jweEncryptionInput == null ? null : jweEncryptionInput.getAad()));
        JweEncryptionInternal jweEncryptionInternal = new JweEncryptionInternal();
        jweEncryptionInternal.theHeaders = jweHeaders3;
        jweEncryptionInternal.jweContentEncryptionKey = encryptedContentEncryptionKey;
        jweEncryptionInternal.keyProps = keyProperties;
        jweEncryptionInternal.secretKey = contentEncryptionKey;
        jweEncryptionInternal.theIv = initVector;
        jweEncryptionInternal.protectedHeadersJson = json2;
        jweEncryptionInternal.aad = jweEncryptionInput != null ? jweEncryptionInput.getAad() : null;
        return jweEncryptionInternal;
    }

    private boolean compressionRequired(JweHeaders jweHeaders) {
        return JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equals(jweHeaders.getZipAlgorithm());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyEncryptionProvider getKeyEncryptionAlgo() {
        return this.keyEncryptionAlgo;
    }
}
