package org.apache.cxf.rs.security.jose.jwe;

import java.security.KeyPair;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
import org.apache.cxf.rt.security.crypto.CryptoUtils;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-416-04.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-rs-security-jose-3.1.5.redhat-630416-04.jar:org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.class */
public class EcdhDirectKeyJweEncryption extends JweEncryption {

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-416-04.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-rs-security-jose-3.1.5.redhat-630416-04.jar:org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption$EcdhAesGcmContentEncryptionAlgorithm.class */
    protected static class EcdhAesGcmContentEncryptionAlgorithm extends AesGcmContentEncryptionAlgorithm {
        private EcdhHelper helper;

        public EcdhAesGcmContentEncryptionAlgorithm(ECPublicKey eCPublicKey, String str, String str2, String str3, ContentAlgorithm contentAlgorithm) {
            super(contentAlgorithm);
            this.helper = new EcdhHelper(eCPublicKey, str, str2, str3, contentAlgorithm.getJwaName());
        }

        @Override // org.apache.cxf.rs.security.jose.jwe.AbstractContentEncryptionAlgorithm, org.apache.cxf.rs.security.jose.jwe.ContentEncryptionProvider
        public byte[] getContentEncryptionKey(JweHeaders jweHeaders) {
            return this.helper.getDerivedKey(jweHeaders);
        }
    }

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-416-04.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-rs-security-jose-3.1.5.redhat-630416-04.jar:org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption$EcdhDirectKeyEncryptionAlgorithm.class */
    protected static class EcdhDirectKeyEncryptionAlgorithm extends DirectKeyEncryptionAlgorithm {
        protected EcdhDirectKeyEncryptionAlgorithm() {
        }

        @Override // org.apache.cxf.rs.security.jose.jwe.DirectKeyEncryptionAlgorithm
        protected void checkKeyEncryptionAlgorithm(JweHeaders jweHeaders) {
            jweHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.ECDH_ES_DIRECT);
        }
    }

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-416-04.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-rs-security-jose-3.1.5.redhat-630416-04.jar:org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption$EcdhHelper.class */
    protected static class EcdhHelper {
        private ECPublicKey peerPublicKey;
        private String ecurve;
        private byte[] apuBytes;
        private byte[] apvBytes;
        private String ctAlgo;

        public EcdhHelper(ECPublicKey eCPublicKey, String str, String str2, String str3, String str4) {
            this.ctAlgo = str4;
            this.peerPublicKey = eCPublicKey;
            this.ecurve = str;
            this.apuBytes = toApuBytes(str2);
            this.apvBytes = toBytes(str3);
        }

        public byte[] getDerivedKey(JweHeaders jweHeaders) {
            KeyPair generateECKeyPair = CryptoUtils.generateECKeyPair(this.ecurve);
            ECPublicKey eCPublicKey = (ECPublicKey) generateECKeyPair.getPublic();
            ECPrivateKey eCPrivateKey = (ECPrivateKey) generateECKeyPair.getPrivate();
            ContentAlgorithm valueOf = ContentAlgorithm.valueOf(this.ctAlgo);
            jweHeaders.setHeader("apu", Base64UrlUtility.encode(this.apuBytes));
            jweHeaders.setHeader("apv", Base64UrlUtility.encode(this.apvBytes));
            jweHeaders.setJsonWebKey("epv", JwkUtils.fromECPublicKey(eCPublicKey, this.ecurve));
            return JweUtils.getECDHKey(eCPrivateKey, this.peerPublicKey, this.apuBytes, this.apvBytes, valueOf.getJwaName(), valueOf.getKeySizeBits());
        }

        private byte[] toApuBytes(String str) {
            return str != null ? toBytes(str) : CryptoUtils.generateSecureRandomBytes(64);
        }

        private byte[] toBytes(String str) {
            if (str == null) {
                return null;
            }
            return StringUtils.toBytesUTF8(str);
        }
    }

    public EcdhDirectKeyJweEncryption(ECPublicKey eCPublicKey, String str, ContentAlgorithm contentAlgorithm) {
        this(eCPublicKey, str, null, null, contentAlgorithm);
    }

    public EcdhDirectKeyJweEncryption(ECPublicKey eCPublicKey, String str, String str2, String str3, ContentAlgorithm contentAlgorithm) {
        super(new EcdhDirectKeyEncryptionAlgorithm(), new EcdhAesGcmContentEncryptionAlgorithm(eCPublicKey, str, str2, str3, contentAlgorithm));
    }
}
