package org.picketbox.json.enc;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.UUID;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException;
import org.picketbox.json.PicketBoxJSONConstants;
import org.picketbox.json.PicketBoxJSONMessages;
import org.picketbox.json.exceptions.ProcessingException;
import org.picketbox.json.util.Base64;
import org.picketbox.json.util.PicketBoxJSONUtil;

/* loaded from: input_file:org/picketbox/json/enc/JSONWebEncryption.class */
public class JSONWebEncryption {
    protected JSONWebEncryptionHeader jsonWebEncryptionHeader;

    public JSONWebEncryptionHeader createHeader() {
        if (this.jsonWebEncryptionHeader == null) {
            this.jsonWebEncryptionHeader = new JSONWebEncryptionHeader();
        }
        return this.jsonWebEncryptionHeader;
    }

    public JSONWebEncryptionHeader getJsonWebEncryptionHeader() {
        return this.jsonWebEncryptionHeader;
    }

    public void setJsonWebEncryptionHeader(JSONWebEncryptionHeader jSONWebEncryptionHeader) {
        this.jsonWebEncryptionHeader = jSONWebEncryptionHeader;
    }

    public String encrypt(String str, PublicKey publicKey) throws ProcessingException {
        if (this.jsonWebEncryptionHeader == null) {
            throw PicketBoxJSONMessages.MESSAGES.jsonEncryptionHeaderMissing();
        }
        if (str == null) {
            throw PicketBoxJSONMessages.MESSAGES.invalidNullArgument("plainText");
        }
        if (publicKey == null) {
            throw PicketBoxJSONMessages.MESSAGES.invalidNullArgument("recipientPublicKey");
        }
        return encrypt(str, publicKey, createContentMasterKey());
    }

    public String encrypt(String str, PublicKey publicKey, byte[] bArr) throws ProcessingException {
        if (this.jsonWebEncryptionHeader == null) {
            throw PicketBoxJSONMessages.MESSAGES.jsonEncryptionHeaderMissing();
        }
        if (str == null) {
            throw PicketBoxJSONMessages.MESSAGES.invalidNullArgument("plainText");
        }
        if (publicKey == null) {
            throw PicketBoxJSONMessages.MESSAGES.invalidNullArgument("recipientPublicKey");
        }
        if (bArr == null) {
            return encrypt(str, publicKey);
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        String b64Encode = PicketBoxJSONUtil.b64Encode(encryptKey(publicKey, bArr));
        StringBuilder sb = new StringBuilder(PicketBoxJSONUtil.b64Encode(this.jsonWebEncryptionHeader.toString()));
        sb.append(PicketBoxJSONConstants.COMMON.PERIOD);
        sb.append(b64Encode);
        if (this.jsonWebEncryptionHeader.needIntegrity()) {
            try {
                String b64Encode2 = PicketBoxJSONUtil.b64Encode(EncUtil.encryptUsingAES_CBC(str, generateCEK(secretKeySpec.getEncoded(), this.jsonWebEncryptionHeader.getCEKLength()), new IvParameterSpec(this.jsonWebEncryptionHeader.getDelegate().getString(PicketBoxJSONConstants.JWE.IV).getBytes())));
                sb.append(PicketBoxJSONConstants.COMMON.PERIOD);
                sb.append(b64Encode2);
                String b64Encode3 = PicketBoxJSONUtil.b64Encode(performMac(generateCIK(secretKeySpec.getEncoded(), this.jsonWebEncryptionHeader.getCIKLength()), sb.toString().getBytes()));
                sb.append(PicketBoxJSONConstants.COMMON.PERIOD);
                sb.append(b64Encode3);
            } catch (JSONException e) {
                throw PicketBoxJSONMessages.MESSAGES.ignorableError(e);
            }
        } else {
            String b64Encode4 = PicketBoxJSONUtil.b64Encode(encryptText(str, publicKey));
            sb.append(PicketBoxJSONConstants.COMMON.PERIOD);
            sb.append(b64Encode4);
        }
        return sb.toString();
    }

    public String decrypt(String str, PrivateKey privateKey) throws ProcessingException {
        if (privateKey == null) {
            throw PicketBoxJSONMessages.MESSAGES.invalidNullArgument("privateKey");
        }
        try {
            String[] split = str.split("\\.");
            int length = split.length;
            String str2 = split[0];
            String str3 = split[1];
            String str4 = split[2];
            String str5 = null;
            if (length == 4) {
                str5 = split[3];
            }
            String str6 = new String(Base64.decode(str2));
            JSONWebEncryptionHeader jSONWebEncryptionHeader = new JSONWebEncryptionHeader();
            jSONWebEncryptionHeader.load(str6);
            if (!jSONWebEncryptionHeader.needIntegrity()) {
                Cipher cipherBasedOnAlg = jSONWebEncryptionHeader.getCipherBasedOnAlg();
                cipherBasedOnAlg.init(2, privateKey);
                return new String(cipherBasedOnAlg.doFinal(Base64.decode(str4)));
            }
            byte[] decryptKey = decryptKey(privateKey, Base64.decode(str3));
            try {
                byte[] decryptUsingAES_CBC = EncUtil.decryptUsingAES_CBC(Base64.decode(str4), generateCEK(decryptKey, jSONWebEncryptionHeader.getCEKLength()), new IvParameterSpec(jSONWebEncryptionHeader.getDelegate().getString(PicketBoxJSONConstants.JWE.IV).getBytes()));
                byte[] generateCIK = generateCIK(decryptKey, jSONWebEncryptionHeader.getCIKLength());
                StringBuilder sb = new StringBuilder(PicketBoxJSONUtil.b64Encode(jSONWebEncryptionHeader.toString()));
                sb.append(PicketBoxJSONConstants.COMMON.PERIOD).append(str3).append(PicketBoxJSONConstants.COMMON.PERIOD).append(str4);
                if (byteEquals(PicketBoxJSONUtil.b64Encode(performMac(generateCIK, sb.toString().getBytes())).getBytes(), str5.getBytes())) {
                    return new String(decryptUsingAES_CBC);
                }
                throw new RuntimeException("Integrity Checks Failed");
            } catch (JSONException e) {
                throw PicketBoxJSONMessages.MESSAGES.ignorableError(e);
            }
        } catch (Exception e2) {
            throw PicketBoxJSONMessages.MESSAGES.processingException(e2);
        }
    }

    private byte[] encryptText(String str, PublicKey publicKey) throws ProcessingException {
        if (publicKey == null) {
            throw PicketBoxJSONMessages.MESSAGES.invalidNullArgument("recipientPublicKey");
        }
        try {
            Cipher cipherBasedOnAlg = this.jsonWebEncryptionHeader.getCipherBasedOnAlg();
            cipherBasedOnAlg.init(1, publicKey);
            return cipherBasedOnAlg.doFinal(str.getBytes());
        } catch (Exception e) {
            throw PicketBoxJSONMessages.MESSAGES.processingException(e);
        }
    }

    private byte[] encryptKey(PublicKey publicKey, byte[] bArr) throws ProcessingException {
        if (publicKey == null) {
            throw PicketBoxJSONMessages.MESSAGES.invalidNullArgument("publicKey");
        }
        try {
            Cipher cipherBasedOnAlg = this.jsonWebEncryptionHeader.getCipherBasedOnAlg();
            cipherBasedOnAlg.init(1, publicKey);
            return cipherBasedOnAlg.doFinal(bArr);
        } catch (Exception e) {
            throw PicketBoxJSONMessages.MESSAGES.processingException(e);
        }
    }

    private byte[] decryptKey(PrivateKey privateKey, byte[] bArr) throws ProcessingException {
        if (privateKey == null) {
            throw PicketBoxJSONMessages.MESSAGES.invalidNullArgument("privateKey");
        }
        try {
            Cipher cipherBasedOnAlg = this.jsonWebEncryptionHeader.getCipherBasedOnAlg();
            cipherBasedOnAlg.init(2, privateKey);
            return cipherBasedOnAlg.doFinal(bArr);
        } catch (Exception e) {
            throw PicketBoxJSONMessages.MESSAGES.processingException(e);
        }
    }

    private byte[] createContentMasterKey() {
        return UUID.randomUUID().toString().getBytes();
    }

    private byte[] generateCIK(byte[] bArr, int i) throws ProcessingException {
        return new ConcatenationKeyDerivation(EncUtil.SHA_256).concatKDF(bArr, i, new byte[]{73, 110, 116, 101, 103, 114, 105, 116, 121});
    }

    private byte[] generateCEK(byte[] bArr, int i) throws ProcessingException {
        return new ConcatenationKeyDerivation(EncUtil.SHA_256).concatKDF(bArr, i, new byte[]{69, 110, 99, 114, 121, 112, 116, 105, 111, 110});
    }

    private byte[] performMac(byte[] bArr, byte[] bArr2) throws ProcessingException {
        try {
            Mac mac = Mac.getInstance(this.jsonWebEncryptionHeader.getMessageAuthenticationCodeAlgo());
            mac.init(new SecretKeySpec(bArr, mac.getAlgorithm()));
            mac.update(bArr2);
            return mac.doFinal();
        } catch (Exception e) {
            throw PicketBoxJSONMessages.MESSAGES.processingException(e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private boolean byteEquals(byte[] bArr, byte[] bArr2) {
        if (bArr == bArr2) {
            return true;
        }
        if (bArr == null || bArr2 == null || bArr.length != bArr2.length) {
            return false;
        }
        Object[] objArr = false;
        for (int i = 0; i != bArr.length; i++) {
            objArr = (objArr == true ? 1 : 0) | (bArr[i] ^ bArr2[i]) ? 1 : 0;
        }
        return objArr == false;
    }
}
