package net.trajano.openidconnect.internal;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.util.zip.DataFormatException;
import java.util.zip.Deflater;
import java.util.zip.Inflater;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.trajano.openidconnect.crypto.Encoding;
import net.trajano.openidconnect.crypto.JoseHeader;
import net.trajano.openidconnect.crypto.JsonWebAlgorithm;
import net.trajano.openidconnect.crypto.JsonWebKey;
import net.trajano.openidconnect.crypto.JsonWebToken;
import net.trajano.openidconnect.crypto.JsonWebTokenCrypto;

/* loaded from: input_file:WEB-INF/lib/openid-connect-core-1.0.1.jar:net/trajano/openidconnect/internal/JcaJsonWebTokenCrypto.class */
public class JcaJsonWebTokenCrypto implements JsonWebTokenCrypto {
    private static final JcaJsonWebTokenCrypto INSTANCE = new JcaJsonWebTokenCrypto();
    private final SecureRandom random = new SecureRandom();

    public static JsonWebTokenCrypto getInstance() {
        return INSTANCE;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    @Override // net.trajano.openidconnect.crypto.JsonWebTokenCrypto
    public byte[][] buildJWSPayload(JoseHeader joseHeader, byte[] bArr, JsonWebKey jsonWebKey) throws GeneralSecurityException {
        ?? r0 = new byte[2];
        r0[0] = bArr;
        if (JsonWebAlgorithm.isMac(joseHeader.getAlg())) {
            Mac mac = Mac.getInstance(JsonWebAlgorithm.toJca(joseHeader.getAlg()));
            mac.init(jsonWebKey.toJcaKey());
            mac.update(joseHeader.getEncoded());
            mac.update((byte) 46);
            mac.update(Encoding.base64urlEncode(bArr).getBytes(CharSets.US_ASCII));
            r0[1] = mac.doFinal();
        } else {
            Signature signature = Signature.getInstance(JsonWebAlgorithm.toJca(joseHeader.getAlg()));
            signature.initSign((PrivateKey) jsonWebKey.toJcaKey());
            signature.update(joseHeader.getEncoded());
            signature.update((byte) 46);
            signature.update(Encoding.base64urlEncode(bArr).getBytes(CharSets.US_ASCII));
            r0[1] = signature.sign();
        }
        return r0;
    }

    @Override // net.trajano.openidconnect.crypto.JsonWebTokenCrypto
    public byte[][] buildJWEPayload(JoseHeader joseHeader, byte[] bArr, JsonWebKey jsonWebKey) throws IOException, GeneralSecurityException {
        String macAlg = JsonWebAlgorithm.getMacAlg(joseHeader.getEnc());
        return macAlg == null ? buildNoMacJWEPayload(joseHeader, bArr, jsonWebKey) : buildJWEPayloadWithMac(joseHeader, bArr, jsonWebKey, macAlg);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    private byte[][] buildJWEPayloadWithMac(JoseHeader joseHeader, byte[] bArr, JsonWebKey jsonWebKey, String str) throws IOException, GeneralSecurityException {
        ?? r0 = new byte[4];
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(JsonWebAlgorithm.getKeySize(joseHeader.getEnc()));
        SecretKey generateKey = keyGenerator.generateKey();
        SecretKey generateKey2 = keyGenerator.generateKey();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Cipher cipher = Cipher.getInstance(JsonWebAlgorithm.toJca(joseHeader.getAlg()));
        cipher.init(1, jsonWebKey.toJcaPublicKey());
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(generateKey2.getEncoded());
        cipherOutputStream.write(generateKey.getEncoded());
        cipherOutputStream.close();
        r0[0] = byteArrayOutputStream.toByteArray();
        byte[] bArr2 = new byte[JsonWebAlgorithm.getIvLen(joseHeader.getEnc())];
        this.random.nextBytes(bArr2);
        r0[1] = bArr2;
        Cipher cipher2 = Cipher.getInstance(JsonWebAlgorithm.toJca(joseHeader.getEnc()));
        byte[] encoded = joseHeader.getEncoded();
        if (JsonWebAlgorithm.isGcm(joseHeader.getEnc())) {
            cipher2.init(1, generateKey, new GCMParameterSpec(128, bArr2));
            cipher2.updateAAD(encoded);
        } else {
            cipher2.init(1, generateKey, new IvParameterSpec(bArr2));
        }
        byte[] doFinal = cipher2.doFinal(bArr);
        r0[2] = doFinal;
        byte[] calculateMac = calculateMac(generateKey2, bArr2, doFinal, encoded, str);
        r0[3] = new byte[16];
        System.arraycopy(calculateMac, 0, r0[3], 0, 16);
        return r0;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    public byte[][] buildNoMacJWEPayload(JoseHeader joseHeader, byte[] bArr, JsonWebKey jsonWebKey) throws IOException, GeneralSecurityException {
        ?? r0 = new byte[4];
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(JsonWebAlgorithm.getKeySize(joseHeader.getEnc()));
        SecretKey generateKey = keyGenerator.generateKey();
        byte[] encoded = generateKey.getEncoded();
        Cipher cipher = Cipher.getInstance(JsonWebAlgorithm.toJca(joseHeader.getAlg()));
        cipher.init(1, jsonWebKey.toJcaPublicKey());
        r0[0] = cipher.doFinal(encoded);
        byte[] bArr2 = new byte[JsonWebAlgorithm.getIvLen(joseHeader.getEnc())];
        this.random.nextBytes(bArr2);
        r0[1] = bArr2;
        Cipher cipher2 = Cipher.getInstance(JsonWebAlgorithm.toJca(joseHeader.getEnc()));
        if (JsonWebAlgorithm.isGcm(joseHeader.getEnc())) {
            cipher2.init(1, generateKey, new GCMParameterSpec(128, bArr2));
            cipher2.updateAAD(joseHeader.getEncoded());
        } else {
            cipher2.init(1, generateKey, new IvParameterSpec(bArr2));
        }
        ByteBuffer wrap = ByteBuffer.wrap(cipher2.doFinal(bArr));
        r0[2] = new byte[wrap.capacity() - 16];
        r0[3] = new byte[16];
        wrap.get(r0[2]).get(r0[3]);
        return r0;
    }

    @Override // net.trajano.openidconnect.crypto.JsonWebTokenCrypto
    public byte[] inflate(byte[] bArr) throws IOException {
        Inflater inflater = new Inflater(false);
        inflater.setInput(bArr);
        inflater.finished();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length);
        byte[] bArr2 = new byte[1024];
        while (!inflater.finished()) {
            try {
                byteArrayOutputStream.write(bArr2, 0, inflater.inflate(bArr2));
            } catch (DataFormatException e) {
                throw new IOException(e);
            }
        }
        byteArrayOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    @Override // net.trajano.openidconnect.crypto.JsonWebTokenCrypto
    public byte[] deflate(byte[] bArr) throws IOException {
        Deflater deflater = new Deflater(9, false);
        deflater.setInput(bArr);
        deflater.finish();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length);
        byte[] bArr2 = new byte[1024];
        while (!deflater.finished()) {
            byteArrayOutputStream.write(bArr2, 0, deflater.deflate(bArr2));
        }
        byteArrayOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    @Override // net.trajano.openidconnect.crypto.JsonWebTokenCrypto
    public byte[] getJWEPayload(JsonWebToken jsonWebToken, JsonWebKey jsonWebKey) throws GeneralSecurityException {
        byte[] payload = jsonWebToken.getPayload(0);
        byte[] payload2 = jsonWebToken.getPayload(1);
        byte[] payload3 = jsonWebToken.getPayload(2);
        byte[] payload4 = jsonWebToken.getPayload(3);
        byte[] bytes = jsonWebToken.getJoseHeaderEncoded().getBytes(CharSets.US_ASCII);
        PrivateKey privateKey = (PrivateKey) jsonWebKey.toJcaKey();
        String enc = jsonWebToken.getEnc();
        Cipher cipher = Cipher.getInstance(JsonWebAlgorithm.toJca(jsonWebToken.getAlg()));
        cipher.init(2, privateKey);
        byte[] doFinal = cipher.doFinal(payload);
        String macAlg = JsonWebAlgorithm.getMacAlg(jsonWebToken.getEnc());
        return macAlg == null ? getNoMacJWEPayload(doFinal, payload2, payload3, payload4, bytes, enc) : getJWEPayloadWithMac(doFinal, payload2, payload3, payload4, bytes, enc, macAlg);
    }

    private byte[] getNoMacJWEPayload(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, String str) throws GeneralSecurityException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        Cipher cipher = Cipher.getInstance(JsonWebAlgorithm.toJca(str));
        if (JsonWebAlgorithm.isGcm(str)) {
            cipher.init(2, secretKeySpec, new GCMParameterSpec(bArr4.length * 8, bArr2));
            cipher.updateAAD(bArr5);
        } else {
            cipher.init(2, secretKeySpec, new IvParameterSpec(bArr2));
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(cipher.update(bArr3));
            byteArrayOutputStream.write(cipher.doFinal(bArr4));
            byteArrayOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }

    private byte[] getJWEPayloadWithMac(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, String str, String str2) throws GeneralSecurityException {
        int keySize = JsonWebAlgorithm.getKeySize(str) / 8;
        int length = bArr.length - keySize;
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, 0, length, "AES");
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr, length, keySize, "AES");
        Cipher cipher = Cipher.getInstance(JsonWebAlgorithm.toJca(str));
        if (JsonWebAlgorithm.isGcm(str)) {
            cipher.init(2, secretKeySpec2, new GCMParameterSpec(bArr4.length * 8, bArr2));
            cipher.updateAAD(bArr5);
        } else {
            cipher.init(2, secretKeySpec2, new IvParameterSpec(bArr2));
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(cipher.doFinal(bArr3));
            byteArrayOutputStream.close();
            byte[] calculateMac = calculateMac(secretKeySpec, bArr2, bArr3, bArr5, str2);
            for (int i = 0; i < bArr4.length; i++) {
                if (calculateMac[i] != bArr4[i]) {
                    throw new GeneralSecurityException("MAC validation failed");
                }
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }

    private byte[] calculateMac(SecretKey secretKey, byte[] bArr, byte[] bArr2, byte[] bArr3, String str) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(str);
        mac.init(secretKey);
        long length = bArr3.length * 8;
        byte[] bArr4 = new byte[8];
        for (int i = 7; i >= 0; i--) {
            bArr4[i] = (byte) (length % 256);
            length /= 256;
        }
        mac.update(bArr3);
        mac.update(bArr);
        mac.update(bArr2);
        return mac.doFinal(bArr4);
    }

    @Override // net.trajano.openidconnect.crypto.JsonWebTokenCrypto
    public byte[] getJWSPayload(JsonWebToken jsonWebToken, JsonWebKey jsonWebKey, String str) throws GeneralSecurityException {
        if (JsonWebAlgorithm.isMac(str)) {
            Mac mac = Mac.getInstance(JsonWebAlgorithm.toJca(str));
            mac.init(jsonWebKey.toJcaKey());
            mac.update(jsonWebToken.getJoseHeaderEncoded().getBytes());
            mac.update((byte) 46);
            if (!MessageDigest.isEqual(mac.doFinal(Encoding.base64urlEncode(jsonWebToken.getPayload(0)).getBytes()), jsonWebToken.getPayload(1))) {
                throw new SignatureException("signature verification failed");
            }
        } else {
            PublicKey jcaPublicKey = jsonWebKey.toJcaPublicKey();
            Signature signature = Signature.getInstance(JsonWebAlgorithm.toJca(str));
            byte[] payload = jsonWebToken.getPayload(1);
            signature.initVerify(jcaPublicKey);
            signature.update(jsonWebToken.getJoseHeaderEncoded().getBytes());
            signature.update((byte) 46);
            signature.update(Encoding.base64urlEncode(jsonWebToken.getPayload(0)).getBytes());
            if (!signature.verify(payload)) {
                throw new SignatureException("signature verification failed");
            }
        }
        return jsonWebToken.getPayload(0);
    }
}
