package org.apache.cxf.rs.security.jose.jwe;

import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.SecretKey;
import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;

/* loaded from: input_file:org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.class */
public abstract class AbstractJweEncryption implements JweEncryptionProvider {
    protected static final int DEFAULT_AUTH_TAG_LENGTH = 128;
    private JweHeaders headers;
    private JoseHeadersWriter writer;
    private ContentEncryptionAlgorithm contentEncryptionAlgo;
    private KeyEncryptionAlgorithm keyEncryptionAlgo;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption$JweEncryptionInternal.class */
    public static class JweEncryptionInternal {
        JweHeaders theHeaders;
        byte[] jweContentEncryptionKey;
        byte[] theIv;
        KeyProperties keyProps;
        byte[] secretKey;

        protected JweEncryptionInternal() {
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractJweEncryption(JweHeaders jweHeaders, ContentEncryptionAlgorithm contentEncryptionAlgorithm, KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
        this(jweHeaders, contentEncryptionAlgorithm, keyEncryptionAlgorithm, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractJweEncryption(JweHeaders jweHeaders, ContentEncryptionAlgorithm contentEncryptionAlgorithm, KeyEncryptionAlgorithm keyEncryptionAlgorithm, JoseHeadersWriter joseHeadersWriter) {
        this.headers = jweHeaders;
        this.writer = joseHeadersWriter;
        if (this.writer == null) {
            this.writer = new JoseHeadersReaderWriter();
        }
        this.keyEncryptionAlgo = keyEncryptionAlgorithm;
        this.contentEncryptionAlgo = contentEncryptionAlgorithm;
    }

    protected AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] bArr) {
        return this.contentEncryptionAlgo.getAlgorithmParameterSpec(bArr);
    }

    protected byte[] getContentEncryptionKey() {
        byte[] providedContentEncryptionKey = getProvidedContentEncryptionKey();
        if (providedContentEncryptionKey == null) {
            providedContentEncryptionKey = CryptoUtils.getSecretKey(Algorithm.stripAlgoProperties(getContentEncryptionAlgoJava()), getCekSize(getContentEncryptionAlgoJwt())).getEncoded();
        }
        return providedContentEncryptionKey;
    }

    protected int getCekSize(String str) {
        return Algorithm.valueOf(str.replace('-', '_')).getKeySizeBits();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getProvidedContentEncryptionKey() {
        return this.contentEncryptionAlgo.getContentEncryptionKey(this.headers);
    }

    protected byte[] getEncryptedContentEncryptionKey(byte[] bArr) {
        return this.keyEncryptionAlgo.getEncryptedContentEncryptionKey(this.headers, bArr);
    }

    protected String getContentEncryptionAlgoJwt() {
        return this.headers.getContentEncryptionAlgorithm();
    }

    protected String getContentEncryptionAlgoJava() {
        return Algorithm.toJavaName(getContentEncryptionAlgoJwt());
    }

    protected byte[] getAAD(JweHeaders jweHeaders) {
        return this.contentEncryptionAlgo.getAdditionalAuthenticationData(this.writer.headersToJson(jweHeaders));
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider
    public String encrypt(byte[] bArr, String str) {
        JweEncryptionInternal internalState = getInternalState(str);
        return getJweCompactProducer(internalState, CryptoUtils.encryptBytes(bArr, createCekSecretKey(internalState), internalState.keyProps)).getJweContent();
    }

    protected JweCompactProducer getJweCompactProducer(JweEncryptionInternal jweEncryptionInternal, byte[] bArr) {
        return new JweCompactProducer(jweEncryptionInternal.theHeaders, getJwtHeadersWriter(), jweEncryptionInternal.jweContentEncryptionKey, jweEncryptionInternal.theIv, bArr, DEFAULT_AUTH_TAG_LENGTH);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JoseHeadersWriter getJwtHeadersWriter() {
        return this.writer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JweHeaders getJweHeaders() {
        return this.headers;
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider
    public JweEncryptionState createJweEncryptionState(String str) {
        JweEncryptionInternal internalState = getInternalState(str);
        return new JweEncryptionState(CryptoUtils.initCipher(createCekSecretKey(internalState), internalState.keyProps, 1), internalState.theHeaders, internalState.jweContentEncryptionKey, internalState.theIv, getAuthenticationTagProducer(internalState), internalState.keyProps.isCompressionSupported());
    }

    protected AuthenticationTagProducer getAuthenticationTagProducer(JweEncryptionInternal jweEncryptionInternal) {
        return null;
    }

    protected SecretKey createCekSecretKey(JweEncryptionInternal jweEncryptionInternal) {
        return CryptoUtils.createSecretKeySpec(getActualCek(jweEncryptionInternal.secretKey, getContentEncryptionAlgoJwt()), jweEncryptionInternal.keyProps.getKeyAlgo());
    }

    protected byte[] getActualCek(byte[] bArr, String str) {
        return bArr;
    }

    private JweEncryptionInternal getInternalState(String str) {
        byte[] contentEncryptionKey = getContentEncryptionKey();
        KeyProperties keyProperties = new KeyProperties(Algorithm.toJavaName(this.headers.getContentEncryptionAlgorithm()));
        keyProperties.setCompressionSupported(compressionRequired(this.headers));
        byte[] initVector = this.contentEncryptionAlgo.getInitVector();
        keyProperties.setAlgoSpec(getAlgorithmParameterSpec(initVector));
        byte[] encryptedContentEncryptionKey = getEncryptedContentEncryptionKey(contentEncryptionKey);
        JweHeaders jweHeaders = this.headers;
        if (str != null) {
            jweHeaders = new JweHeaders(jweHeaders.asMap());
            jweHeaders.setContentType(str);
        }
        keyProperties.setAdditionalData(getAAD(jweHeaders));
        JweEncryptionInternal jweEncryptionInternal = new JweEncryptionInternal();
        jweEncryptionInternal.theHeaders = jweHeaders;
        jweEncryptionInternal.jweContentEncryptionKey = encryptedContentEncryptionKey;
        jweEncryptionInternal.keyProps = keyProperties;
        jweEncryptionInternal.secretKey = contentEncryptionKey;
        jweEncryptionInternal.theIv = initVector;
        return jweEncryptionInternal;
    }

    private boolean compressionRequired(JweHeaders jweHeaders) {
        return JoseConstants.DEFLATE_ZIP_ALGORITHM.equals(jweHeaders.getZipAlgorithm());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyEncryptionAlgorithm getKeyEncryptionAlgo() {
        return this.keyEncryptionAlgo;
    }
}
