package org.forgerock.json.jose.jwe.handlers.encryption;

import java.nio.ByteBuffer;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import org.forgerock.json.jose.exceptions.JweDecryptionException;
import org.forgerock.json.jose.exceptions.JweEncryptionException;
import org.forgerock.json.jose.jwe.EncryptionMethod;
import org.forgerock.json.jose.jwe.JweAlgorithm;
import org.forgerock.json.jose.jwe.JweEncryption;
import org.forgerock.json.jose.jws.JwsAlgorithm;
import org.forgerock.json.jose.jws.SigningManager;
import org.forgerock.json.jose.utils.Utils;

/* loaded from: input_file:org/forgerock/json/jose/jwe/handlers/encryption/RSA15AES128CBCHS256EncryptionHandler.class */
public class RSA15AES128CBCHS256EncryptionHandler extends AbstractEncryptionHandler {
    private static final JweAlgorithm ALGORITHM = JweAlgorithm.RSAES_PKCS1_V1_5;
    private static final EncryptionMethod ENCRYPTION_METHOD = EncryptionMethod.A128CBC_HS256;
    private static final String INITIALISATION_VECTOR_ALGORITHM = "SHA1PRNG";
    private final SigningManager signingManager;

    public RSA15AES128CBCHS256EncryptionHandler(SigningManager signingManager) {
        this.signingManager = signingManager;
    }

    @Override // org.forgerock.json.jose.jwe.handlers.encryption.EncryptionHandler
    public Key getContentEncryptionKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(ENCRYPTION_METHOD.getEncryptionAlgorithm());
            keyGenerator.init(ENCRYPTION_METHOD.getKeySize());
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new JweEncryptionException("Unsupported Encryption Algorithm, " + ENCRYPTION_METHOD.getEncryptionAlgorithm(), e);
        }
    }

    @Override // org.forgerock.json.jose.jwe.handlers.encryption.EncryptionHandler
    public byte[] generateJWEEncryptedKey(Key key, Key key2) {
        return encrypt(ALGORITHM.getAlgorithm(), key, key2.getEncoded());
    }

    @Override // org.forgerock.json.jose.jwe.handlers.encryption.EncryptionHandler
    public byte[] generateInitialisationVector() {
        try {
            byte[] bArr = new byte[16];
            SecureRandom.getInstance(INITIALISATION_VECTOR_ALGORITHM).nextBytes(bArr);
            return bArr;
        } catch (NoSuchAlgorithmException e) {
            throw new JweEncryptionException("Unsupported Algorithm, SHA1PRNG", e);
        }
    }

    @Override // org.forgerock.json.jose.jwe.handlers.encryption.EncryptionHandler
    public JweEncryption encryptPlaintext(Key key, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int keyOffset = ENCRYPTION_METHOD.getKeyOffset();
        SecretKeySpec secretKeySpec = new SecretKeySpec(key.getEncoded(), 0, keyOffset, ENCRYPTION_METHOD.getMacAlgorithm());
        byte[] encrypt = encrypt(ENCRYPTION_METHOD.getTransformation(), new SecretKeySpec(key.getEncoded(), keyOffset, keyOffset, ENCRYPTION_METHOD.getEncryptionAlgorithm()), bArr, bArr2);
        byte[] array = ByteBuffer.allocate(8).putInt(bArr3.length * 8).array();
        return new JweEncryption(encrypt, Arrays.copyOf(this.signingManager.newHmacSigningHandler(secretKeySpec.getEncoded()).sign(JwsAlgorithm.getJwsAlgorithm(secretKeySpec.getAlgorithm()), new String(ByteBuffer.allocate(bArr3.length + bArr.length + encrypt.length + array.length).put(bArr3).put(bArr).put(encrypt).put(array).array(), Utils.CHARSET)), ENCRYPTION_METHOD.getKeyOffset()));
    }

    @Override // org.forgerock.json.jose.jwe.handlers.encryption.EncryptionHandler
    public Key decryptContentEncryptionKey(Key key, byte[] bArr) {
        return new SecretKeySpec(decrypt(ALGORITHM.getAlgorithm(), key, bArr), ENCRYPTION_METHOD.getEncryptionAlgorithm());
    }

    @Override // org.forgerock.json.jose.jwe.handlers.encryption.EncryptionHandler
    public byte[] decryptCiphertext(Key key, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        int keyOffset = ENCRYPTION_METHOD.getKeyOffset();
        SecretKeySpec secretKeySpec = new SecretKeySpec(key.getEncoded(), 0, keyOffset, ENCRYPTION_METHOD.getMacAlgorithm());
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(key.getEncoded(), keyOffset, keyOffset, ENCRYPTION_METHOD.getEncryptionAlgorithm());
        byte[] array = ByteBuffer.allocate(8).putInt(bArr4.length * 8).array();
        boolean z = false;
        if (Utils.constantEquals(Arrays.copyOf(this.signingManager.newHmacSigningHandler(secretKeySpec.getEncoded()).sign(JwsAlgorithm.getJwsAlgorithm(secretKeySpec.getAlgorithm()), new String(ByteBuffer.allocate(bArr4.length + bArr.length + bArr2.length + array.length).put(bArr4).put(bArr).put(bArr2).put(array).array(), Utils.CHARSET)), ENCRYPTION_METHOD.getKeyOffset()), bArr3)) {
            z = true;
        }
        byte[] decrypt = decrypt(ENCRYPTION_METHOD.getTransformation(), secretKeySpec2, bArr, bArr2);
        if (z) {
            return decrypt;
        }
        throw new JweDecryptionException("MAC check of ciphertext invalid");
    }
}
