package org.apache.cxf.rs.security.oauth2.jwe;

import java.security.spec.AlgorithmParameterSpec;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.SecretKey;
import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
import org.apache.cxf.rs.security.oauth2.jwt.JwtConstants;
import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersWriter;
import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter;
import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.class */
public abstract class AbstractJweEncryption implements JweEncryptionProvider {
    protected static final int DEFAULT_IV_SIZE = 96;
    protected static final int DEFAULT_AUTH_TAG_LENGTH = 128;
    private JweHeaders headers;
    private JwtHeadersWriter writer;
    private byte[] cek;
    private byte[] iv;
    private AtomicInteger providedIvUsageCount;
    private int authTagLen;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption$JweEncryptionInternal.class */
    public static class JweEncryptionInternal {
        JweHeaders theHeaders;
        byte[] jweContentEncryptionKey;
        byte[] theIv;
        KeyProperties keyProps;
        SecretKey secretKey;

        private JweEncryptionInternal() {
        }
    }

    protected AbstractJweEncryption(SecretKey secretKey, byte[] bArr) {
        this(new JweHeaders(Algorithm.toJwtName(secretKey.getAlgorithm(), secretKey.getEncoded().length * 8)), secretKey.getEncoded(), bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractJweEncryption(JweHeaders jweHeaders, byte[] bArr, byte[] bArr2) {
        this.writer = new JwtTokenReaderWriter();
        this.authTagLen = DEFAULT_AUTH_TAG_LENGTH;
        this.headers = jweHeaders;
        this.cek = bArr;
        this.iv = bArr2;
        if (bArr2 == null || bArr2.length <= 0) {
            return;
        }
        this.providedIvUsageCount = new AtomicInteger();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractJweEncryption(JweHeaders jweHeaders, byte[] bArr, byte[] bArr2, int i) {
        this(jweHeaders, bArr, bArr2);
        this.authTagLen = i;
    }

    protected AbstractJweEncryption(JweHeaders jweHeaders) {
        this.writer = new JwtTokenReaderWriter();
        this.authTagLen = DEFAULT_AUTH_TAG_LENGTH;
        this.headers = jweHeaders;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractJweEncryption(JweHeaders jweHeaders, byte[] bArr, byte[] bArr2, int i, JwtHeadersWriter jwtHeadersWriter) {
        this(jweHeaders, bArr, bArr2, i);
        if (jwtHeadersWriter != null) {
            this.writer = jwtHeadersWriter;
        }
    }

    protected AlgorithmParameterSpec getContentEncryptionCipherSpec(byte[] bArr) {
        return CryptoUtils.getContentEncryptionCipherSpec(getAuthTagLen(), bArr);
    }

    protected byte[] getContentEncryptionCipherInitVector() {
        if (this.iv == null) {
            return CryptoUtils.generateSecureRandomBytes(DEFAULT_IV_SIZE);
        }
        if (this.iv.length <= 0 || this.providedIvUsageCount.addAndGet(1) <= 1) {
            return this.iv;
        }
        throw new SecurityException();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getContentEncryptionKey() {
        return this.cek;
    }

    protected abstract byte[] getEncryptedContentEncryptionKey(byte[] bArr);

    /* JADX INFO: Access modifiers changed from: protected */
    public String getContentEncryptionAlgoJwt() {
        return this.headers.getContentEncryptionAlgorithm();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getContentEncryptionAlgoJava() {
        return Algorithm.toJavaName(getContentEncryptionAlgoJwt());
    }

    protected int getAuthTagLen() {
        return this.authTagLen;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JweHeaders getJweHeaders() {
        return this.headers;
    }

    @Override // org.apache.cxf.rs.security.oauth2.jwe.JweEncryptionProvider
    public String encrypt(byte[] bArr, String str) {
        JweEncryptionInternal internalState = getInternalState(str);
        return new JweCompactProducer(internalState.theHeaders, this.writer, internalState.jweContentEncryptionKey, internalState.theIv, CryptoUtils.encryptBytes(bArr, internalState.secretKey, internalState.keyProps), getAuthTagLen()).getJweContent();
    }

    @Override // org.apache.cxf.rs.security.oauth2.jwe.JweEncryptionProvider
    public JweEncryption createJweEncryption(String str) {
        JweEncryptionInternal internalState = getInternalState(str);
        return new JweEncryption(CryptoUtils.initCipher(internalState.secretKey, internalState.keyProps, 1), getAuthTagLen(), internalState.theHeaders, internalState.jweContentEncryptionKey, internalState.theIv, internalState.keyProps.isCompressionSupported());
    }

    private JweEncryptionInternal getInternalState(String str) {
        JweHeaders jweHeaders = this.headers;
        if (str != null) {
            jweHeaders = new JweHeaders(jweHeaders.asMap());
            jweHeaders.setContentType(str);
        }
        byte[] contentEncryptionKey = getContentEncryptionKey();
        String javaName = Algorithm.toJavaName(jweHeaders.getContentEncryptionAlgorithm());
        KeyProperties keyProperties = new KeyProperties(javaName);
        keyProperties.setCompressionSupported(compressionRequired(jweHeaders));
        keyProperties.setAdditionalData(jweHeaders.toCipherAdditionalAuthData(this.writer));
        byte[] contentEncryptionCipherInitVector = getContentEncryptionCipherInitVector();
        keyProperties.setAlgoSpec(getContentEncryptionCipherSpec(contentEncryptionCipherInitVector));
        byte[] encryptedContentEncryptionKey = getEncryptedContentEncryptionKey(contentEncryptionKey);
        JweEncryptionInternal jweEncryptionInternal = new JweEncryptionInternal();
        jweEncryptionInternal.theHeaders = jweHeaders;
        jweEncryptionInternal.jweContentEncryptionKey = encryptedContentEncryptionKey;
        jweEncryptionInternal.keyProps = keyProperties;
        jweEncryptionInternal.secretKey = CryptoUtils.createSecretKeySpec(contentEncryptionKey, javaName);
        jweEncryptionInternal.theIv = contentEncryptionCipherInitVector;
        return jweEncryptionInternal;
    }

    private boolean compressionRequired(JweHeaders jweHeaders) {
        return JwtConstants.DEFLATE_ZIP_ALGORITHM.equals(jweHeaders.getZipAlgorithm());
    }
}
