package org.jboss.resteasy.jose.jwe.crypto;

import java.nio.charset.Charset;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.SecretKey;
import org.jboss.resteasy.jose.Base64Url;
import org.jboss.resteasy.jose.i18n.Messages;
import org.jboss.resteasy.jose.jwe.Algorithm;
import org.jboss.resteasy.jose.jwe.CompressionAlgorithm;
import org.jboss.resteasy.jose.jwe.EncryptionMethod;

/* loaded from: input_file:org/jboss/resteasy/jose/jwe/crypto/RSAEncrypter.class */
public class RSAEncrypter {
    private static SecureRandom randomGen;

    private static void initSecureRandom() {
        try {
            randomGen = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public static String encrypt(Algorithm algorithm, EncryptionMethod encryptionMethod, CompressionAlgorithm compressionAlgorithm, RSAPublicKey rSAPublicKey, String str, byte[] bArr) {
        String encode;
        byte[] generateIV;
        AuthenticatedCipherText encryptAuthenticated;
        if (randomGen == null) {
            initSecureRandom();
        }
        SecretKey generateKey = AES.generateKey(encryptionMethod.getCekBitLength());
        if (algorithm.equals(Algorithm.RSA1_5)) {
            encode = Base64Url.encode(RSA1_5.encryptCEK(rSAPublicKey, generateKey));
        } else {
            if (!algorithm.equals(Algorithm.RSA_OAEP)) {
                throw new RuntimeException(Messages.MESSAGES.unsupportedJWEalgorithm());
            }
            encode = Base64Url.encode(RSA_OAEP.encryptCEK(rSAPublicKey, generateKey));
        }
        byte[] applyCompression = DeflateHelper.applyCompression(compressionAlgorithm, bArr);
        byte[] bytes = str.getBytes(Charset.forName("UTF-8"));
        if (encryptionMethod.equals(EncryptionMethod.A128CBC_HS256) || encryptionMethod.equals(EncryptionMethod.A256CBC_HS512)) {
            generateIV = AESCBC.generateIV(randomGen);
            encryptAuthenticated = AESCBC.encryptAuthenticated(generateKey, generateIV, applyCompression, bytes);
        } else {
            if (!encryptionMethod.equals(EncryptionMethod.A128GCM) && !encryptionMethod.equals(EncryptionMethod.A256GCM)) {
                throw new RuntimeException(Messages.MESSAGES.unsupportedEncryptionMethod());
            }
            generateIV = AESGCM.generateIV(randomGen);
            encryptAuthenticated = AESGCM.encrypt(generateKey, generateIV, applyCompression, bytes);
        }
        return str + '.' + encode + '.' + Base64Url.encode(generateIV) + '.' + Base64Url.encode(encryptAuthenticated.getCipherText()) + '.' + Base64Url.encode(encryptAuthenticated.getAuthenticationTag());
    }
}
