package com.nimbusds.jose.crypto;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWECryptoParts;
import com.nimbusds.jose.JWEEncrypter;
import com.nimbusds.jose.ReadOnlyJWEHeader;
import com.nimbusds.jose.crypto.AESGCM;
import com.nimbusds.jose.util.Base64URL;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Set;
import javax.crypto.SecretKey;

/* loaded from: input_file:com/nimbusds/jose/crypto/DirectEncrypter.class */
public class DirectEncrypter extends DirectCryptoProvider implements JWEEncrypter {
    private final SecureRandom randomGen;

    public DirectEncrypter(byte[] bArr) throws JOSEException {
        super(bArr);
        try {
            this.randomGen = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            throw new JOSEException(e.getMessage(), e);
        }
    }

    @Override // com.nimbusds.jose.JWEEncrypter
    public JWECryptoParts encrypt(ReadOnlyJWEHeader readOnlyJWEHeader, byte[] bArr) throws JOSEException {
        if (!readOnlyJWEHeader.getAlgorithm().equals(JWEAlgorithm.DIR)) {
            throw new JOSEException("Unsupported algorithm, must be \"dir\"");
        }
        EncryptionMethod encryptionMethod = readOnlyJWEHeader.getEncryptionMethod();
        if (encryptionMethod.cmkBitLength() != getKey().length * 8) {
            throw new JOSEException("The key length must be " + encryptionMethod.cmkBitLength() + " bits for " + encryptionMethod + " encryption");
        }
        byte[] applyCompression = DeflateHelper.applyCompression(readOnlyJWEHeader, bArr);
        if (!encryptionMethod.equals(EncryptionMethod.A128CBC_HS256) && !encryptionMethod.equals(EncryptionMethod.A256CBC_HS512)) {
            if (!encryptionMethod.equals(EncryptionMethod.A128GCM) && !encryptionMethod.equals(EncryptionMethod.A256GCM)) {
                throw new JOSEException("Unsupported encryption method, must be A128CBC_HS256, A256CBC_HS512, A128GCM or A128GCM");
            }
            byte[] generateIV = AESGCM.generateIV(this.randomGen);
            try {
                AESGCM.Result encrypt = AESGCM.encrypt(this.cmk, generateIV, applyCompression, (readOnlyJWEHeader.toBase64URL().toString() + ".." + Base64URL.encode(generateIV).toString()).getBytes("UTF-8"));
                return new JWECryptoParts(null, Base64URL.encode(generateIV), Base64URL.encode(encrypt.getCipherText()), Base64URL.encode(encrypt.getAuthenticationTag()));
            } catch (UnsupportedEncodingException e) {
                throw new JOSEException(e.getMessage(), e);
            }
        }
        byte[] bArr2 = null;
        if (readOnlyJWEHeader.getEncryptionPartyUInfo() != null) {
            bArr2 = readOnlyJWEHeader.getEncryptionPartyUInfo().decode();
        }
        byte[] bArr3 = null;
        if (readOnlyJWEHeader.getEncryptionPartyVInfo() != null) {
            bArr3 = readOnlyJWEHeader.getEncryptionPartyVInfo().decode();
        }
        SecretKey generateCEK = ConcatKDF.generateCEK(this.cmk, encryptionMethod, bArr2, bArr3);
        byte[] generateIV2 = AESCBC.generateIV(this.randomGen);
        byte[] encrypt2 = AESCBC.encrypt(generateCEK, generateIV2, applyCompression);
        return new JWECryptoParts(null, Base64URL.encode(generateIV2), Base64URL.encode(encrypt2), Base64URL.encode(HMAC.compute(ConcatKDF.generateCIK(this.cmk, encryptionMethod, bArr2, bArr3), (readOnlyJWEHeader.toBase64URL().toString() + ".." + Base64URL.encode(generateIV2).toString() + "." + Base64URL.encode(encrypt2)).getBytes())));
    }

    @Override // com.nimbusds.jose.crypto.DirectCryptoProvider
    public /* bridge */ /* synthetic */ byte[] getKey() {
        return super.getKey();
    }

    @Override // com.nimbusds.jose.crypto.BaseJWEProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ Set supportedEncryptionMethods() {
        return super.supportedEncryptionMethods();
    }

    @Override // com.nimbusds.jose.crypto.BaseJWEProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ Set supportedAlgorithms() {
        return super.supportedAlgorithms();
    }
}
