package org.jose4j.jwe;

import androidx.compose.foundation.gestures.a;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import java.util.Map;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.SecretKeySpec;
import org.jose4j.base64url.Base64Url;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwa.AlgorithmAvailability;
import org.jose4j.jwa.AlgorithmInfo;
import org.jose4j.jwe.kdf.ConcatKeyDerivationFunction;
import org.jose4j.jwe.kdf.KdfUtil;
import org.jose4j.jwk.EllipticCurveJsonWebKey;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.OctetSequenceJsonWebKey;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jwx.Headers;
import org.jose4j.jwx.KeyValidationSupport;
import org.jose4j.keys.AesKey;
import org.jose4j.keys.EcKeyUtil;
import org.jose4j.keys.EllipticCurves;
import org.jose4j.keys.KeyPersuasion;
import org.jose4j.lang.ByteUtil;
import org.jose4j.lang.InvalidKeyException;
import org.jose4j.lang.JoseException;
import org.jose4j.lang.StringUtil;
import org.jose4j.lang.UncheckedJoseException;

/* loaded from: classes5.dex */
public class EcdhKeyAgreementAlgorithm extends AlgorithmInfo implements KeyManagementAlgorithm {
    public final String d;

    public EcdhKeyAgreementAlgorithm() {
        this.d = "enc";
        this.b = "ECDH-ES";
        this.c = "ECDH";
        KeyPersuasion keyPersuasion = KeyPersuasion.NONE;
    }

    public EcdhKeyAgreementAlgorithm(int i) {
        this();
        this.d = JsonWebKey.ALGORITHM_PARAMETER;
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public final void a(Key key, ContentEncryptionAlgorithm contentEncryptionAlgorithm) {
        KeyValidationSupport.a(key, ECPublicKey.class);
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public final void b(Key key, ContentEncryptionAlgorithm contentEncryptionAlgorithm) {
        KeyValidationSupport.a(key, ECPrivateKey.class);
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public final Key f(Key key, ProviderContext providerContext, ContentEncryptionKeyDescriptor contentEncryptionKeyDescriptor, Headers headers, byte[] bArr) {
        JsonWebKey ellipticCurveJsonWebKey;
        providerContext.b.getClass();
        Map map = (Map) headers.b.get("epk");
        String stringRequired = JsonWebKey.getStringRequired(map, JsonWebKey.KEY_TYPE_PARAMETER);
        stringRequired.getClass();
        if (stringRequired.equals(EllipticCurveJsonWebKey.KEY_TYPE)) {
            ellipticCurveJsonWebKey = new EllipticCurveJsonWebKey(map, null);
        } else {
            if (!stringRequired.equals(RsaJsonWebKey.KEY_TYPE)) {
                throw new JoseException(a.b("Unknown key type (for public keys): '", stringRequired, "'"));
            }
            ellipticCurveJsonWebKey = new RsaJsonWebKey(map, null);
        }
        ECPublicKey eCPublicKey = (ECPublicKey) ellipticCurveJsonWebKey.getKey();
        ECPrivateKey eCPrivateKey = (ECPrivateKey) key;
        EllipticCurve curve = eCPrivateKey.getParams().getCurve();
        ECPoint w = eCPublicKey.getW();
        BigInteger affineX = w.getAffineX();
        BigInteger affineY = w.getAffineY();
        BigInteger a2 = curve.getA();
        BigInteger b = curve.getB();
        BigInteger p = ((ECFieldFp) curve.getField()).getP();
        if (affineY.pow(2).mod(p).equals(affineX.pow(3).add(a2.multiply(affineX)).add(b).mod(p))) {
            return new SecretKeySpec(m(contentEncryptionKeyDescriptor, headers, l(eCPrivateKey, eCPublicKey, providerContext), providerContext), AesKey.ALGORITHM);
        }
        throw new JoseException("epk is invalid for " + ((String) EllipticCurves.b.get(curve)));
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public final ContentEncryptionKeys h(Key key, ProviderContext providerContext, ContentEncryptionKeyDescriptor contentEncryptionKeyDescriptor, Headers headers, byte[] bArr) {
        JsonWebKey octetSequenceJsonWebKey;
        String str = this.b;
        if (bArr != null) {
            throw new InvalidKeyException(android.support.v4.media.session.a.u("An explicit content encryption key cannot be used with ", str));
        }
        providerContext.b.getClass();
        KeyPair c = new EcKeyUtil(null).c(((ECPublicKey) key).getParams());
        PublicKey publicKey = c.getPublic();
        if (RSAPublicKey.class.isInstance(publicKey)) {
            octetSequenceJsonWebKey = new RsaJsonWebKey((RSAPublicKey) publicKey);
        } else if (ECPublicKey.class.isInstance(publicKey)) {
            octetSequenceJsonWebKey = new EllipticCurveJsonWebKey((ECPublicKey) publicKey);
        } else {
            if (PublicKey.class.isInstance(publicKey)) {
                throw new JoseException("Unsupported or unknown public key " + publicKey);
            }
            octetSequenceJsonWebKey = new OctetSequenceJsonWebKey(publicKey);
        }
        EllipticCurveJsonWebKey ellipticCurveJsonWebKey = (EllipticCurveJsonWebKey) ((PublicJsonWebKey) octetSequenceJsonWebKey);
        ellipticCurveJsonWebKey.setPrivateKey(c.getPrivate());
        headers.getClass();
        headers.b(ellipticCurveJsonWebKey.toParams(JsonWebKey.OutputControlLevel.PUBLIC_ONLY), "epk");
        return new ContentEncryptionKeys(m(contentEncryptionKeyDescriptor, headers, l(ellipticCurveJsonWebKey.getPrivateKey(), (PublicKey) key, providerContext), providerContext), null);
    }

    @Override // org.jose4j.jwa.Algorithm
    public final boolean j() {
        new EcKeyUtil();
        return (Security.getAlgorithms("KeyPairGenerator").contains(EllipticCurveJsonWebKey.KEY_TYPE) && Security.getAlgorithms("KeyFactory").contains(EllipticCurveJsonWebKey.KEY_TYPE)) && AlgorithmAvailability.a("KeyAgreement", this.c);
    }

    public final byte[] l(PrivateKey privateKey, PublicKey publicKey, ProviderContext providerContext) {
        providerContext.f12216a.getClass();
        String str = this.c;
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance(str);
            try {
                keyAgreement.init(privateKey);
                keyAgreement.doPhase(publicKey, true);
                return keyAgreement.generateSecret();
            } catch (java.security.InvalidKeyException e) {
                throw new InvalidKeyException(android.support.v4.media.session.a.A(new StringBuilder("Invalid Key for "), this.c, " key agreement."), e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new UncheckedJoseException(a.b("No ", str, " KeyAgreement available."), e2);
        } catch (NoSuchProviderException e3) {
            throw new JoseException(a.b("Cannot get ", str, " KeyAgreement with provider null"), e3);
        }
    }

    public final byte[] m(ContentEncryptionKeyDescriptor contentEncryptionKeyDescriptor, Headers headers, byte[] bArr, ProviderContext providerContext) {
        providerContext.b.getClass();
        KdfUtil kdfUtil = new KdfUtil(0);
        int a2 = ByteUtil.a(contentEncryptionKeyDescriptor.f12228a);
        String a3 = headers.a(this.d);
        String a4 = headers.a("apu");
        String a5 = headers.a("apv");
        byte[] a6 = StringUtil.a(a3, "UTF-8");
        byte[] bArr2 = ByteUtil.f12241a;
        if (a6 == null) {
            a6 = bArr2;
        }
        byte[] b = ByteUtil.b(ByteUtil.c(a6.length), a6);
        Base64Url base64Url = kdfUtil.f12233a;
        byte[] a7 = base64Url.a(a4);
        if (a7 == null) {
            a7 = bArr2;
        }
        byte[] b2 = ByteUtil.b(ByteUtil.c(a7.length), a7);
        byte[] a8 = base64Url.a(a5);
        if (a8 == null) {
            a8 = bArr2;
        }
        byte[] b3 = ByteUtil.b(ByteUtil.c(a8.length), a8);
        byte[] c = ByteUtil.c(a2);
        ConcatKeyDerivationFunction concatKeyDerivationFunction = kdfUtil.b;
        concatKeyDerivationFunction.getClass();
        byte[] b4 = ByteUtil.b(b, b2, b3, c, bArr2);
        long ceil = (int) Math.ceil(a2 / concatKeyDerivationFunction.f12232a);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (int i = 1; i <= ceil; i++) {
            byte[] c2 = ByteUtil.c(i);
            MessageDigest messageDigest = concatKeyDerivationFunction.b;
            messageDigest.update(c2);
            messageDigest.update(bArr);
            messageDigest.update(b4);
            byte[] digest = messageDigest.digest();
            byteArrayOutputStream.write(digest, 0, digest.length);
        }
        int i2 = a2 / 8;
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        return byteArray.length != i2 ? ByteUtil.f(0, i2, byteArray) : byteArray;
    }
}
