package org.apache.cxf.rs.security.jose.jwe;

import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Map;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.digests.SHA384Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;

/* loaded from: input_file:org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.class */
public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
    private static final Map<String, Integer> PBES_HMAC_MAP = new HashMap();
    private static final Map<String, String> PBES_AES_MAP;
    private static final Map<String, Integer> DERIVED_KEY_SIZE_MAP;
    private byte[] password;
    private int pbesCount;
    private String keyAlgoJwt;

    public PbesHmacAesWrapKeyEncryptionAlgorithm(String str, String str2) {
        this(stringToBytes(str), str2);
    }

    public PbesHmacAesWrapKeyEncryptionAlgorithm(String str, int i, String str2) {
        this(stringToBytes(str), i, str2);
    }

    public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] cArr, String str) {
        this(cArr, 4096, str);
    }

    public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] cArr, int i, String str) {
        this(charsToBytes(cArr), i, str);
    }

    public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] bArr, String str) {
        this(bArr, 4096, str);
    }

    public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] bArr, int i, String str) {
        this.password = bArr;
        this.keyAlgoJwt = validateKeyAlgorithm(str);
        this.pbesCount = validatePbesCount(i);
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.KeyEncryptionAlgorithm
    public byte[] getEncryptedContentEncryptionKey(JweHeaders jweHeaders, byte[] bArr) {
        int keySize = getKeySize(this.keyAlgoJwt);
        byte[] generateSecureRandomBytes = CryptoUtils.generateSecureRandomBytes(keySize);
        byte[] createDerivedKey = createDerivedKey(this.keyAlgoJwt, keySize, this.password, generateSecureRandomBytes, this.pbesCount);
        jweHeaders.setHeader("p2s", Base64UrlUtility.encode(generateSecureRandomBytes));
        jweHeaders.setIntegerHeader("p2c", Integer.valueOf(this.pbesCount));
        return new AesWrapKeyEncryptionAlgorithm(createDerivedKey, PBES_AES_MAP.get(this.keyAlgoJwt)) { // from class: org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm.1
            @Override // org.apache.cxf.rs.security.jose.jwe.AbstractWrapKeyEncryptionAlgorithm
            protected void checkAlgorithms(JweHeaders jweHeaders2) {
            }

            @Override // org.apache.cxf.rs.security.jose.jwe.AbstractWrapKeyEncryptionAlgorithm
            protected String getKeyEncryptionAlgoJava(JweHeaders jweHeaders2) {
                return Algorithm.AES_WRAP_ALGO_JAVA;
            }
        }.getEncryptedContentEncryptionKey(jweHeaders, bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int getKeySize(String str) {
        return DERIVED_KEY_SIZE_MAP.get(str).intValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] createDerivedKey(String str, int i, byte[] bArr, byte[] bArr2, int i2) {
        byte[] createSaltValue = createSaltValue(str, bArr2);
        int intValue = PBES_HMAC_MAP.get(str).intValue();
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(intValue == 256 ? new SHA256Digest() : intValue == 384 ? new SHA384Digest() : new SHA512Digest());
        pKCS5S2ParametersGenerator.init(bArr, createSaltValue, i2);
        return pKCS5S2ParametersGenerator.generateDerivedParameters(i * 8).getKey();
    }

    private static byte[] createSaltValue(String str, byte[] bArr) {
        byte[] stringToBytes = stringToBytes(str);
        byte[] bArr2 = new byte[stringToBytes.length + 1 + bArr.length];
        System.arraycopy(stringToBytes, 0, bArr2, 0, stringToBytes.length);
        bArr2[stringToBytes.length] = 0;
        System.arraycopy(bArr, 0, bArr2, stringToBytes.length + 1, bArr.length);
        return bArr2;
    }

    static String validateKeyAlgorithm(String str) {
        if (Algorithm.isPbesHsWrap(str)) {
            return str;
        }
        throw new SecurityException();
    }

    static int validatePbesCount(int i) {
        if (i < 1000) {
            throw new SecurityException();
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] stringToBytes(String str) {
        return StringUtils.toBytesUTF8(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] charsToBytes(char[] cArr) {
        ByteBuffer encode = Charset.forName("UTF-8").encode(CharBuffer.wrap(cArr));
        byte[] bArr = new byte[encode.remaining()];
        encode.get(bArr);
        return bArr;
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.KeyEncryptionAlgorithm
    public String getAlgorithm() {
        return this.keyAlgoJwt;
    }

    static {
        PBES_HMAC_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), 256);
        PBES_HMAC_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), 384);
        PBES_HMAC_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), 512);
        PBES_AES_MAP = new HashMap();
        PBES_AES_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), Algorithm.A128KW.getJwtName());
        PBES_AES_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), Algorithm.A192KW.getJwtName());
        PBES_AES_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), Algorithm.A256KW.getJwtName());
        DERIVED_KEY_SIZE_MAP = new HashMap();
        DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), 16);
        DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), 24);
        DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), 32);
    }
}
