package org.apache.cxf.rs.security.jose.jwe;

import java.nio.ByteBuffer;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import java.util.Properties;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.common.util.crypto.MessageDigestUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.JoseUtils;
import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/jose/jwe/JweUtils.class */
public final class JweUtils {
    private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";
    private static final String JSON_WEB_ENCRYPTION_KEY_ALGO_PROP = "rs.security.jwe.key.encryption.algorithm";
    private static final String JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP = "rs.security.jwe.zip.algorithm";
    private static final String RSSEC_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties";
    private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties";
    private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties";
    private static final String RSSEC_ENCRYPTION_REPORT_KEY_PROP = "rs.security.jwe.report.public.key";

    private JweUtils() {
    }

    public static String encrypt(RSAPublicKey rSAPublicKey, String str, String str2, byte[] bArr) {
        return encrypt(rSAPublicKey, str, str2, bArr, (String) null);
    }

    public static String encrypt(RSAPublicKey rSAPublicKey, String str, String str2, byte[] bArr, String str3) {
        return encrypt(getRSAKeyEncryptionAlgorithm(rSAPublicKey, str), str2, bArr, str3);
    }

    public static String encrypt(SecretKey secretKey, String str, String str2, byte[] bArr) {
        return encrypt(secretKey, str, str2, bArr, (String) null);
    }

    public static String encrypt(SecretKey secretKey, String str, String str2, byte[] bArr, String str3) {
        return str != null ? encrypt(getSecretKeyEncryptionAlgorithm(secretKey, str), str2, bArr, str3) : encryptDirect(secretKey, str2, bArr, str3);
    }

    public static String encrypt(JsonWebKey jsonWebKey, String str, byte[] bArr, String str2) {
        return encrypt(getKeyEncryptionAlgorithm(jsonWebKey), str, bArr, str2);
    }

    public static String encryptDirect(SecretKey secretKey, String str, byte[] bArr) {
        return encryptDirect(secretKey, str, bArr, null);
    }

    public static String encryptDirect(SecretKey secretKey, String str, byte[] bArr, String str2) {
        return getDirectKeyJweEncryption(secretKey, str).encrypt(bArr, toJweHeaders(str2));
    }

    public static String encryptDirect(JsonWebKey jsonWebKey, byte[] bArr, String str) {
        return getDirectKeyJweEncryption(jsonWebKey).encrypt(bArr, toJweHeaders(str));
    }

    public static byte[] decrypt(RSAPrivateKey rSAPrivateKey, String str, String str2, String str3) {
        return decrypt(getRSAKeyDecryptionAlgorithm(rSAPrivateKey, str), str2, str3);
    }

    public static byte[] decrypt(SecretKey secretKey, String str, String str2, String str3) {
        return str != null ? decrypt(getSecretKeyDecryptionAlgorithm(secretKey, str), str2, str3) : decryptDirect(secretKey, str2, str3);
    }

    public static byte[] decrypt(JsonWebKey jsonWebKey, String str, String str2) {
        return decrypt(getKeyDecryptionAlgorithm(jsonWebKey), str, str2);
    }

    public static byte[] decryptDirect(SecretKey secretKey, String str, String str2) {
        return getDirectKeyJweDecryption(secretKey, str).decrypt(str2).getContent();
    }

    public static byte[] decryptDirect(JsonWebKey jsonWebKey, String str) {
        return getDirectKeyJweDecryption(jsonWebKey).decrypt(str).getContent();
    }

    public static KeyEncryptionAlgorithm getKeyEncryptionAlgorithm(JsonWebKey jsonWebKey) {
        return getKeyEncryptionAlgorithm(jsonWebKey, null);
    }

    public static KeyEncryptionAlgorithm getKeyEncryptionAlgorithm(JsonWebKey jsonWebKey, String str) {
        String algorithm = jsonWebKey.getAlgorithm() == null ? str : jsonWebKey.getAlgorithm();
        KeyEncryptionAlgorithm keyEncryptionAlgorithm = null;
        if (JsonWebKey.KEY_TYPE_RSA.equals(jsonWebKey.getKeyType())) {
            keyEncryptionAlgorithm = getRSAKeyEncryptionAlgorithm(JwkUtils.toRSAPublicKey(jsonWebKey, true), algorithm);
        } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jsonWebKey.getKeyType())) {
            keyEncryptionAlgorithm = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jsonWebKey), algorithm);
        }
        return keyEncryptionAlgorithm;
    }

    public static KeyEncryptionAlgorithm getRSAKeyEncryptionAlgorithm(RSAPublicKey rSAPublicKey, String str) {
        return new RSAKeyEncryptionAlgorithm(rSAPublicKey, str);
    }

    public static KeyEncryptionAlgorithm getSecretKeyEncryptionAlgorithm(SecretKey secretKey, String str) {
        if (Algorithm.isAesKeyWrap(str)) {
            return new AesWrapKeyEncryptionAlgorithm(secretKey, str);
        }
        if (Algorithm.isAesGcmKeyWrap(str)) {
            return new AesGcmWrapKeyEncryptionAlgorithm(secretKey, str);
        }
        return null;
    }

    public static KeyDecryptionAlgorithm getKeyDecryptionAlgorithm(JsonWebKey jsonWebKey) {
        return getKeyDecryptionAlgorithm(jsonWebKey, null);
    }

    public static KeyDecryptionAlgorithm getKeyDecryptionAlgorithm(JsonWebKey jsonWebKey, String str) {
        String algorithm = jsonWebKey.getAlgorithm() == null ? str : jsonWebKey.getAlgorithm();
        KeyDecryptionAlgorithm keyDecryptionAlgorithm = null;
        if (JsonWebKey.KEY_TYPE_RSA.equals(jsonWebKey.getKeyType())) {
            keyDecryptionAlgorithm = getRSAKeyDecryptionAlgorithm(JwkUtils.toRSAPrivateKey(jsonWebKey), algorithm);
        } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jsonWebKey.getKeyType())) {
            keyDecryptionAlgorithm = getSecretKeyDecryptionAlgorithm(JwkUtils.toSecretKey(jsonWebKey), algorithm);
        }
        return keyDecryptionAlgorithm;
    }

    public static KeyDecryptionAlgorithm getRSAKeyDecryptionAlgorithm(RSAPrivateKey rSAPrivateKey, String str) {
        return new RSAKeyDecryptionAlgorithm(rSAPrivateKey, str);
    }

    public static KeyDecryptionAlgorithm getSecretKeyDecryptionAlgorithm(SecretKey secretKey, String str) {
        if (Algorithm.isAesKeyWrap(str)) {
            return new AesWrapKeyDecryptionAlgorithm(secretKey, str);
        }
        if (Algorithm.isAesGcmKeyWrap(str)) {
            return new AesGcmWrapKeyDecryptionAlgorithm(secretKey, str);
        }
        return null;
    }

    public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(JsonWebKey jsonWebKey) {
        return getContentEncryptionAlgorithm(jsonWebKey, (String) null);
    }

    public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(JsonWebKey jsonWebKey, String str) {
        String algorithm = jsonWebKey.getAlgorithm() == null ? str : jsonWebKey.getAlgorithm();
        if (JsonWebKey.KEY_TYPE_OCTET.equals(jsonWebKey.getKeyType())) {
            return getContentEncryptionAlgorithm(JwkUtils.toSecretKey(jsonWebKey), algorithm);
        }
        return null;
    }

    public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(SecretKey secretKey, String str) {
        if (Algorithm.isAesGcm(str)) {
            return new AesGcmContentEncryptionAlgorithm(secretKey, (byte[]) null, str);
        }
        return null;
    }

    public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(String str) {
        if (Algorithm.isAesGcm(str)) {
            return new AesGcmContentEncryptionAlgorithm(str);
        }
        return null;
    }

    public static ContentDecryptionAlgorithm getContentDecryptionAlgorithm(String str) {
        if (Algorithm.isAesGcm(str)) {
            return new AesGcmContentDecryptionAlgorithm(str);
        }
        return null;
    }

    public static SecretKey getContentDecryptionSecretKey(JsonWebKey jsonWebKey) {
        return getContentDecryptionSecretKey(jsonWebKey, null);
    }

    public static SecretKey getContentDecryptionSecretKey(JsonWebKey jsonWebKey, String str) {
        String algorithm = jsonWebKey.getAlgorithm() == null ? str : jsonWebKey.getAlgorithm();
        if (JsonWebKey.KEY_TYPE_OCTET.equals(jsonWebKey.getKeyType()) && Algorithm.isAesGcm(algorithm)) {
            return JwkUtils.toSecretKey(jsonWebKey);
        }
        return null;
    }

    public static DirectKeyJweEncryption getDirectKeyJweEncryption(JsonWebKey jsonWebKey) {
        return new DirectKeyJweEncryption(getContentEncryptionAlgorithm(jsonWebKey, jsonWebKey.getAlgorithm()));
    }

    public static DirectKeyJweEncryption getDirectKeyJweEncryption(SecretKey secretKey, String str) {
        return new DirectKeyJweEncryption(getContentEncryptionAlgorithm(secretKey, str));
    }

    public static DirectKeyJweDecryption getDirectKeyJweDecryption(SecretKey secretKey, String str) {
        return new DirectKeyJweDecryption(secretKey, getContentDecryptionAlgorithm(str));
    }

    public static DirectKeyJweDecryption getDirectKeyJweDecryption(JsonWebKey jsonWebKey) {
        return new DirectKeyJweDecryption(JwkUtils.toSecretKey(jsonWebKey), getContentDecryptionAlgorithm(jsonWebKey.getAlgorithm()));
    }

    public static JweEncryptionProvider loadEncryptionProvider(boolean z) {
        return loadEncryptionProvider(null, z);
    }

    public static JweEncryptionProvider loadEncryptionProvider(JweHeaders jweHeaders, boolean z) {
        Message currentMessage = JAXRSUtils.getCurrentMessage();
        Properties loadStoreProperties = KeyManagementUtils.loadStoreProperties(currentMessage, z, RSSEC_ENCRYPTION_OUT_PROPS, RSSEC_ENCRYPTION_PROPS);
        if (loadStoreProperties == null) {
            return null;
        }
        boolean z2 = jweHeaders != null && MessageUtils.isTrue(MessageUtils.getContextualProperty(currentMessage, RSSEC_ENCRYPTION_REPORT_KEY_PROP, KeyManagementUtils.RSSEC_REPORT_KEY_PROP));
        KeyEncryptionAlgorithm keyEncryptionAlgorithm = null;
        String keyEncryptionAlgo = getKeyEncryptionAlgo(currentMessage, loadStoreProperties, null, null);
        String contentEncryptionAlgo = getContentEncryptionAlgo(currentMessage, loadStoreProperties, null);
        ContentEncryptionAlgorithm contentEncryptionAlgorithm = null;
        if ("jwk".equals(loadStoreProperties.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
            JsonWebKey loadJsonWebKey = JwkUtils.loadJsonWebKey(currentMessage, loadStoreProperties, JsonWebKey.KEY_OPER_ENCRYPT);
            String keyEncryptionAlgo2 = getKeyEncryptionAlgo(currentMessage, loadStoreProperties, loadJsonWebKey.getAlgorithm(), getDefaultKeyAlgo(loadJsonWebKey));
            if ("direct".equals(keyEncryptionAlgo2)) {
                contentEncryptionAlgo = getContentEncryptionAlgo(currentMessage, loadStoreProperties, loadJsonWebKey.getAlgorithm());
                contentEncryptionAlgorithm = getContentEncryptionAlgorithm(loadJsonWebKey, contentEncryptionAlgo);
            } else {
                keyEncryptionAlgorithm = getKeyEncryptionAlgorithm(loadJsonWebKey, keyEncryptionAlgo2);
                if (z2) {
                    JwkUtils.setPublicKeyInfo(loadJsonWebKey, jweHeaders, keyEncryptionAlgo2);
                }
            }
        } else {
            keyEncryptionAlgorithm = getRSAKeyEncryptionAlgorithm((RSAPublicKey) KeyManagementUtils.loadPublicKey(currentMessage, loadStoreProperties), keyEncryptionAlgo);
            if (z2) {
                jweHeaders.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(currentMessage, loadStoreProperties));
            }
        }
        return createJweEncryptionProvider(keyEncryptionAlgorithm, contentEncryptionAlgorithm, contentEncryptionAlgo, loadStoreProperties.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP));
    }

    public static JweDecryptionProvider loadDecryptionProvider(boolean z) {
        return loadDecryptionProvider(null, z);
    }

    public static JweDecryptionProvider loadDecryptionProvider(JweHeaders jweHeaders, boolean z) {
        Message currentMessage = JAXRSUtils.getCurrentMessage();
        Properties loadStoreProperties = KeyManagementUtils.loadStoreProperties(currentMessage, z, RSSEC_ENCRYPTION_IN_PROPS, RSSEC_ENCRYPTION_PROPS);
        if (loadStoreProperties == null) {
            return null;
        }
        KeyDecryptionAlgorithm keyDecryptionAlgorithm = null;
        String contentEncryptionAlgo = getContentEncryptionAlgo(currentMessage, loadStoreProperties, null);
        SecretKey secretKey = null;
        String keyEncryptionAlgo = getKeyEncryptionAlgo(currentMessage, loadStoreProperties, null, null);
        if (jweHeaders != null && jweHeaders.getHeader("x5c") != null) {
            RSAPrivateKey loadPrivateKey = KeyManagementUtils.loadPrivateKey(currentMessage, loadStoreProperties, KeyManagementUtils.toX509CertificateChain(jweHeaders.getX509Chain()), JsonWebKey.KEY_OPER_DECRYPT);
            contentEncryptionAlgo = jweHeaders.getContentEncryptionAlgorithm();
            keyDecryptionAlgorithm = getRSAKeyDecryptionAlgorithm(loadPrivateKey, jweHeaders.getKeyEncryptionAlgorithm());
        } else if ("jwk".equals(loadStoreProperties.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
            JsonWebKey loadJsonWebKey = JwkUtils.loadJsonWebKey(currentMessage, loadStoreProperties, JsonWebKey.KEY_OPER_DECRYPT);
            String keyEncryptionAlgo2 = getKeyEncryptionAlgo(currentMessage, loadStoreProperties, loadJsonWebKey.getAlgorithm(), getDefaultKeyAlgo(loadJsonWebKey));
            if ("direct".equals(keyEncryptionAlgo2)) {
                contentEncryptionAlgo = getContentEncryptionAlgo(currentMessage, loadStoreProperties, contentEncryptionAlgo);
                secretKey = getContentDecryptionSecretKey(loadJsonWebKey, contentEncryptionAlgo);
            } else {
                keyDecryptionAlgorithm = getKeyDecryptionAlgorithm(loadJsonWebKey, keyEncryptionAlgo2);
            }
        } else {
            keyDecryptionAlgorithm = getRSAKeyDecryptionAlgorithm(KeyManagementUtils.loadPrivateKey(currentMessage, loadStoreProperties, JsonWebKey.KEY_OPER_DECRYPT), keyEncryptionAlgo);
        }
        return createJweDecryptionProvider(keyDecryptionAlgorithm, secretKey, contentEncryptionAlgo);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey rSAPublicKey, String str, String str2, String str3) {
        return createJweEncryptionProvider(getRSAKeyEncryptionAlgorithm(rSAPublicKey, str), str2, str3);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey rSAPublicKey, JweHeaders jweHeaders) {
        return createJweEncryptionProvider(getRSAKeyEncryptionAlgorithm(rSAPublicKey, jweHeaders.getKeyEncryptionAlgorithm()), jweHeaders);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(SecretKey secretKey, String str, String str2, String str3) {
        return createJweEncryptionProvider(getSecretKeyEncryptionAlgorithm(secretKey, str), str2, str3);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(SecretKey secretKey, JweHeaders jweHeaders) {
        return createJweEncryptionProvider(getSecretKeyEncryptionAlgorithm(secretKey, jweHeaders.getKeyEncryptionAlgorithm()), jweHeaders);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey jsonWebKey, String str, String str2) {
        return createJweEncryptionProvider(getKeyEncryptionAlgorithm(jsonWebKey), str, str2);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey jsonWebKey, JweHeaders jweHeaders) {
        return createJweEncryptionProvider(getKeyEncryptionAlgorithm(jsonWebKey), jweHeaders);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm keyEncryptionAlgorithm, String str, String str2) {
        return createJweEncryptionProvider(keyEncryptionAlgorithm, prepareJweHeaders(keyEncryptionAlgorithm != null ? keyEncryptionAlgorithm.getAlgorithm() : null, str, str2));
    }

    public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm keyEncryptionAlgorithm, JweHeaders jweHeaders) {
        String contentEncryptionAlgorithm = jweHeaders.getContentEncryptionAlgorithm();
        return Algorithm.isAesCbcHmac(contentEncryptionAlgorithm) ? new AesCbcHmacJweEncryption(contentEncryptionAlgorithm, keyEncryptionAlgorithm) : new WrappedKeyJweEncryption(keyEncryptionAlgorithm, getContentEncryptionAlgorithm(contentEncryptionAlgorithm));
    }

    public static JweDecryptionProvider createJweDecryptionProvider(RSAPrivateKey rSAPrivateKey, String str, String str2) {
        return createJweDecryptionProvider(getRSAKeyDecryptionAlgorithm(rSAPrivateKey, str), str2);
    }

    public static JweDecryptionProvider createJweDecryptionProvider(SecretKey secretKey, String str, String str2) {
        return createJweDecryptionProvider(getSecretKeyDecryptionAlgorithm(secretKey, str), str2);
    }

    public static JweDecryptionProvider createJweDecryptionProvider(JsonWebKey jsonWebKey, String str) {
        return createJweDecryptionProvider(getKeyDecryptionAlgorithm(jsonWebKey), str);
    }

    public static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm keyDecryptionAlgorithm, String str) {
        return Algorithm.isAesCbcHmac(str) ? new AesCbcHmacJweDecryption(keyDecryptionAlgorithm, str) : new WrappedKeyJweDecryption(keyDecryptionAlgorithm, getContentDecryptionAlgorithm(str));
    }

    public static boolean validateCriticalHeaders(JoseHeaders joseHeaders) {
        return JoseUtils.validateCriticalHeaders(joseHeaders);
    }

    public static byte[] getECDHKey(JsonWebKey jsonWebKey, JsonWebKey jsonWebKey2, byte[] bArr, byte[] bArr2, String str, int i) {
        return getECDHKey(JwkUtils.toECPrivateKey(jsonWebKey), JwkUtils.toECPublicKey(jsonWebKey2), bArr, bArr2, str, i);
    }

    public static byte[] getECDHKey(ECPrivateKey eCPrivateKey, ECPublicKey eCPublicKey, byte[] bArr, byte[] bArr2, String str, int i) {
        return calculateDerivedKey(generateKeyZ(eCPrivateKey, eCPublicKey), str, bArr, bArr2, i);
    }

    public static byte[] getAdditionalAuthenticationData(String str, byte[] bArr) {
        byte[] cipherAdditionalAuthData = JweHeaders.toCipherAdditionalAuthData(str);
        if (bArr == null) {
            return cipherAdditionalAuthData;
        }
        byte[] copyOf = Arrays.copyOf(cipherAdditionalAuthData, cipherAdditionalAuthData.length + 1 + bArr.length);
        copyOf[cipherAdditionalAuthData.length] = 46;
        System.arraycopy(bArr, 0, copyOf, cipherAdditionalAuthData.length + 1, bArr.length);
        return copyOf;
    }

    private static byte[] calculateDerivedKey(byte[] bArr, String str, byte[] bArr2, byte[] bArr3, int i) {
        byte[] bArr4 = new byte[4];
        if (bArr2 != null && bArr3 != null && Arrays.equals(bArr2, bArr3)) {
            throw new SecurityException();
        }
        byte[] concatenateDatalenAndData = concatenateDatalenAndData(StringUtils.toBytesASCII(str));
        byte[] concatenateDatalenAndData2 = bArr2 == null ? bArr4 : concatenateDatalenAndData(bArr2);
        byte[] concatenateDatalenAndData3 = bArr3 == null ? bArr4 : concatenateDatalenAndData(bArr3);
        byte[] datalenToBytes = datalenToBytes(i);
        byte[] bArr5 = new byte[concatenateDatalenAndData.length + concatenateDatalenAndData2.length + concatenateDatalenAndData3.length + datalenToBytes.length];
        System.arraycopy(concatenateDatalenAndData, 0, bArr5, 0, concatenateDatalenAndData.length);
        System.arraycopy(concatenateDatalenAndData2, 0, bArr5, concatenateDatalenAndData.length, concatenateDatalenAndData2.length);
        System.arraycopy(concatenateDatalenAndData3, 0, bArr5, concatenateDatalenAndData.length + concatenateDatalenAndData2.length, concatenateDatalenAndData3.length);
        System.arraycopy(datalenToBytes, 0, bArr5, concatenateDatalenAndData.length + concatenateDatalenAndData2.length + concatenateDatalenAndData3.length, datalenToBytes.length);
        byte[] bArr6 = new byte[36 + bArr5.length];
        bArr6[3] = 1;
        System.arraycopy(bArr, 0, bArr6, 4, bArr.length);
        System.arraycopy(bArr5, 0, bArr6, 36, bArr5.length);
        try {
            return Arrays.copyOf(MessageDigestUtils.createDigest(bArr6, MessageDigestUtils.ALGO_SHA_256), i / 8);
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    private static byte[] generateKeyZ(ECPrivateKey eCPrivateKey, ECPublicKey eCPublicKey) {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(eCPrivateKey);
            keyAgreement.doPhase(eCPublicKey, true);
            return keyAgreement.generateSecret();
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    private static byte[] concatenateDatalenAndData(byte[] bArr) {
        byte[] datalenToBytes = datalenToBytes(bArr.length);
        byte[] bArr2 = new byte[4 + bArr.length];
        System.arraycopy(datalenToBytes, 0, bArr2, 0, 4);
        System.arraycopy(bArr, 0, bArr2, 4, bArr.length);
        return bArr2;
    }

    private static byte[] datalenToBytes(int i) {
        return ByteBuffer.allocate(4).putInt(i).array();
    }

    private static JweHeaders prepareJweHeaders(String str, String str2, String str3) {
        JweHeaders jweHeaders = new JweHeaders();
        if (str != null) {
            jweHeaders.setAlgorithm(str);
            jweHeaders.setContentEncryptionAlgorithm(str2);
            if (str3 != null) {
                jweHeaders.setZipAlgorithm(str3);
            }
        }
        return jweHeaders;
    }

    private static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm keyEncryptionAlgorithm, ContentEncryptionAlgorithm contentEncryptionAlgorithm, String str, String str2) {
        if (keyEncryptionAlgorithm == null && contentEncryptionAlgorithm == null) {
            throw new SecurityException();
        }
        return keyEncryptionAlgorithm != null ? createJweEncryptionProvider(keyEncryptionAlgorithm, prepareJweHeaders(keyEncryptionAlgorithm != null ? keyEncryptionAlgorithm.getAlgorithm() : null, str, str2)) : new DirectKeyJweEncryption(contentEncryptionAlgorithm);
    }

    private static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm keyDecryptionAlgorithm, SecretKey secretKey, String str) {
        if (keyDecryptionAlgorithm == null && secretKey == null) {
            throw new SecurityException();
        }
        return keyDecryptionAlgorithm != null ? createJweDecryptionProvider(keyDecryptionAlgorithm, str) : getDirectKeyJweDecryption(secretKey, str);
    }

    private static String getKeyEncryptionAlgo(Message message, Properties properties, String str, String str2) {
        if (str != null) {
            return str;
        }
        if (str2 == null) {
            str2 = JoseConstants.RSA_OAEP_ALGO;
        }
        return KeyManagementUtils.getKeyAlgorithm(message, properties, JSON_WEB_ENCRYPTION_KEY_ALGO_PROP, str2);
    }

    private static String getDefaultKeyAlgo(JsonWebKey jsonWebKey) {
        return JsonWebKey.KEY_TYPE_OCTET.equals(jsonWebKey.getKeyType()) ? JoseConstants.A128GCMKW_ALGO : JoseConstants.RSA_OAEP_ALGO;
    }

    private static String getContentEncryptionAlgo(Message message, Properties properties, String str) {
        return str == null ? KeyManagementUtils.getKeyAlgorithm(message, properties, JSON_WEB_ENCRYPTION_CEK_ALGO_PROP, JoseConstants.A128GCM_ALGO) : str;
    }

    private static String encrypt(KeyEncryptionAlgorithm keyEncryptionAlgorithm, String str, byte[] bArr, String str2) {
        return createJweEncryptionProvider(keyEncryptionAlgorithm, str, (String) null).encrypt(bArr, toJweHeaders(str2));
    }

    private static byte[] decrypt(KeyDecryptionAlgorithm keyDecryptionAlgorithm, String str, String str2) {
        return createJweDecryptionProvider(keyDecryptionAlgorithm, str).decrypt(str2).getContent();
    }

    private static JweHeaders toJweHeaders(String str) {
        return new JweHeaders((Map<String, Object>) Collections.singletonMap(JoseConstants.HEADER_CONTENT_TYPE, str));
    }
}
