package com.squareup.encryption;

import android.util.Base64;
import androidx.annotation.Nullable;
import com.squareup.util.Streams;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.HashMap;
import java.util.Map;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class JweEncryptor<K> extends AbstractCryptoPrimitive<K> {
    protected static final String AES_CBC = "AES/CBC/PKCS5Padding";
    private static final Charset ASCII;
    private static final int AUTH_TAG_BYTES = 16;
    private static final int BASE64_FLAGS = 11;
    private static final Map<String, String> HEADER_VALUES = new HashMap();
    private static final String HMAC_SHA256 = "HmacSHA256";
    private static final String KEY_ID_FIELD = "kid";
    protected static final String RSA_PKCS15 = "RSA/ECB/PKCS1Padding";
    private Map<String, String> additionalHeaders;
    private final String keyId;
    private final RSAPublicKey publicKey;
    private final SecureRandom secureRandom;

    static {
        HEADER_VALUES.put("alg", "RSA1_5");
        HEADER_VALUES.put("enc", "A128CBC-HS256");
        HEADER_VALUES.put("zip", "DEF");
        ASCII = Charset.forName("US-ASCII");
    }

    private JweEncryptor(JweEncryptor<K> jweEncryptor, Map<String, String> map) {
        super(jweEncryptor);
        this.additionalHeaders = new HashMap();
        this.publicKey = jweEncryptor.publicKey;
        this.secureRandom = jweEncryptor.secureRandom;
        this.keyId = jweEncryptor.keyId;
        this.additionalHeaders.putAll(jweEncryptor.additionalHeaders);
        this.additionalHeaders.putAll(map);
    }

    public JweEncryptor(K k, CryptoKeyAdapter<K> cryptoKeyAdapter) throws CertificateException {
        super(k, cryptoKeyAdapter);
        this.additionalHeaders = new HashMap();
        this.publicKey = (RSAPublicKey) ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(cryptoKeyAdapter.getRawKey(k)))).getPublicKey();
        this.secureRandom = new SecureRandom();
        this.keyId = cryptoKeyAdapter.getKeyId(k);
    }

    private byte[] aesEncrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws InvalidKeyException {
        try {
            Cipher cipher = Cipher.getInstance(AES_CBC);
            cipher.init(1, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(bArr2));
            return cipher.doFinal(bArr3);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new RuntimeException(e);
        }
    }

    private byte[] buildHeader() {
        JSONObject jSONObject = new JSONObject();
        try {
            for (Map.Entry<String, String> entry : this.additionalHeaders.entrySet()) {
                jSONObject.put(entry.getKey(), entry.getValue());
            }
            for (Map.Entry<String, String> entry2 : HEADER_VALUES.entrySet()) {
                jSONObject.put(entry2.getKey(), entry2.getValue());
            }
            if (this.keyId != null) {
                jSONObject.put(KEY_ID_FIELD, this.keyId);
            }
            return jSONObject.toString().getBytes(ASCII);
        } catch (JSONException e) {
            throw new RuntimeException(e);
        }
    }

    private static byte[] deflate(byte[] bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, new Deflater(-1, true));
        try {
            try {
                deflaterOutputStream.write(bArr);
                deflaterOutputStream.finish();
                Streams.closeQuietly(deflaterOutputStream);
                return byteArrayOutputStream.toByteArray();
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            Streams.closeQuietly(deflaterOutputStream);
            throw th;
        }
    }

    private byte[] hmacSha256(byte[] bArr, byte[] bArr2) throws InvalidKeyException {
        try {
            Mac mac = Mac.getInstance(HMAC_SHA256);
            mac.init(new SecretKeySpec(bArr, "HMAC"));
            return ByteBuffer.allocate(16).put(mac.doFinal(bArr2), 0, 16).array();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private byte[] rsaEncrypt(RSAPublicKey rSAPublicKey, byte[] bArr) throws InvalidKeyException {
        try {
            Cipher cipher = Cipher.getInstance(RSA_PKCS15);
            cipher.init(1, rSAPublicKey, this.secureRandom);
            return cipher.doFinal(bArr);
        } catch (NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new RuntimeException(e);
        }
    }

    private static void zeroOutBytes(@Nullable byte[] bArr) {
        if (bArr == null) {
            return;
        }
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = 0;
        }
    }

    @Override // com.squareup.encryption.AbstractCryptoPrimitive
    protected CryptoResult<K> doCompute(byte[] bArr) throws InvalidKeyException {
        byte[] buildHeader = buildHeader();
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[16];
        byte[] bArr4 = new byte[16];
        this.secureRandom.nextBytes(bArr2);
        this.secureRandom.nextBytes(bArr3);
        this.secureRandom.nextBytes(bArr4);
        ByteBuffer allocate = ByteBuffer.allocate(32);
        allocate.put(bArr4);
        allocate.put(bArr3);
        byte[] rsaEncrypt = rsaEncrypt(this.publicKey, allocate.array());
        byte[] aesEncrypt = aesEncrypt(bArr3, bArr2, deflate(bArr));
        byte[] encode = Base64.encode(buildHeader, 11);
        byte[] hmacSha256 = hmacSha256(bArr4, ByteBuffer.allocate(encode.length + bArr2.length + aesEncrypt.length + 8).put(encode).put(bArr2).put(aesEncrypt).putLong(encode.length * 8).array());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(buildHeader.length + rsaEncrypt.length + bArr2.length + aesEncrypt.length + hmacSha256.length + 8);
        try {
            try {
                Base64OutputStream base64OutputStream = new Base64OutputStream(byteArrayOutputStream, 11);
                Throwable th = null;
                try {
                    base64OutputStream.writeFinal(buildHeader);
                    byteArrayOutputStream.write(46);
                    base64OutputStream.writeFinal(rsaEncrypt);
                    byteArrayOutputStream.write(46);
                    base64OutputStream.writeFinal(bArr2);
                    byteArrayOutputStream.write(46);
                    base64OutputStream.writeFinal(aesEncrypt);
                    byteArrayOutputStream.write(46);
                    base64OutputStream.writeFinal(hmacSha256);
                    base64OutputStream.close();
                    Streams.closeQuietly(byteArrayOutputStream);
                    zeroOutBytes(bArr2);
                    zeroOutBytes(bArr3);
                    zeroOutBytes(bArr4);
                    zeroOutBytes(aesEncrypt);
                    zeroOutBytes(rsaEncrypt);
                    zeroOutBytes(hmacSha256);
                    zeroOutBytes(encode);
                    return new CryptoResult<>(getKey(), byteArrayOutputStream.toByteArray());
                } catch (Throwable th2) {
                    if (0 != 0) {
                        try {
                            base64OutputStream.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        base64OutputStream.close();
                    }
                    throw th2;
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th4) {
            Streams.closeQuietly(byteArrayOutputStream);
            zeroOutBytes(bArr2);
            zeroOutBytes(bArr3);
            zeroOutBytes(bArr4);
            zeroOutBytes(aesEncrypt);
            zeroOutBytes(rsaEncrypt);
            zeroOutBytes(hmacSha256);
            zeroOutBytes(encode);
            throw th4;
        }
    }

    public JweEncryptor<K> withAdditionalHeaders(Map<String, String> map) {
        return new JweEncryptor<>(this, map);
    }
}
