package be.atbash.ee.security.octopus.nimbus.jose.crypto;

import be.atbash.ee.security.octopus.nimbus.jose.JOSEException;
import be.atbash.ee.security.octopus.nimbus.jose.KeyLengthException;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AESCryptoProvider;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AESGCM;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AESGCMKW;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AESKW;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AlgorithmSupportMessage;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AuthenticatedCipherText;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.ContentCryptoProvider;
import be.atbash.ee.security.octopus.nimbus.jwk.OctetSequenceKey;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEAlgorithm;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWECryptoParts;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEEncrypter;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEHeader;
import be.atbash.ee.security.octopus.nimbus.util.Base64URLValue;
import be.atbash.ee.security.octopus.nimbus.util.ByteUtils;
import be.atbash.ee.security.octopus.nimbus.util.Container;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jose/crypto/AESEncrypter.class */
public class AESEncrypter extends AESCryptoProvider implements JWEEncrypter {

    /* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jose/crypto/AESEncrypter$AlgFamily.class */
    private enum AlgFamily {
        AESKW,
        AESGCMKW
    }

    public AESEncrypter(SecretKey secretKey) {
        super(secretKey);
    }

    public AESEncrypter(byte[] bArr) {
        this(new SecretKeySpec(bArr, "AES"));
    }

    public AESEncrypter(OctetSequenceKey octetSequenceKey) {
        this(octetSequenceKey.toSecretKey());
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEEncrypter
    public JWECryptoParts encrypt(JWEHeader jWEHeader, byte[] bArr) {
        AlgFamily algFamily;
        Base64URLValue encode;
        JWEHeader build;
        JWEAlgorithm algorithm = jWEHeader.getAlgorithm();
        if (algorithm.equals(JWEAlgorithm.A128KW)) {
            if (ByteUtils.safeBitLength(getKey().getEncoded()) != 128) {
                throw new KeyLengthException("The Key Encryption Key (KEK) length must be 128 bits for A128KW encryption");
            }
            algFamily = AlgFamily.AESKW;
        } else if (algorithm.equals(JWEAlgorithm.A192KW)) {
            if (ByteUtils.safeBitLength(getKey().getEncoded()) != 192) {
                throw new KeyLengthException("The Key Encryption Key (KEK) length must be 192 bits for A192KW encryption");
            }
            algFamily = AlgFamily.AESKW;
        } else if (algorithm.equals(JWEAlgorithm.A256KW)) {
            if (ByteUtils.safeBitLength(getKey().getEncoded()) != 256) {
                throw new KeyLengthException("The Key Encryption Key (KEK) length must be 256 bits for A256KW encryption");
            }
            algFamily = AlgFamily.AESKW;
        } else if (algorithm.equals(JWEAlgorithm.A128GCMKW)) {
            if (ByteUtils.safeBitLength(getKey().getEncoded()) != 128) {
                throw new KeyLengthException("The Key Encryption Key (KEK) length must be 128 bits for A128GCMKW encryption");
            }
            algFamily = AlgFamily.AESGCMKW;
        } else if (algorithm.equals(JWEAlgorithm.A192GCMKW)) {
            if (ByteUtils.safeBitLength(getKey().getEncoded()) != 192) {
                throw new KeyLengthException("The Key Encryption Key (KEK) length must be 192 bits for A192GCMKW encryption");
            }
            algFamily = AlgFamily.AESGCMKW;
        } else {
            if (!algorithm.equals(JWEAlgorithm.A256GCMKW)) {
                throw new JOSEException(AlgorithmSupportMessage.unsupportedJWEAlgorithm(algorithm, SUPPORTED_ALGORITHMS));
            }
            if (ByteUtils.safeBitLength(getKey().getEncoded()) != 256) {
                throw new KeyLengthException("The Key Encryption Key (KEK) length must be 256 bits for A256GCMKW encryption");
            }
            algFamily = AlgFamily.AESGCMKW;
        }
        SecretKey generateCEK = ContentCryptoProvider.generateCEK(jWEHeader.getEncryptionMethod());
        if (AlgFamily.AESKW.equals(algFamily)) {
            encode = Base64URLValue.encode(AESKW.wrapCEK(generateCEK, getKey()));
            build = jWEHeader;
        } else {
            Container container = new Container(AESGCM.generateIV());
            AuthenticatedCipherText encryptCEK = AESGCMKW.encryptCEK(generateCEK, container, getKey());
            encode = Base64URLValue.encode(encryptCEK.getCipherText());
            build = new JWEHeader.Builder(jWEHeader).iv(Base64URLValue.encode((byte[]) container.get())).authTag(Base64URLValue.encode(encryptCEK.getAuthenticationTag())).build();
        }
        return ContentCryptoProvider.encrypt(build, bArr, generateCEK, encode);
    }
}
