package org.jose4j.jwe;

import defpackage.bc;
import defpackage.g;
import defpackage.g0;
import defpackage.q4;
import defpackage.u9;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECFieldFp;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import java.util.Iterator;
import java.util.Set;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.SecretKeySpec;
import org.jose4j.base64url.Base64Url;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwa.AlgorithmAvailability;
import org.jose4j.jwa.AlgorithmInfo;
import org.jose4j.jwa.CryptoPrimitive;
import org.jose4j.jwe.kdf.KdfUtil;
import org.jose4j.jwk.EllipticCurveJsonWebKey;
import org.jose4j.jwk.OctetKeyPairJsonWebKey;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwx.Headers;
import org.jose4j.keys.EcKeyUtil;
import org.jose4j.keys.EllipticCurves;
import org.jose4j.keys.KeyPersuasion;
import org.jose4j.keys.OctetKeyPairUtil;
import org.jose4j.keys.XDHKeyUtil;
import org.jose4j.lang.ByteUtil;
import org.jose4j.lang.InvalidKeyException;
import org.jose4j.lang.JoseException;
import org.jose4j.lang.StringUtil;
import org.jose4j.lang.UncheckedJoseException;
import org.slf4j.Logger;

/* loaded from: classes6.dex */
public class EcdhKeyAgreementAlgorithm extends AlgorithmInfo implements KeyManagementAlgorithm {
    public final String f;

    public EcdhKeyAgreementAlgorithm() {
        this.f = "enc";
        setAlgorithmIdentifier("ECDH-ES");
        setJavaAlgorithm("ECDH");
        setKeyType("EC");
        setKeyPersuasion(KeyPersuasion.ASYMMETRIC);
    }

    public EcdhKeyAgreementAlgorithm(int i) {
        this();
        this.f = "alg";
    }

    public static void p(ECKey eCKey) throws InvalidKeyException {
        if ("secp256k1".equals((String) EllipticCurves.b.get(eCKey.getParams().getCurve()))) {
            throw new InvalidKeyException("Use of the secp256k1 curve is not defined for ECDH-ES key agreement with JOSE.");
        }
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public final void a(Key key, ContentEncryptionAlgorithm contentEncryptionAlgorithm) throws InvalidKeyException {
        boolean z;
        if (key instanceof ECPublicKey) {
            return;
        }
        BigInteger bigInteger = XDHKeyUtil.c;
        try {
            z = bc.t(key);
        } catch (NoClassDefFoundError unused) {
            z = false;
        }
        if (z) {
            return;
        }
        throw new InvalidKeyException("Encrypting with ECDH expects ECPublicKey or XECPublicKey but was given " + key);
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public final void c(Key key, ContentEncryptionAlgorithm contentEncryptionAlgorithm) throws InvalidKeyException {
        boolean z;
        if (key instanceof ECPrivateKey) {
            return;
        }
        BigInteger bigInteger = XDHKeyUtil.c;
        try {
            z = bc.x(key);
        } catch (NoClassDefFoundError unused) {
            z = false;
        }
        if (z) {
            return;
        }
        throw new InvalidKeyException("Decrypting with ECDH expects ECPrivateKey or XECPrivateKey but was given " + key);
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public final CryptoPrimitive d(Key key, Headers headers, ProviderContext providerContext) throws JoseException {
        PublicKey publicKey = headers.a("epk", providerContext.getGeneralProviderContext().getKeyFactoryProvider()).getPublicKey();
        PrivateKey privateKey = (PrivateKey) key;
        if (publicKey instanceof ECPublicKey) {
            ECPrivateKey eCPrivateKey = (ECPrivateKey) key;
            p(eCPrivateKey);
            EllipticCurve curve = eCPrivateKey.getParams().getCurve();
            ECPoint w = ((ECPublicKey) publicKey).getW();
            BigInteger affineX = w.getAffineX();
            BigInteger affineY = w.getAffineY();
            BigInteger a2 = curve.getA();
            BigInteger b = curve.getB();
            BigInteger p = ((ECFieldFp) curve.getField()).getP();
            if (!affineY.pow(2).mod(p).equals(affineX.pow(3).add(a2.multiply(affineX)).add(b).mod(p))) {
                throw new InvalidKeyException("epk is invalid for " + ((String) EllipticCurves.b.get(curve)));
            }
        }
        return new CryptoPrimitive(null, null, null, null, q(privateKey, publicKey, providerContext));
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public final ContentEncryptionKeys i(Key key, ContentEncryptionKeyDescriptor contentEncryptionKeyDescriptor, Headers headers, byte[] bArr, ProviderContext providerContext) throws JoseException {
        boolean z;
        AlgorithmParameterSpec params;
        String name;
        PublicJsonWebKey publicJsonWebKey;
        String algorithmIdentifier = getAlgorithmIdentifier();
        if (bArr != null) {
            throw new InvalidKeyException(g0.q("An explicit content encryption key cannot be used with ", algorithmIdentifier));
        }
        String keyPairGeneratorProvider = providerContext.getGeneralProviderContext().getKeyPairGeneratorProvider();
        SecureRandom secureRandom = providerContext.getSecureRandom();
        if (key instanceof ECPublicKey) {
            ECPublicKey eCPublicKey = (ECPublicKey) key;
            p(eCPublicKey);
            KeyPair a2 = new EcKeyUtil(keyPairGeneratorProvider, secureRandom).a(eCPublicKey.getParams());
            publicJsonWebKey = (EllipticCurveJsonWebKey) PublicJsonWebKey.Factory.b(a2.getPublic());
            publicJsonWebKey.setPrivateKey(a2.getPrivate());
        } else {
            BigInteger bigInteger = XDHKeyUtil.c;
            try {
                z = bc.t(key);
            } catch (NoClassDefFoundError unused) {
                z = false;
            }
            if (!z) {
                throw new InvalidKeyException("Inappropriate key for ECDH: " + key);
            }
            params = g.o(key).getParams();
            name = g.u(params).getName();
            OctetKeyPairUtil c = OctetKeyPairUtil.c(name, keyPairGeneratorProvider, secureRandom);
            if (c == null) {
                throw new IllegalArgumentException(q4.l("Cannot create OKP JWK. The subtype/crv \"", name, "\" is unknown or unsupported."));
            }
            KeyPair a3 = c.a(name);
            publicJsonWebKey = (OctetKeyPairJsonWebKey) PublicJsonWebKey.Factory.b(a3.getPublic());
            publicJsonWebKey.setPrivateKey(a3.getPrivate());
        }
        headers.setJwkHeaderValue("epk", publicJsonWebKey);
        return new ContentEncryptionKeys(r(contentEncryptionKeyDescriptor, headers, q(publicJsonWebKey.getPrivateKey(), (PublicKey) key, providerContext).generateSecret(), providerContext), null);
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public final Key m(CryptoPrimitive cryptoPrimitive, byte[] bArr, ContentEncryptionKeyDescriptor contentEncryptionKeyDescriptor, Headers headers, ProviderContext providerContext) throws JoseException {
        return new SecretKeySpec(r(contentEncryptionKeyDescriptor, headers, cryptoPrimitive.getKeyAgreement().generateSecret(), providerContext), contentEncryptionKeyDescriptor.getContentEncryptionKeyAlgorithm());
    }

    @Override // org.jose4j.jwa.Algorithm
    public final boolean n() {
        boolean z;
        EcKeyUtil ecKeyUtil = new EcKeyUtil();
        Set<String> algorithms = Security.getAlgorithms("KeyFactory");
        Set<String> algorithms2 = Security.getAlgorithms("KeyPairGenerator");
        String algorithm = ecKeyUtil.getAlgorithm();
        if (algorithms2.contains(algorithm) && algorithms.contains(algorithm)) {
            String javaAlgorithm = getJavaAlgorithm();
            Logger logger = AlgorithmAvailability.f10156a;
            Set<String> algorithms3 = Security.getAlgorithms("KeyAgreement");
            Iterator<String> it = algorithms3.iterator();
            while (true) {
                if (!it.hasNext()) {
                    AlgorithmAvailability.f10156a.debug("{} is NOT available for {}. Algorithms available from underlying JCE: {}", javaAlgorithm, "KeyAgreement", algorithms3);
                    z = false;
                    break;
                }
                if (it.next().equalsIgnoreCase(javaAlgorithm)) {
                    z = true;
                    break;
                }
            }
            if (z) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r6v12 */
    /* JADX WARN: Type inference failed for: r6v13 */
    /* JADX WARN: Type inference failed for: r6v2, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r6v8, types: [javax.crypto.KeyAgreement] */
    public final KeyAgreement q(PrivateKey privateKey, PublicKey publicKey, ProviderContext providerContext) throws JoseException {
        String keyAgreementProvider = providerContext.getSuppliedKeyProviderContext().getKeyAgreementProvider();
        String javaAlgorithm = privateKey instanceof ECPrivateKey ? getJavaAlgorithm() : "XDH";
        try {
            keyAgreementProvider = keyAgreementProvider == 0 ? KeyAgreement.getInstance(javaAlgorithm) : KeyAgreement.getInstance(javaAlgorithm, (String) keyAgreementProvider);
            try {
                keyAgreementProvider.init(privateKey);
                keyAgreementProvider.doPhase(publicKey, true);
                return keyAgreementProvider;
            } catch (java.security.InvalidKeyException e) {
                throw new InvalidKeyException("Invalid Key for " + getJavaAlgorithm() + " key agreement - " + e, e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new UncheckedJoseException(q4.l("No ", javaAlgorithm, " KeyAgreement available."), e2);
        } catch (NoSuchProviderException e3) {
            throw new JoseException(u9.q("Cannot get ", javaAlgorithm, " KeyAgreement with provider ", keyAgreementProvider), e3);
        }
    }

    public final byte[] r(ContentEncryptionKeyDescriptor contentEncryptionKeyDescriptor, Headers headers, byte[] bArr, ProviderContext providerContext) {
        KdfUtil kdfUtil = new KdfUtil(providerContext.getGeneralProviderContext().getMessageDigestProvider());
        int a2 = ByteUtil.a(contentEncryptionKeyDescriptor.getContentEncryptionKeyByteLength());
        String b = headers.b(this.f);
        String b2 = headers.b("apu");
        String b3 = headers.b("apv");
        byte[] a3 = StringUtil.a(b, "UTF-8");
        byte[] bArr2 = ByteUtil.f10177a;
        if (a3 == null) {
            a3 = bArr2;
        }
        byte[] b4 = ByteUtil.b(ByteUtil.c(a3.length), a3);
        Base64Url base64Url = kdfUtil.f10170a;
        byte[] a4 = base64Url.a(b2);
        if (a4 == null) {
            a4 = bArr2;
        }
        byte[] b5 = ByteUtil.b(ByteUtil.c(a4.length), a4);
        byte[] a5 = base64Url.a(b3);
        if (a5 == null) {
            a5 = bArr2;
        }
        return kdfUtil.b.a(bArr, a2, ByteUtil.b(b4, b5, ByteUtil.b(ByteUtil.c(a5.length), a5), ByteUtil.c(a2), bArr2));
    }
}
