package net.netca.pki.encoding.json.jose;

import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.json.JSON;
import net.netca.pki.encoding.json.jose.impl.jce.JCEGenerateRandom;
import net.netca.pki.u;

/* loaded from: classes.dex */
public class JWEBuilder {
    private byte[] aad;
    private ArrayList<X509Certificate> certsChain;
    private IJWEKDF kdfObj;
    private IJWEKeyAgreement keyAgreementObj;
    private IJWEKeyWrap keywrapObj;
    private IJWEPublicKeyEncrypter publicKeyEncrypter;
    private IRandomGenerator randGenerator;
    private IJWECipher symEncrypter;
    private int type;
    private IHash hashInterface = null;
    private ArrayList<JWERecipienter> recipienters = new ArrayList<>();
    private Header protectedHeader = new Header();
    private Header shareUnprotectedHeader = new Header();
    private String contentEncryptedAlgo = null;

    public JWEBuilder(int i) {
        this.type = -1;
        if (i == 1 || i == 2) {
            this.type = i;
        } else {
            throw new u("no support JWE type " + i);
        }
    }

    private void addCompactTypeKEKHeader(JWERecipientInfo jWERecipientInfo) {
        JSON unProtectedHeader;
        Header header;
        String str;
        String cekAlgo = jWERecipientInfo.getCekAlgo();
        if (cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_RSA1_5) || cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_RSA_OAEP) || cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_RSA_OAEP_256) || cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_SM2_ENCRYPT)) {
            Utils.addCertInfo(this.protectedHeader, jWERecipientInfo.getCertIdType(), jWERecipientInfo.getCert(), this.hashInterface, this.certsChain);
        } else {
            if (cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_AES_128_GCM_KEYWRAP) || cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_AES_192_GCM_KEYWRAP) || cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_AES_256_GCM_KEYWRAP)) {
                JSON unProtectedHeader2 = jWERecipientInfo.getUnProtectedHeader(HeaderParameterNames.INITIALIZATION_VECTOR);
                unProtectedHeader = jWERecipientInfo.getUnProtectedHeader(HeaderParameterNames.AUTHENTICATION_TAG);
                if (unProtectedHeader2 == null || unProtectedHeader == null) {
                    throw new u(String.valueOf(cekAlgo) + "addCompactTypeKEKHeader fail, no iv or tag header");
                }
                this.protectedHeader.addHeaderValue(HeaderParameterNames.INITIALIZATION_VECTOR, unProtectedHeader2);
                header = this.protectedHeader;
                str = HeaderParameterNames.AUTHENTICATION_TAG;
            } else if (cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_PBES2_HMAC_SHA256_AES_128_KEYWRAP) || cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_PBES2_HMAC_SHA384_AES_192_KEYWRAP) || cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_PBES2_HMAC_SHA512_AES_256_KEYWRAP)) {
                JSON unProtectedHeader3 = jWERecipientInfo.getUnProtectedHeader(HeaderParameterNames.PBES2_SALT_INPUT);
                unProtectedHeader = jWERecipientInfo.getUnProtectedHeader(HeaderParameterNames.PBES2_ITERATION_COUNT);
                if (unProtectedHeader3 == null || unProtectedHeader == null) {
                    throw new u(String.valueOf(cekAlgo) + "addCompactTypeKEKHeader fail, no salt or count header");
                }
                this.protectedHeader.addHeaderValue(HeaderParameterNames.PBES2_SALT_INPUT, unProtectedHeader3);
                header = this.protectedHeader;
                str = HeaderParameterNames.PBES2_ITERATION_COUNT;
            } else if (cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_ECDH_ES) || cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_ECDH_ES_AES_128_KEYWRAP) || cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_ECDH_ES_AES_192_KEYWRAP) || cekAlgo.equals(JWE.ENCRYPT_CEK_ALGO_ECDH_ES_AES_256_KEYWRAP)) {
                JSON unProtectedHeader4 = jWERecipientInfo.getUnProtectedHeader(HeaderParameterNames.EPHEMERAL_PUBLIC_KEY);
                JSON unProtectedHeader5 = jWERecipientInfo.getUnProtectedHeader(HeaderParameterNames.AGREEMENT_PARTY_U_INFO);
                unProtectedHeader = jWERecipientInfo.getUnProtectedHeader(HeaderParameterNames.AGREEMENT_PARTY_V_INFO);
                if (unProtectedHeader4 == null) {
                    throw new u(String.valueOf(cekAlgo) + "addCompactTypeKEKHeader fail, no epk ,apu or apv header");
                }
                this.protectedHeader.addHeaderValue(HeaderParameterNames.EPHEMERAL_PUBLIC_KEY, unProtectedHeader4);
                if (unProtectedHeader5 != null) {
                    this.protectedHeader.addHeaderValue(HeaderParameterNames.AGREEMENT_PARTY_U_INFO, unProtectedHeader5);
                }
                if (unProtectedHeader != null) {
                    header = this.protectedHeader;
                    str = HeaderParameterNames.AGREEMENT_PARTY_V_INFO;
                }
            }
            header.addHeaderValue(str, unProtectedHeader);
        }
        this.protectedHeader.addHeaderValue(HeaderParameterNames.ALGORITHM, cekAlgo);
    }

    private void checkHasDupHeaderParams() {
        int size = this.recipienters.size();
        for (int i = 0; i < size; i++) {
            if (Utils.hasDupItemInThreeHeaders(this.protectedHeader, this.shareUnprotectedHeader, this.recipienters.get(i).getUnProtectHeader())) {
                throw new u("hasDupItem In  headerparams");
            }
        }
    }

    private void checkParams(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            throw new u("bad  encrypt data");
        }
        if (this.contentEncryptedAlgo == null) {
            throw new u("no set contentEncAlgo");
        }
        if (this.recipienters.size() == 0) {
            throw new u("no set recipienter");
        }
        if (this.symEncrypter == null) {
            throw new u("no set symEncrypter");
        }
        if (this.randGenerator == null) {
            this.randGenerator = new JCEGenerateRandom();
        }
        checkHasDupHeaderParams();
    }

    private void checkPublicHeaderParam(String str) {
        if (str.equals(HeaderParameterNames.ALGORITHM)) {
            throw new u("Cannt set PublicHeaderParam alg");
        }
        if (str.equals(HeaderParameterNames.ENCRYPTION_METHOD)) {
            throw new u("Cannt set PublicHeaderParam alg");
        }
    }

    private byte[] genCekKey() {
        return this.randGenerator.generate(getCekKeyLength());
    }

    private int getCekKeyLength() {
        if (this.contentEncryptedAlgo.equals(JWE.CONTENT_ENC_ALGO_AES_128_CBC_HMAC_SHA_256)) {
            return 32;
        }
        if (this.contentEncryptedAlgo.equals(JWE.CONTENT_ENC_ALGO_AES_192_CBC_HMAC_SHA_384)) {
            return 48;
        }
        if (this.contentEncryptedAlgo.equals(JWE.CONTENT_ENC_ALGO_AES_256_CBC_HMAC_SHA_512)) {
            return 64;
        }
        if (this.contentEncryptedAlgo.equals(JWE.CONTENT_ENC_ALGO_AES_128_GCM)) {
            return 16;
        }
        if (this.contentEncryptedAlgo.equals(JWE.CONTENT_ENC_ALGO_AES_192_GCM)) {
            return 24;
        }
        if (this.contentEncryptedAlgo.equals(JWE.CONTENT_ENC_ALGO_AES_256_GCM) || this.contentEncryptedAlgo.equals(JWE.CONTENT_ENC_ALGO_SM4_CBC_HMAC_SM3)) {
            return 32;
        }
        throw new u("unknown cek algo");
    }

    private byte[] getEncryptedContentInfoAad() {
        try {
            byte[] bytes = getProtectHeaderEncode().getBytes("US-ASCII");
            if (this.aad == null) {
                return bytes;
            }
            try {
                return Utils.genJWEEncryptedContentInfoAad(bytes, Utils.getBase64URLEncode(this.aad).getBytes("US-ASCII"));
            } catch (UnsupportedEncodingException unused) {
                throw new u("getAadEncodeBytes fail");
            }
        } catch (UnsupportedEncodingException unused2) {
            throw new u("getProtectHeaderEncodeBytes fail");
        }
    }

    public static JWEBuilder getInstance(int i) {
        return new JWEBuilder(i);
    }

    private String getProtectHeaderEncode() {
        byte[] normalize = this.protectedHeader.getJSONObject().normalize();
        if (normalize != null) {
            return Utils.getBase64URLEncode(normalize);
        }
        throw new u("getProtectHeaderEncode fail");
    }

    private void updateProtectedHeader(ArrayList<JWERecipientInfo> arrayList) {
        if (this.type == 1) {
            addCompactTypeKEKHeader(arrayList.get(0));
        }
        if (!(this.recipienters.size() > 1)) {
            this.protectedHeader.addHeaderValue(HeaderParameterNames.ALGORITHM, arrayList.get(0).getCekAlgo());
        }
        this.protectedHeader.addHeaderValue(HeaderParameterNames.ENCRYPTION_METHOD, this.contentEncryptedAlgo);
    }

    public JWEBuilder addCertChain(ArrayList<X509Certificate> arrayList) {
        this.certsChain = arrayList;
        return this;
    }

    public JWEBuilder addProtectedHeader(String str, String str2) {
        checkPublicHeaderParam(str);
        this.protectedHeader.addHeaderValue(str, str2);
        return this;
    }

    public JWEBuilder addProtectedHeader(String str, JSON json) {
        checkPublicHeaderParam(str);
        this.protectedHeader.addHeaderValue(str, json);
        return this;
    }

    public JWEBuilder addRecipienter(JWERecipienter jWERecipienter) {
        if (this.type == 1 && this.recipienters.size() > 0) {
            throw new u("COMPACT_SERIALIZATION type cannt set multi recipienter");
        }
        this.recipienters.add(jWERecipienter);
        return this;
    }

    public JWEBuilder addShareUnProtectedHeader(String str, String str2) {
        checkPublicHeaderParam(str);
        this.shareUnprotectedHeader.addHeaderValue(str, str2);
        return this;
    }

    public JWEBuilder addShareUnProtectedHeader(String str, JSON json) {
        checkPublicHeaderParam(str);
        this.shareUnprotectedHeader.addHeaderValue(str, json);
        return this;
    }

    public JWE encrypt(byte[] bArr) {
        checkParams(bArr);
        byte[] genCekKey = genCekKey();
        try {
            ArrayList<JWERecipientInfo> arrayList = new ArrayList<>();
            boolean z = this.recipienters.size() > 1;
            int i = 0;
            while (i < this.recipienters.size()) {
                int i2 = i;
                arrayList.add(this.recipienters.get(i).encryptKek(this.type, this.contentEncryptedAlgo, genCekKey, this.publicKeyEncrypter, this.symEncrypter, this.randGenerator, this.keywrapObj, this.kdfObj, this.keyAgreementObj, this.hashInterface, z));
                i = i2 + 1;
            }
            updateProtectedHeader(arrayList);
            JWE jwe = new JWE(this.type, this.protectedHeader, getProtectHeaderEncode(), this.shareUnprotectedHeader, arrayList, this.contentEncryptedAlgo, this.aad == null ? null : Utils.getBase64URLEncode(this.aad), JWEEncryptedContentInfo.getEncryptedContentInfo(this.contentEncryptedAlgo, bArr, genCekKey, getEncryptedContentInfoAad(), this.symEncrypter, this.randGenerator));
            if (this.hashInterface != null) {
                jwe.setHashImplement(this.hashInterface);
            }
            return jwe;
        } finally {
            Arrays.fill(genCekKey, (byte) 0);
        }
    }

    public JWEBuilder setAad(byte[] bArr) {
        this.aad = bArr;
        return this;
    }

    public JWEBuilder setContentEncAlgo(String str) {
        if (str.equals(JWE.CONTENT_ENC_ALGO_AES_128_CBC_HMAC_SHA_256) || str.equals(JWE.CONTENT_ENC_ALGO_AES_192_CBC_HMAC_SHA_384) || str.equals(JWE.CONTENT_ENC_ALGO_AES_256_CBC_HMAC_SHA_512) || str.equals(JWE.CONTENT_ENC_ALGO_AES_128_GCM) || str.equals(JWE.CONTENT_ENC_ALGO_AES_192_GCM) || str.equals(JWE.CONTENT_ENC_ALGO_AES_256_GCM) || str.equals(JWE.CONTENT_ENC_ALGO_SM4_CBC_HMAC_SM3)) {
            this.contentEncryptedAlgo = str;
            return this;
        }
        throw new u("bad ContentEncAlgo  " + str);
    }

    public JWEBuilder setHashImplement(IHash iHash) {
        this.hashInterface = iHash;
        return this;
    }

    public JWEBuilder setKDFImplement(IJWEKDF ijwekdf) {
        this.kdfObj = ijwekdf;
        return this;
    }

    public JWEBuilder setKeyAgreementImplement(IJWEKeyAgreement iJWEKeyAgreement) {
        this.keyAgreementObj = iJWEKeyAgreement;
        return this;
    }

    public JWEBuilder setKeyWrapImplement(IJWEKeyWrap iJWEKeyWrap) {
        this.keywrapObj = iJWEKeyWrap;
        return this;
    }

    public JWEBuilder setPublicKeyEncrypter(IJWEPublicKeyEncrypter iJWEPublicKeyEncrypter) {
        this.publicKeyEncrypter = iJWEPublicKeyEncrypter;
        return this;
    }

    public JWEBuilder setSecureRandomGenerator(IRandomGenerator iRandomGenerator) {
        this.randGenerator = iRandomGenerator;
        return this;
    }

    public JWEBuilder setSymEncrypter(IJWECipher iJWECipher) {
        this.symEncrypter = iJWECipher;
        return this;
    }
}
