package net.netca.pki.encoding.json.jose.impl.jce;

import com.tencent.soter.core.keystore.KeyPropertiesCompact;
import java.lang.reflect.Method;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import net.netca.pki.encoding.json.jose.CbcHmac;
import net.netca.pki.encoding.json.jose.IJWECipher;
import net.netca.pki.encoding.json.jose.JWE;
import net.netca.pki.u;

/* loaded from: classes.dex */
public class JCEJWECipher implements IJWECipher {
    private String cipherProvider;
    private byte[] tag;

    public JCEJWECipher() {
        this.cipherProvider = null;
    }

    public JCEJWECipher(String str) {
        this.cipherProvider = null;
        this.cipherProvider = str;
    }

    private byte[] aesGcm(boolean z, String str, byte[] bArr, byte[] bArr2, byte[] bArr3, int i, byte[] bArr4, int i2, int i3) {
        try {
            Method method = Cipher.class.getMethod("updateAAD", byte[].class);
            AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) Class.forName("javax.crypto.spec.GCMParameterSpec").getConstructor(Integer.TYPE, byte[].class).newInstance(Integer.valueOf(i), bArr2);
            Cipher cipher = str != null ? Cipher.getInstance("AES/GCM/NoPadding", str) : Cipher.getInstance("AES/GCM/NoPadding");
            if (z) {
                cipher.init(1, new SecretKeySpec(bArr, KeyPropertiesCompact.KEY_ALGORITHM_AES), algorithmParameterSpec);
            } else {
                cipher.init(2, new SecretKeySpec(bArr, KeyPropertiesCompact.KEY_ALGORITHM_AES), algorithmParameterSpec);
            }
            if (bArr3 != null) {
                method.invoke(cipher, bArr3);
            }
            return cipher.doFinal(bArr4, i2, i3);
        } catch (Exception e) {
            throw new u("GCM cipher: " + e.getMessage());
        }
    }

    private void checkGcmKeyLength(String str, byte[] bArr) {
        if (bArr == null) {
            throw new u("no key");
        }
        if (str.equals(JWE.CONTENT_ENC_ALGO_AES_128_GCM) || str.equals(JWE.ENCRYPT_CEK_ALGO_AES_128_GCM_KEYWRAP)) {
            if (bArr.length != 16) {
                throw new u("bad key length");
            }
        } else if (str.equals(JWE.CONTENT_ENC_ALGO_AES_192_GCM) || str.equals(JWE.ENCRYPT_CEK_ALGO_AES_192_GCM_KEYWRAP)) {
            if (bArr.length != 24) {
                throw new u("bad key length");
            }
        } else {
            if (!str.equals(JWE.CONTENT_ENC_ALGO_AES_256_GCM) && !str.equals(JWE.ENCRYPT_CEK_ALGO_AES_256_GCM_KEYWRAP)) {
                throw new u("bad algo");
            }
            if (bArr.length != 32) {
                throw new u("bad key length");
            }
        }
    }

    private CbcHmac newCBCHMAC() {
        return this.cipherProvider != null ? new CbcHmac(new JCECBCCipher(this.cipherProvider), new JCEMac(this.cipherProvider)) : new CbcHmac(new JCECBCCipher(), new JCEMac());
    }

    @Override // net.netca.pki.encoding.json.jose.IJWECipher
    public byte[] decrypt(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, int i, int i2, byte[] bArr5) {
        if (str.equals(JWE.CONTENT_ENC_ALGO_AES_128_CBC_HMAC_SHA_256) || str.equals(JWE.CONTENT_ENC_ALGO_AES_192_CBC_HMAC_SHA_384) || str.equals(JWE.CONTENT_ENC_ALGO_AES_256_CBC_HMAC_SHA_512) || str.equals(JWE.CONTENT_ENC_ALGO_SM4_CBC_HMAC_SM3)) {
            return newCBCHMAC().decrypt(str, bArr, bArr2, bArr3, bArr4, i, i2, bArr5);
        }
        if (!str.equals(JWE.CONTENT_ENC_ALGO_AES_128_GCM) && !str.equals(JWE.CONTENT_ENC_ALGO_AES_192_GCM) && !str.equals(JWE.CONTENT_ENC_ALGO_AES_256_GCM) && !str.equals(JWE.ENCRYPT_CEK_ALGO_AES_128_GCM_KEYWRAP) && !str.equals(JWE.ENCRYPT_CEK_ALGO_AES_192_GCM_KEYWRAP) && !str.equals(JWE.ENCRYPT_CEK_ALGO_AES_256_GCM_KEYWRAP)) {
            throw new u("unsupport algo");
        }
        checkGcmKeyLength(str, bArr);
        if (bArr2 == null) {
            throw new u("no iv");
        }
        if (bArr2.length != 12) {
            throw new u("bad iv length");
        }
        if (bArr5 == null) {
            throw new u("no tag");
        }
        if (bArr5.length != 16) {
            throw new u("bad tag length");
        }
        byte[] bArr6 = (str.equals(JWE.ENCRYPT_CEK_ALGO_AES_128_GCM_KEYWRAP) || str.equals(JWE.ENCRYPT_CEK_ALGO_AES_192_GCM_KEYWRAP) || str.equals(JWE.ENCRYPT_CEK_ALGO_AES_256_GCM_KEYWRAP)) ? null : bArr3;
        byte[] bArr7 = new byte[bArr5.length + i2];
        System.arraycopy(bArr4, i, bArr7, 0, i2);
        System.arraycopy(bArr5, 0, bArr7, i2, bArr5.length);
        return aesGcm(false, this.cipherProvider, bArr, bArr2, bArr6, 128, bArr7, 0, bArr7.length);
    }

    @Override // net.netca.pki.encoding.json.jose.IJWECipher
    public byte[] encrypt(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, int i, int i2) {
        if (str.equals(JWE.CONTENT_ENC_ALGO_AES_128_CBC_HMAC_SHA_256) || str.equals(JWE.CONTENT_ENC_ALGO_AES_192_CBC_HMAC_SHA_384) || str.equals(JWE.CONTENT_ENC_ALGO_AES_256_CBC_HMAC_SHA_512) || str.equals(JWE.CONTENT_ENC_ALGO_SM4_CBC_HMAC_SM3)) {
            CbcHmac newCBCHMAC = newCBCHMAC();
            byte[] encrypt = newCBCHMAC.encrypt(str, bArr, bArr2, bArr3, bArr4, i, i2);
            this.tag = newCBCHMAC.getTag();
            return encrypt;
        }
        if (!str.equals(JWE.CONTENT_ENC_ALGO_AES_128_GCM) && !str.equals(JWE.CONTENT_ENC_ALGO_AES_192_GCM) && !str.equals(JWE.CONTENT_ENC_ALGO_AES_256_GCM) && !str.equals(JWE.ENCRYPT_CEK_ALGO_AES_128_GCM_KEYWRAP) && !str.equals(JWE.ENCRYPT_CEK_ALGO_AES_192_GCM_KEYWRAP) && !str.equals(JWE.ENCRYPT_CEK_ALGO_AES_256_GCM_KEYWRAP)) {
            throw new u("unsupport algo");
        }
        checkGcmKeyLength(str, bArr);
        if (bArr2 == null) {
            throw new u("no iv");
        }
        if (bArr2.length != 12) {
            throw new u("bad iv length");
        }
        byte[] aesGcm = aesGcm(true, this.cipherProvider, bArr, bArr2, (str.equals(JWE.ENCRYPT_CEK_ALGO_AES_128_GCM_KEYWRAP) || str.equals(JWE.ENCRYPT_CEK_ALGO_AES_192_GCM_KEYWRAP) || str.equals(JWE.ENCRYPT_CEK_ALGO_AES_256_GCM_KEYWRAP)) ? null : bArr3, 128, bArr4, i, i2);
        if (aesGcm.length < 16) {
            throw new u("encrypt fail,tag too short");
        }
        byte[] bArr5 = new byte[aesGcm.length - 16];
        System.arraycopy(aesGcm, 0, bArr5, 0, bArr5.length);
        this.tag = new byte[16];
        System.arraycopy(aesGcm, bArr5.length, this.tag, 0, this.tag.length);
        return bArr5;
    }

    @Override // net.netca.pki.encoding.json.jose.IJWECipher
    public byte[] getTag() {
        return this.tag;
    }
}
