package org.apache.cxf.rs.security.jose.jwe;

import java.nio.ByteBuffer;
import javax.crypto.Mac;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.AbstractJweEncryption;
import org.apache.cxf.rs.security.jose.jwe.JweException;
import org.apache.cxf.rt.security.crypto.HmacUtils;

/* loaded from: input_file:WEB-INF/lib/cxf-rt-rs-security-jose-3.5.3.jar:org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.class */
public class AesCbcHmacJweEncryption extends JweEncryption {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/cxf-rt-rs-security-jose-3.5.3.jar:org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption$MacState.class */
    public static class MacState {
        protected Mac mac;
        private byte[] al;

        protected MacState() {
        }
    }

    public AesCbcHmacJweEncryption(ContentAlgorithm contentAlgorithm, KeyEncryptionProvider keyEncryptionProvider) {
        this(contentAlgorithm, keyEncryptionProvider, false);
    }

    public AesCbcHmacJweEncryption(ContentAlgorithm contentAlgorithm, KeyEncryptionProvider keyEncryptionProvider, boolean z) {
        super(keyEncryptionProvider, new AesCbcContentEncryptionAlgorithm(contentAlgorithm, z));
    }

    public AesCbcHmacJweEncryption(ContentAlgorithm contentAlgorithm, byte[] bArr, byte[] bArr2, KeyEncryptionProvider keyEncryptionProvider) {
        super(keyEncryptionProvider, new AesCbcContentEncryptionAlgorithm(bArr, bArr2, contentAlgorithm));
    }

    public AesCbcHmacJweEncryption(KeyEncryptionProvider keyEncryptionProvider, AesCbcContentEncryptionAlgorithm aesCbcContentEncryptionAlgorithm) {
        super(keyEncryptionProvider, aesCbcContentEncryptionAlgorithm);
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.AbstractJweEncryption
    protected byte[] getActualCek(byte[] bArr, String str) {
        return doGetActualCek(bArr, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] doGetActualCek(byte[] bArr, String str) {
        int fullCekKeySize = AesCbcContentEncryptionAlgorithm.getFullCekKeySize(str);
        if (bArr.length != fullCekKeySize) {
            LOG.warning("Length input key [" + bArr.length + "] invalid for algorithm " + str + " [" + fullCekKeySize + "]");
            throw new JweException(JweException.Error.INVALID_CONTENT_KEY);
        }
        int i = fullCekKeySize / 2;
        byte[] bArr2 = new byte[i];
        System.arraycopy(bArr, i, bArr2, 0, i);
        return bArr2;
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.AbstractJweEncryption
    protected byte[] getActualCipher(byte[] bArr) {
        return bArr;
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.AbstractJweEncryption
    protected byte[] getAuthenticationTag(AbstractJweEncryption.JweEncryptionInternal jweEncryptionInternal, byte[] bArr) {
        MacState initializedMacState = getInitializedMacState(jweEncryptionInternal);
        initializedMacState.mac.update(bArr);
        return signAndGetTag(initializedMacState);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] signAndGetTag(MacState macState) {
        macState.mac.update(macState.al);
        byte[] bArr = new byte[16];
        System.arraycopy(macState.mac.doFinal(), 0, bArr, 0, 16);
        return bArr;
    }

    private MacState getInitializedMacState(AbstractJweEncryption.JweEncryptionInternal jweEncryptionInternal) {
        return getInitializedMacState(jweEncryptionInternal.secretKey, jweEncryptionInternal.theIv, jweEncryptionInternal.aad, jweEncryptionInternal.theHeaders, jweEncryptionInternal.protectedHeadersJson);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static MacState getInitializedMacState(byte[] bArr, byte[] bArr2, byte[] bArr3, JweHeaders jweHeaders, String str) {
        String jwaName = jweHeaders.getContentEncryptionAlgorithm().getJwaName();
        int fullCekKeySize = AesCbcContentEncryptionAlgorithm.getFullCekKeySize(jwaName) / 2;
        byte[] bArr4 = new byte[fullCekKeySize];
        System.arraycopy(bArr, 0, bArr4, 0, fullCekKeySize);
        Mac initializedMac = HmacUtils.getInitializedMac(bArr4, AesCbcContentEncryptionAlgorithm.getHMACAlgorithm(jwaName), null);
        byte[] additionalAuthenticationData = JweUtils.getAdditionalAuthenticationData(str, bArr3);
        byte[] array = ByteBuffer.allocate(8).putInt(0).putInt(additionalAuthenticationData.length * 8).array();
        initializedMac.update(additionalAuthenticationData);
        initializedMac.update(bArr2);
        MacState macState = new MacState();
        macState.mac = initializedMac;
        macState.al = array;
        return macState;
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.AbstractJweEncryption
    protected AuthenticationTagProducer getAuthenticationTagProducer(AbstractJweEncryption.JweEncryptionInternal jweEncryptionInternal) {
        final MacState initializedMacState = getInitializedMacState(jweEncryptionInternal);
        return new AuthenticationTagProducer() { // from class: org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption.1
            @Override // org.apache.cxf.rs.security.jose.jwe.AuthenticationTagProducer
            public void update(byte[] bArr, int i, int i2) {
                initializedMacState.mac.update(bArr, i, i2);
            }

            @Override // org.apache.cxf.rs.security.jose.jwe.AuthenticationTagProducer
            public byte[] getTag() {
                return AesCbcHmacJweEncryption.signAndGetTag(initializedMacState);
            }
        };
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.AbstractJweEncryption
    protected byte[] getEncryptedContentEncryptionKey(JweHeaders jweHeaders, byte[] bArr) {
        return getKeyEncryptionAlgo().getEncryptedContentEncryptionKey(jweHeaders, bArr);
    }
}
