package org.jose4j.jwe;

import fepnave.C0057t;
import java.math.BigInteger;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.XECPublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import java.security.spec.NamedParameterSpec;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.SecretKeySpec;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwa.AlgorithmAvailability;
import org.jose4j.jwa.AlgorithmInfo;
import org.jose4j.jwa.CryptoPrimitive;
import org.jose4j.jwe.kdf.KdfUtil;
import org.jose4j.jwk.EcJwkGenerator;
import org.jose4j.jwk.OkpJwkGenerator;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwx.Headers;
import org.jose4j.jwx.KeyValidationSupport;
import org.jose4j.keys.EcKeyUtil;
import org.jose4j.keys.EllipticCurves;
import org.jose4j.keys.KeyPersuasion;
import org.jose4j.keys.XDHKeyUtil;
import org.jose4j.lang.ByteUtil;
import org.jose4j.lang.InvalidKeyException;
import org.jose4j.lang.JoseException;
import org.jose4j.lang.UncheckedJoseException;

/* loaded from: classes2.dex */
public class EcdhKeyAgreementAlgorithm extends AlgorithmInfo implements KeyManagementAlgorithm {
    String algorithmIdHeaderName;

    public EcdhKeyAgreementAlgorithm() {
        this.algorithmIdHeaderName = C0057t.a(2836);
        setAlgorithmIdentifier(C0057t.a(2837));
        setJavaAlgorithm(C0057t.a(2838));
        setKeyType(C0057t.a(2839));
        setKeyPersuasion(KeyPersuasion.ASYMMETRIC);
    }

    public EcdhKeyAgreementAlgorithm(String str) {
        this();
        this.algorithmIdHeaderName = str;
    }

    private void checkCurveAllowed(ECKey eCKey) throws InvalidKeyException {
        if (C0057t.a(2840).equals(EllipticCurves.getName(eCKey.getParams().getCurve()))) {
            throw new InvalidKeyException(C0057t.a(2841));
        }
    }

    private void checkPointIsOnCurve(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey) throws JoseException {
        EllipticCurve curve = eCPrivateKey.getParams().getCurve();
        ECPoint w = eCPublicKey.getW();
        BigInteger affineX = w.getAffineX();
        BigInteger affineY = w.getAffineY();
        BigInteger a = curve.getA();
        BigInteger b = curve.getB();
        BigInteger p = ((ECFieldFp) curve.getField()).getP();
        if (!affineY.pow(2).mod(p).equals(affineX.pow(3).add(a.multiply(affineX)).add(b).mod(p))) {
            throw new InvalidKeyException(C0057t.a(2842) + EllipticCurves.getName(curve));
        }
    }

    private KeyAgreement createKeyAgreement(PrivateKey privateKey, PublicKey publicKey, ProviderContext providerContext) throws JoseException {
        KeyAgreement keyAgreement = getKeyAgreement(providerContext.getSuppliedKeyProviderContext().getKeyAgreementProvider(), privateKey instanceof ECPrivateKey ? getJavaAlgorithm() : C0057t.a(2843));
        try {
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(publicKey, true);
            return keyAgreement;
        } catch (java.security.InvalidKeyException e) {
            throw new InvalidKeyException(C0057t.a(2844) + getJavaAlgorithm() + C0057t.a(2845) + e, e);
        }
    }

    private byte[] generateEcdhSecret(PrivateKey privateKey, PublicKey publicKey, ProviderContext providerContext) throws JoseException {
        return createKeyAgreement(privateKey, publicKey, providerContext).generateSecret();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r6v6, types: [javax.crypto.KeyAgreement] */
    /* JADX WARN: Type inference failed for: r6v8 */
    /* JADX WARN: Type inference failed for: r6v9 */
    private KeyAgreement getKeyAgreement(String str, String str2) throws JoseException {
        try {
            str = str == 0 ? KeyAgreement.getInstance(str2) : KeyAgreement.getInstance(str2, str);
            return str;
        } catch (NoSuchAlgorithmException e) {
            throw new UncheckedJoseException(C0057t.a(2848) + str2 + C0057t.a(2849), e);
        } catch (NoSuchProviderException e2) {
            throw new JoseException(C0057t.a(2846) + str2 + C0057t.a(2847) + str, e2);
        }
    }

    private byte[] kdf(ContentEncryptionKeyDescriptor contentEncryptionKeyDescriptor, Headers headers, byte[] bArr, ProviderContext providerContext) {
        return new KdfUtil(providerContext.getGeneralProviderContext().getMessageDigestProvider()).kdf(bArr, ByteUtil.bitLength(contentEncryptionKeyDescriptor.getContentEncryptionKeyByteLength()), headers.getStringHeaderValue(this.algorithmIdHeaderName), headers.getStringHeaderValue(C0057t.a(2850)), headers.getStringHeaderValue(C0057t.a(2851)));
    }

    @Override // org.jose4j.jwa.Algorithm
    public boolean isAvailable() {
        return new EcKeyUtil().isAvailable() && AlgorithmAvailability.isAvailable(C0057t.a(2852), getJavaAlgorithm());
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public Key manageForDecrypt(CryptoPrimitive cryptoPrimitive, byte[] bArr, ContentEncryptionKeyDescriptor contentEncryptionKeyDescriptor, Headers headers, ProviderContext providerContext) throws JoseException {
        return new SecretKeySpec(kdf(contentEncryptionKeyDescriptor, headers, cryptoPrimitive.getKeyAgreement().generateSecret(), providerContext), contentEncryptionKeyDescriptor.getContentEncryptionKeyAlgorithm());
    }

    ContentEncryptionKeys manageForEncrypt(Key key, ContentEncryptionKeyDescriptor contentEncryptionKeyDescriptor, Headers headers, PublicJsonWebKey publicJsonWebKey, ProviderContext providerContext) throws JoseException {
        headers.setJwkHeaderValue(C0057t.a(2853), publicJsonWebKey);
        return new ContentEncryptionKeys(kdf(contentEncryptionKeyDescriptor, headers, generateEcdhSecret(publicJsonWebKey.getPrivateKey(), (PublicKey) key, providerContext), providerContext), null);
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public ContentEncryptionKeys manageForEncrypt(Key key, ContentEncryptionKeyDescriptor contentEncryptionKeyDescriptor, Headers headers, byte[] bArr, ProviderContext providerContext) throws JoseException {
        PublicJsonWebKey generateJwk;
        KeyValidationSupport.cekNotAllowed(bArr, getAlgorithmIdentifier());
        String keyPairGeneratorProvider = providerContext.getGeneralProviderContext().getKeyPairGeneratorProvider();
        SecureRandom secureRandom = providerContext.getSecureRandom();
        if (key instanceof ECPublicKey) {
            ECPublicKey eCPublicKey = (ECPublicKey) key;
            checkCurveAllowed(eCPublicKey);
            generateJwk = EcJwkGenerator.generateJwk(eCPublicKey.getParams(), keyPairGeneratorProvider, secureRandom);
        } else {
            if (!XDHKeyUtil.isXECPublicKey(key)) {
                throw new InvalidKeyException(C0057t.a(2854) + key);
            }
            generateJwk = OkpJwkGenerator.generateJwk(((NamedParameterSpec) ((XECPublicKey) key).getParams()).getName(), keyPairGeneratorProvider, secureRandom);
        }
        return manageForEncrypt(key, contentEncryptionKeyDescriptor, headers, generateJwk, providerContext);
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public CryptoPrimitive prepareForDecrypt(Key key, Headers headers, ProviderContext providerContext) throws JoseException {
        PublicKey publicKey = headers.getPublicJwkHeaderValue(C0057t.a(2855), providerContext.getGeneralProviderContext().getKeyFactoryProvider()).getPublicKey();
        PrivateKey privateKey = (PrivateKey) key;
        if (publicKey instanceof ECPublicKey) {
            ECPrivateKey eCPrivateKey = (ECPrivateKey) key;
            checkCurveAllowed(eCPrivateKey);
            checkPointIsOnCurve((ECPublicKey) publicKey, eCPrivateKey);
        }
        return new CryptoPrimitive(createKeyAgreement(privateKey, publicKey, providerContext));
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public void validateDecryptionKey(Key key, ContentEncryptionAlgorithm contentEncryptionAlgorithm) throws InvalidKeyException {
        if (!(key instanceof ECPrivateKey) && !XDHKeyUtil.isXECPrivateKey(key)) {
            throw new InvalidKeyException(C0057t.a(2856) + key);
        }
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public void validateEncryptionKey(Key key, ContentEncryptionAlgorithm contentEncryptionAlgorithm) throws InvalidKeyException {
        if (!(key instanceof ECPublicKey) && !XDHKeyUtil.isXECPublicKey(key)) {
            throw new InvalidKeyException(C0057t.a(2857) + key);
        }
    }
}
