package com.nimbusds.jose.crypto;

import com.google.crypto.tink.subtle.Random;
import com.google.crypto.tink.subtle.X25519;
import com.microsoft.did.sdk.util.Constants;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWECryptoParts;
import com.nimbusds.jose.JWEEncrypter;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.crypto.impl.ECDHCryptoProvider;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.OctetKeyPair;
import com.nimbusds.jose.util.Base64URL;
import java.net.URI;
import java.security.InvalidKeyException;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.Set;
import javax.crypto.spec.SecretKeySpec;
import net.sf.scuba.smartcards.ISOFileInfo;

/* loaded from: classes7.dex */
public final class X25519Encrypter extends ECDHCryptoProvider implements JWEEncrypter {
    public final OctetKeyPair publicKey;

    public X25519Encrypter(OctetKeyPair octetKeyPair) throws JOSEException {
        super(octetKeyPair.crv);
        if (!Curve.X25519.equals(octetKeyPair.crv)) {
            throw new Exception("X25519Encrypter only supports OctetKeyPairs with crv=X25519");
        }
        if (octetKeyPair.isPrivate()) {
            throw new Exception("X25519Encrypter requires a public key, use OctetKeyPair.toPublicJWK()");
        }
        this.publicKey = octetKeyPair;
    }

    @Override // com.nimbusds.jose.JWEEncrypter
    public final JWECryptoParts encrypt(JWEHeader jWEHeader, byte[] bArr) throws JOSEException {
        byte[] randBytes = Random.randBytes(32);
        randBytes[0] = (byte) (randBytes[0] | 7);
        byte b = (byte) (randBytes[31] & 63);
        randBytes[31] = b;
        randBytes[31] = (byte) (b | ISOFileInfo.DATA_BYTES1);
        try {
            if (randBytes.length != 32) {
                throw new InvalidKeyException("Private key must have 32 bytes.");
            }
            byte[] bArr2 = new byte[32];
            bArr2[0] = 9;
            Base64URL encode = Base64URL.encode(X25519.computeSharedSecret(randBytes, bArr2));
            Curve curve = this.curve;
            if (curve == null) {
                throw new IllegalArgumentException("The curve must not be null");
            }
            try {
                OctetKeyPair octetKeyPair = new OctetKeyPair(curve, encode, Base64URL.encode(randBytes), (KeyUse) null, (LinkedHashSet) null, (Algorithm) null, (String) null, (URI) null, (Base64URL) null, (Base64URL) null, (LinkedList) null);
                OctetKeyPair publicJWK = octetKeyPair.toPublicJWK();
                JWEAlgorithm jWEAlgorithm = (JWEAlgorithm) jWEHeader.alg;
                if (jWEAlgorithm.name.equals(Algorithm.NONE.name)) {
                    throw new IllegalArgumentException("The JWE algorithm \"alg\" cannot be \"none\"");
                }
                EncryptionMethod encryptionMethod = jWEHeader.enc;
                if (encryptionMethod == null) {
                    throw new IllegalArgumentException("The encryption method \"enc\" parameter must not be null");
                }
                JWEHeader jWEHeader2 = new JWEHeader(jWEAlgorithm, encryptionMethod, jWEHeader.typ, jWEHeader.cty, jWEHeader.crit, jWEHeader.jku, jWEHeader.jwk, jWEHeader.x5u, jWEHeader.x5t, jWEHeader.x5t256, jWEHeader.x5c, jWEHeader.kid, publicJWK, jWEHeader.zip, jWEHeader.apu, jWEHeader.apv, jWEHeader.p2s, jWEHeader.p2c, jWEHeader.iv, jWEHeader.tag, jWEHeader.customParams, null);
                OctetKeyPair octetKeyPair2 = this.publicKey;
                if (octetKeyPair2.isPrivate()) {
                    throw new Exception("Expected public key but received OKP with 'd' value");
                }
                Curve curve2 = Curve.X25519;
                if (!curve2.equals(octetKeyPair2.crv)) {
                    throw new Exception("Expected public key OKP with crv=X25519");
                }
                if (!octetKeyPair.isPrivate()) {
                    throw new Exception("Expected private key but received OKP without 'd' value");
                }
                if (!curve2.equals(octetKeyPair.crv)) {
                    throw new Exception("Expected private key OKP with crv=X25519");
                }
                byte[] bArr3 = octetKeyPair.decodedD;
                try {
                    return encryptWithZ(jWEHeader2, new SecretKeySpec(X25519.computeSharedSecret(bArr3 == null ? null : (byte[]) bArr3.clone(), (byte[]) octetKeyPair2.decodedX.clone()), Constants.AES_KEY), bArr);
                } catch (InvalidKeyException e) {
                    throw new Exception(e.getMessage(), e);
                }
            } catch (IllegalArgumentException e2) {
                throw new IllegalStateException(e2.getMessage(), e2);
            }
        } catch (InvalidKeyException e3) {
            throw new Exception(e3.getMessage(), e3);
        }
    }

    @Override // com.nimbusds.jose.crypto.impl.ECDHCryptoProvider
    public final Set<Curve> supportedEllipticCurves() {
        return Collections.singleton(Curve.X25519);
    }
}
