package com.stripe.android.stripe3ds2.a;

import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWECryptoParts;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.impl.AAD;
import com.nimbusds.jose.crypto.impl.AESCBC;
import com.nimbusds.jose.crypto.impl.AESGCM;
import com.nimbusds.jose.crypto.impl.AlgorithmSupportMessage;
import com.nimbusds.jose.crypto.impl.AuthenticatedCipherText;
import com.nimbusds.jose.crypto.impl.DeflateHelper;
import com.nimbusds.jose.crypto.impl.DirectCryptoProvider;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.ByteUtils;
import com.nimbusds.jose.util.Container;
import com.stripe.android.stripe3ds2.exceptions.SDKRuntimeException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Arrays;
import javax.crypto.spec.SecretKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public final class l extends DirectEncrypter {

    /* renamed from: a, reason: collision with root package name */
    private final byte f2064a;

    @Nullable
    private final Provider b;

    /* loaded from: classes3.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        @NonNull
        private final g f2065a;

        @NonNull
        private final f b;

        public a(e eVar) {
            this(new g(), new f(eVar));
        }

        private a(g gVar, f fVar) {
            this.f2065a = gVar;
            this.b = fVar;
        }

        @NonNull
        static byte[] a(int i, byte b) {
            int i2 = i / 8;
            byte[] bArr = new byte[i2];
            Arrays.fill(bArr, (byte) 0);
            bArr[i2 - 1] = b;
            return bArr;
        }

        @NonNull
        public String a(String str, PublicKey publicKey, String str2, String str3) throws JOSEException, ParseException {
            if (publicKey instanceof RSAPublicKey) {
                JWEObject a2 = g.a(str, str3);
                a2.encrypt(new RSAEncrypter((RSAPublicKey) publicKey));
                return a2.serialize();
            }
            if (publicKey instanceof ECPublicKey) {
                return this.b.a(str, (ECPublicKey) publicKey, str2);
            }
            throw new SDKRuntimeException(new RuntimeException("Unsupported public key algorithm: " + publicKey.getAlgorithm()));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public l(byte[] bArr, byte b, @Nullable Provider provider) throws KeyLengthException {
        super(new SecretKeySpec(bArr, "AES"));
        this.f2064a = b;
        this.b = provider;
    }

    @Override // com.nimbusds.jose.crypto.DirectEncrypter, com.nimbusds.jose.JWEEncrypter
    public final JWECryptoParts encrypt(@NonNull JWEHeader jWEHeader, @NonNull byte[] bArr) throws JOSEException {
        byte[] a2;
        AuthenticatedCipherText encrypt;
        JWEAlgorithm algorithm = jWEHeader.getAlgorithm();
        if (!algorithm.equals(JWEAlgorithm.DIR)) {
            throw new JOSEException("Invalid algorithm " + algorithm);
        }
        EncryptionMethod encryptionMethod = jWEHeader.getEncryptionMethod();
        if (encryptionMethod.cekBitLength() != ByteUtils.bitLength(getKey().getEncoded())) {
            throw new KeyLengthException(encryptionMethod.cekBitLength(), encryptionMethod);
        }
        if (encryptionMethod.cekBitLength() != ByteUtils.bitLength(getKey().getEncoded())) {
            throw new KeyLengthException("The Content Encryption Key (CEK) length for " + encryptionMethod + " must be " + encryptionMethod.cekBitLength() + " bits");
        }
        byte[] applyCompression = DeflateHelper.applyCompression(jWEHeader, bArr);
        byte[] compute = AAD.compute(jWEHeader);
        if (jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A128CBC_HS256)) {
            a2 = a.a(128, this.f2064a);
            encrypt = AESCBC.encryptAuthenticated(getKey(), a2, applyCompression, compute, getJCAContext().getContentEncryptionProvider(), getJCAContext().getMACProvider());
        } else {
            if (!jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A128GCM)) {
                throw new JOSEException(AlgorithmSupportMessage.unsupportedEncryptionMethod(jWEHeader.getEncryptionMethod(), DirectCryptoProvider.SUPPORTED_ENCRYPTION_METHODS));
            }
            a2 = a.a(96, this.f2064a);
            encrypt = AESGCM.encrypt(getKey(), new Container(a2), applyCompression, compute, this.b);
        }
        return new JWECryptoParts(jWEHeader, null, Base64URL.encode(a2), Base64URL.encode(encrypt.getCipherText()), Base64URL.encode(encrypt.getAuthenticationTag()));
    }
}
