package com.microsoft.identity.broker4j.broker.prt;

import com.microsoft.identity.broker4j.broker.crypto.IKeyEntry;
import com.microsoft.identity.broker4j.broker.crypto.keyfactories.IBrokerKeyFactory;
import com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents;
import com.microsoft.identity.broker4j.workplacejoin.WorkplaceJoinFailure;
import com.microsoft.identity.common.java.AuthenticationConstants;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.platform.JweResponse;
import com.microsoft.identity.common.java.util.CopyUtil;
import java.security.SecureRandom;
import lombok.NonNull;
import org.json.JSONException;

/* loaded from: classes5.dex */
public final class SessionKeyUtil {
    private static final String DERIVED_KEY_ALGORITHM = "AES";
    public static final String DERIVED_KEY_DECRYPTION_ALGORITHM_AES_CBC = "AES/CBC/PKCS7Padding";
    public static final String DERIVED_KEY_DECRYPTION_ALGORITHM_AES_GCM = "AES/GCM/NoPadding";
    public static final String DERIVED_KEY_HMAC_SIGNING_ALGORITHM = "HmacSHA256";
    public static final String SESSION_KEY_UNWRAP_ALGORITHM = "RSA/NONE/OAEPWithSHA1AndMGF1Padding";
    private static final int SP800_108_CTX_SIZE = 24;
    private static final String SP800_108_LABEL = "AzureAD-SecureConversation";
    private static final String TAG = "SessionKeyUtil";

    private SessionKeyUtil() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }

    public static IKeyEntry deriveKey(@NonNull IBrokerKeyFactory iBrokerKeyFactory, @NonNull IKeyEntry iKeyEntry, byte[] bArr) throws ClientException {
        if (iBrokerKeyFactory == null) {
            throw new NullPointerException("brokerKeyFactory is marked non-null but is null");
        }
        if (iKeyEntry == null) {
            throw new NullPointerException("sessionKey is marked non-null but is null");
        }
        Logger.info(TAG + ":deriveKey", "Deriving a key from Session Key.");
        return iBrokerKeyFactory.getKeyManager().generateDerivedKey(iKeyEntry, getDerivedKeyLabel(), bArr, "AES");
    }

    public static IKeyEntry deriveKey(@NonNull IBrokerPlatformComponents iBrokerPlatformComponents, @NonNull IKeyEntry iKeyEntry, byte[] bArr) throws ClientException {
        if (iBrokerPlatformComponents == null) {
            throw new NullPointerException("brokerComponents is marked non-null but is null");
        }
        if (iKeyEntry != null) {
            return deriveKey(iBrokerPlatformComponents.getBrokerKeyFactory(), iKeyEntry, bArr);
        }
        throw new NullPointerException("sessionKey is marked non-null but is null");
    }

    public static byte[] extractRawSessionKey(@NonNull String str) throws ClientException {
        if (str == null) {
            throw new NullPointerException("jwe is marked non-null but is null");
        }
        String str2 = TAG + ":extractSessionKey";
        Logger.info(str2, "Extracting session key from JWE");
        try {
            JweResponse parseJwe = JweResponse.parseJwe(str);
            if (parseJwe.getJweHeader().getAlgorithm().equalsIgnoreCase("RSA-OAEP")) {
                return parseJwe.getEncryptedKey();
            }
            ClientException clientException = new ClientException("Header algorithm is not RSA-OAEP. Current Alg:" + parseJwe.getJweHeader().getAlgorithm());
            Logger.error(str2, clientException.getMessage() + " " + WorkplaceJoinFailure.INTERNAL, clientException);
            throw clientException;
        } catch (JSONException e) {
            Logger.error(str2, e.getMessage(), e);
            throw new ClientException(ClientException.JSON_CONSTRUCTION_FAILED, "Invalid JsonObject for sessionkey", e);
        }
    }

    public static byte[] generateRandomKeyContext() {
        byte[] bArr = new byte[24];
        new SecureRandom().nextBytes(bArr);
        return CopyUtil.copyIfNotNull(bArr);
    }

    private static byte[] getDerivedKeyLabel() {
        return CopyUtil.copyIfNotNull("AzureAD-SecureConversation".getBytes(AuthenticationConstants.CHARSET_ASCII));
    }
}
