package io.jsonwebtoken.impl.security;

import io.jsonwebtoken.impl.io.Streams;
import io.jsonwebtoken.impl.lang.Bytes;
import io.jsonwebtoken.lang.Arrays;
import io.jsonwebtoken.lang.Assert;
import io.jsonwebtoken.security.IvSupplier;
import io.jsonwebtoken.security.KeyBuilderSupplier;
import io.jsonwebtoken.security.KeyLengthSupplier;
import io.jsonwebtoken.security.Request;
import io.jsonwebtoken.security.SecretKeyBuilder;
import io.jsonwebtoken.security.WeakKeyException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import p0.i;

/* loaded from: classes2.dex */
abstract class AesAlgorithm extends CryptoAlgorithm implements KeyBuilderSupplier<SecretKey, SecretKeyBuilder>, KeyLengthSupplier {
    protected static final int BLOCK_BYTE_SIZE = 16;
    protected static final int BLOCK_SIZE = 128;
    protected static final String DECRYPT_NO_IV = "This algorithm implementation rejects decryption requests that do not include initialization vectors. AES ciphertext without an IV is weak and susceptible to attack.";
    protected static final int GCM_IV_SIZE = 96;
    protected static final String KEY_ALG_NAME = "AES";
    protected final boolean gcm;
    protected final int ivBitLength;
    protected final int keyBitLength;
    protected final int tagBitLength;

    public AesAlgorithm(String str, String str2, int i5) {
        super(str, str2);
        assertKeyBitLength(i5);
        this.keyBitLength = i5;
        boolean startsWith = str2.startsWith("AES/GCM");
        this.gcm = startsWith;
        this.ivBitLength = str2.equals("AESWrap") ? 0 : startsWith ? GCM_IV_SIZE : 128;
        this.tagBitLength = startsWith ? 128 : i5;
    }

    public static void assertKeyBitLength(int i5) {
        if (i5 == 128 || i5 == 192 || i5 == 256) {
            return;
        }
        throw new IllegalArgumentException("Invalid AES key length: " + Bytes.bitsMsg(i5) + ". AES only supports 128, 192, or 256 bit keys.");
    }

    public static SecretKey keyFor(byte[] bArr) {
        assertKeyBitLength((int) Bytes.bitLength(bArr));
        return new SecretKeySpec(bArr, KEY_ALG_NAME);
    }

    public static String lengthMsg(String str, String str2, int i5, long j12) {
        StringBuilder q5 = i.q("The '", str, "' algorithm requires ", str2, " with a length of ");
        q5.append(Bytes.bitsMsg(i5));
        q5.append(".  The provided key has a length of ");
        q5.append(Bytes.bitsMsg(j12));
        q5.append(".");
        return q5.toString();
    }

    private void updateAAD(Cipher cipher, InputStream inputStream) throws Exception {
        if (inputStream == null) {
            return;
        }
        byte[] bArr = new byte[2048];
        int i5 = 0;
        while (i5 != -1) {
            i5 = inputStream.read(bArr);
            if (i5 > 0) {
                cipher.updateAAD(bArr, 0, i5);
            }
        }
    }

    private void validateLengthIfPossible(SecretKey secretKey) {
        validateLength(secretKey, this.keyBitLength, false);
    }

    public byte[] assertBytes(byte[] bArr, String str, int i5) {
        long bitLength = Bytes.bitLength(bArr);
        if (i5 == bitLength) {
            return bArr;
        }
        throw new IllegalArgumentException(lengthMsg(getId(), str, i5, bitLength));
    }

    public byte[] assertDecryptionIv(IvSupplier ivSupplier) throws IllegalArgumentException {
        byte[] iv2 = ivSupplier.getIv();
        Assert.notEmpty(iv2, DECRYPT_NO_IV);
        return assertIvLength(iv2);
    }

    public byte[] assertIvLength(byte[] bArr) {
        return assertBytes(bArr, "initialization vectors", this.ivBitLength);
    }

    public SecretKey assertKey(SecretKey secretKey) {
        Assert.notNull(secretKey, "Request key cannot be null.");
        validateLengthIfPossible(secretKey);
        return secretKey;
    }

    public byte[] assertTag(byte[] bArr) {
        return assertBytes(bArr, "authentication tags", this.tagBitLength);
    }

    public byte[] ensureInitializationVector(Request<?> request) {
        byte[] clean = request instanceof IvSupplier ? Arrays.clean(((IvSupplier) request).getIv()) : null;
        int i5 = this.ivBitLength / 8;
        if (clean != null && clean.length != 0) {
            assertIvLength(clean);
            return clean;
        }
        byte[] bArr = new byte[i5];
        CryptoAlgorithm.ensureSecureRandom(request).nextBytes(bArr);
        return bArr;
    }

    public AlgorithmParameterSpec getIvSpec(byte[] bArr) {
        Assert.notEmpty(bArr, "Initialization Vector byte array cannot be null or empty.");
        return this.gcm ? new GCMParameterSpec(128, bArr) : new IvParameterSpec(bArr);
    }

    @Override // io.jsonwebtoken.security.KeyLengthSupplier
    public int getKeyBitLength() {
        return this.keyBitLength;
    }

    @Override // io.jsonwebtoken.security.KeyBuilderSupplier
    public SecretKeyBuilder key() {
        return new DefaultSecretKeyBuilder(KEY_ALG_NAME, getKeyBitLength());
    }

    public byte[] validateLength(SecretKey secretKey, int i5, boolean z12) {
        try {
            byte[] encoded = secretKey.getEncoded();
            long bitLength = Bytes.bitLength(encoded);
            if (bitLength >= i5) {
                return encoded;
            }
            throw new WeakKeyException(lengthMsg(getId(), "keys", i5, bitLength));
        } catch (RuntimeException e12) {
            if (z12) {
                throw e12;
            }
            return null;
        }
    }

    public void withCipher(Cipher cipher, InputStream inputStream, OutputStream outputStream) throws Exception {
        outputStream.write(withCipher(cipher, inputStream, null, outputStream));
    }

    public byte[] withCipher(Cipher cipher, InputStream inputStream, InputStream inputStream2, OutputStream outputStream) throws Exception {
        updateAAD(cipher, inputStream2);
        byte[] bArr = new byte[2048];
        int i5 = 0;
        while (i5 != -1) {
            try {
                i5 = inputStream.read(bArr);
                if (i5 > 0) {
                    Streams.write(outputStream, cipher.update(bArr, 0, i5), "Unable to write Cipher output to OutputStream");
                }
            } finally {
                Bytes.clear(bArr);
            }
        }
        return cipher.doFinal();
    }
}
