package com.nimbusds.openid.connect.sdk.id;

import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.ByteUtils;
import com.nimbusds.oauth2.sdk.id.Subject;
import java.util.AbstractMap;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.cryptomator.siv.SivMode;

/* loaded from: classes2.dex */
public class SIVAESBasedPairwiseSubjectCodec extends PairwiseSubjectCodec {
    private static final SivMode AES_SIV = new SivMode();
    private final byte[] aesCtrKey;
    private final byte[] macKey;

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    public SIVAESBasedPairwiseSubjectCodec(SecretKey secretKey) {
        super(null);
        if (secretKey == null) {
            throw new IllegalArgumentException("The SIV AES secret key must not be null");
        }
        byte[] encoded = secretKey.getEncoded();
        int length = encoded.length;
        if (length == 32) {
            this.aesCtrKey = ByteUtils.subArray(encoded, 0, 16);
            this.macKey = ByteUtils.subArray(encoded, 16, 16);
        } else if (length == 48) {
            this.aesCtrKey = ByteUtils.subArray(encoded, 0, 24);
            this.macKey = ByteUtils.subArray(encoded, 24, 24);
        } else {
            if (length != 64) {
                throw new IllegalArgumentException("The SIV AES secret key length must be 256, 384 or 512 bits");
            }
            this.aesCtrKey = ByteUtils.subArray(encoded, 0, 32);
            this.macKey = ByteUtils.subArray(encoded, 32, 32);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    @Override // com.nimbusds.openid.connect.sdk.id.PairwiseSubjectCodec
    public Map.Entry<SectorID, Subject> decode(Subject subject) {
        try {
            String[] split = new String(AES_SIV.decrypt(this.aesCtrKey, this.macKey, new Base64URL(subject.getValue()).decode(), new byte[0]), PairwiseSubjectCodec.CHARSET).split("(?<!\\\\)\\|");
            for (int i9 = 0; i9 < split.length; i9++) {
                split[i9] = split[i9].replace("\\|", "|");
            }
            if (split.length == 2) {
                return new AbstractMap.SimpleImmutableEntry(new SectorID(split[0]), new Subject(split[1]));
            }
            throw new InvalidPairwiseSubjectException("Invalid format: Unexpected number of tokens: " + split.length);
        } catch (Exception e9) {
            throw new InvalidPairwiseSubjectException("Decryption failed: " + e9.getMessage(), e9);
        }
    }

    @Override // com.nimbusds.openid.connect.sdk.id.PairwiseSubjectCodec
    public Subject encode(SectorID sectorID, Subject subject) {
        return new Subject(Base64URL.encode(AES_SIV.encrypt(this.aesCtrKey, this.macKey, (sectorID.getValue().replace("|", "\\|") + '|' + subject.getValue().replace("|", "\\|")).getBytes(PairwiseSubjectCodec.CHARSET), new byte[0])).toString());
    }

    public SecretKey getSecretKey() {
        return new SecretKeySpec(ByteUtils.concat(this.aesCtrKey, this.macKey), "AES");
    }
}
