package io.jsonwebtoken.impl.security;

import defpackage.AbstractC5660gr;
import io.jsonwebtoken.impl.io.Streams;
import io.jsonwebtoken.impl.lang.Bytes;
import io.jsonwebtoken.lang.Arrays;
import io.jsonwebtoken.lang.Assert;
import io.jsonwebtoken.security.IvSupplier;
import io.jsonwebtoken.security.KeyBuilderSupplier;
import io.jsonwebtoken.security.KeyLengthSupplier;
import io.jsonwebtoken.security.Request;
import io.jsonwebtoken.security.SecretKeyBuilder;
import io.jsonwebtoken.security.WeakKeyException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes3.dex */
abstract class AesAlgorithm extends CryptoAlgorithm implements KeyBuilderSupplier<SecretKey, SecretKeyBuilder>, KeyLengthSupplier {
    protected static final int BLOCK_BYTE_SIZE = 16;
    protected static final int BLOCK_SIZE = 128;
    protected static final String DECRYPT_NO_IV = "This algorithm implementation rejects decryption requests that do not include initialization vectors. AES ciphertext without an IV is weak and susceptible to attack.";
    protected static final int GCM_IV_SIZE = 96;
    protected static final String KEY_ALG_NAME = "AES";
    protected final boolean gcm;
    protected final int ivBitLength;
    protected final int keyBitLength;
    protected final int tagBitLength;

    public AesAlgorithm(String str, String str2, int i) {
        super(str, str2);
        Assert.isTrue(i == BLOCK_SIZE || i == 192 || i == 256, "Invalid AES key length: it must equal 128, 192, or 256.");
        this.keyBitLength = i;
        boolean startsWith = str2.startsWith("AES/GCM");
        this.gcm = startsWith;
        this.ivBitLength = str2.equals("AESWrap") ? 0 : startsWith ? GCM_IV_SIZE : BLOCK_SIZE;
        this.tagBitLength = startsWith ? BLOCK_SIZE : i;
    }

    public static String lengthMsg(String str, String str2, int i, long j) {
        StringBuilder q = AbstractC5660gr.q("The '", str, "' algorithm requires ", str2, " with a length of ");
        q.append(Bytes.bitsMsg(i));
        q.append(".  The provided key has a length of ");
        q.append(Bytes.bitsMsg(j));
        q.append(".");
        return q.toString();
    }

    private void updateAAD(Cipher cipher, InputStream inputStream) throws Exception {
        int read;
        if (inputStream == null) {
            return;
        }
        byte[] bArr = new byte[2048];
        do {
            read = inputStream.read(bArr);
            if (read > 0) {
                cipher.updateAAD(bArr, 0, read);
            }
        } while (read != -1);
    }

    private void validateLengthIfPossible(SecretKey secretKey) {
        validateLength(secretKey, this.keyBitLength, false);
    }

    public byte[] assertBytes(byte[] bArr, String str, int i) {
        long bitLength = Bytes.bitLength(bArr);
        if (i == bitLength) {
            return bArr;
        }
        throw new IllegalArgumentException(lengthMsg(getId(), str, i, bitLength));
    }

    public byte[] assertDecryptionIv(IvSupplier ivSupplier) throws IllegalArgumentException {
        byte[] iv = ivSupplier.getIv();
        Assert.notEmpty(iv, DECRYPT_NO_IV);
        return assertIvLength(iv);
    }

    public byte[] assertIvLength(byte[] bArr) {
        return assertBytes(bArr, "initialization vectors", this.ivBitLength);
    }

    public SecretKey assertKey(SecretKey secretKey) {
        Assert.notNull(secretKey, "Request key cannot be null.");
        validateLengthIfPossible(secretKey);
        return secretKey;
    }

    public byte[] assertTag(byte[] bArr) {
        return assertBytes(bArr, "authentication tags", this.tagBitLength);
    }

    public byte[] ensureInitializationVector(Request<?> request) {
        byte[] clean = request instanceof IvSupplier ? Arrays.clean(((IvSupplier) request).getIv()) : null;
        int i = this.ivBitLength / 8;
        if (clean != null && clean.length != 0) {
            assertIvLength(clean);
            return clean;
        }
        byte[] bArr = new byte[i];
        CryptoAlgorithm.ensureSecureRandom(request).nextBytes(bArr);
        return bArr;
    }

    public AlgorithmParameterSpec getIvSpec(byte[] bArr) {
        Assert.notEmpty(bArr, "Initialization Vector byte array cannot be null or empty.");
        return this.gcm ? new GCMParameterSpec(BLOCK_SIZE, bArr) : new IvParameterSpec(bArr);
    }

    @Override // io.jsonwebtoken.security.KeyLengthSupplier
    public int getKeyBitLength() {
        return this.keyBitLength;
    }

    @Override // io.jsonwebtoken.security.KeyBuilderSupplier
    public SecretKeyBuilder key() {
        return new DefaultSecretKeyBuilder(KEY_ALG_NAME, getKeyBitLength());
    }

    public byte[] validateLength(SecretKey secretKey, int i, boolean z) {
        try {
            byte[] encoded = secretKey.getEncoded();
            long bitLength = Bytes.bitLength(encoded);
            if (bitLength >= i) {
                return encoded;
            }
            throw new WeakKeyException(lengthMsg(getId(), "keys", i, bitLength));
        } catch (RuntimeException e) {
            if (z) {
                throw e;
            }
            return null;
        }
    }

    public void withCipher(Cipher cipher, InputStream inputStream, OutputStream outputStream) throws Exception {
        outputStream.write(withCipher(cipher, inputStream, null, outputStream));
    }

    public byte[] withCipher(Cipher cipher, InputStream inputStream, InputStream inputStream2, OutputStream outputStream) throws Exception {
        int read;
        updateAAD(cipher, inputStream2);
        byte[] bArr = new byte[2048];
        do {
            try {
                read = inputStream.read(bArr);
                if (read > 0) {
                    Streams.write(outputStream, cipher.update(bArr, 0, read), "Unable to write Cipher output to OutputStream");
                }
            } catch (Throwable th) {
                Bytes.clear(bArr);
                throw th;
            }
        } while (read != -1);
        byte[] doFinal = cipher.doFinal();
        Bytes.clear(bArr);
        return doFinal;
    }
}
