package com.nimbusds.jose.crypto.impl;

import am.c;
import am.g;
import am.h;
import am.k;
import aq2.e;
import cm.i;
import com.google.crypto.tink.subtle.X25519;
import com.kaspersky.components.utils.SharedUtils;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.util.Base64URL;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.interfaces.ECPublicKey;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import lh.a;
import rm5.b;
import xl.d;

/* loaded from: classes2.dex */
public class ECDH {
    private ECDH() {
    }

    public static SecretKey deriveSharedKey(JWEHeader jWEHeader, SecretKey secretKey, c cVar) throws d {
        String name;
        int sharedKeyLength = sharedKeyLength(jWEHeader.getAlgorithm(), jWEHeader.getEncryptionMethod());
        g resolveAlgorithmMode = resolveAlgorithmMode(jWEHeader.getAlgorithm());
        if (resolveAlgorithmMode == g.DIRECT) {
            name = jWEHeader.getEncryptionMethod().getName();
        } else {
            if (resolveAlgorithmMode != g.KW) {
                throw new Exception("Unsupported JWE ECDH algorithm mode: " + resolveAlgorithmMode);
            }
            name = jWEHeader.getAlgorithm().getName();
        }
        byte[] bytes = name.getBytes(StandardCharsets.US_ASCII);
        if (bytes == null) {
            bytes = new byte[0];
        }
        byte[] p16 = k.p(a.b0(bytes.length), bytes);
        Base64URL agreementPartyUInfo = jWEHeader.getAgreementPartyUInfo();
        byte[] decode = agreementPartyUInfo != null ? agreementPartyUInfo.decode() : null;
        if (decode == null) {
            decode = new byte[0];
        }
        byte[] p17 = k.p(a.b0(decode.length), decode);
        Base64URL agreementPartyVInfo = jWEHeader.getAgreementPartyVInfo();
        byte[] decode2 = agreementPartyVInfo != null ? agreementPartyVInfo.decode() : null;
        if (decode2 == null) {
            decode2 = new byte[0];
        }
        byte[] p18 = k.p(a.b0(decode2.length), decode2);
        byte[] b06 = a.b0(sharedKeyLength);
        cVar.getClass();
        byte[] p19 = k.p(p16, p17, p18, b06, new byte[0]);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Provider provider = cVar.f5068a.getProvider();
        try {
            MessageDigest messageDigest = provider == null ? MessageDigest.getInstance(SharedUtils.f154) : MessageDigest.getInstance(SharedUtils.f154, provider);
            int i16 = 1;
            while (true) {
                long digestLength = messageDigest.getDigestLength() * 8;
                int i17 = (int) digestLength;
                if (i17 != digestLength) {
                    throw new Exception("Integer overflow");
                }
                if (i16 > ((sharedKeyLength + i17) - 1) / i17) {
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    int i18 = sharedKeyLength / 8;
                    return byteArray.length == i18 ? new SecretKeySpec(byteArray, "AES") : new SecretKeySpec(k.X(byteArray, 0, i18), "AES");
                }
                messageDigest.update(a.b0(i16));
                messageDigest.update(secretKey.getEncoded());
                if (p19 != null) {
                    messageDigest.update(p19);
                }
                try {
                    byteArrayOutputStream.write(messageDigest.digest());
                    i16++;
                } catch (IOException e16) {
                    throw new Exception(e.g(e16, new StringBuilder("Couldn't write derived key: ")), e16);
                }
            }
        } catch (NoSuchAlgorithmException e17) {
            throw new Exception("Couldn't get message digest for KDF: " + e17.getMessage(), e17);
        }
    }

    public static SecretKey deriveSharedSecret(i iVar, i iVar2) throws d {
        if (iVar.isPrivate()) {
            throw new Exception("Expected public key but received OKP with 'd' value");
        }
        Curve curve = Curve.X25519;
        if (!curve.equals(iVar.getCurve())) {
            throw new Exception("Expected public key OKP with crv=X25519");
        }
        if (!iVar2.isPrivate()) {
            throw new Exception("Expected private key but received OKP without 'd' value");
        }
        if (!curve.equals(iVar2.getCurve())) {
            throw new Exception("Expected private key OKP with crv=X25519");
        }
        try {
            return new SecretKeySpec(X25519.computeSharedSecret(iVar2.a(), iVar.b()), "AES");
        } catch (InvalidKeyException e16) {
            throw new Exception(e16.getMessage(), e16);
        }
    }

    public static SecretKey deriveSharedSecret(ECPublicKey eCPublicKey, PrivateKey privateKey, Provider provider) throws d {
        try {
            KeyAgreement keyAgreement = provider != null ? KeyAgreement.getInstance("ECDH", provider) : KeyAgreement.getInstance("ECDH");
            try {
                keyAgreement.init(privateKey);
                keyAgreement.doPhase(eCPublicKey, true);
                return new SecretKeySpec(keyAgreement.generateSecret(), "AES");
            } catch (InvalidKeyException e16) {
                throw new Exception("Invalid key for ECDH key agreement: " + e16.getMessage(), e16);
            }
        } catch (NoSuchAlgorithmException e17) {
            throw new Exception("Couldn't get an ECDH key agreement instance: " + e17.getMessage(), e17);
        }
    }

    public static g resolveAlgorithmMode(JWEAlgorithm jWEAlgorithm) throws d {
        if (jWEAlgorithm.equals(JWEAlgorithm.ECDH_ES)) {
            return g.DIRECT;
        }
        if (jWEAlgorithm.equals(JWEAlgorithm.ECDH_ES_A128KW) || jWEAlgorithm.equals(JWEAlgorithm.ECDH_ES_A192KW) || jWEAlgorithm.equals(JWEAlgorithm.ECDH_ES_A256KW)) {
            return g.KW;
        }
        throw new Exception(b.y0(jWEAlgorithm, h.SUPPORTED_ALGORITHMS));
    }

    public static int sharedKeyLength(JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) throws d {
        if (jWEAlgorithm.equals(JWEAlgorithm.ECDH_ES)) {
            int cekBitLength = encryptionMethod.cekBitLength();
            if (cekBitLength != 0) {
                return cekBitLength;
            }
            throw new Exception("Unsupported JWE encryption method " + encryptionMethod);
        }
        if (jWEAlgorithm.equals(JWEAlgorithm.ECDH_ES_A128KW)) {
            return 128;
        }
        if (jWEAlgorithm.equals(JWEAlgorithm.ECDH_ES_A192KW)) {
            return 192;
        }
        if (jWEAlgorithm.equals(JWEAlgorithm.ECDH_ES_A256KW)) {
            return 256;
        }
        throw new Exception(b.y0(jWEAlgorithm, h.SUPPORTED_ALGORITHMS));
    }
}
