package org.xdi.oxauth.model.jwe;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Arrays;
import org.apache.commons.lang.ArrayUtils;
import org.xdi.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm;
import org.xdi.oxauth.model.exception.InvalidParameterException;
import org.xdi.oxauth.model.util.JwtUtil;
import org.xdi.oxauth.model.util.Util;

/* loaded from: input_file:org/xdi/oxauth/model/jwe/KeyDerivationFunction.class */
public class KeyDerivationFunction {
    public static byte[] generateCek(byte[] bArr, BlockEncryptionAlgorithm blockEncryptionAlgorithm) throws UnsupportedEncodingException, NoSuchProviderException, NoSuchAlgorithmException, InvalidParameterException {
        if (bArr == null) {
            throw new InvalidParameterException("The content master key (CMK) is null");
        }
        if (blockEncryptionAlgorithm == null) {
            throw new InvalidParameterException("The block encryption algorithm is null");
        }
        if (blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 && blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
            throw new InvalidParameterException("The block encryption algorithm is not supported");
        }
        byte[] unsignedToBytes = JwtUtil.unsignedToBytes(new int[]{0, 0, 0, 1});
        byte[] unsignedToBytes2 = blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 ? JwtUtil.unsignedToBytes(new int[]{0, 0, 0, 128}) : JwtUtil.unsignedToBytes(new int[]{0, 0, 1, 0});
        byte[] bytes = blockEncryptionAlgorithm.getName().getBytes(Util.UTF8_STRING_ENCODING);
        return Arrays.copyOf(MessageDigest.getInstance(blockEncryptionAlgorithm.getMessageDiggestAlgorithm(), "BC").digest(ArrayUtils.addAll(ArrayUtils.addAll(ArrayUtils.addAll(ArrayUtils.addAll(ArrayUtils.addAll(ArrayUtils.addAll(unsignedToBytes, bArr), unsignedToBytes2), bytes), JwtUtil.unsignedToBytes(new int[]{0, 0, 0, 0})), JwtUtil.unsignedToBytes(new int[]{0, 0, 0, 0})), "Encryption".getBytes(Util.UTF8_STRING_ENCODING))), blockEncryptionAlgorithm.getCekLength().intValue() / 8);
    }

    public static byte[] generateCik(byte[] bArr, BlockEncryptionAlgorithm blockEncryptionAlgorithm) throws UnsupportedEncodingException, NoSuchProviderException, NoSuchAlgorithmException, InvalidParameterException {
        if (bArr == null) {
            throw new InvalidParameterException("The content master key (CMK) is null");
        }
        if (blockEncryptionAlgorithm == null) {
            throw new InvalidParameterException("The block encryption algorithm is null");
        }
        if (blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 && blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
            throw new InvalidParameterException("The block encryption algorithm is not supported");
        }
        byte[] unsignedToBytes = JwtUtil.unsignedToBytes(new int[]{0, 0, 0, 1});
        byte[] unsignedToBytes2 = blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 ? JwtUtil.unsignedToBytes(new int[]{0, 0, 1, 0}) : JwtUtil.unsignedToBytes(new int[]{0, 0, 2, 0});
        byte[] bytes = blockEncryptionAlgorithm.getName().getBytes(Util.UTF8_STRING_ENCODING);
        return MessageDigest.getInstance(blockEncryptionAlgorithm.getMessageDiggestAlgorithm(), "BC").digest(ArrayUtils.addAll(ArrayUtils.addAll(ArrayUtils.addAll(ArrayUtils.addAll(ArrayUtils.addAll(ArrayUtils.addAll(unsignedToBytes, bArr), unsignedToBytes2), bytes), JwtUtil.unsignedToBytes(new int[]{0, 0, 0, 0})), JwtUtil.unsignedToBytes(new int[]{0, 0, 0, 0})), "Integrity".getBytes(Util.UTF8_STRING_ENCODING)));
    }
}
