package com.pingan.openbank.api.sdk.common;

import cn.com.agree.cipher.jwt.variant.TemporaryKey;
import cn.com.agree.cipher.sm4.SM4Util;
import cn.com.agree.cipher.utils.Util;
import io.jsonwebtoken.Header;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.impl.io.InstanceLocator;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.io.Deserializer;
import io.jsonwebtoken.io.Encoders;
import io.jsonwebtoken.io.SerializationException;
import io.jsonwebtoken.io.Serializer;
import io.jsonwebtoken.lang.Classes;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: input_file:com/pingan/openbank/api/sdk/common/CAVariantJwe.class */
public class CAVariantJwe {
    private static byte[] DEFAULT_TAG = "0".getBytes();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/pingan/openbank/api/sdk/common/CAVariantJwe$Jwe.class */
    public static class Jwe {
        private Map<String, ?> header;
        private String encryptedKey;
        private String iv;
        private String cipherText;
        private byte[] tag;

        public Jwe(Map<String, ?> map, String str, String str2, String str3, byte[] bArr) {
            this.header = map;
            this.encryptedKey = str;
            this.iv = str2;
            this.cipherText = str3;
            this.tag = bArr;
        }

        public String toJweString() {
            return CAVariantJwe.base64UrlEncode(this.header, "Unable to serialize header to json") + '.' + CAVariantJwe.base64UrlEncode(this.encryptedKey.getBytes()) + '.' + CAVariantJwe.base64UrlEncode(this.iv.getBytes()) + '.' + CAVariantJwe.base64UrlEncode(this.cipherText.getBytes()) + '.' + CAVariantJwe.base64UrlEncode(this.tag);
        }

        public static Jwe parse(String str) {
            String[] split = str.split("\\.");
            if (split.length != 5) {
                throw new MalformedJwtException("JWE strings must contain exactly 4 period characters.");
            }
            if (Util.isEmpty(split[0]) || Util.isEmpty(split[1]) || Util.isEmpty(split[2]) || Util.isEmpty(split[3]) || Util.isEmpty(split[4])) {
                throw new MalformedJwtException("JWE incomplete: " + str);
            }
            return new Jwe(CAVariantJwe.readValueAsMap(CAVariantJwe.base64UrlDecode(split[0])), new String(CAVariantJwe.base64UrlDecode(split[1])), new String(CAVariantJwe.base64UrlDecode(split[2])), new String(CAVariantJwe.base64UrlDecode(split[3])), CAVariantJwe.base64UrlDecode(split[4]));
        }

        public String getEncryptedKey() {
            return this.encryptedKey;
        }

        public String getIv() {
            return this.iv;
        }

        public String getCipherText() {
            return this.cipherText;
        }
    }

    public static String encryptJweUseKeyStore(String str, TemporaryKey temporaryKey, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, UnsupportedEncodingException {
        Map<String, Object> createHeader = createHeader(str);
        String encryptedSymmetricKey = temporaryKey.getEncryptedSymmetricKey();
        byte[] generateSM4IV = SM4Util.generateSM4IV(128);
        return new Jwe(createHeader, encryptedSymmetricKey, Util.byteToHex(generateSM4IV), Util.byteToHex(SM4Util.encrypt_Cbc_Padding(Util.hexStringToBytes(temporaryKey.getSymmetricKey()), generateSM4IV, str2.getBytes("UTF-8"))), DEFAULT_TAG).toJweString();
    }

    public static String decryptJwe(String str, TemporaryKey temporaryKey) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException, UnsupportedEncodingException {
        Jwe parse = Jwe.parse(str);
        return new String(SM4Util.decrypt_Cbc_Padding(Util.hexStringToBytes(temporaryKey.getSymmetricKey()), Util.hexStringToBytes(parse.getIv()), Util.hexToByte(parse.getCipherText())), "UTF-8");
    }

    private static Map<String, Object> createHeader(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(JwsHeader.ALGORITHM, "SM2");
        hashMap.put(Header.TYPE, Header.JWT_TYPE);
        hashMap.put(JwsHeader.KEY_ID, str);
        hashMap.put("enc", SM4Util.ALGORITHM_NAME);
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String base64UrlEncode(byte[] bArr) {
        return Encoders.BASE64URL.encode(bArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String base64UrlEncode(Map<String, ?> map, String str) {
        try {
            return Encoders.BASE64URL.encode(writeValueAsBytes(map));
        } catch (SerializationException e) {
            throw new IllegalStateException(str, e);
        }
    }

    private static byte[] writeValueAsBytes(Map<String, ?> map) throws SerializationException {
        return ((Serializer) ((InstanceLocator) Classes.newInstance("io.jsonwebtoken.impl.io.RuntimeClasspathSerializerLocator")).getInstance2()).serialize(map);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] base64UrlDecode(String str) {
        return Decoders.BASE64URL.decode(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<String, ?> readValueAsMap(byte[] bArr) throws SerializationException {
        return (Map) ((Deserializer) ((InstanceLocator) Classes.newInstance("io.jsonwebtoken.impl.io.RuntimeClasspathDeserializerLocator")).getInstance2()).deserialize(bArr);
    }
}
