package com.almworks.jira.structure.appsupport;

import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: input_file:com/almworks/jira/structure/appsupport/ClientCrypto.class */
public final class ClientCrypto {
    static final int AES_KEY_LENGTH = 16;
    static final int HMAC_KEY_LENGTH = 16;
    static final int AES_IV_LENGTH = 16;
    private final RSAPublicKey myPublicKey;
    private final SecureRandom myRandom;
    private final boolean myOneTimeKey;
    private Cipher myAesCipher;
    private SecretKey myAesKey;
    private Mac myHmac;
    private SecretKey myHmacKey;

    public ClientCrypto(RSAPublicKey rSAPublicKey, SecureRandom secureRandom) {
        this(rSAPublicKey, secureRandom, true);
    }

    ClientCrypto(RSAPublicKey rSAPublicKey, SecureRandom secureRandom, boolean z) {
        this.myPublicKey = rSAPublicKey;
        this.myRandom = secureRandom;
        this.myOneTimeKey = z;
    }

    public synchronized byte[] encrypt(byte[] bArr) throws GeneralSecurityException {
        try {
            return encrypt0(bArr);
        } catch (Exception e) {
            throw CryptoUtil.rethrow(e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v34, types: [byte[], byte[][]] */
    private byte[] encrypt0(byte[] bArr) throws GeneralSecurityException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128, this.myRandom);
        this.myAesKey = keyGenerator.generateKey();
        byte[] bArr2 = new byte[16];
        this.myRandom.nextBytes(bArr2);
        this.myAesCipher = Cipher.getInstance("AES/CTR/NoPadding");
        this.myAesCipher.init(1, this.myAesKey, new IvParameterSpec(bArr2), this.myRandom);
        byte[] doFinal = this.myAesCipher.doFinal(bArr);
        KeyGenerator keyGenerator2 = KeyGenerator.getInstance("HmacSHA256");
        keyGenerator2.init(128, this.myRandom);
        this.myHmacKey = keyGenerator2.generateKey();
        this.myHmac = Mac.getInstance("HmacSHA256");
        this.myHmac.init(this.myHmacKey);
        this.myHmac.update(bArr2);
        byte[] doFinal2 = this.myHmac.doFinal(doFinal);
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPwithSHA-256andMGF1padding");
        cipher.init(1, this.myPublicKey, this.myRandom);
        cipher.update(this.myAesKey.getEncoded());
        return CryptoUtil.concat(new byte[]{cipher.doFinal(this.myHmacKey.getEncoded()), bArr2, doFinal, doFinal2});
    }

    public synchronized byte[] decrypt(byte[] bArr) throws GeneralSecurityException {
        if (this.myAesKey == null) {
            throw new IllegalStateException("encrypt() first");
        }
        if (bArr.length < 16 + this.myHmac.getMacLength()) {
            throw new GeneralSecurityException("Input too short");
        }
        try {
            return decrypt0(bArr, this.myHmac.getMacLength());
        } catch (Exception e) {
            throw CryptoUtil.rethrow(e);
        }
    }

    private byte[] decrypt0(byte[] bArr, int i) throws GeneralSecurityException {
        this.myHmac.init(this.myHmacKey);
        this.myHmac.update(bArr, 0, bArr.length - i);
        if (!CryptoUtil.endsWith(bArr, this.myHmac.doFinal())) {
            throw new GeneralSecurityException("MAC verification failed");
        }
        this.myAesCipher.init(2, this.myAesKey, new IvParameterSpec(bArr, 0, 16));
        byte[] doFinal = this.myAesCipher.doFinal(bArr, 16, (bArr.length - 16) - i);
        if (this.myOneTimeKey) {
            this.myAesCipher = null;
            this.myAesKey = null;
            this.myHmac = null;
            this.myHmacKey = null;
        }
        return doFinal;
    }
}
