package org.mozilla.jss.SecretDecoderRing;

import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.asn1.ASN1Util;
import org.mozilla.jss.asn1.InvalidBERException;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.EncryptionAlgorithm;
import org.mozilla.jss.crypto.TokenException;

/* loaded from: input_file:org/mozilla/jss/SecretDecoderRing/Encryptor.class */
public class Encryptor {
    private CryptoToken token;
    private byte[] keyID;
    private SecretKey key;
    private EncryptionAlgorithm alg;
    private KeyManager keyManager;
    public static final EncryptionAlgorithm DEFAULT_ENCRYPTION_ALG = EncryptionAlgorithm.DES3_CBC;
    static final String PROVIDER = "Mozilla-JSS";
    static final String RNG_ALG = "pkcs11prng";

    public Encryptor(CryptoToken cryptoToken, byte[] bArr, EncryptionAlgorithm encryptionAlgorithm) throws TokenException, InvalidKeyException {
        this.token = cryptoToken;
        this.keyID = bArr;
        this.alg = encryptionAlgorithm;
        this.keyManager = new KeyManager(cryptoToken);
        this.key = this.keyManager.lookupKey(encryptionAlgorithm, bArr);
        if (this.key == null) {
            throw new InvalidKeyException("Key not found");
        }
    }

    public byte[] encrypt(byte[] bArr) throws CryptoManager.NotInitializedException, GeneralSecurityException, InvalidBERException {
        CryptoManager cryptoManager = CryptoManager.getInstance();
        CryptoToken threadToken = cryptoManager.getThreadToken();
        try {
            try {
                cryptoManager.setThreadToken(this.token);
                byte[] bArr2 = new byte[this.alg.getIVLength()];
                SecureRandom.getInstance(RNG_ALG, PROVIDER).nextBytes(bArr2);
                IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
                Cipher cipher = Cipher.getInstance(this.alg.toString(), PROVIDER);
                cipher.init(1, this.key, ivParameterSpec);
                byte[] encode = ASN1Util.encode(new Encoding(this.keyID, bArr2, this.alg.toOID(), cipher.doFinal(org.mozilla.jss.crypto.Cipher.pad(bArr, this.alg.getBlockSize()))));
                cryptoManager.setThreadToken(threadToken);
                return encode;
            } catch (IllegalStateException e) {
                throw new GeneralSecurityException(e.toString());
            }
        } catch (Throwable th) {
            cryptoManager.setThreadToken(threadToken);
            throw th;
        }
    }
}
