package com.palantir.config.crypto.algorithm.rsa;

import com.fasterxml.jackson.annotation.JsonValue;
import com.google.errorprone.annotations.Immutable;
import com.palantir.config.crypto.EncryptedValue;
import com.palantir.config.crypto.KeyWithType;
import com.palantir.config.crypto.algorithm.Encrypter;
import com.palantir.config.crypto.algorithm.KeyType;
import com.palantir.config.crypto.util.Suppliers;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;

@Immutable
/* loaded from: input_file:com/palantir/config/crypto/algorithm/rsa/RsaOaepEncrypter.class */
public enum RsaOaepEncrypter implements Encrypter {
    INSTANCE;

    private static final HashAlgorithm OAEP_HASH_ALG = HashAlgorithm.SHA256;
    private static final HashAlgorithm MDF1_HASH_ALG = HashAlgorithm.SHA256;

    /* loaded from: input_file:com/palantir/config/crypto/algorithm/rsa/RsaOaepEncrypter$HashAlgorithm.class */
    public enum HashAlgorithm {
        SHA1("SHA-1"),
        SHA256("SHA-256");

        private final String name;

        HashAlgorithm(String str) {
            this.name = str;
        }

        @Override // java.lang.Enum
        @JsonValue
        public String toString() {
            return this.name;
        }
    }

    @Override // com.palantir.config.crypto.algorithm.Encrypter
    public final EncryptedValue encrypt(KeyWithType keyWithType, String str) {
        KeyType.RSA_PUBLIC.checkKeyArgument(keyWithType, RsaPublicKey.class);
        PublicKey publicKey = ((RsaPublicKey) keyWithType.getKey()).getPublicKey();
        return (EncryptedValue) Suppliers.silently(() -> {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
            cipher.init(1, publicKey, new OAEPParameterSpec(OAEP_HASH_ALG.toString(), "MGF1", new MGF1ParameterSpec(MDF1_HASH_ALG.toString()), PSource.PSpecified.DEFAULT));
            return ImmutableRsaEncryptedValue.builder().ciphertext(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8))).oaepHashAlg(OAEP_HASH_ALG).mdf1HashAlg(MDF1_HASH_ALG).build();
        });
    }
}
