package com.venafi.vcert.sdk.connectors.cloud;

import com.iwebpp.crypto.TweetNaclFast;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import org.bouncycastle.crypto.digests.Blake2bDigest;

/* loaded from: input_file:WEB-INF/lib/vcert-java-0.9.3.jar:com/venafi/vcert/sdk/connectors/cloud/SealedBoxUtility.class */
public class SealedBoxUtility {
    public static final int CRYPTO_BOX_NONCEBYTES = 24;

    public static byte[] cryptoBoxSeal(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        TweetNaclFast.Box.KeyPair keyPair = TweetNaclFast.Box.keyPair();
        byte[] box = new TweetNaclFast.Box(bArr, keyPair.getSecretKey()).box(bArr2, cryptoBoxSealNonce(keyPair.getPublicKey(), bArr));
        if (box == null) {
            throw new GeneralSecurityException("Could not create the crypto box");
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                byteArrayOutputStream.write(keyPair.getPublicKey());
                byteArrayOutputStream.write(box);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byteArrayOutputStream.close();
                return byteArray;
            } finally {
            }
        } catch (IOException e) {
            throw new GeneralSecurityException("Could not create the sealed crypto box", e);
        }
    }

    public static byte[] cryptoBoxSealNonce(byte[] bArr, byte[] bArr2) {
        Blake2bDigest blake2bDigest = new Blake2bDigest(192);
        blake2bDigest.update(bArr, 0, bArr.length);
        blake2bDigest.update(bArr2, 0, bArr2.length);
        byte[] bArr3 = new byte[24];
        blake2bDigest.doFinal(bArr3, 0);
        if (bArr3 == null || bArr3.length != 24) {
            throw new IllegalArgumentException("Blake2b hashing failed");
        }
        return bArr3;
    }
}
