package com.nimbusds.jose.crypto;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEDecrypter;
import com.nimbusds.jose.JWEHeaderFilter;
import com.nimbusds.jose.ReadOnlyJWEHeader;
import com.nimbusds.jose.util.Base64URL;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.HashSet;
import java.util.Set;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.encodings.OAEPEncoding;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.params.RSAKeyParameters;

/* loaded from: input_file:com/nimbusds/jose/crypto/RSADecrypter.class */
public class RSADecrypter extends RSAProvider implements JWEDecrypter {
    private final String symmetricAlgorithm = "AES";
    public static final JWEHeaderFilter HEADER_FILTER = new JWEHeaderFilter() { // from class: com.nimbusds.jose.crypto.RSADecrypter.1
        @Override // com.nimbusds.jose.JWEHeaderFilter
        public Set<JWEAlgorithm> getAcceptedAlgorithms() {
            return RSAProvider.SUPPORTED_ALGORITHMS;
        }

        @Override // com.nimbusds.jose.JWEHeaderFilter
        public void setAcceptedAlgorithms(Set<JWEAlgorithm> set) {
        }

        @Override // com.nimbusds.jose.JWEHeaderFilter
        public Set<EncryptionMethod> getAcceptedEncryptionMethods() {
            return RSAProvider.SUPPORTED_ENCRYPTION_METHODS;
        }

        @Override // com.nimbusds.jose.JWEHeaderFilter
        public void setAcceptedEncryptionMethods(Set<EncryptionMethod> set) {
        }

        @Override // com.nimbusds.jose.HeaderFilter
        public Set<String> getAcceptedParameters() {
            HashSet hashSet = new HashSet();
            hashSet.add("alg");
            hashSet.add("enc");
            hashSet.add("zip");
            hashSet.add("typ");
            return hashSet;
        }

        @Override // com.nimbusds.jose.HeaderFilter
        public void setAcceptedParameters(Set<String> set) {
        }
    };
    private RSAPrivateKey privateKey;

    @Override // com.nimbusds.jose.JWEDecrypter
    public JWEHeaderFilter getJWEHeaderFilter() {
        return HEADER_FILTER;
    }

    public RSADecrypter(RSAPrivateKey rSAPrivateKey) {
        this.privateKey = rSAPrivateKey;
    }

    @Override // com.nimbusds.jose.JWEDecrypter
    public byte[] decrypt(ReadOnlyJWEHeader readOnlyJWEHeader, Base64URL base64URL, Base64URL base64URL2, Base64URL base64URL3, Base64URL base64URL4) throws JOSEException {
        if (base64URL == null) {
            throw new JOSEException("Missing encrypted key");
        }
        if (base64URL2 == null) {
            throw new JOSEException("Missing initialization vector");
        }
        if (base64URL4 == null) {
            throw new JOSEException("Missing integrity value");
        }
        JWEAlgorithm algorithm = readOnlyJWEHeader.getAlgorithm();
        EncryptionMethod encryptionMethod = readOnlyJWEHeader.getEncryptionMethod();
        keyLengthForMethod(encryptionMethod);
        try {
            return AESGCM.decrypt(getKeySpec(algorithm, encryptionMethod, base64URL.decode(), this.privateKey), base64URL3.decode(), (readOnlyJWEHeader.toBase64URL().toString() + "." + base64URL.toString() + "." + base64URL2.toString()).getBytes("UTF-8"), base64URL4.decode(), base64URL2.decode());
        } catch (Exception e) {
            throw new JOSEException(e.getMessage(), e);
        }
    }

    private SecretKeySpec getKeySpec(JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, byte[] bArr, PrivateKey privateKey) throws JOSEException {
        int keyLengthForMethod = keyLengthForMethod(encryptionMethod);
        try {
            if (jWEAlgorithm.equals(JWEAlgorithm.RSA_OAEP)) {
                RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) privateKey;
                OAEPEncoding oAEPEncoding = new OAEPEncoding(new RSAEngine());
                oAEPEncoding.init(false, new RSAKeyParameters(true, rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent()));
                return new SecretKeySpec(oAEPEncoding.processBlock(bArr, 0, bArr.length), "AES");
            }
            if (!jWEAlgorithm.equals(JWEAlgorithm.RSA1_5)) {
                throw new JOSEException("Unsupported JWEAlgorithm");
            }
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, this.privateKey);
            byte[] doFinal = cipher.doFinal(bArr);
            if (8 * doFinal.length != keyLengthForMethod) {
                throw new Exception("WebToken.decrypt RSA PKCS1Padding symmetric key length mismatch: " + doFinal.length + " != " + keyLengthForMethod);
            }
            return new SecretKeySpec(doFinal, "AES");
        } catch (BadPaddingException e) {
            throw new JOSEException(e.getMessage(), e);
        } catch (InvalidCipherTextException e2) {
            throw new JOSEException(e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new JOSEException(e3.getMessage(), e3);
        } catch (IllegalBlockSizeException e4) {
            throw new JOSEException(e4.getMessage(), e4);
        } catch (NoSuchPaddingException e5) {
            throw new JOSEException(e5.getMessage(), e5);
        } catch (Exception e6) {
            throw new JOSEException(e6.getMessage(), e6);
        }
    }

    @Override // com.nimbusds.jose.crypto.RSAProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ Set supportedEncryptionMethods() {
        return super.supportedEncryptionMethods();
    }

    @Override // com.nimbusds.jose.crypto.RSAProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ Set supportedAlgorithms() {
        return super.supportedAlgorithms();
    }
}
