package com.nimbusds.jose.crypto;

import com.nimbusds.jose.CompressionAlgorithm;
import com.nimbusds.jose.DefaultJWEHeaderFilter;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEDecrypter;
import com.nimbusds.jose.JWEHeaderFilter;
import com.nimbusds.jose.ReadOnlyJWEHeader;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.DeflateUtils;
import java.io.UnsupportedEncodingException;
import java.security.interfaces.RSAPrivateKey;
import java.util.Set;
import javax.crypto.SecretKey;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:WEB-INF/lib/nimbus-jose-jwt-2.13.1.jar:com/nimbusds/jose/crypto/RSADecrypter.class */
public class RSADecrypter extends RSACryptoProvider implements JWEDecrypter {
    private final DefaultJWEHeaderFilter headerFilter;
    private RSAPrivateKey privateKey;

    public RSADecrypter(RSAPrivateKey rSAPrivateKey) {
        if (rSAPrivateKey == null) {
            throw new IllegalArgumentException("The private RSA key must not be null");
        }
        this.privateKey = rSAPrivateKey;
        this.headerFilter = new DefaultJWEHeaderFilter(supportedAlgorithms(), supportedEncryptionMethods());
    }

    public RSAPrivateKey getPrivateKey() {
        return this.privateKey;
    }

    @Override // com.nimbusds.jose.JWEDecrypter
    public JWEHeaderFilter getJWEHeaderFilter() {
        return this.headerFilter;
    }

    private static final byte[] applyDecompression(ReadOnlyJWEHeader readOnlyJWEHeader, byte[] bArr) throws JOSEException {
        CompressionAlgorithm compressionAlgorithm = readOnlyJWEHeader.getCompressionAlgorithm();
        if (compressionAlgorithm == null) {
            return bArr;
        }
        if (!compressionAlgorithm.equals(CompressionAlgorithm.DEF)) {
            throw new JOSEException("Unsupported compression algorithm: " + compressionAlgorithm);
        }
        try {
            return DeflateUtils.decompress(bArr);
        } catch (Exception e) {
            throw new JOSEException("Couldn't decompress plain text: " + e.getMessage(), e);
        }
    }

    @Override // com.nimbusds.jose.JWEDecrypter
    public byte[] decrypt(ReadOnlyJWEHeader readOnlyJWEHeader, Base64URL base64URL, Base64URL base64URL2, Base64URL base64URL3, Base64URL base64URL4) throws JOSEException {
        SecretKey decryptCMK;
        byte[] decrypt;
        if (base64URL == null) {
            throw new JOSEException("The encrypted key must not be null");
        }
        if (base64URL2 == null) {
            throw new JOSEException("The initialization vector (IV) must not be null");
        }
        if (base64URL4 == null) {
            throw new JOSEException("The integrity value must not be null");
        }
        JWEAlgorithm algorithm = readOnlyJWEHeader.getAlgorithm();
        if (algorithm.equals(JWEAlgorithm.RSA1_5)) {
            int cmkBitLength = cmkBitLength(readOnlyJWEHeader.getEncryptionMethod());
            SecretKey generateAESCMK = AES.generateAESCMK(cmkBitLength);
            try {
                decryptCMK = RSA1_5.decryptCMK(this.privateKey, base64URL.decode(), cmkBitLength);
            } catch (Exception e) {
                decryptCMK = generateAESCMK;
            }
        } else {
            if (!algorithm.equals(JWEAlgorithm.RSA_OAEP)) {
                throw new JOSEException("Unsupported algorithm, must be RSA1_5 or RSA_OAEP");
            }
            decryptCMK = RSA_OAEP.decryptCMK(this.privateKey, base64URL.decode());
        }
        EncryptionMethod encryptionMethod = readOnlyJWEHeader.getEncryptionMethod();
        if (encryptionMethod.equals(EncryptionMethod.A128CBC_HS256) || encryptionMethod.equals(EncryptionMethod.A256CBC_HS512)) {
            byte[] bArr = null;
            if (readOnlyJWEHeader.getEncryptionPartyUInfo() != null) {
                bArr = readOnlyJWEHeader.getEncryptionPartyUInfo().decode();
            }
            byte[] bArr2 = null;
            if (readOnlyJWEHeader.getEncryptionPartyVInfo() != null) {
                bArr2 = readOnlyJWEHeader.getEncryptionPartyVInfo().decode();
            }
            decrypt = AESCBC.decrypt(ConcatKDF.generateCEK(decryptCMK, encryptionMethod, bArr, bArr2), base64URL2.decode(), base64URL3.decode());
            if (!Arrays.constantTimeAreEqual(base64URL4.decode(), HMAC.compute(ConcatKDF.generateCIK(decryptCMK, encryptionMethod, bArr, bArr2), (readOnlyJWEHeader.toBase64URL().toString() + "." + base64URL.toString() + "." + base64URL2.toString() + "." + base64URL3.toString()).getBytes()))) {
                throw new JOSEException("HMAC integrity check failed");
            }
        } else {
            if (!encryptionMethod.equals(EncryptionMethod.A128GCM) && !encryptionMethod.equals(EncryptionMethod.A256GCM)) {
                throw new JOSEException("Unsupported encryption method, must be A128CBC_HS256, A256CBC_HS512, A128GCM or A128GCM");
            }
            try {
                decrypt = AESGCM.decrypt(decryptCMK, base64URL2.decode(), base64URL3.decode(), (readOnlyJWEHeader.toBase64URL().toString() + "." + base64URL.toString() + "." + base64URL2.toString()).getBytes("UTF-8"), base64URL4.decode());
            } catch (UnsupportedEncodingException e2) {
                throw new JOSEException(e2.getMessage(), e2);
            }
        }
        return applyDecompression(readOnlyJWEHeader, decrypt);
    }

    @Override // com.nimbusds.jose.crypto.BaseJWEProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ Set supportedEncryptionMethods() {
        return super.supportedEncryptionMethods();
    }

    @Override // com.nimbusds.jose.crypto.BaseJWEProvider, com.nimbusds.jose.JWEAlgorithmProvider
    public /* bridge */ /* synthetic */ Set supportedAlgorithms() {
        return super.supportedAlgorithms();
    }
}
