package org.xdi.oxauth.model.jwe;

import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateKeySpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.AESWrapEngine;
import org.bouncycastle.crypto.modes.GCMBlockCipher;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.xdi.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm;
import org.xdi.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm;
import org.xdi.oxauth.model.crypto.signature.RSAPrivateKey;
import org.xdi.oxauth.model.exception.InvalidJweException;
import org.xdi.oxauth.model.exception.InvalidParameterException;
import org.xdi.oxauth.model.util.Base64Util;

/* loaded from: input_file:org/xdi/oxauth/model/jwe/JweDecrypterImpl.class */
public class JweDecrypterImpl extends AbstractJweDecrypter {
    private PrivateKey privateKey;
    private RSAPrivateKey rsaPrivateKey;
    private byte[] sharedSymmetricKey;

    public JweDecrypterImpl(byte[] bArr) {
        if (bArr != null) {
            this.sharedSymmetricKey = (byte[]) bArr.clone();
        }
    }

    public JweDecrypterImpl(RSAPrivateKey rSAPrivateKey) {
        this.rsaPrivateKey = rSAPrivateKey;
    }

    public JweDecrypterImpl(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    @Override // org.xdi.oxauth.model.jwe.AbstractJweDecrypter
    public byte[] decryptEncryptionKey(String str) throws InvalidJweException {
        if (getKeyEncryptionAlgorithm() == null) {
            throw new InvalidJweException("The key encryption algorithm is null");
        }
        if (str == null) {
            throw new InvalidJweException("The encoded encryption key is null");
        }
        try {
            if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA_OAEP || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA1_5) {
                if (this.rsaPrivateKey == null && this.privateKey == null) {
                    throw new InvalidJweException("The RSA private key is null");
                }
                Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm());
                if (this.rsaPrivateKey != null) {
                    cipher.init(2, (java.security.interfaces.RSAPrivateKey) KeyFactory.getInstance(getKeyEncryptionAlgorithm().getFamily(), BouncyCastleProvider.PROVIDER_NAME).generatePrivate(new RSAPrivateKeySpec(this.rsaPrivateKey.getModulus(), this.rsaPrivateKey.getPrivateExponent())));
                } else {
                    cipher.init(2, this.privateKey);
                }
                return cipher.doFinal(Base64Util.base64urldecode(str));
            }
            if (getKeyEncryptionAlgorithm() != KeyEncryptionAlgorithm.A128KW && getKeyEncryptionAlgorithm() != KeyEncryptionAlgorithm.A256KW) {
                throw new InvalidJweException("The key encryption algorithm is not supported");
            }
            if (this.sharedSymmetricKey == null) {
                throw new InvalidJweException("The shared symmetric key is null");
            }
            if (this.sharedSymmetricKey.length != 16) {
                this.sharedSymmetricKey = MessageDigest.getInstance("SHA-1").digest(this.sharedSymmetricKey);
                this.sharedSymmetricKey = Arrays.copyOf(this.sharedSymmetricKey, 16);
            }
            byte[] base64urldecode = Base64Util.base64urldecode(str);
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.sharedSymmetricKey, "AES");
            AESWrapEngine aESWrapEngine = new AESWrapEngine();
            aESWrapEngine.init(false, new KeyParameter(secretKeySpec.getEncoded()));
            return aESWrapEngine.unwrap(base64urldecode, 0, base64urldecode.length);
        } catch (InvalidKeyException e) {
            throw new InvalidJweException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new InvalidJweException(e2);
        } catch (NoSuchProviderException e3) {
            throw new InvalidJweException(e3);
        } catch (InvalidKeySpecException e4) {
            throw new InvalidJweException(e4);
        } catch (BadPaddingException e5) {
            throw new InvalidJweException(e5);
        } catch (IllegalBlockSizeException e6) {
            throw new InvalidJweException(e6);
        } catch (NoSuchPaddingException e7) {
            throw new InvalidJweException(e7);
        } catch (InvalidCipherTextException e8) {
            throw new InvalidJweException(e8);
        }
    }

    @Override // org.xdi.oxauth.model.jwe.AbstractJweDecrypter
    public String decryptCipherText(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws InvalidJweException {
        if (getBlockEncryptionAlgorithm() == null) {
            throw new InvalidJweException("The block encryption algorithm is null");
        }
        if (bArr == null) {
            throw new InvalidJweException("The content master key (CMK) is null");
        }
        if (bArr2 == null) {
            throw new InvalidJweException("The initialization vector is null");
        }
        if (bArr3 == null) {
            throw new InvalidJweException("The authentication tag is null");
        }
        if (bArr4 == null) {
            throw new InvalidJweException("The additional authentication data is null");
        }
        try {
            if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128GCM || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256GCM) {
                byte[] base64urldecode = Base64Util.base64urldecode(str);
                AEADParameters aEADParameters = new AEADParameters(new KeyParameter(bArr), 128, bArr2, bArr4);
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
                AESEngine aESEngine = new AESEngine();
                aESEngine.init(false, new KeyParameter(secretKeySpec.getEncoded()));
                GCMBlockCipher gCMBlockCipher = new GCMBlockCipher(aESEngine);
                gCMBlockCipher.init(false, aEADParameters);
                byte[] bArr5 = new byte[base64urldecode.length + bArr3.length];
                System.arraycopy(base64urldecode, 0, bArr5, 0, base64urldecode.length);
                System.arraycopy(bArr3, 0, bArr5, base64urldecode.length, bArr3.length);
                byte[] bArr6 = new byte[gCMBlockCipher.getOutputSize(bArr5.length)];
                gCMBlockCipher.doFinal(bArr6, gCMBlockCipher.processBytes(bArr5, 0, bArr5.length, bArr6, 0));
                return new String(bArr6, Charset.forName("UTF-8"));
            }
            if (getBlockEncryptionAlgorithm() != BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 && getBlockEncryptionAlgorithm() != BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
                throw new InvalidJweException("The block encryption algorithm is not supported");
            }
            byte[] base64urldecode2 = Base64Util.base64urldecode(str);
            byte[] generateCek = KeyDerivationFunction.generateCek(bArr, getBlockEncryptionAlgorithm());
            Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm());
            cipher.init(2, new SecretKeySpec(generateCek, "AES"), new IvParameterSpec(bArr2));
            String str2 = new String(cipher.doFinal(base64urldecode2), Charset.forName("UTF-8"));
            String str3 = new String(bArr4, Charset.forName("UTF-8")) + DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER + str;
            SecretKeySpec secretKeySpec2 = new SecretKeySpec(KeyDerivationFunction.generateCik(bArr, getBlockEncryptionAlgorithm()), getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
            Mac mac = Mac.getInstance(getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
            mac.init(secretKeySpec2);
            if (Arrays.equals(mac.doFinal(str3.getBytes("UTF-8")), bArr3)) {
                return str2;
            }
            throw new InvalidJweException("The authentication tag is not valid");
        } catch (UnsupportedEncodingException e) {
            throw new InvalidJweException(e);
        } catch (InvalidAlgorithmParameterException e2) {
            throw new InvalidJweException(e2);
        } catch (InvalidKeyException e3) {
            throw new InvalidJweException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new InvalidJweException(e4);
        } catch (NoSuchProviderException e5) {
            throw new InvalidJweException(e5);
        } catch (BadPaddingException e6) {
            throw new InvalidJweException(e6);
        } catch (IllegalBlockSizeException e7) {
            throw new InvalidJweException(e7);
        } catch (NoSuchPaddingException e8) {
            throw new InvalidJweException(e8);
        } catch (InvalidCipherTextException e9) {
            throw new InvalidJweException(e9);
        } catch (InvalidParameterException e10) {
            throw new InvalidJweException(e10);
        }
    }
}
