package be.atbash.ee.security.octopus.nimbus.jose.crypto;

import be.atbash.ee.security.octopus.nimbus.jose.JOSEException;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AESCryptoProvider;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AESGCMKW;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AESKW;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AlgorithmSupportMessage;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AuthenticatedCipherText;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.ContentCryptoProvider;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.CriticalHeaderParamsDeferral;
import be.atbash.ee.security.octopus.nimbus.jwk.OctetSequenceKey;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEAlgorithm;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEDecrypter;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEHeader;
import be.atbash.ee.security.octopus.nimbus.util.Base64URLValue;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jose/crypto/AESDecrypter.class */
public class AESDecrypter extends AESCryptoProvider implements JWEDecrypter {
    private final CriticalHeaderParamsDeferral critPolicy;

    public AESDecrypter(SecretKey secretKey) {
        this(secretKey, null);
    }

    public AESDecrypter(byte[] bArr) {
        this(new SecretKeySpec(bArr, "AES"));
    }

    public AESDecrypter(OctetSequenceKey octetSequenceKey) {
        this(octetSequenceKey.toSecretKey());
    }

    public AESDecrypter(SecretKey secretKey, Set<String> set) {
        super(secretKey);
        this.critPolicy = new CriticalHeaderParamsDeferral();
        this.critPolicy.setDeferredCriticalHeaderParams(set);
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEDecrypter
    public byte[] decrypt(JWEHeader jWEHeader, Base64URLValue base64URLValue, Base64URLValue base64URLValue2, Base64URLValue base64URLValue3, Base64URLValue base64URLValue4) {
        SecretKey unwrapCEK;
        if (base64URLValue == null) {
            throw new JOSEException("Missing JWE encrypted key");
        }
        if (base64URLValue2 == null) {
            throw new JOSEException("Missing JWE initialization vector (IV)");
        }
        if (base64URLValue4 == null) {
            throw new JOSEException("Missing JWE authentication tag");
        }
        this.critPolicy.ensureHeaderPasses(jWEHeader);
        JWEAlgorithm algorithm = jWEHeader.getAlgorithm();
        int cekBitLength = jWEHeader.getEncryptionMethod().cekBitLength();
        if (algorithm.equals(JWEAlgorithm.A128KW) || algorithm.equals(JWEAlgorithm.A192KW) || algorithm.equals(JWEAlgorithm.A256KW)) {
            unwrapCEK = AESKW.unwrapCEK(getKey(), base64URLValue.decode());
        } else {
            if (!algorithm.equals(JWEAlgorithm.A128GCMKW) && !algorithm.equals(JWEAlgorithm.A192GCMKW) && !algorithm.equals(JWEAlgorithm.A256GCMKW)) {
                throw new JOSEException(AlgorithmSupportMessage.unsupportedJWEAlgorithm(algorithm, SUPPORTED_ALGORITHMS));
            }
            if (jWEHeader.getIV() == null) {
                throw new JOSEException("Missing JWE \"iv\" header parameter");
            }
            byte[] decode = jWEHeader.getIV().decode();
            if (jWEHeader.getAuthTag() == null) {
                throw new JOSEException("Missing JWE \"tag\" header parameter");
            }
            unwrapCEK = AESGCMKW.decryptCEK(getKey(), decode, new AuthenticatedCipherText(base64URLValue.decode(), jWEHeader.getAuthTag().decode()), cekBitLength);
        }
        return ContentCryptoProvider.decrypt(jWEHeader, base64URLValue2, base64URLValue3, base64URLValue4, unwrapCEK);
    }
}
