package be.atbash.ee.security.octopus.nimbus.jose.crypto;

import be.atbash.ee.security.octopus.nimbus.jose.JOSEException;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AlgorithmSupportMessage;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.ContentCryptoProvider;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.CriticalHeaderParamsDeferral;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.DirectCryptoProvider;
import be.atbash.ee.security.octopus.nimbus.jwk.OctetSequenceKey;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEAlgorithm;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEDecrypter;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEHeader;
import be.atbash.ee.security.octopus.nimbus.util.Base64URLValue;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jose/crypto/DirectDecrypter.class */
public class DirectDecrypter extends DirectCryptoProvider implements JWEDecrypter {
    private final boolean promiscuousMode;
    private final CriticalHeaderParamsDeferral critPolicy;

    public DirectDecrypter(SecretKey secretKey) {
        this(secretKey, false);
    }

    public DirectDecrypter(SecretKey secretKey, boolean z) {
        super(secretKey);
        this.critPolicy = new CriticalHeaderParamsDeferral();
        this.promiscuousMode = z;
    }

    public DirectDecrypter(byte[] bArr) {
        this((SecretKey) new SecretKeySpec(bArr, "AES"), false);
    }

    public DirectDecrypter(OctetSequenceKey octetSequenceKey) {
        this(octetSequenceKey.toSecretKey());
    }

    public DirectDecrypter(SecretKey secretKey, Set<String> set) {
        this(secretKey, set, false);
    }

    public DirectDecrypter(SecretKey secretKey, Set<String> set, boolean z) {
        super(secretKey);
        this.critPolicy = new CriticalHeaderParamsDeferral();
        this.critPolicy.setDeferredCriticalHeaderParams(set);
        this.promiscuousMode = z;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEDecrypter
    public byte[] decrypt(JWEHeader jWEHeader, Base64URLValue base64URLValue, Base64URLValue base64URLValue2, Base64URLValue base64URLValue3, Base64URLValue base64URLValue4) {
        if (!this.promiscuousMode) {
            JWEAlgorithm algorithm = jWEHeader.getAlgorithm();
            if (!algorithm.equals(JWEAlgorithm.DIR)) {
                throw new JOSEException(AlgorithmSupportMessage.unsupportedJWEAlgorithm(algorithm, SUPPORTED_ALGORITHMS));
            }
            if (base64URLValue != null) {
                throw new JOSEException("Unexpected present JWE encrypted key");
            }
        }
        if (base64URLValue2 == null) {
            throw new JOSEException("Unexpected present JWE initialization vector (IV)");
        }
        if (base64URLValue4 == null) {
            throw new JOSEException("Missing JWE authentication tag");
        }
        this.critPolicy.ensureHeaderPasses(jWEHeader);
        return ContentCryptoProvider.decrypt(jWEHeader, base64URLValue2, base64URLValue3, base64URLValue4, getKey());
    }
}
