package com.nimbusds.jose.crypto;

import a.a.a.a.b.f$$ExternalSyntheticOutline1;
import androidx.startup.R$string;
import com.braintreepayments.api.PayPalUAT$$ExternalSyntheticOutline0;
import com.getkeepsafe.relinker.TextUtils;
import com.nimbusds.jose.CompressionAlgorithm;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEDecrypter;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.crypto.impl.AAD;
import com.nimbusds.jose.crypto.impl.AESCBC;
import com.nimbusds.jose.crypto.impl.ContentCryptoProvider;
import com.nimbusds.jose.crypto.impl.CriticalHeaderParamsDeferral;
import com.nimbusds.jose.crypto.impl.DirectCryptoProvider;
import com.nimbusds.jose.crypto.impl.HMAC;
import com.nimbusds.jose.crypto.impl.LegacyAESGCM;
import com.nimbusds.jose.crypto.impl.LegacyConcatKDF;
import com.nimbusds.jose.jca.JWEJCAContext;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.ByteUtils;
import com.nimbusds.jose.util.DeflateUtils;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.modes.GCMBlockCipher;

/* loaded from: classes5.dex */
public class DirectDecrypter extends DirectCryptoProvider implements JWEDecrypter {
    public final CriticalHeaderParamsDeferral critPolicy;

    public DirectDecrypter(byte[] bArr) throws KeyLengthException {
        super(new SecretKeySpec(bArr, "AES"));
        this.critPolicy = new CriticalHeaderParamsDeferral();
    }

    public byte[] decrypt(JWEHeader jWEHeader, Base64URL base64URL, Base64URL base64URL2, Base64URL base64URL3, Base64URL base64URL4) throws JOSEException {
        SecretKeySpec secretKeySpec;
        SecretKeySpec secretKeySpec2;
        byte[] decrypt;
        JWEAlgorithm algorithm = jWEHeader.getAlgorithm();
        if (!algorithm.equals(JWEAlgorithm.DIR)) {
            throw new JOSEException(TextUtils.unsupportedJWEAlgorithm(algorithm, DirectCryptoProvider.SUPPORTED_ALGORITHMS));
        }
        if (base64URL != null) {
            throw new JOSEException("Unexpected present JWE encrypted key");
        }
        if (base64URL2 == null) {
            throw new JOSEException("Unexpected present JWE initialization vector (IV)");
        }
        if (base64URL4 == null) {
            throw new JOSEException("Missing JWE authentication tag");
        }
        if (!this.critPolicy.headerPasses(jWEHeader)) {
            throw new JOSEException("Unsupported critical header parameter(s)");
        }
        SecretKey secretKey = this.cek;
        JWEJCAContext jWEJCAContext = this.jcaContext;
        ContentCryptoProvider.checkCEKLength(secretKey, jWEHeader.getEncryptionMethod());
        byte[] compute = AAD.compute(jWEHeader);
        if (jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A128CBC_HS256) || jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A192CBC_HS384) || jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A256CBC_HS512)) {
            byte[] decode = base64URL2.decode();
            byte[] decode2 = base64URL3.decode();
            byte[] decode3 = base64URL4.decode();
            Provider contentEncryptionProvider = jWEJCAContext.getContentEncryptionProvider();
            Provider mACProvider = jWEJCAContext.getMACProvider();
            byte[] encoded = secretKey.getEncoded();
            int i = 32;
            if (encoded.length == 32) {
                i = 16;
                secretKeySpec = new SecretKeySpec(encoded, 0, 16, "HMACSHA256");
                secretKeySpec2 = new SecretKeySpec(encoded, 16, 16, "AES");
            } else if (encoded.length == 48) {
                i = 24;
                secretKeySpec = new SecretKeySpec(encoded, 0, 24, "HMACSHA384");
                secretKeySpec2 = new SecretKeySpec(encoded, 24, 24, "AES");
            } else {
                if (encoded.length != 64) {
                    throw new KeyLengthException("Unsupported AES/CBC/PKCS5Padding/HMAC-SHA2 key length, must be 256, 384 or 512 bits");
                }
                secretKeySpec = new SecretKeySpec(encoded, 0, 32, "HMACSHA512");
                secretKeySpec2 = new SecretKeySpec(encoded, 32, 32, "AES");
            }
            byte[] computeLength = AAD.computeLength(compute);
            if (!R$string.areEqual(Arrays.copyOf(HMAC.compute(secretKeySpec, ByteBuffer.allocate(compute.length + decode.length + decode2.length + computeLength.length).put(compute).put(decode).put(decode2).put(computeLength).array(), mACProvider), i), decode3)) {
                throw new JOSEException("MAC check failed");
            }
            decrypt = AESCBC.decrypt(secretKeySpec2, decode, decode2, contentEncryptionProvider);
        } else {
            if (!jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A128GCM) && !jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A192GCM) && !jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A256GCM)) {
                if (!jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) && !jWEHeader.getEncryptionMethod().equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)) {
                    throw new JOSEException(TextUtils.unsupportedEncryptionMethod(jWEHeader.getEncryptionMethod(), ContentCryptoProvider.SUPPORTED_ENCRYPTION_METHODS));
                }
                jWEJCAContext.getContentEncryptionProvider();
                LegacyConcatKDF.generateCIK(secretKey, jWEHeader.getEncryptionMethod(), jWEHeader.getCustomParam("epu") instanceof String ? new Base64URL((String) jWEHeader.getCustomParam("epu")).decode() : null, jWEHeader.getCustomParam("epv") instanceof String ? new Base64URL((String) jWEHeader.getCustomParam("epv")).decode() : null);
                StringBuilder sb = new StringBuilder();
                sb.append(jWEHeader.toBase64URL().toString());
                sb.append(".");
                throw null;
            }
            byte[] decode4 = base64URL2.decode();
            byte[] decode5 = base64URL3.decode();
            byte[] decode6 = base64URL4.decode();
            Provider contentEncryptionProvider2 = jWEJCAContext.getContentEncryptionProvider();
            SecretKeySpec secretKeySpec3 = new SecretKeySpec(secretKey.getEncoded(), "AES");
            try {
                Cipher cipher = contentEncryptionProvider2 != null ? Cipher.getInstance("AES/GCM/NoPadding", contentEncryptionProvider2) : Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(2, secretKeySpec3, new GCMParameterSpec(128, decode4));
                cipher.updateAAD(compute);
                try {
                    decrypt = cipher.doFinal(ByteUtils.concat(decode5, decode6));
                } catch (BadPaddingException | IllegalBlockSizeException e) {
                    StringBuilder m = f$$ExternalSyntheticOutline1.m("AES/GCM/NoPadding decryption failed: ");
                    m.append(e.getMessage());
                    throw new JOSEException(m.toString(), e);
                }
            } catch (NoClassDefFoundError unused) {
                GCMBlockCipher createAESGCMCipher = LegacyAESGCM.createAESGCMCipher(secretKeySpec3, false, decode4, compute);
                int length = decode5.length + decode6.length;
                byte[] bArr = new byte[length];
                System.arraycopy(decode5, 0, bArr, 0, decode5.length);
                System.arraycopy(decode6, 0, bArr, decode5.length, decode6.length);
                byte[] bArr2 = new byte[createAESGCMCipher.getOutputSize(length)];
                try {
                    createAESGCMCipher.doFinal(bArr2, createAESGCMCipher.processBytes(bArr, 0, length, bArr2, 0));
                    decrypt = bArr2;
                } catch (InvalidCipherTextException e2) {
                    StringBuilder m2 = f$$ExternalSyntheticOutline1.m("Couldn't validate GCM authentication tag: ");
                    m2.append(e2.getMessage());
                    throw new JOSEException(m2.toString(), e2);
                }
            } catch (InvalidAlgorithmParameterException e3) {
                e = e3;
                StringBuilder m3 = f$$ExternalSyntheticOutline1.m("Couldn't create AES/GCM/NoPadding cipher: ");
                m3.append(e.getMessage());
                throw new JOSEException(m3.toString(), e);
            } catch (InvalidKeyException e4) {
                e = e4;
                StringBuilder m32 = f$$ExternalSyntheticOutline1.m("Couldn't create AES/GCM/NoPadding cipher: ");
                m32.append(e.getMessage());
                throw new JOSEException(m32.toString(), e);
            } catch (NoSuchAlgorithmException e5) {
                e = e5;
                StringBuilder m322 = f$$ExternalSyntheticOutline1.m("Couldn't create AES/GCM/NoPadding cipher: ");
                m322.append(e.getMessage());
                throw new JOSEException(m322.toString(), e);
            } catch (NoSuchPaddingException e6) {
                e = e6;
                StringBuilder m3222 = f$$ExternalSyntheticOutline1.m("Couldn't create AES/GCM/NoPadding cipher: ");
                m3222.append(e.getMessage());
                throw new JOSEException(m3222.toString(), e);
            }
        }
        CompressionAlgorithm compressionAlgorithm = jWEHeader.getCompressionAlgorithm();
        if (compressionAlgorithm == null) {
            return decrypt;
        }
        if (compressionAlgorithm.equals(CompressionAlgorithm.DEF)) {
            try {
                return DeflateUtils.decompress(decrypt);
            } catch (Exception e7) {
                throw new JOSEException(PayPalUAT$$ExternalSyntheticOutline0.m(e7, f$$ExternalSyntheticOutline1.m("Couldn't decompress plain text: ")), e7);
            }
        }
        throw new JOSEException("Unsupported compression algorithm: " + compressionAlgorithm);
    }
}
