package com.nimbusds.jose.crypto;

import com.microsoft.did.sdk.util.Constants;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEDecrypter;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.crypto.impl.AlgorithmSupportMessage;
import com.nimbusds.jose.crypto.impl.CipherHelper;
import com.nimbusds.jose.crypto.impl.ContentCryptoProvider;
import com.nimbusds.jose.crypto.impl.CriticalHeaderParamsDeferral;
import com.nimbusds.jose.crypto.impl.RSA1_5;
import com.nimbusds.jose.crypto.impl.RSACryptoProvider;
import com.nimbusds.jose.jca.JWEJCAContext;
import com.nimbusds.jose.util.Base64URL;
import java.security.AlgorithmParameters;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes6.dex */
public final class RSADecrypter extends RSACryptoProvider implements JWEDecrypter {
    public final CriticalHeaderParamsDeferral critPolicy;
    public final PrivateKey privateKey;

    public RSADecrypter(PrivateKey privateKey) {
        CriticalHeaderParamsDeferral criticalHeaderParamsDeferral = new CriticalHeaderParamsDeferral();
        this.critPolicy = criticalHeaderParamsDeferral;
        if (!privateKey.getAlgorithm().equalsIgnoreCase("RSA")) {
            throw new IllegalArgumentException("The private key algorithm must be RSA");
        }
        int i = -1;
        if (privateKey instanceof RSAPrivateKey) {
            try {
                i = ((RSAPrivateKey) privateKey).getModulus().bitLength();
            } catch (Exception unused) {
            }
        }
        if (i > 0 && i < 2048) {
            throw new IllegalArgumentException("The RSA key size must be at least 2048 bits");
        }
        this.privateKey = privateKey;
        criticalHeaderParamsDeferral.setDeferredCriticalHeaderParams();
    }

    @Override // com.nimbusds.jose.JWEDecrypter
    public final byte[] decrypt(JWEHeader jWEHeader, Base64URL base64URL, Base64URL base64URL2, Base64URL base64URL3, Base64URL base64URL4) throws JOSEException {
        SecretKeySpec secretKeySpec;
        SecretKeySpec secretKeySpec2;
        if (base64URL == null) {
            throw new JOSEException("Missing JWE encrypted key");
        }
        if (base64URL2 == null) {
            throw new JOSEException("Missing JWE initialization vector (IV)");
        }
        if (base64URL4 == null) {
            throw new JOSEException("Missing JWE authentication tag");
        }
        this.critPolicy.ensureHeaderPasses(jWEHeader);
        JWEAlgorithm jWEAlgorithm = (JWEAlgorithm) jWEHeader.alg;
        boolean equals = jWEAlgorithm.equals(JWEAlgorithm.RSA1_5);
        PrivateKey privateKey = this.privateKey;
        JWEJCAContext jWEJCAContext = this.jcaContext;
        if (equals) {
            EncryptionMethod encryptionMethod = jWEHeader.enc;
            int i = encryptionMethod.cekBitLength;
            SecretKeySpec generateCEK = ContentCryptoProvider.generateCEK(encryptionMethod, jWEJCAContext.getSecureRandom());
            try {
                SecretKeySpec decryptCEK = RSA1_5.decryptCEK(privateKey, base64URL.decode(), i, jWEJCAContext.getKeyEncryptionProvider());
                if (decryptCEK != null) {
                    generateCEK = decryptCEK;
                }
            } catch (Exception unused) {
            }
            secretKeySpec2 = generateCEK;
        } else {
            if (jWEAlgorithm.equals(JWEAlgorithm.RSA_OAEP)) {
                byte[] decode = base64URL.decode();
                try {
                    Cipher cipherHelper = CipherHelper.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", jWEJCAContext.getKeyEncryptionProvider());
                    cipherHelper.init(2, privateKey);
                    secretKeySpec = new SecretKeySpec(cipherHelper.doFinal(decode), Constants.AES_KEY);
                } catch (Exception e) {
                    throw new JOSEException(e.getMessage(), e);
                }
            } else {
                if (!jWEAlgorithm.equals(JWEAlgorithm.RSA_OAEP_256)) {
                    throw new JOSEException(AlgorithmSupportMessage.unsupportedJWEAlgorithm(jWEAlgorithm, RSACryptoProvider.SUPPORTED_ALGORITHMS));
                }
                byte[] decode2 = base64URL.decode();
                Provider keyEncryptionProvider = jWEJCAContext.getKeyEncryptionProvider();
                try {
                    AlgorithmParameters algorithmParameters = keyEncryptionProvider == null ? AlgorithmParameters.getInstance("OAEP") : AlgorithmParameters.getInstance("OAEP", keyEncryptionProvider);
                    algorithmParameters.init(new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT));
                    Cipher cipherHelper2 = CipherHelper.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", keyEncryptionProvider);
                    cipherHelper2.init(2, privateKey, algorithmParameters);
                    secretKeySpec = new SecretKeySpec(cipherHelper2.doFinal(decode2), Constants.AES_KEY);
                } catch (Exception e2) {
                    throw new JOSEException(e2.getMessage(), e2);
                }
            }
            secretKeySpec2 = secretKeySpec;
        }
        return ContentCryptoProvider.decrypt(jWEHeader, base64URL, base64URL2, base64URL3, base64URL4, secretKeySpec2, this.jcaContext);
    }
}
