package com.nimbusds.jose.crypto;

import androidx.compose.runtime.a;
import com.google.crypto.tink.subtle.XChaCha20Poly1305;
import com.nimbusds.jose.CompressionAlgorithm;
import com.nimbusds.jose.CriticalHeaderParamsAware;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEDecrypter;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.crypto.impl.AESCBC;
import com.nimbusds.jose.crypto.impl.AlgorithmSupportMessage;
import com.nimbusds.jose.crypto.impl.CompositeKey;
import com.nimbusds.jose.crypto.impl.ContentCryptoProvider;
import com.nimbusds.jose.crypto.impl.CriticalHeaderParamsDeferral;
import com.nimbusds.jose.crypto.impl.DirectCryptoProvider;
import com.nimbusds.jose.crypto.impl.HMAC;
import com.nimbusds.jose.crypto.impl.LegacyAESGCM;
import com.nimbusds.jose.crypto.impl.LegacyConcatKDF;
import com.nimbusds.jose.crypto.utils.ConstantTimeUtils;
import com.nimbusds.jose.jca.JWEJCAContext;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.ByteUtils;
import com.nimbusds.jose.util.DeflateUtils;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.jcip.annotations.ThreadSafe;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.modes.GCMBlockCipher;

@ThreadSafe
/* loaded from: classes2.dex */
public class DirectDecrypter extends DirectCryptoProvider implements JWEDecrypter, CriticalHeaderParamsAware {

    /* renamed from: a, reason: collision with root package name */
    public final boolean f30296a;

    /* renamed from: b, reason: collision with root package name */
    public final CriticalHeaderParamsDeferral f30297b;

    public DirectDecrypter(byte[] bArr) {
        super(new SecretKeySpec(bArr, "AES"));
        this.f30297b = new CriticalHeaderParamsDeferral();
        this.f30296a = false;
    }

    public final byte[] b(JWEHeader jWEHeader, Base64URL base64URL, Base64URL base64URL2, Base64URL base64URL3, Base64URL base64URL4) {
        byte[] doFinal;
        if (!this.f30296a) {
            JWEAlgorithm jWEAlgorithm = (JWEAlgorithm) jWEHeader.f30229a;
            if (!jWEAlgorithm.equals(JWEAlgorithm.X)) {
                throw new Exception(AlgorithmSupportMessage.c(jWEAlgorithm, DirectCryptoProvider.SUPPORTED_ALGORITHMS));
            }
            if (base64URL != null) {
                throw new Exception("Unexpected present JWE encrypted key");
            }
        }
        if (base64URL2 == null) {
            throw new Exception("Unexpected present JWE initialization vector (IV)");
        }
        if (base64URL4 == null) {
            throw new Exception("Missing JWE authentication tag");
        }
        if (!this.f30297b.a(jWEHeader)) {
            throw new Exception("Unsupported critical header parameter(s)");
        }
        SecretKey key = getKey();
        JWEJCAContext jCAContext = getJCAContext();
        Set set = ContentCryptoProvider.f30328a;
        EncryptionMethod encryptionMethod = jWEHeader.t1;
        ContentCryptoProvider.a(key, encryptionMethod);
        byte[] bytes = jWEHeader.b().f30653a.getBytes(StandardCharsets.US_ASCII);
        if (encryptionMethod.equals(EncryptionMethod.f30225d) || encryptionMethod.equals(EncryptionMethod.f30226e) || encryptionMethod.equals(EncryptionMethod.f30227f)) {
            byte[] a2 = base64URL2.a();
            byte[] a3 = base64URL3.a();
            byte[] a4 = base64URL4.a();
            Provider b2 = jCAContext.b();
            Provider d2 = jCAContext.d();
            CompositeKey compositeKey = new CompositeKey(key);
            byte[] array = ByteBuffer.allocate(8).putLong(ByteUtils.b(bytes)).array();
            byte[] array2 = ByteBuffer.allocate(bytes.length + a2.length + a3.length + array.length).put(bytes).put(a2).put(a3).put(array).array();
            Mac a5 = HMAC.a(compositeKey.f30323b, d2);
            a5.update(array2);
            if (!ConstantTimeUtils.a(Arrays.copyOf(a5.doFinal(), compositeKey.f30325d), a4)) {
                throw new Exception("MAC check failed");
            }
            try {
                doFinal = AESCBC.a(compositeKey.f30324c, false, a2, b2).doFinal(a3);
            } catch (Exception e2) {
                throw new Exception(e2.getMessage(), e2);
            }
        } else if (encryptionMethod.equals(EncryptionMethod.y) || encryptionMethod.equals(EncryptionMethod.z) || encryptionMethod.equals(EncryptionMethod.X)) {
            byte[] a6 = base64URL2.a();
            byte[] a7 = base64URL3.a();
            byte[] a8 = base64URL4.a();
            Provider b3 = jCAContext.b();
            SecretKeySpec secretKeySpec = new SecretKeySpec(key.getEncoded(), "AES");
            try {
                Cipher cipher = b3 != null ? Cipher.getInstance("AES/GCM/NoPadding", b3) : Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(2, secretKeySpec, new GCMParameterSpec(128, a6));
                cipher.updateAAD(bytes);
                try {
                    doFinal = cipher.doFinal(ByteUtils.a(a7, a8));
                } catch (BadPaddingException | IllegalBlockSizeException e3) {
                    throw new Exception(a.s(e3, new StringBuilder("AES/GCM/NoPadding decryption failed: ")), e3);
                }
            } catch (NoClassDefFoundError unused) {
                GCMBlockCipher a9 = LegacyAESGCM.a(secretKeySpec, false, a6, bytes);
                int length = a7.length + a8.length;
                byte[] bArr = new byte[length];
                System.arraycopy(a7, 0, bArr, 0, a7.length);
                System.arraycopy(a8, 0, bArr, a7.length, a8.length);
                byte[] bArr2 = new byte[a9.e(length)];
                try {
                    a9.b(a9.j(length, bArr, bArr2), bArr2);
                    doFinal = bArr2;
                } catch (InvalidCipherTextException e4) {
                    throw new Exception("Couldn't validate GCM authentication tag: " + e4.getMessage(), e4);
                }
            } catch (InvalidAlgorithmParameterException e5) {
                e = e5;
                throw new Exception(a.s(e, new StringBuilder("Couldn't create AES/GCM/NoPadding cipher: ")), e);
            } catch (InvalidKeyException e6) {
                e = e6;
                throw new Exception(a.s(e, new StringBuilder("Couldn't create AES/GCM/NoPadding cipher: ")), e);
            } catch (NoSuchAlgorithmException e7) {
                e = e7;
                throw new Exception(a.s(e, new StringBuilder("Couldn't create AES/GCM/NoPadding cipher: ")), e);
            } catch (NoSuchPaddingException e8) {
                e = e8;
                throw new Exception(a.s(e, new StringBuilder("Couldn't create AES/GCM/NoPadding cipher: ")), e);
            }
        } else {
            if (encryptionMethod.equals(EncryptionMethod.w) || encryptionMethod.equals(EncryptionMethod.x)) {
                jCAContext.b();
                Map map = jWEHeader.f30233e;
                LegacyConcatKDF.b(key, encryptionMethod, map.get("epu") instanceof String ? new Base64((String) map.get("epu")).a() : null, map.get("epv") instanceof String ? new Base64((String) map.get("epv")).a() : null);
                jWEHeader.b();
                throw null;
            }
            if (!encryptionMethod.equals(EncryptionMethod.Y)) {
                throw new Exception(AlgorithmSupportMessage.b(encryptionMethod, ContentCryptoProvider.f30328a));
            }
            try {
                try {
                    doFinal = new XChaCha20Poly1305(key.getEncoded()).b(ByteUtils.a(base64URL2.a(), base64URL3.a(), base64URL4.a()), bytes);
                } catch (GeneralSecurityException e9) {
                    throw new Exception(a.s(e9, new StringBuilder("XChaCha20Poly1305 decryption failed: ")), e9);
                }
            } catch (GeneralSecurityException e10) {
                throw new Exception(a.s(e10, new StringBuilder("Invalid XChaCha20Poly1305 key: ")), e10);
            }
        }
        CompressionAlgorithm compressionAlgorithm = jWEHeader.v1;
        if (compressionAlgorithm == null) {
            return doFinal;
        }
        if (compressionAlgorithm.equals(CompressionAlgorithm.f30223b)) {
            try {
                return DeflateUtils.a(doFinal);
            } catch (Exception e11) {
                throw new Exception(com.mapbox.maps.plugin.a.h(e11, new StringBuilder("Couldn't decompress plain text: ")), e11);
            }
        }
        throw new Exception("Unsupported compression algorithm: " + compressionAlgorithm);
    }
}
