package org.apache.cxf.rs.security.jose.jaxrs;

import java.io.IOException;
import java.io.InputStream;
import java.security.interfaces.RSAPrivateKey;
import java.util.Properties;
import javax.crypto.SecretKey;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption;
import org.apache.cxf.rs.security.jose.jwe.AesGcmContentDecryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.DirectKeyJweDecryption;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jwe.RSAOaepKeyDecryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.WrappedKeyJweDecryption;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.class */
public class AbstractJweDecryptingFilter {
    private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties";
    private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties";
    private static final String JSON_WEB_ENCRYPTION_KEY_ALGO_PROP = "rs.security.jwe.key.encryption.algorithm";
    private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";
    private JweDecryptionProvider decryption;
    private String defaultMediaType;

    /* JADX INFO: Access modifiers changed from: protected */
    public JweDecryptionOutput decrypt(InputStream inputStream) throws IOException {
        JweDecryptionOutput decrypt = getInitializedDecryptionProvider().decrypt(new String(IOUtils.readBytesFromStream(inputStream), "UTF-8"));
        validateHeaders(decrypt.getHeaders());
        return decrypt;
    }

    protected void validateHeaders(JweHeaders jweHeaders) {
    }

    public void setDecryptionProvider(JweDecryptionProvider jweDecryptionProvider) {
        this.decryption = jweDecryptionProvider;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v37, types: [org.apache.cxf.rs.security.jose.jwe.KeyDecryptionAlgorithm] */
    protected JweDecryptionProvider getInitializedDecryptionProvider() {
        if (this.decryption != null) {
            return this.decryption;
        }
        Message currentMessage = JAXRSUtils.getCurrentMessage();
        String str = (String) MessageUtils.getContextualProperty(currentMessage, RSSEC_ENCRYPTION_IN_PROPS, RSSEC_ENCRYPTION_PROPS);
        if (str == null) {
            throw new SecurityException();
        }
        try {
            RSAOaepKeyDecryptionAlgorithm rSAOaepKeyDecryptionAlgorithm = null;
            Properties loadProperties = ResourceUtils.loadProperties(str, currentMessage.getExchange().getBus());
            String property = loadProperties.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP);
            SecretKey secretKey = null;
            if ("jwk".equals(loadProperties.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
                JsonWebKey loadJsonWebKey = JwkUtils.loadJsonWebKey(currentMessage, loadProperties, JsonWebKey.KEY_OPER_ENCRYPT);
                String keyEncryptionAlgo = getKeyEncryptionAlgo(loadProperties, loadJsonWebKey.getAlgorithm());
                if ("direct".equals(keyEncryptionAlgo)) {
                    property = getContentEncryptionAlgo(loadProperties, property);
                    secretKey = JweUtils.getContentDecryptionSecretKey(loadJsonWebKey, property);
                } else {
                    rSAOaepKeyDecryptionAlgorithm = JweUtils.getKeyDecryptionAlgorithm(loadJsonWebKey, keyEncryptionAlgo);
                }
            } else {
                rSAOaepKeyDecryptionAlgorithm = new RSAOaepKeyDecryptionAlgorithm((RSAPrivateKey) KeyManagementUtils.loadPrivateKey(currentMessage, loadProperties, KeyManagementUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER));
            }
            if (rSAOaepKeyDecryptionAlgorithm == null && secretKey == null) {
                throw new SecurityException();
            }
            return rSAOaepKeyDecryptionAlgorithm != null ? Algorithm.isAesCbcHmac(property) ? new AesCbcHmacJweDecryption(rSAOaepKeyDecryptionAlgorithm, property) : new WrappedKeyJweDecryption(rSAOaepKeyDecryptionAlgorithm, new AesGcmContentDecryptionAlgorithm(property)) : new DirectKeyJweDecryption(secretKey, new AesGcmContentDecryptionAlgorithm(property));
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            throw new SecurityException(e2);
        }
    }

    private String getKeyEncryptionAlgo(Properties properties, String str) {
        return str == null ? properties.getProperty(JSON_WEB_ENCRYPTION_KEY_ALGO_PROP) : str;
    }

    private String getContentEncryptionAlgo(Properties properties, String str) {
        return str == null ? properties.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP) : str;
    }

    public String getDefaultMediaType() {
        return this.defaultMediaType;
    }

    public void setDefaultMediaType(String str) {
        this.defaultMediaType = str;
    }
}
