package org.apache.cxf.rs.security.jose.jwe;

import java.security.Key;
import java.security.spec.AlgorithmParameterSpec;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.JweException;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.apache.cxf.rt.security.crypto.KeyProperties;

/* loaded from: input_file:lib/cxf-rt-rs-security-jose-3.3.7.jar:org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.class */
public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionProvider {
    protected static final Logger LOG = LogUtils.getL7dLogger(WrappedKeyDecryptionAlgorithm.class);
    private final Key cekDecryptionKey;
    private final boolean unwrap;
    private final KeyAlgorithm supportedAlgo;

    public WrappedKeyDecryptionAlgorithm(Key key, KeyAlgorithm keyAlgorithm) {
        this(key, keyAlgorithm, true);
    }

    public WrappedKeyDecryptionAlgorithm(Key key, KeyAlgorithm keyAlgorithm, boolean z) {
        this.cekDecryptionKey = key;
        this.supportedAlgo = keyAlgorithm;
        this.unwrap = z;
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.KeyDecryptionProvider
    public byte[] getDecryptedContentEncryptionKey(JweDecryptionInput jweDecryptionInput) {
        KeyProperties keyProperties = new KeyProperties(getKeyEncryptionAlgorithm(jweDecryptionInput));
        AlgorithmParameterSpec algorithmParameterSpec = getAlgorithmParameterSpec(jweDecryptionInput);
        if (algorithmParameterSpec != null) {
            keyProperties.setAlgoSpec(algorithmParameterSpec);
        }
        if (this.unwrap) {
            return CryptoUtils.unwrapSecretKey(getEncryptedContentEncryptionKey(jweDecryptionInput), getContentEncryptionAlgorithm(jweDecryptionInput), getCekDecryptionKey(), keyProperties).getEncoded();
        }
        keyProperties.setBlockSize(getKeyCipherBlockSize());
        return CryptoUtils.decryptBytes(getEncryptedContentEncryptionKey(jweDecryptionInput), getCekDecryptionKey(), keyProperties);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Key getCekDecryptionKey() {
        return this.cekDecryptionKey;
    }

    protected int getKeyCipherBlockSize() {
        return -1;
    }

    protected String getKeyEncryptionAlgorithm(JweDecryptionInput jweDecryptionInput) {
        String jwaName = jweDecryptionInput.getJweHeaders().getKeyEncryptionAlgorithm().getJwaName();
        validateKeyEncryptionAlgorithm(jwaName);
        return AlgorithmUtils.toJavaName(jwaName);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateKeyEncryptionAlgorithm(String str) {
        if (str == null || !this.supportedAlgo.getJwaName().equals(str)) {
            reportInvalidKeyAlgorithm(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void reportInvalidKeyAlgorithm(String str) {
        LOG.warning("Invalid key encryption algorithm: " + str);
        throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
    }

    protected String getContentEncryptionAlgorithm(JweDecryptionInput jweDecryptionInput) {
        return AlgorithmUtils.toJavaName(jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm().getJwaName());
    }

    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweDecryptionInput jweDecryptionInput) {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getEncryptedContentEncryptionKey(JweDecryptionInput jweDecryptionInput) {
        return jweDecryptionInput.getEncryptedCEK();
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.KeyDecryptionProvider
    public KeyAlgorithm getAlgorithm() {
        return this.supportedAlgo;
    }
}
