package org.jose4j.jwe;

import com.amazonaws.services.s3.internal.crypto.v1.S3KeyWrapScheme;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwa.CryptoPrimitive;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwx.Headers;
import org.jose4j.jwx.KeyValidationSupport;
import org.jose4j.keys.KeyPersuasion;
import org.jose4j.lang.ByteUtil;
import org.jose4j.lang.ExceptionHelp;
import org.jose4j.lang.InvalidKeyException;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:org/jose4j/jwe/RsaKeyManagementAlgorithm.class */
public class RsaKeyManagementAlgorithm extends WrappingKeyManagementAlgorithm implements KeyManagementAlgorithm {

    /* loaded from: input_file:org/jose4j/jwe/RsaKeyManagementAlgorithm$Rsa1_5.class */
    public static class Rsa1_5 extends RsaKeyManagementAlgorithm implements KeyManagementAlgorithm {
        public Rsa1_5() {
            super("RSA/ECB/PKCS1Padding", KeyManagementAlgorithmIdentifiers.RSA1_5);
        }

        @Override // org.jose4j.jwe.WrappingKeyManagementAlgorithm, org.jose4j.jwe.KeyManagementAlgorithm
        public Key manageForDecrypt(CryptoPrimitive cryptoPrimitive, byte[] bArr, ContentEncryptionKeyDescriptor contentEncryptionKeyDescriptor, Headers headers, ProviderContext providerContext) throws JoseException {
            Key key;
            String contentEncryptionKeyAlgorithm = contentEncryptionKeyDescriptor.getContentEncryptionKeyAlgorithm();
            int contentEncryptionKeyByteLength = contentEncryptionKeyDescriptor.getContentEncryptionKeyByteLength();
            SecretKeySpec secretKeySpec = new SecretKeySpec(ByteUtil.randomBytes(contentEncryptionKeyByteLength), contentEncryptionKeyAlgorithm);
            try {
                key = unwrap(cryptoPrimitive, bArr, providerContext, contentEncryptionKeyDescriptor);
                if (key.getEncoded().length != contentEncryptionKeyByteLength) {
                    key = secretKeySpec;
                }
            } catch (Exception e) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Key unwrap/decrypt failed. Substituting a randomly generated CEK and proceeding. {}", ExceptionHelp.toStringWithCausesAndAbbreviatedStack(e, JsonWebEncryption.class));
                }
                key = secretKeySpec;
            }
            return key;
        }
    }

    /* loaded from: input_file:org/jose4j/jwe/RsaKeyManagementAlgorithm$RsaOaep.class */
    public static class RsaOaep extends RsaKeyManagementAlgorithm implements KeyManagementAlgorithm {
        public RsaOaep() {
            super("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", KeyManagementAlgorithmIdentifiers.RSA_OAEP);
        }
    }

    /* loaded from: input_file:org/jose4j/jwe/RsaKeyManagementAlgorithm$RsaOaep256.class */
    public static class RsaOaep256 extends RsaKeyManagementAlgorithm implements KeyManagementAlgorithm {
        public RsaOaep256() {
            super(S3KeyWrapScheme.RSA_ECB_OAEPWithSHA256AndMGF1Padding, KeyManagementAlgorithmIdentifiers.RSA_OAEP_256);
            setAlgorithmParameterSpec(new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT));
        }

        @Override // org.jose4j.jwe.RsaKeyManagementAlgorithm, org.jose4j.jwa.Algorithm
        public boolean isAvailable() {
            try {
                return manageForEncrypt(JsonWebKey.Factory.newJwk("{\"kty\":\"RSA\",\"n\":\"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1WlUzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDprecbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBIY2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw\",\"e\":\"AQAB\"}").getKey(), new ContentEncryptionKeyDescriptor(16, "AES"), null, null, new ProviderContext()) != null;
            } catch (JoseException e) {
                this.log.debug(getAlgorithmIdentifier() + " is not available due to " + ExceptionHelp.toStringWithCauses(e));
                return false;
            }
        }
    }

    public RsaKeyManagementAlgorithm(String str, String str2) {
        super(str, str2);
        setKeyType("RSA");
        setKeyPersuasion(KeyPersuasion.ASYMMETRIC);
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public void validateEncryptionKey(Key key, ContentEncryptionAlgorithm contentEncryptionAlgorithm) throws InvalidKeyException {
        KeyValidationSupport.checkRsaKeySize((PublicKey) KeyValidationSupport.castKey(key, PublicKey.class));
    }

    @Override // org.jose4j.jwe.KeyManagementAlgorithm
    public void validateDecryptionKey(Key key, ContentEncryptionAlgorithm contentEncryptionAlgorithm) throws InvalidKeyException {
        KeyValidationSupport.checkRsaKeySize((PrivateKey) KeyValidationSupport.castKey(key, PrivateKey.class));
    }

    @Override // org.jose4j.jwa.Algorithm
    public boolean isAvailable() {
        try {
            return CipherUtil.getCipher(getJavaAlgorithm(), null) != null;
        } catch (JoseException e) {
            return false;
        }
    }
}
