package org.apache.cxf.rs.security.jose.jwe;

import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import javax.crypto.spec.IvParameterSpec;
import org.apache.cxf.rs.security.jose.JoseHeadersReader;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;

/* loaded from: input_file:org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.class */
public class AesCbcHmacJweDecryption extends AbstractJweDecryption {
    private String supportedAlgo;

    /* loaded from: input_file:org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption$AesCbcContentDecryptionAlgorithm.class */
    private static class AesCbcContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties implements ContentDecryptionAlgorithm {
        public AesCbcContentDecryptionAlgorithm(String str) {
            super(str);
        }

        @Override // org.apache.cxf.rs.security.jose.jwe.AbstractContentEncryptionCipherProperties, org.apache.cxf.rs.security.jose.jwe.ContentEncryptionCipherProperties
        public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] bArr) {
            return new IvParameterSpec(bArr);
        }

        @Override // org.apache.cxf.rs.security.jose.jwe.AbstractContentEncryptionCipherProperties, org.apache.cxf.rs.security.jose.jwe.ContentEncryptionCipherProperties
        public byte[] getAdditionalAuthenticationData(String str) {
            return null;
        }

        @Override // org.apache.cxf.rs.security.jose.jwe.ContentDecryptionAlgorithm
        public byte[] getEncryptedSequence(JweHeaders jweHeaders, byte[] bArr, byte[] bArr2) {
            return bArr;
        }
    }

    public AesCbcHmacJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgorithm) {
        this(keyDecryptionAlgorithm, null);
    }

    public AesCbcHmacJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgorithm, String str) {
        this(keyDecryptionAlgorithm, str, null);
    }

    public AesCbcHmacJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgorithm, String str, JoseHeadersReader joseHeadersReader) {
        super(joseHeadersReader, keyDecryptionAlgorithm, new AesCbcContentDecryptionAlgorithm(str));
        this.supportedAlgo = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.rs.security.jose.jwe.AbstractJweDecryption
    public JweDecryptionOutput doDecrypt(JweCompactConsumer jweCompactConsumer, byte[] bArr) {
        validateAuthenticationTag(jweCompactConsumer, bArr);
        return super.doDecrypt(jweCompactConsumer, bArr);
    }

    @Override // org.apache.cxf.rs.security.jose.jwe.AbstractJweDecryption
    protected byte[] getActualCek(byte[] bArr, String str) {
        validateCekAlgorithm(str);
        return AesCbcHmacJweEncryption.doGetActualCek(bArr, str);
    }

    protected void validateAuthenticationTag(JweCompactConsumer jweCompactConsumer, byte[] bArr) {
        byte[] encryptionAuthenticationTag = jweCompactConsumer.getEncryptionAuthenticationTag();
        AesCbcHmacJweEncryption.MacState initializedMacState = AesCbcHmacJweEncryption.getInitializedMacState(bArr, jweCompactConsumer.getContentDecryptionCipherInitVector(), jweCompactConsumer.getJweHeaders(), jweCompactConsumer.getDecodedJsonHeaders());
        initializedMacState.mac.update(jweCompactConsumer.getEncryptedContent());
        if (!Arrays.equals(encryptionAuthenticationTag, AesCbcHmacJweEncryption.signAndGetTag(initializedMacState))) {
            throw new SecurityException();
        }
    }

    private String validateCekAlgorithm(String str) {
        if (Algorithm.isAesCbcHmac(str) && (this.supportedAlgo == null || this.supportedAlgo.equals(str))) {
            return str;
        }
        throw new SecurityException();
    }
}
