package org.apache.cxf.rs.security.jose.jwe;

import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Logger;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apache.cxf.rs.security.jose.common.JoseHeaders;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.common.KeyManagementUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.JweException;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
import org.apache.cxf.rs.security.jose.jwk.KeyOperation;
import org.apache.cxf.rs.security.jose.jwk.KeyType;
import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
import org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider;
import org.apache.cxf.rt.security.rs.RSSecurityConstants;
import org.opensaml.security.crypto.JCAConstants;

/* loaded from: input_file:org/apache/cxf/rs/security/jose/jwe/JweUtils.class */
public final class JweUtils {
    private static final Logger LOG = LogUtils.getL7dLogger(JweUtils.class);

    private JweUtils() {
    }

    public static String encrypt(PublicKey publicKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm, byte[] bArr) {
        return encrypt(publicKey, keyAlgorithm, contentAlgorithm, bArr, (String) null);
    }

    public static String encrypt(PublicKey publicKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm, byte[] bArr, String str) {
        return encrypt(getPublicKeyEncryptionProvider(publicKey, keyAlgorithm), contentAlgorithm, bArr, str);
    }

    public static String encrypt(SecretKey secretKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm, byte[] bArr) {
        return encrypt(secretKey, keyAlgorithm, contentAlgorithm, bArr, (String) null);
    }

    public static String encrypt(SecretKey secretKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm, byte[] bArr, String str) {
        return keyAlgorithm != null ? encrypt(getSecretKeyEncryptionAlgorithm(secretKey, keyAlgorithm), contentAlgorithm, bArr, str) : encryptDirect(secretKey, contentAlgorithm, bArr, str);
    }

    public static String encrypt(JsonWebKey jsonWebKey, ContentAlgorithm contentAlgorithm, byte[] bArr, String str) {
        return encrypt(getKeyEncryptionProvider(jsonWebKey), contentAlgorithm, bArr, str);
    }

    public static String encryptDirect(SecretKey secretKey, ContentAlgorithm contentAlgorithm, byte[] bArr) {
        return encryptDirect(secretKey, contentAlgorithm, bArr, null);
    }

    public static String encryptDirect(SecretKey secretKey, ContentAlgorithm contentAlgorithm, byte[] bArr, String str) {
        return getDirectKeyJweEncryption(secretKey, contentAlgorithm).encrypt(bArr, toJweHeaders(str));
    }

    public static String encryptDirect(JsonWebKey jsonWebKey, byte[] bArr, String str) {
        return getDirectKeyJweEncryption(jsonWebKey).encrypt(bArr, toJweHeaders(str));
    }

    public static byte[] decrypt(PrivateKey privateKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm, String str) {
        return decrypt(getPrivateKeyDecryptionProvider(privateKey, keyAlgorithm), contentAlgorithm, str);
    }

    public static byte[] decrypt(SecretKey secretKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm, String str) {
        return keyAlgorithm != null ? decrypt(getSecretKeyDecryptionProvider(secretKey, keyAlgorithm), contentAlgorithm, str) : decryptDirect(secretKey, contentAlgorithm, str);
    }

    public static byte[] decrypt(JsonWebKey jsonWebKey, ContentAlgorithm contentAlgorithm, String str) {
        return decrypt(getKeyDecryptionProvider(jsonWebKey), contentAlgorithm, str);
    }

    public static byte[] decryptDirect(SecretKey secretKey, ContentAlgorithm contentAlgorithm, String str) {
        return getDirectKeyJweDecryption(secretKey, contentAlgorithm).decrypt(str).getContent();
    }

    public static byte[] decryptDirect(JsonWebKey jsonWebKey, String str) {
        return getDirectKeyJweDecryption(jsonWebKey).decrypt(str).getContent();
    }

    public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jsonWebKey) {
        return getKeyEncryptionProvider(jsonWebKey, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v22, types: [org.apache.cxf.rs.security.jose.jwe.KeyEncryptionProvider] */
    /* JADX WARN: Type inference failed for: r0v26, types: [org.apache.cxf.rs.security.jose.jwe.KeyEncryptionProvider] */
    public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jsonWebKey, KeyAlgorithm keyAlgorithm) {
        EcdhAesWrapKeyEncryptionAlgorithm ecdhAesWrapKeyEncryptionAlgorithm;
        KeyAlgorithm algorithm = jsonWebKey.getAlgorithm() == null ? keyAlgorithm : KeyAlgorithm.getAlgorithm(jsonWebKey.getAlgorithm());
        KeyType keyType = jsonWebKey.getKeyType();
        if (KeyType.RSA == keyType) {
            ecdhAesWrapKeyEncryptionAlgorithm = getPublicKeyEncryptionProvider(JwkUtils.toRSAPublicKey(jsonWebKey, true), algorithm);
        } else if (KeyType.OCTET == keyType) {
            ecdhAesWrapKeyEncryptionAlgorithm = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jsonWebKey, algorithm), algorithm);
        } else {
            if (algorithm == KeyAlgorithm.ECDH_ES_DIRECT) {
                return new EcdhDirectKeyEncryptionAlgorithm();
            }
            ContentAlgorithm contentAlgorithm = null;
            Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
            if (currentMessage != null) {
                contentAlgorithm = getContentAlgo((String) currentMessage.get(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM));
            }
            ecdhAesWrapKeyEncryptionAlgorithm = new EcdhAesWrapKeyEncryptionAlgorithm(JwkUtils.toECPublicKey(jsonWebKey), jsonWebKey.getStringProperty(JsonWebKey.EC_CURVE), algorithm, contentAlgorithm == null ? ContentAlgorithm.A128GCM : contentAlgorithm);
        }
        return ecdhAesWrapKeyEncryptionAlgorithm;
    }

    public static KeyEncryptionProvider getPublicKeyEncryptionProvider(PublicKey publicKey, KeyAlgorithm keyAlgorithm) {
        return getPublicKeyEncryptionProvider(publicKey, null, keyAlgorithm);
    }

    public static KeyEncryptionProvider getPublicKeyEncryptionProvider(PublicKey publicKey, Properties properties, KeyAlgorithm keyAlgorithm) {
        if (keyAlgorithm == null) {
            keyAlgorithm = getDefaultPublicKeyAlgorithm(publicKey);
        }
        if (publicKey instanceof RSAPublicKey) {
            return new RSAKeyEncryptionAlgorithm((RSAPublicKey) publicKey, keyAlgorithm);
        }
        if (!(publicKey instanceof ECPublicKey)) {
            return null;
        }
        ContentAlgorithm contentAlgorithm = null;
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        if (currentMessage != null) {
            contentAlgorithm = getContentAlgo((String) currentMessage.get(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM));
        }
        return new EcdhAesWrapKeyEncryptionAlgorithm((ECPublicKey) publicKey, properties == null ? JsonWebKey.EC_CURVE_P256 : properties.getProperty(JoseConstants.RSSEC_EC_CURVE, JsonWebKey.EC_CURVE_P256), keyAlgorithm, contentAlgorithm == null ? ContentAlgorithm.A128GCM : contentAlgorithm);
    }

    private static KeyAlgorithm getDefaultPublicKeyAlgorithm(PublicKey publicKey) {
        if (publicKey instanceof RSAPublicKey) {
            return KeyAlgorithm.RSA_OAEP;
        }
        if (publicKey instanceof ECPublicKey) {
            return KeyAlgorithm.ECDH_ES_A128KW;
        }
        return null;
    }

    private static KeyAlgorithm getDefaultPrivateKeyAlgorithm(PrivateKey privateKey) {
        if (privateKey instanceof RSAPrivateKey) {
            return KeyAlgorithm.RSA_OAEP;
        }
        if (privateKey instanceof ECPrivateKey) {
            return KeyAlgorithm.ECDH_ES_A128KW;
        }
        return null;
    }

    public static KeyEncryptionProvider getSecretKeyEncryptionAlgorithm(SecretKey secretKey, KeyAlgorithm keyAlgorithm) {
        if (AlgorithmUtils.isAesKeyWrap(keyAlgorithm.getJwaName())) {
            return new AesWrapKeyEncryptionAlgorithm(secretKey, keyAlgorithm);
        }
        if (AlgorithmUtils.isAesGcmKeyWrap(keyAlgorithm.getJwaName())) {
            return new AesGcmWrapKeyEncryptionAlgorithm(secretKey, keyAlgorithm);
        }
        return null;
    }

    public static KeyDecryptionProvider getKeyDecryptionProvider(JsonWebKey jsonWebKey) {
        return getKeyDecryptionProvider(jsonWebKey, null);
    }

    public static KeyDecryptionProvider getKeyDecryptionProvider(JsonWebKey jsonWebKey, KeyAlgorithm keyAlgorithm) {
        KeyAlgorithm algorithm = jsonWebKey.getAlgorithm() == null ? keyAlgorithm : KeyAlgorithm.getAlgorithm(jsonWebKey.getAlgorithm());
        KeyType keyType = jsonWebKey.getKeyType();
        return KeyType.RSA == keyType ? getPrivateKeyDecryptionProvider(JwkUtils.toRSAPrivateKey(jsonWebKey), algorithm) : KeyType.OCTET == keyType ? getSecretKeyDecryptionProvider(JwkUtils.toSecretKey(jsonWebKey), algorithm) : getPrivateKeyDecryptionProvider(JwkUtils.toECPrivateKey(jsonWebKey), algorithm);
    }

    public static KeyDecryptionProvider getPrivateKeyDecryptionProvider(PrivateKey privateKey, KeyAlgorithm keyAlgorithm) {
        if (privateKey instanceof RSAPrivateKey) {
            return new RSAKeyDecryptionAlgorithm((RSAPrivateKey) privateKey, keyAlgorithm);
        }
        if (privateKey instanceof ECPrivateKey) {
            return AlgorithmUtils.isEcdhEsWrap(keyAlgorithm.getJwaName()) ? new EcdhAesWrapKeyDecryptionAlgorithm((ECPrivateKey) privateKey, keyAlgorithm) : new EcdhDirectKeyDecryptionAlgorithm((ECPrivateKey) privateKey);
        }
        return null;
    }

    public static KeyDecryptionProvider getSecretKeyDecryptionProvider(SecretKey secretKey, KeyAlgorithm keyAlgorithm) {
        if (AlgorithmUtils.isAesKeyWrap(keyAlgorithm.getJwaName())) {
            return new AesWrapKeyDecryptionAlgorithm(secretKey, keyAlgorithm);
        }
        if (AlgorithmUtils.isAesGcmKeyWrap(keyAlgorithm.getJwaName())) {
            return new AesGcmWrapKeyDecryptionAlgorithm(secretKey, keyAlgorithm);
        }
        return null;
    }

    public static ContentEncryptionProvider getContentEncryptionProvider(JsonWebKey jsonWebKey) {
        return getContentEncryptionProvider(jsonWebKey, (ContentAlgorithm) null);
    }

    public static ContentEncryptionProvider getContentEncryptionProvider(JsonWebKey jsonWebKey, ContentAlgorithm contentAlgorithm) {
        ContentAlgorithm contentAlgo = jsonWebKey.getAlgorithm() == null ? contentAlgorithm : getContentAlgo(jsonWebKey.getAlgorithm());
        if (KeyType.OCTET == jsonWebKey.getKeyType()) {
            return getContentEncryptionProvider(JwkUtils.toSecretKey(jsonWebKey), contentAlgo);
        }
        return null;
    }

    public static ContentEncryptionProvider getContentEncryptionProvider(SecretKey secretKey, ContentAlgorithm contentAlgorithm) {
        return getContentEncryptionProvider(secretKey.getEncoded(), contentAlgorithm);
    }

    public static ContentEncryptionProvider getContentEncryptionProvider(byte[] bArr, ContentAlgorithm contentAlgorithm) {
        if (AlgorithmUtils.isAesGcm(contentAlgorithm.getJwaName())) {
            return new AesGcmContentEncryptionAlgorithm(bArr, (byte[]) null, contentAlgorithm);
        }
        if (AlgorithmUtils.isAesCbcHmac(contentAlgorithm.getJwaName())) {
            return new AesCbcContentEncryptionAlgorithm(bArr, null, contentAlgorithm);
        }
        return null;
    }

    public static ContentEncryptionProvider getContentEncryptionProvider(ContentAlgorithm contentAlgorithm) {
        return getContentEncryptionProvider(contentAlgorithm, false);
    }

    public static ContentEncryptionProvider getContentEncryptionProvider(ContentAlgorithm contentAlgorithm, boolean z) {
        return AlgorithmUtils.isAesGcm(contentAlgorithm.getJwaName()) ? new AesGcmContentEncryptionAlgorithm(contentAlgorithm, z) : new AesCbcContentEncryptionAlgorithm(contentAlgorithm, z);
    }

    public static ContentDecryptionProvider getContentDecryptionProvider(ContentAlgorithm contentAlgorithm) {
        if (AlgorithmUtils.isAesGcm(contentAlgorithm.getJwaName())) {
            return new AesGcmContentDecryptionAlgorithm(contentAlgorithm);
        }
        return null;
    }

    public static SecretKey getContentDecryptionSecretKey(JsonWebKey jsonWebKey) {
        return getContentDecryptionSecretKey(jsonWebKey, null);
    }

    public static SecretKey getContentDecryptionSecretKey(JsonWebKey jsonWebKey, String str) {
        String algorithm = jsonWebKey.getAlgorithm() == null ? str : jsonWebKey.getAlgorithm();
        if (KeyType.OCTET == jsonWebKey.getKeyType() && AlgorithmUtils.isAesGcm(algorithm)) {
            return JwkUtils.toSecretKey(jsonWebKey);
        }
        return null;
    }

    private static ContentAlgorithm getContentAlgo(String str) {
        return ContentAlgorithm.getAlgorithm(str);
    }

    public static JweEncryption getDirectKeyJweEncryption(JsonWebKey jsonWebKey) {
        return AlgorithmUtils.isEcdhEsDirect(jsonWebKey.getAlgorithm()) ? getEcDirectKeyJweEncryption(jsonWebKey, ContentAlgorithm.A128GCM) : getDirectKeyJweEncryption(JwkUtils.toSecretKey(jsonWebKey), getContentAlgo(jsonWebKey.getAlgorithm()));
    }

    public static JweEncryption getEcDirectKeyJweEncryption(JsonWebKey jsonWebKey, ContentAlgorithm contentAlgorithm) {
        if (!AlgorithmUtils.isEcdhEsDirect(jsonWebKey.getAlgorithm())) {
            throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
        }
        String stringProperty = jsonWebKey.getStringProperty(JsonWebKey.EC_CURVE);
        if (stringProperty == null) {
            stringProperty = JsonWebKey.EC_CURVE_P256;
        }
        return new EcdhDirectKeyJweEncryption(JwkUtils.toECPublicKey(jsonWebKey), stringProperty, contentAlgorithm);
    }

    public static JweEncryption getDirectKeyJweEncryption(SecretKey secretKey, ContentAlgorithm contentAlgorithm) {
        return getDirectKeyJweEncryption(secretKey.getEncoded(), contentAlgorithm);
    }

    public static JweEncryption getDirectKeyJweEncryption(byte[] bArr, ContentAlgorithm contentAlgorithm) {
        return AlgorithmUtils.isAesCbcHmac(contentAlgorithm.getJwaName()) ? new AesCbcHmacJweEncryption(contentAlgorithm, bArr, null, new DirectKeyEncryptionAlgorithm()) : new JweEncryption(new DirectKeyEncryptionAlgorithm(), getContentEncryptionProvider(bArr, contentAlgorithm));
    }

    public static JweDecryption getDirectKeyJweDecryption(JsonWebKey jsonWebKey) {
        return AlgorithmUtils.isEcdhEsDirect(jsonWebKey.getAlgorithm()) ? getEcDirectKeyJweDecryption(jsonWebKey, ContentAlgorithm.A128GCM) : getDirectKeyJweDecryption(JwkUtils.toSecretKey(jsonWebKey), getContentAlgo(jsonWebKey.getAlgorithm()));
    }

    public static JweDecryption getDirectKeyJweDecryption(SecretKey secretKey, ContentAlgorithm contentAlgorithm) {
        return getDirectKeyJweDecryption(secretKey.getEncoded(), contentAlgorithm);
    }

    public static JweDecryption getDirectKeyJweDecryption(byte[] bArr, ContentAlgorithm contentAlgorithm) {
        return AlgorithmUtils.isAesCbcHmac(contentAlgorithm.getJwaName()) ? new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(bArr), contentAlgorithm) : new JweDecryption(new DirectKeyDecryptionAlgorithm(bArr), getContentDecryptionProvider(contentAlgorithm));
    }

    public static JweDecryption getEcDirectKeyJweDecryption(JsonWebKey jsonWebKey, ContentAlgorithm contentAlgorithm) {
        if (AlgorithmUtils.isEcdhEsDirect(jsonWebKey.getAlgorithm())) {
            return new EcdhDirectKeyJweDecryption(JwkUtils.toECPrivateKey(jsonWebKey), contentAlgorithm);
        }
        throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
    }

    public static JweEncryptionProvider loadEncryptionProvider(boolean z) {
        return loadEncryptionProvider(new JweHeaders(), z);
    }

    public static JweEncryptionProvider loadEncryptionProvider(JweHeaders jweHeaders, boolean z) {
        Properties loadEncryptionOutProperties = loadEncryptionOutProperties(z);
        if (loadEncryptionOutProperties == null) {
            return null;
        }
        return loadEncryptionProvider(loadEncryptionOutProperties, jweHeaders);
    }

    public static JweEncryptionProvider loadEncryptionProvider(Properties properties, JweHeaders jweHeaders) {
        return loadEncryptionProvider(properties, PhaseInterceptorChain.getCurrentMessage(), jweHeaders);
    }

    public static JweEncryptionProvider loadEncryptionProvider(Properties properties, Message message, JweHeaders jweHeaders) {
        JsonWebKey loadJsonWebKey;
        KeyEncryptionProvider loadKeyEncryptionProvider = loadKeyEncryptionProvider(properties, message, jweHeaders);
        ContentAlgorithm contentEncryptionAlgorithm = getContentEncryptionAlgorithm(message, properties, null, ContentAlgorithm.A128GCM);
        if (message != null) {
            message.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, contentEncryptionAlgorithm.getJwaName());
        }
        ContentEncryptionProvider contentEncryptionProvider = null;
        if (KeyAlgorithm.DIRECT == loadKeyEncryptionProvider.getAlgorithm() && (loadJsonWebKey = JwkUtils.loadJsonWebKey(message, properties, KeyOperation.ENCRYPT)) != null) {
            contentEncryptionAlgorithm = getContentEncryptionAlgorithm(message, properties, loadJsonWebKey.getAlgorithm() != null ? ContentAlgorithm.getAlgorithm(loadJsonWebKey.getAlgorithm()) : null, contentEncryptionAlgorithm);
            contentEncryptionProvider = getContentEncryptionProvider(loadJsonWebKey, contentEncryptionAlgorithm);
        }
        return createJweEncryptionProvider(loadKeyEncryptionProvider, contentEncryptionProvider, contentEncryptionAlgorithm, properties.getProperty(JoseConstants.RSSEC_ENCRYPTION_ZIP_ALGORITHM), jweHeaders);
    }

    public static KeyEncryptionProvider loadKeyEncryptionProvider(Properties properties, Message message, JweHeaders jweHeaders) {
        KeyEncryptionProvider keyEncryptionProvider = null;
        KeyAlgorithm keyEncryptionAlgorithm = getKeyEncryptionAlgorithm(message, properties, null, null);
        if (KeyAlgorithm.DIRECT == keyEncryptionAlgorithm) {
            keyEncryptionProvider = new DirectKeyEncryptionAlgorithm();
        } else {
            if (keyEncryptionAlgorithm != null && AlgorithmUtils.PBES_HS_SET.contains(keyEncryptionAlgorithm.getJwaName())) {
                PrivateKeyPasswordProvider loadPasswordProvider = KeyManagementUtils.loadPasswordProvider(message, properties, KeyOperation.ENCRYPT);
                char[] password = loadPasswordProvider != null ? loadPasswordProvider.getPassword(properties) : null;
                if (password == null) {
                    throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
                }
                return new PbesHmacAesWrapKeyEncryptionAlgorithm(new String(password), MessageUtils.getContextualInteger(message, JoseConstants.RSSEC_ENCRYPTION_PBES2_COUNT, 4096), keyEncryptionAlgorithm, false);
            }
            boolean checkBooleanProperty = JoseUtils.checkBooleanProperty(jweHeaders, properties, message, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT);
            boolean checkBooleanProperty2 = JoseUtils.checkBooleanProperty(jweHeaders, properties, message, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT_SHA1);
            boolean checkBooleanProperty3 = JoseUtils.checkBooleanProperty(jweHeaders, properties, message, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT_SHA256);
            boolean checkBooleanProperty4 = JoseUtils.checkBooleanProperty(jweHeaders, properties, message, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_KEY_ID);
            if (JoseConstants.HEADER_JSON_WEB_KEY.equals(properties.get(RSSecurityConstants.RSSEC_KEY_STORE_TYPE))) {
                JsonWebKey loadJsonWebKey = JwkUtils.loadJsonWebKey(message, properties, KeyOperation.ENCRYPT);
                if (loadJsonWebKey != null) {
                    KeyAlgorithm keyEncryptionAlgorithm2 = getKeyEncryptionAlgorithm(message, properties, KeyAlgorithm.getAlgorithm(loadJsonWebKey.getAlgorithm()), getDefaultKeyAlgorithm(loadJsonWebKey));
                    keyEncryptionProvider = getKeyEncryptionProvider(loadJsonWebKey, keyEncryptionAlgorithm2);
                    boolean checkBooleanProperty5 = JoseUtils.checkBooleanProperty(jweHeaders, properties, message, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_PUBLIC_KEY);
                    if (checkBooleanProperty) {
                        JwkUtils.includeCertChain(loadJsonWebKey, jweHeaders, keyEncryptionAlgorithm2.getJwaName());
                    }
                    if (checkBooleanProperty2) {
                        KeyManagementUtils.setSha1DigestHeader(jweHeaders, message, properties);
                    } else if (checkBooleanProperty3) {
                        KeyManagementUtils.setSha256DigestHeader(jweHeaders, message, properties);
                    }
                    if (checkBooleanProperty5) {
                        JwkUtils.includePublicKey(loadJsonWebKey, jweHeaders, keyEncryptionAlgorithm2.getJwaName());
                    }
                    if (checkBooleanProperty4 && loadJsonWebKey.getKeyId() != null) {
                        jweHeaders.setKeyId(loadJsonWebKey.getKeyId());
                    }
                }
            } else {
                keyEncryptionProvider = getPublicKeyEncryptionProvider(KeyManagementUtils.loadPublicKey(message, properties), properties, keyEncryptionAlgorithm);
                if (checkBooleanProperty) {
                    jweHeaders.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(message, properties));
                }
                if (checkBooleanProperty2) {
                    KeyManagementUtils.setSha1DigestHeader(jweHeaders, message, properties);
                } else if (checkBooleanProperty3) {
                    KeyManagementUtils.setSha256DigestHeader(jweHeaders, message, properties);
                }
                if (checkBooleanProperty4 && properties.containsKey(RSSecurityConstants.RSSEC_KEY_STORE_ALIAS)) {
                    jweHeaders.setKeyId(properties.getProperty(RSSecurityConstants.RSSEC_KEY_STORE_ALIAS));
                }
            }
        }
        if (keyEncryptionProvider == null) {
            throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
        }
        jweHeaders.setKeyEncryptionAlgorithm(keyEncryptionProvider.getAlgorithm());
        return keyEncryptionProvider;
    }

    public static JweDecryptionProvider loadDecryptionProvider(boolean z) {
        return loadDecryptionProvider((JweHeaders) null, z);
    }

    public static JweDecryptionProvider loadDecryptionProvider(JweHeaders jweHeaders, boolean z) {
        Properties loadEncryptionInProperties = loadEncryptionInProperties(z);
        if (loadEncryptionInProperties == null) {
            return null;
        }
        return loadDecryptionProvider(loadEncryptionInProperties, jweHeaders);
    }

    public static JweDecryptionProvider loadDecryptionProvider(Properties properties, JweHeaders jweHeaders) {
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        KeyDecryptionProvider keyDecryptionProvider = null;
        ContentAlgorithm contentEncryptionAlgorithm = getContentEncryptionAlgorithm(currentMessage, properties, null, ContentAlgorithm.A128GCM);
        SecretKey secretKey = null;
        KeyAlgorithm keyEncryptionAlgorithm = getKeyEncryptionAlgorithm(currentMessage, properties, null, null);
        if (jweHeaders != null && jweHeaders.getHeader("x5c") != null) {
            List<X509Certificate> x509CertificateChain = KeyManagementUtils.toX509CertificateChain(jweHeaders.getX509Chain());
            KeyManagementUtils.validateCertificateChain(properties, x509CertificateChain);
            PrivateKey loadPrivateKey = KeyManagementUtils.loadPrivateKey(currentMessage, properties, x509CertificateChain == null ? null : x509CertificateChain.get(0), KeyOperation.DECRYPT);
            if (keyEncryptionAlgorithm == null) {
                keyEncryptionAlgorithm = getDefaultPrivateKeyAlgorithm(loadPrivateKey);
            }
            contentEncryptionAlgorithm = jweHeaders.getContentEncryptionAlgorithm();
            keyDecryptionProvider = getPrivateKeyDecryptionProvider(loadPrivateKey, keyEncryptionAlgorithm);
        } else if (jweHeaders != null && jweHeaders.getHeader("x5t") != null) {
            X509Certificate certificateFromThumbprint = KeyManagementUtils.getCertificateFromThumbprint(jweHeaders.getX509Thumbprint(), "SHA-1", currentMessage, properties);
            if (certificateFromThumbprint != null) {
                PrivateKey loadPrivateKey2 = KeyManagementUtils.loadPrivateKey(currentMessage, properties, certificateFromThumbprint, KeyOperation.DECRYPT);
                if (keyEncryptionAlgorithm == null) {
                    keyEncryptionAlgorithm = getDefaultPrivateKeyAlgorithm(loadPrivateKey2);
                }
                contentEncryptionAlgorithm = jweHeaders.getContentEncryptionAlgorithm();
                keyDecryptionProvider = getPrivateKeyDecryptionProvider(loadPrivateKey2, keyEncryptionAlgorithm);
            }
        } else if (jweHeaders != null && jweHeaders.getHeader("x5t#S256") != null) {
            X509Certificate certificateFromThumbprint2 = KeyManagementUtils.getCertificateFromThumbprint(jweHeaders.getX509ThumbprintSHA256(), "SHA-256", currentMessage, properties);
            if (certificateFromThumbprint2 != null) {
                PrivateKey loadPrivateKey3 = KeyManagementUtils.loadPrivateKey(currentMessage, properties, certificateFromThumbprint2, KeyOperation.DECRYPT);
                if (keyEncryptionAlgorithm == null) {
                    keyEncryptionAlgorithm = getDefaultPrivateKeyAlgorithm(loadPrivateKey3);
                }
                contentEncryptionAlgorithm = jweHeaders.getContentEncryptionAlgorithm();
                keyDecryptionProvider = getPrivateKeyDecryptionProvider(loadPrivateKey3, keyEncryptionAlgorithm);
            }
        } else if (JoseConstants.HEADER_JSON_WEB_KEY.equals(properties.get(RSSecurityConstants.RSSEC_KEY_STORE_TYPE))) {
            JsonWebKey loadJsonWebKey = JwkUtils.loadJsonWebKey(currentMessage, properties, KeyOperation.DECRYPT);
            if (loadJsonWebKey == null) {
                LOG.warning("Extracting the JsonWebKey failed");
                throw new JweException(JweException.Error.KEY_DECRYPTION_FAILURE);
            }
            if (KeyAlgorithm.DIRECT == keyEncryptionAlgorithm) {
                contentEncryptionAlgorithm = getContentEncryptionAlgorithm(currentMessage, properties, ContentAlgorithm.getAlgorithm(loadJsonWebKey.getAlgorithm()), ContentAlgorithm.A128GCM);
                secretKey = getContentDecryptionSecretKey(loadJsonWebKey, contentEncryptionAlgorithm.getJwaName());
            } else {
                keyDecryptionProvider = getKeyDecryptionProvider(loadJsonWebKey, getKeyEncryptionAlgorithm(currentMessage, properties, KeyAlgorithm.getAlgorithm(loadJsonWebKey.getAlgorithm()), getDefaultKeyAlgorithm(loadJsonWebKey)));
            }
        } else if (keyEncryptionAlgorithm == null || !AlgorithmUtils.PBES_HS_SET.contains(keyEncryptionAlgorithm.getJwaName())) {
            PrivateKey loadPrivateKey4 = KeyManagementUtils.loadPrivateKey(currentMessage, properties, KeyOperation.DECRYPT);
            if (keyEncryptionAlgorithm == null) {
                keyEncryptionAlgorithm = getDefaultPrivateKeyAlgorithm(loadPrivateKey4);
            }
            keyDecryptionProvider = getPrivateKeyDecryptionProvider(loadPrivateKey4, keyEncryptionAlgorithm);
        } else {
            PrivateKeyPasswordProvider loadPasswordProvider = KeyManagementUtils.loadPasswordProvider(currentMessage, properties, KeyOperation.DECRYPT);
            char[] password = loadPasswordProvider != null ? loadPasswordProvider.getPassword(properties) : null;
            if (password == null) {
                throw new JweException(JweException.Error.KEY_DECRYPTION_FAILURE);
            }
            keyDecryptionProvider = new PbesHmacAesWrapKeyDecryptionAlgorithm(new String(password));
        }
        return createJweDecryptionProvider(keyDecryptionProvider, secretKey, contentEncryptionAlgorithm);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(PublicKey publicKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm) {
        return createJweEncryptionProvider(publicKey, keyAlgorithm, contentAlgorithm, (String) null);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(PublicKey publicKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm, String str) {
        return createJweEncryptionProvider(getPublicKeyEncryptionProvider(publicKey, keyAlgorithm), contentAlgorithm, str);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(PublicKey publicKey, JweHeaders jweHeaders) {
        return createJweEncryptionProvider(getPublicKeyEncryptionProvider(publicKey, jweHeaders.getKeyEncryptionAlgorithm()), jweHeaders);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(SecretKey secretKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm) {
        return createJweEncryptionProvider(secretKey, keyAlgorithm, contentAlgorithm, (String) null);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(SecretKey secretKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm, String str) {
        return createJweEncryptionProvider(getSecretKeyEncryptionAlgorithm(secretKey, keyAlgorithm), contentAlgorithm, str);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(SecretKey secretKey, JweHeaders jweHeaders) {
        return createJweEncryptionProvider(getSecretKeyEncryptionAlgorithm(secretKey, jweHeaders.getKeyEncryptionAlgorithm()), jweHeaders);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey jsonWebKey, ContentAlgorithm contentAlgorithm) {
        return createJweEncryptionProvider(jsonWebKey, contentAlgorithm, (String) null);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey jsonWebKey, ContentAlgorithm contentAlgorithm, String str) {
        return createJweEncryptionProvider(getKeyEncryptionProvider(jsonWebKey), contentAlgorithm, str);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey jsonWebKey, JweHeaders jweHeaders) {
        return createJweEncryptionProvider(jsonWebKey, jweHeaders, false);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey jsonWebKey, JweHeaders jweHeaders, ContentEncryptionProvider contentEncryptionProvider) {
        if (contentEncryptionProvider == null) {
            return createJweEncryptionProvider(jsonWebKey, jweHeaders, false);
        }
        KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(jsonWebKey, jweHeaders.getKeyEncryptionAlgorithm());
        ContentAlgorithm contentEncryptionAlgorithm = jweHeaders.getContentEncryptionAlgorithm();
        if (AlgorithmUtils.isAesCbcHmac(contentEncryptionAlgorithm.getJwaName())) {
            if (contentEncryptionProvider instanceof AesCbcContentEncryptionAlgorithm) {
                return new AesCbcHmacJweEncryption(keyEncryptionProvider, (AesCbcContentEncryptionAlgorithm) contentEncryptionProvider);
            }
            throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
        }
        if (!AlgorithmUtils.isAesGcm(contentEncryptionAlgorithm.getJwaName())) {
            return new JweEncryption(keyEncryptionProvider, contentEncryptionProvider);
        }
        if (AlgorithmUtils.isEcdhEsDirect(keyEncryptionProvider.getAlgorithm().getJwaName())) {
            return new JweEncryption(keyEncryptionProvider, getEcdhDirectContentEncryptionProvider(jsonWebKey, jweHeaders));
        }
        if (contentEncryptionProvider instanceof AesGcmContentEncryptionAlgorithm) {
            return new JweEncryption(keyEncryptionProvider, contentEncryptionProvider);
        }
        throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey jsonWebKey, JweHeaders jweHeaders, boolean z) {
        KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(jsonWebKey, jweHeaders.getKeyEncryptionAlgorithm());
        ContentAlgorithm contentEncryptionAlgorithm = jweHeaders.getContentEncryptionAlgorithm();
        return AlgorithmUtils.isAesCbcHmac(contentEncryptionAlgorithm.getJwaName()) ? new AesCbcHmacJweEncryption(contentEncryptionAlgorithm, keyEncryptionProvider, z) : AlgorithmUtils.isAesGcm(contentEncryptionAlgorithm.getJwaName()) ? AlgorithmUtils.isEcdhEsDirect(keyEncryptionProvider.getAlgorithm().getJwaName()) ? new JweEncryption(keyEncryptionProvider, getEcdhDirectContentEncryptionProvider(jsonWebKey, jweHeaders)) : new JweEncryption(keyEncryptionProvider, new AesGcmContentEncryptionAlgorithm(contentEncryptionAlgorithm, z)) : new JweEncryption(keyEncryptionProvider, new AesCbcContentEncryptionAlgorithm(contentEncryptionAlgorithm, z));
    }

    public static ContentEncryptionProvider getEcdhDirectContentEncryptionProvider(JsonWebKey jsonWebKey, JweHeaders jweHeaders) {
        String stringProperty = jsonWebKey.getStringProperty(JsonWebKey.EC_CURVE);
        if (stringProperty == null) {
            stringProperty = JsonWebKey.EC_CURVE_P256;
        }
        return new EcdhAesGcmContentEncryptionAlgorithm(JwkUtils.toECPublicKey(jsonWebKey), stringProperty, null, null, jweHeaders.getContentEncryptionAlgorithm());
    }

    public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider, ContentAlgorithm contentAlgorithm, String str) {
        return createJweEncryptionProvider(keyEncryptionProvider, prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm().getJwaName() : null, contentAlgorithm.getJwaName(), str, null));
    }

    public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider, JweHeaders jweHeaders) {
        return createJweEncryptionProvider(keyEncryptionProvider, jweHeaders, false);
    }

    public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider, JweHeaders jweHeaders, boolean z) {
        ContentAlgorithm contentEncryptionAlgorithm = jweHeaders.getContentEncryptionAlgorithm();
        return AlgorithmUtils.isAesCbcHmac(contentEncryptionAlgorithm.getJwaName()) ? new AesCbcHmacJweEncryption(contentEncryptionAlgorithm, keyEncryptionProvider, z) : new JweEncryption(keyEncryptionProvider, getContentEncryptionProvider(contentEncryptionAlgorithm, z));
    }

    public static JweDecryptionProvider createJweDecryptionProvider(PrivateKey privateKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm) {
        return createJweDecryptionProvider(getPrivateKeyDecryptionProvider(privateKey, keyAlgorithm), contentAlgorithm);
    }

    public static JweDecryptionProvider createJweDecryptionProvider(SecretKey secretKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm) {
        return createJweDecryptionProvider(getSecretKeyDecryptionProvider(secretKey, keyAlgorithm), contentAlgorithm);
    }

    public static JweDecryptionProvider createJweDecryptionProvider(JsonWebKey jsonWebKey, ContentAlgorithm contentAlgorithm) {
        return createJweDecryptionProvider(getKeyDecryptionProvider(jsonWebKey), contentAlgorithm);
    }

    public static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionProvider keyDecryptionProvider, ContentAlgorithm contentAlgorithm) {
        return AlgorithmUtils.isAesCbcHmac(contentAlgorithm.getJwaName()) ? new AesCbcHmacJweDecryption(keyDecryptionProvider, contentAlgorithm) : new JweDecryption(keyDecryptionProvider, getContentDecryptionProvider(contentAlgorithm));
    }

    public static boolean validateCriticalHeaders(JoseHeaders joseHeaders) {
        return JoseUtils.validateCriticalHeaders(joseHeaders);
    }

    public static byte[] getECDHKey(JsonWebKey jsonWebKey, JsonWebKey jsonWebKey2, byte[] bArr, byte[] bArr2, String str, int i) {
        return getECDHKey(JwkUtils.toECPrivateKey(jsonWebKey), JwkUtils.toECPublicKey(jsonWebKey2), bArr, bArr2, str, i);
    }

    public static byte[] getECDHKey(ECPrivateKey eCPrivateKey, ECPublicKey eCPublicKey, byte[] bArr, byte[] bArr2, String str, int i) {
        if (ECPoint.POINT_INFINITY.equals(eCPublicKey.getW())) {
            throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
        }
        EllipticCurve curve = eCPublicKey.getParams().getCurve();
        BigInteger affineX = eCPublicKey.getW().getAffineX();
        BigInteger affineY = eCPublicKey.getW().getAffineY();
        BigInteger p = ((ECFieldFp) curve.getField()).getP();
        if (affineX.compareTo(BigInteger.ZERO) < 0 || affineX.compareTo(p) >= 0 || affineY.compareTo(BigInteger.ZERO) < 0 || affineY.compareTo(p) >= 0) {
            throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
        }
        BigInteger a = curve.getA();
        if (!affineY.modPow(BigInteger.valueOf(2L), p).equals(affineX.modPow(BigInteger.valueOf(3L), p).add(a.multiply(affineX)).add(curve.getB()).mod(p))) {
            throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
        }
        if (eCPublicKey.getParams().getCofactor() != 1) {
            throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
        }
        return calculateDerivedKey(generateKeyZ(eCPrivateKey, eCPublicKey), str, bArr, bArr2, i);
    }

    public static byte[] getAdditionalAuthenticationData(String str, byte[] bArr) {
        byte[] cipherAdditionalAuthData = JweHeaders.toCipherAdditionalAuthData(str);
        if (bArr == null) {
            return cipherAdditionalAuthData;
        }
        byte[] copyOf = Arrays.copyOf(cipherAdditionalAuthData, cipherAdditionalAuthData.length + 1 + bArr.length);
        copyOf[cipherAdditionalAuthData.length] = 46;
        System.arraycopy(bArr, 0, copyOf, cipherAdditionalAuthData.length + 1, bArr.length);
        return copyOf;
    }

    private static byte[] calculateDerivedKey(byte[] bArr, String str, byte[] bArr2, byte[] bArr3, int i) {
        byte[] bArr4 = new byte[4];
        if (bArr2 != null && bArr3 != null && Arrays.equals(bArr2, bArr3)) {
            LOG.warning("Derived key calculation problem: apu equals to apv");
            throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
        }
        byte[] concatenateDatalenAndData = concatenateDatalenAndData(StringUtils.toBytesASCII(str));
        byte[] concatenateDatalenAndData2 = bArr2 == null ? bArr4 : concatenateDatalenAndData(bArr2);
        byte[] concatenateDatalenAndData3 = bArr3 == null ? bArr4 : concatenateDatalenAndData(bArr3);
        byte[] datalenToBytes = datalenToBytes(i);
        byte[] bArr5 = new byte[concatenateDatalenAndData.length + concatenateDatalenAndData2.length + concatenateDatalenAndData3.length + datalenToBytes.length];
        System.arraycopy(concatenateDatalenAndData, 0, bArr5, 0, concatenateDatalenAndData.length);
        System.arraycopy(concatenateDatalenAndData2, 0, bArr5, concatenateDatalenAndData.length, concatenateDatalenAndData2.length);
        System.arraycopy(concatenateDatalenAndData3, 0, bArr5, concatenateDatalenAndData.length + concatenateDatalenAndData2.length, concatenateDatalenAndData3.length);
        System.arraycopy(datalenToBytes, 0, bArr5, concatenateDatalenAndData.length + concatenateDatalenAndData2.length + concatenateDatalenAndData3.length, datalenToBytes.length);
        byte[] bArr6 = new byte[36 + bArr5.length];
        bArr6[3] = 1;
        System.arraycopy(bArr, 0, bArr6, 4, bArr.length);
        System.arraycopy(bArr5, 0, bArr6, 36, bArr5.length);
        try {
            return Arrays.copyOf(MessageDigestUtils.createDigest(bArr6, "SHA-256"), i / 8);
        } catch (Exception e) {
            LOG.warning("Derived key calculation problem: round hash1 error");
            throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
        }
    }

    private static byte[] generateKeyZ(ECPrivateKey eCPrivateKey, ECPublicKey eCPublicKey) {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance(JCAConstants.KEY_AGREEMENT_ECDH);
            keyAgreement.init(eCPrivateKey);
            keyAgreement.doPhase(eCPublicKey, true);
            return keyAgreement.generateSecret();
        } catch (Exception e) {
            LOG.warning("Derived key calculation problem");
            throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
        }
    }

    private static byte[] concatenateDatalenAndData(byte[] bArr) {
        byte[] datalenToBytes = datalenToBytes(bArr.length);
        byte[] bArr2 = new byte[4 + bArr.length];
        System.arraycopy(datalenToBytes, 0, bArr2, 0, 4);
        System.arraycopy(bArr, 0, bArr2, 4, bArr.length);
        return bArr2;
    }

    private static byte[] datalenToBytes(int i) {
        return ByteBuffer.allocate(4).putInt(i).array();
    }

    private static JweHeaders prepareJweHeaders(String str, String str2, String str3, JweHeaders jweHeaders) {
        JweHeaders jweHeaders2 = jweHeaders != null ? jweHeaders : new JweHeaders();
        if (str != null) {
            jweHeaders2.setKeyEncryptionAlgorithm(KeyAlgorithm.getAlgorithm(str));
        }
        jweHeaders2.setContentEncryptionAlgorithm(ContentAlgorithm.getAlgorithm(str2));
        if (str3 != null) {
            jweHeaders2.setZipAlgorithm(str3);
        }
        return jweHeaders2;
    }

    private static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider, ContentEncryptionProvider contentEncryptionProvider, ContentAlgorithm contentAlgorithm, String str, JweHeaders jweHeaders) {
        if (keyEncryptionProvider != null || contentEncryptionProvider != null) {
            return contentEncryptionProvider == null ? createJweEncryptionProvider(keyEncryptionProvider, prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm().getJwaName() : null, contentAlgorithm.getJwaName(), str, jweHeaders)) : new JweEncryption(keyEncryptionProvider, contentEncryptionProvider);
        }
        LOG.warning("Key or content encryptor is not available");
        throw new JweException(JweException.Error.NO_ENCRYPTOR);
    }

    private static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionProvider keyDecryptionProvider, SecretKey secretKey, ContentAlgorithm contentAlgorithm) {
        if (keyDecryptionProvider != null || secretKey != null) {
            return keyDecryptionProvider != null ? createJweDecryptionProvider(keyDecryptionProvider, contentAlgorithm) : getDirectKeyJweDecryption(secretKey, contentAlgorithm);
        }
        LOG.warning("Key or content encryptor is not available");
        throw new JweException(JweException.Error.NO_ENCRYPTOR);
    }

    public static KeyAlgorithm getKeyEncryptionAlgorithm(Message message, Properties properties, KeyAlgorithm keyAlgorithm, KeyAlgorithm keyAlgorithm2) {
        if (keyAlgorithm == null) {
            keyAlgorithm = getKeyEncryptionAlgorithm(message, properties, keyAlgorithm2);
        }
        return keyAlgorithm;
    }

    public static KeyAlgorithm getKeyEncryptionAlgorithm(Properties properties, KeyAlgorithm keyAlgorithm) {
        return getKeyEncryptionAlgorithm(PhaseInterceptorChain.getCurrentMessage(), properties, keyAlgorithm);
    }

    public static KeyAlgorithm getKeyEncryptionAlgorithm(Message message, Properties properties, KeyAlgorithm keyAlgorithm) {
        String keyAlgorithm2 = KeyManagementUtils.getKeyAlgorithm(message, properties, JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM, keyAlgorithm == null ? null : keyAlgorithm.getJwaName());
        if (keyAlgorithm2 == null) {
            return null;
        }
        return KeyAlgorithm.getAlgorithm(keyAlgorithm2);
    }

    private static KeyAlgorithm getDefaultKeyAlgorithm(JsonWebKey jsonWebKey) {
        KeyType keyType = jsonWebKey.getKeyType();
        return KeyType.OCTET == keyType ? KeyAlgorithm.A128GCMKW : KeyType.RSA == keyType ? KeyAlgorithm.RSA_OAEP : KeyAlgorithm.ECDH_ES_A128KW;
    }

    public static ContentAlgorithm getContentEncryptionAlgorithm(Message message, Properties properties, ContentAlgorithm contentAlgorithm, ContentAlgorithm contentAlgorithm2) {
        if (contentAlgorithm == null) {
            contentAlgorithm = getContentEncryptionAlgorithm(message, properties, contentAlgorithm2);
        }
        return contentAlgorithm;
    }

    public static ContentAlgorithm getContentEncryptionAlgorithm(Properties properties) {
        return getContentEncryptionAlgorithm(PhaseInterceptorChain.getCurrentMessage(), properties, null);
    }

    public static ContentAlgorithm getContentEncryptionAlgorithm(Properties properties, ContentAlgorithm contentAlgorithm) {
        return getContentEncryptionAlgorithm(PhaseInterceptorChain.getCurrentMessage(), properties, contentAlgorithm);
    }

    public static ContentAlgorithm getContentEncryptionAlgorithm(Message message, Properties properties, ContentAlgorithm contentAlgorithm) {
        return ContentAlgorithm.getAlgorithm(KeyManagementUtils.getKeyAlgorithm(message, properties, JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, contentAlgorithm == null ? null : contentAlgorithm.getJwaName()));
    }

    private static String encrypt(KeyEncryptionProvider keyEncryptionProvider, ContentAlgorithm contentAlgorithm, byte[] bArr, String str) {
        return createJweEncryptionProvider(keyEncryptionProvider, contentAlgorithm, (String) null).encrypt(bArr, toJweHeaders(str));
    }

    private static byte[] decrypt(KeyDecryptionProvider keyDecryptionProvider, ContentAlgorithm contentAlgorithm, String str) {
        return createJweDecryptionProvider(keyDecryptionProvider, contentAlgorithm).decrypt(str).getContent();
    }

    private static JweHeaders toJweHeaders(String str) {
        return new JweHeaders((Map<String, Object>) Collections.singletonMap(JoseConstants.HEADER_CONTENT_TYPE, str));
    }

    public static Properties loadEncryptionInProperties(boolean z) {
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        String str = (String) currentMessage.getContextualProperty(JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM);
        if (str != null && AlgorithmUtils.PBES_HS_SET.contains(str)) {
            z = false;
        }
        return KeyManagementUtils.loadStoreProperties(currentMessage, z, JoseConstants.RSSEC_ENCRYPTION_IN_PROPS, JoseConstants.RSSEC_ENCRYPTION_PROPS);
    }

    public static Properties loadEncryptionOutProperties(boolean z) {
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        String str = (String) currentMessage.getContextualProperty(JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM);
        if (str != null && AlgorithmUtils.PBES_HS_SET.contains(str)) {
            z = false;
        }
        return KeyManagementUtils.loadStoreProperties(currentMessage, z, JoseConstants.RSSEC_ENCRYPTION_OUT_PROPS, JoseConstants.RSSEC_ENCRYPTION_PROPS);
    }

    public static Properties loadEncryptionProperties(String str, boolean z) {
        return KeyManagementUtils.loadStoreProperties(PhaseInterceptorChain.getCurrentMessage(), z, str, null);
    }

    public static void checkEncryptionKeySize(Key key) {
        if (!(key instanceof RSAKey) || ((RSAKey) key).getModulus().bitLength() >= 2048) {
            return;
        }
        LOG.fine("A key of size: " + ((RSAKey) key).getModulus().bitLength() + " was used with an RSA encryption algorithm. 2048 is the minimum size that is accepted");
        throw new JweException(JweException.Error.KEY_DECRYPTION_FAILURE);
    }

    public static JsonWebKeys loadPublicKeyEncryptionKeys(Message message, Properties properties) {
        return JoseConstants.HEADER_JSON_WEB_KEY.equals(properties.getProperty(RSSecurityConstants.RSSEC_KEY_STORE_TYPE)) ? JwkUtils.loadPublicJwkSet(message, properties) : new JsonWebKeys(JwkUtils.fromPublicKey(KeyManagementUtils.loadPublicKey(message, properties), properties, JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM));
    }

    public static Properties loadJweProperties(Message message, String str) {
        try {
            return JoseUtils.loadProperties(str, message.getExchange().getBus());
        } catch (Exception e) {
            LOG.warning("JWS init properties are not available");
            throw new JweException(JweException.Error.NO_INIT_PROPERTIES);
        }
    }
}
