package com.nimbusds.oauth2.sdk.jose.jwk;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKMatcher;
import com.nimbusds.jose.jwk.JWKSelector;
import com.nimbusds.jose.jwk.KeyType;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.proc.JWEKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.oauth2.sdk.id.Identifier;
import java.security.Key;
import java.security.PrivateKey;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import net.jcip.annotations.ThreadSafe;

@ThreadSafe
@Deprecated
/* loaded from: input_file:WEB-INF/lib/oauth2-oidc-sdk-5.18.1.jar:com/nimbusds/oauth2/sdk/jose/jwk/JWEDecryptionKeySelector.class */
public class JWEDecryptionKeySelector extends AbstractJWKSelectorWithSource implements JWEKeySelector {
    private final JWEAlgorithm jweAlg;
    private final EncryptionMethod jweEnc;

    private static void ensureAsymmetricEncryptionAlgorithm(JWEAlgorithm jWEAlgorithm) {
        if (!JWEAlgorithm.Family.RSA.contains(jWEAlgorithm) && !JWEAlgorithm.Family.ECDH_ES.contains(jWEAlgorithm)) {
            throw new IllegalArgumentException("The JWE algorithm must be RSA or EC based");
        }
    }

    public JWEDecryptionKeySelector(Identifier identifier, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, JWKSource jWKSource) {
        super(identifier, jWKSource);
        if (jWEAlgorithm == null) {
            throw new IllegalArgumentException("The JWE algorithm must not be null");
        }
        ensureAsymmetricEncryptionAlgorithm(jWEAlgorithm);
        this.jweAlg = jWEAlgorithm;
        if (encryptionMethod == null) {
            throw new IllegalArgumentException("The JWE encryption method must not be null");
        }
        this.jweEnc = encryptionMethod;
    }

    public JWEAlgorithm getExpectedJWEAlgorithm() {
        return this.jweAlg;
    }

    public EncryptionMethod getExpectedJWEEncryptionMethod() {
        return this.jweEnc;
    }

    protected JWKMatcher createJWKMatcher(JWEHeader jWEHeader) {
        if (getExpectedJWEAlgorithm().equals(jWEHeader.getAlgorithm()) && getExpectedJWEEncryptionMethod().equals(jWEHeader.getEncryptionMethod())) {
            return new JWKMatcher.Builder().keyType(KeyType.forAlgorithm(getExpectedJWEAlgorithm())).keyID(jWEHeader.getKeyID()).keyUses(KeyUse.ENCRYPTION, null).algorithms(getExpectedJWEAlgorithm(), null).build();
        }
        return null;
    }

    @Override // com.nimbusds.jose.proc.JWEKeySelector
    public List<Key> selectJWEKeys(JWEHeader jWEHeader, SecurityContext securityContext) {
        if (!this.jweAlg.equals(jWEHeader.getAlgorithm()) || !this.jweEnc.equals(jWEHeader.getEncryptionMethod())) {
            return Collections.emptyList();
        }
        List<JWK> list = getJWKSource().get(getIdentifier(), new JWKSelector(createJWKMatcher(jWEHeader)));
        LinkedList linkedList = new LinkedList();
        for (Key key : KeyConverter.toJavaKeys(list)) {
            if (key instanceof PrivateKey) {
                linkedList.add(key);
            }
        }
        return linkedList;
    }

    @Override // com.nimbusds.oauth2.sdk.jose.jwk.AbstractJWKSelectorWithSource
    public /* bridge */ /* synthetic */ JWKSource getJWKSource() {
        return super.getJWKSource();
    }
}
