package io.confluent.oidc.encryption;

import io.confluent.common.Configurable;
import io.confluent.oidc.exceptions.EncryptionFailedException;
import io.confluent.tokenapi.jwt.JwsConfig;
import io.confluent.tokenapi.jwt.KeyPairHandler;
import java.nio.file.Paths;
import java.security.PrivateKey;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/oidc/encryption/EncryptionHandler.class */
public class EncryptionHandler implements Configurable {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) EncryptionHandler.class);
    private PrivateKey privateKey;
    private AESGCMEncryption aesgcmEncryption;

    @Override // io.confluent.common.Configurable
    public void configure(Map<String, ?> map) {
        this.privateKey = new KeyPairHandler(Paths.get(new JwsConfig(map).getString(JwsConfig.TOKEN_KEY_PATH_PROP), new String[0])).getKeyPairs().get(0).getPrivate();
        this.aesgcmEncryption = new AESGCMEncryption();
    }

    public String encrypt(String str) {
        try {
            return this.aesgcmEncryption.encrypt(str, this.privateKey);
        } catch (Exception e) {
            log.error("Failed to encrypt given payload", (Throwable) e);
            throw new EncryptionFailedException("Failed to encrypt", e);
        }
    }

    public String decrypt(String str) {
        try {
            return this.aesgcmEncryption.decrypt(str, this.privateKey);
        } catch (Exception e) {
            log.error("Failed to decrypt given payload", (Throwable) e);
            throw new EncryptionFailedException("Failed to decrypt", e);
        }
    }
}
