package io.smallrye.jwt.build.impl;

import io.smallrye.jwt.algorithm.ContentEncryptionAlgorithm;
import io.smallrye.jwt.algorithm.KeyEncryptionAlgorithm;
import io.smallrye.jwt.build.JwtEncryptionBuilder;
import io.smallrye.jwt.build.JwtEncryptionException;
import io.smallrye.jwt.util.KeyUtils;
import java.security.Key;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKey;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:io/smallrye/jwt/build/impl/JwtEncryptionImpl.class */
class JwtEncryptionImpl implements JwtEncryptionBuilder {
    boolean innerSigned;
    String claims;
    Map<String, Object> headers = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwtEncryptionImpl(String str) {
        this.claims = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwtEncryptionImpl(String str, boolean z) {
        this.claims = str;
        this.innerSigned = z;
    }

    @Override // io.smallrye.jwt.build.JwtEncryption
    public String encrypt(PublicKey publicKey) throws JwtEncryptionException {
        return encryptInternal(publicKey);
    }

    @Override // io.smallrye.jwt.build.JwtEncryption
    public String encrypt(SecretKey secretKey) throws JwtEncryptionException {
        return encryptInternal(secretKey);
    }

    @Override // io.smallrye.jwt.build.JwtEncryption
    public String encrypt(String str) throws JwtEncryptionException {
        try {
            return encryptInternal(getEncryptionKeyFromKeyContent(getKeyContentFromLocation(str)));
        } catch (JwtEncryptionException e) {
            throw e;
        } catch (Exception e2) {
            throw ImplMessages.msg.encryptionException(e2);
        }
    }

    @Override // io.smallrye.jwt.build.JwtEncryption
    public String encrypt() throws JwtEncryptionException {
        try {
            return encryptInternal(getEncryptionKeyFromKeyContent(getKeyContentFromConfig()));
        } catch (JwtEncryptionException e) {
            throw e;
        } catch (Exception e2) {
            throw ImplMessages.msg.encryptionException(e2);
        }
    }

    @Override // io.smallrye.jwt.build.JwtEncryption
    public String encryptWithSecret(String str) throws JwtEncryptionException {
        return encrypt(KeyUtils.createSecretKeyFromSecret(str));
    }

    @Override // io.smallrye.jwt.build.JwtEncryptionBuilder
    public JwtEncryptionBuilder header(String str, Object obj) {
        if ("alg".equals(str)) {
            return keyAlgorithm(toKeyEncryptionAlgorithm((String) obj));
        }
        if ("enc".equals(str)) {
            return contentAlgorithm(toContentEncryptionAlgorithm((String) obj));
        }
        this.headers.put(str, obj);
        return this;
    }

    @Override // io.smallrye.jwt.build.JwtEncryptionBuilder
    public JwtEncryptionBuilder keyAlgorithm(KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
        this.headers.put("alg", keyEncryptionAlgorithm.getAlgorithm());
        return this;
    }

    @Override // io.smallrye.jwt.build.JwtEncryptionBuilder
    public JwtEncryptionBuilder contentAlgorithm(ContentEncryptionAlgorithm contentEncryptionAlgorithm) {
        this.headers.put("enc", contentEncryptionAlgorithm.getAlgorithm());
        return this;
    }

    @Override // io.smallrye.jwt.build.JwtEncryptionBuilder
    public JwtEncryptionBuilder keyId(String str) {
        this.headers.put("kid", str);
        return this;
    }

    private String encryptInternal(Key key) {
        JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
        jsonWebEncryption.setPlaintext(this.claims);
        for (Map.Entry<String, Object> entry : this.headers.entrySet()) {
            jsonWebEncryption.getHeaders().setObjectHeaderValue(entry.getKey(), entry.getValue());
        }
        if (this.innerSigned && !this.headers.containsKey("cty")) {
            jsonWebEncryption.getHeaders().setObjectHeaderValue("cty", "JWT");
        }
        String keyEncryptionAlgorithm = getKeyEncryptionAlgorithm(key);
        jsonWebEncryption.setAlgorithmHeaderValue(keyEncryptionAlgorithm);
        jsonWebEncryption.setEncryptionMethodHeaderParameter(getContentEncryptionAlgorithm());
        if ((key instanceof RSAPublicKey) && keyEncryptionAlgorithm.startsWith(KeyEncryptionAlgorithm.RSA_OAEP.getAlgorithm()) && ((RSAPublicKey) key).getModulus().bitLength() < 2048) {
            throw ImplMessages.msg.encryptionKeySizeMustBeHigher(keyEncryptionAlgorithm);
        }
        jsonWebEncryption.setKey(key);
        try {
            return jsonWebEncryption.getCompactSerialization();
        } catch (JoseException e) {
            throw ImplMessages.msg.joseSerializationError(e.getMessage(), e);
        }
    }

    private String getKeyEncryptionAlgorithm(Key key) {
        String str = (String) this.headers.get("alg");
        if (str == null) {
            try {
                str = (String) JwtBuildUtils.getConfigProperty(JwtBuildUtils.NEW_TOKEN_KEY_ENCRYPTION_ALG_PROPERTY, String.class);
                if (str != null) {
                    str = KeyEncryptionAlgorithm.fromAlgorithm(str).getAlgorithm();
                }
            } catch (Exception e) {
                throw ImplMessages.msg.unsupportedKeyEncryptionAlgorithm(str);
            }
        }
        if ("dir".equals(str)) {
            throw ImplMessages.msg.directContentEncryptionUnsupported();
        }
        if (key instanceof RSAPublicKey) {
            if (str == null) {
                return KeyEncryptionAlgorithm.RSA_OAEP.getAlgorithm();
            }
            if (str.startsWith("RS")) {
                return str;
            }
        } else if (key instanceof ECPublicKey) {
            if (str == null) {
                return KeyEncryptionAlgorithm.ECDH_ES_A256KW.getAlgorithm();
            }
            if (str.startsWith("EC")) {
                return str;
            }
        } else if (key instanceof SecretKey) {
            if (str == null) {
                return KeyEncryptionAlgorithm.A256KW.getAlgorithm();
            }
            if (str.startsWith("A") || str.startsWith("PBE")) {
                return str;
            }
        }
        throw ImplMessages.msg.unsupportedKeyEncryptionAlgorithm(key.getAlgorithm());
    }

    private String getContentEncryptionAlgorithm() {
        String str = (String) this.headers.get("enc");
        if (str == null) {
            try {
                str = (String) JwtBuildUtils.getConfigProperty(JwtBuildUtils.NEW_TOKEN_CONTENT_ENCRYPTION_ALG_PROPERTY, String.class);
                if (str != null) {
                    str = ContentEncryptionAlgorithm.fromAlgorithm(str).getAlgorithm();
                }
            } catch (Exception e) {
                throw ImplMessages.msg.unsupportedContentEncryptionAlgorithm(str);
            }
        }
        return str != null ? str : ContentEncryptionAlgorithm.A256GCM.name();
    }

    private static String getKeyContentFromLocation(String str) {
        try {
            return KeyUtils.readKeyContent(str);
        } catch (Exception e) {
            throw ImplMessages.msg.encryptionKeyCanNotBeLoadedFromLocation(str);
        }
    }

    private static String getKeyContentFromConfig() {
        String str = (String) JwtBuildUtils.getConfigProperty(JwtBuildUtils.ENC_KEY_LOCATION_PROPERTY, String.class);
        if (str != null) {
            return getKeyContentFromLocation(str);
        }
        String str2 = (String) JwtBuildUtils.getConfigProperty(JwtBuildUtils.ENC_KEY_PROPERTY, String.class);
        if (str2 != null) {
            return str2;
        }
        throw ImplMessages.msg.signKeyNotConfigured();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v20, types: [java.security.Key] */
    Key getEncryptionKeyFromKeyContent(String str) {
        String str2 = (String) this.headers.get("kid");
        String str3 = (String) this.headers.get("alg");
        PublicKey tryAsPemEncryptionPublicKey = KeyUtils.tryAsPemEncryptionPublicKey(str, str3 == null ? KeyEncryptionAlgorithm.RSA_OAEP_256 : KeyEncryptionAlgorithm.fromAlgorithm(str3));
        if (tryAsPemEncryptionPublicKey == null) {
            if (str2 == null) {
                str2 = (String) JwtBuildUtils.getConfigProperty(JwtBuildUtils.ENC_KEY_ID_PROPERTY, String.class);
                if (str2 != null) {
                    this.headers.put("kid", str2);
                }
            }
            JsonWebKey jwkKeyFromJwkSet = KeyUtils.getJwkKeyFromJwkSet(str2, str);
            if (jwkKeyFromJwkSet != null) {
                tryAsPemEncryptionPublicKey = KeyUtils.getPublicOrSecretEncryptingKey(jwkKeyFromJwkSet, str3 == null ? null : KeyEncryptionAlgorithm.fromAlgorithm(str3));
                if (tryAsPemEncryptionPublicKey != null) {
                    if (str3 == null && jwkKeyFromJwkSet.getAlgorithm() != null) {
                        this.headers.put("alg", jwkKeyFromJwkSet.getAlgorithm());
                    }
                    if (str2 == null && jwkKeyFromJwkSet.getKeyId() != null) {
                        this.headers.put("kid", jwkKeyFromJwkSet.getKeyId());
                    }
                }
            }
        }
        if (tryAsPemEncryptionPublicKey == null) {
            throw ImplMessages.msg.encryptionKeyCanNotBeCreatedFromContent();
        }
        return tryAsPemEncryptionPublicKey;
    }

    private static KeyEncryptionAlgorithm toKeyEncryptionAlgorithm(String str) {
        try {
            return KeyEncryptionAlgorithm.fromAlgorithm(str);
        } catch (Exception e) {
            throw ImplMessages.msg.unsupportedKeyEncryptionAlgorithm(str);
        }
    }

    private static ContentEncryptionAlgorithm toContentEncryptionAlgorithm(String str) {
        try {
            return ContentEncryptionAlgorithm.fromAlgorithm(str);
        } catch (Exception e) {
            throw ImplMessages.msg.unsupportedContentEncryptionAlgorithm(str);
        }
    }
}
