package io.smallrye.jwt.auth.principal;

import io.smallrye.jwt.KeyFormat;
import io.smallrye.jwt.util.KeyUtils;
import java.security.Key;
import java.security.PrivateKey;
import java.util.List;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwx.JsonWebStructure;
import org.jose4j.keys.resolvers.DecryptionKeyResolver;
import org.jose4j.lang.UnresolvableKeyException;

/* loaded from: input_file:io/smallrye/jwt/auth/principal/DecryptionKeyLocationResolver.class */
public class DecryptionKeyLocationResolver extends AbstractKeyLocationResolver implements DecryptionKeyResolver {
    public DecryptionKeyLocationResolver(JWTAuthContextInfo jWTAuthContextInfo) throws UnresolvableKeyException {
        super(jWTAuthContextInfo);
        try {
            initializeKeyContent();
        } catch (Exception e) {
            reportLoadKeyException(jWTAuthContextInfo.getDecryptionKeyContent(), jWTAuthContextInfo.getDecryptionKeyLocation(), e);
        }
    }

    public Key resolveKey(JsonWebEncryption jsonWebEncryption, List<JsonWebStructure> list) throws UnresolvableKeyException {
        verifyKid(jsonWebEncryption, this.authContextInfo.getTokenDecryptionKeyId());
        if (this.key != null) {
            return this.key;
        }
        Key tryAsDecryptionJwk = tryAsDecryptionJwk(jsonWebEncryption);
        if (tryAsDecryptionJwk == null) {
            reportUnresolvableKeyException(this.authContextInfo.getDecryptionKeyContent(), this.authContextInfo.getDecryptionKeyLocation());
        }
        return tryAsDecryptionJwk;
    }

    private Key tryAsDecryptionJwk(JsonWebEncryption jsonWebEncryption) throws UnresolvableKeyException {
        return fromJwkToDecryptionKey(super.tryAsJwk(jsonWebEncryption, this.authContextInfo.getKeyEncryptionAlgorithm().getAlgorithm()));
    }

    private Key fromJwkToDecryptionKey(JsonWebKey jsonWebKey) {
        Key key = null;
        if (jsonWebKey != null) {
            key = getSecretKeyFromJwk(jsonWebKey);
            if (key == null) {
                key = ((PublicJsonWebKey) PublicJsonWebKey.class.cast(jsonWebKey)).getPrivateKey();
            }
        }
        return key;
    }

    protected void initializeKeyContent() throws Exception {
        if (isHttpsJwksInitialized(this.authContextInfo.getDecryptionKeyLocation())) {
            return;
        }
        String decryptionKeyContent = this.authContextInfo.getDecryptionKeyContent() != null ? this.authContextInfo.getDecryptionKeyContent() : readKeyContent(this.authContextInfo.getDecryptionKeyLocation());
        if (mayBeFormat(KeyFormat.PEM_KEY)) {
            this.key = tryAsPEMPrivateKey(decryptionKeyContent);
            if (this.key != null || isFormat(KeyFormat.PEM_KEY)) {
                return;
            }
        }
        this.key = fromJwkToDecryptionKey(loadFromJwk(decryptionKeyContent, this.authContextInfo.getTokenDecryptionKeyId(), this.authContextInfo.getKeyEncryptionAlgorithm().getAlgorithm()));
    }

    static PrivateKey tryAsPEMPrivateKey(String str) {
        PrincipalLogging.log.checkKeyContentIsBase64EncodedPEMKey();
        PrivateKey privateKey = null;
        try {
            privateKey = KeyUtils.decodeDecryptionPrivateKey(str);
            PrincipalLogging.log.keyCreatedFromEncodedPEMKey();
        } catch (Exception e) {
            PrincipalLogging.log.keyContentIsNotValidEncodedPEMKey(e);
        }
        return privateKey;
    }
}
