package org.apereo.cas.util.jwt;

import java.io.Serializable;
import java.security.Key;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import lombok.Generated;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apereo.cas.util.function.FunctionUtils;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwe.JsonWebEncryption;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-util-api-6.6.0.jar:org/apereo/cas/util/jwt/JsonWebTokenEncryptor.class */
public class JsonWebTokenEncryptor {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) JsonWebTokenEncryptor.class);
    public static final List<String> ALGORITHM_ALL_EXCEPT_NONE = List.of("*");
    private final String algorithm;
    private final Map<String, Object> headers;
    private final Key key;
    private final Set<String> allowedAlgorithms;
    private final Set<String> allowedContentEncryptionAlgorithms;
    private final String keyId;
    private String encryptionMethod;

    @Generated
    /* loaded from: input_file:WEB-INF/lib/cas-server-core-util-api-6.6.0.jar:org/apereo/cas/util/jwt/JsonWebTokenEncryptor$JsonWebTokenEncryptorBuilder.class */
    public static abstract class JsonWebTokenEncryptorBuilder<C extends JsonWebTokenEncryptor, B extends JsonWebTokenEncryptorBuilder<C, B>> {

        @Generated
        private String algorithm;

        @Generated
        private boolean headers$set;

        @Generated
        private Map<String, Object> headers$value;

        @Generated
        private Key key;

        @Generated
        private boolean allowedAlgorithms$set;

        @Generated
        private Set<String> allowedAlgorithms$value;

        @Generated
        private boolean allowedContentEncryptionAlgorithms$set;

        @Generated
        private Set<String> allowedContentEncryptionAlgorithms$value;

        @Generated
        private boolean keyId$set;

        @Generated
        private String keyId$value;

        @Generated
        private String encryptionMethod;

        @Generated
        protected abstract B self();

        @Generated
        public abstract C build();

        @Generated
        public B algorithm(String str) {
            this.algorithm = str;
            return self();
        }

        @Generated
        public B headers(Map<String, Object> map) {
            this.headers$value = map;
            this.headers$set = true;
            return self();
        }

        @Generated
        public B key(Key key) {
            this.key = key;
            return self();
        }

        @Generated
        public B allowedAlgorithms(Set<String> set) {
            this.allowedAlgorithms$value = set;
            this.allowedAlgorithms$set = true;
            return self();
        }

        @Generated
        public B allowedContentEncryptionAlgorithms(Set<String> set) {
            this.allowedContentEncryptionAlgorithms$value = set;
            this.allowedContentEncryptionAlgorithms$set = true;
            return self();
        }

        @Generated
        public B keyId(String str) {
            this.keyId$value = str;
            this.keyId$set = true;
            return self();
        }

        @Generated
        public B encryptionMethod(String str) {
            this.encryptionMethod = str;
            return self();
        }

        @Generated
        public String toString() {
            return "JsonWebTokenEncryptor.JsonWebTokenEncryptorBuilder(algorithm=" + this.algorithm + ", headers$value=" + this.headers$value + ", key=" + this.key + ", allowedAlgorithms$value=" + this.allowedAlgorithms$value + ", allowedContentEncryptionAlgorithms$value=" + this.allowedContentEncryptionAlgorithms$value + ", keyId$value=" + this.keyId$value + ", encryptionMethod=" + this.encryptionMethod + ")";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Generated
    /* loaded from: input_file:WEB-INF/lib/cas-server-core-util-api-6.6.0.jar:org/apereo/cas/util/jwt/JsonWebTokenEncryptor$JsonWebTokenEncryptorBuilderImpl.class */
    public static final class JsonWebTokenEncryptorBuilderImpl extends JsonWebTokenEncryptorBuilder<JsonWebTokenEncryptor, JsonWebTokenEncryptorBuilderImpl> {
        @Generated
        private JsonWebTokenEncryptorBuilderImpl() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apereo.cas.util.jwt.JsonWebTokenEncryptor.JsonWebTokenEncryptorBuilder
        @Generated
        public JsonWebTokenEncryptorBuilderImpl self() {
            return this;
        }

        @Override // org.apereo.cas.util.jwt.JsonWebTokenEncryptor.JsonWebTokenEncryptorBuilder
        @Generated
        public JsonWebTokenEncryptor build() {
            return new JsonWebTokenEncryptor(this);
        }
    }

    public String encrypt(Serializable serializable) {
        try {
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            jsonWebEncryption.setPayload(serializable.toString());
            jsonWebEncryption.enableDefaultCompression();
            jsonWebEncryption.setAlgorithmHeaderValue(this.algorithm);
            jsonWebEncryption.setEncryptionMethodHeaderParameter(this.encryptionMethod);
            jsonWebEncryption.setKey(this.key);
            jsonWebEncryption.setAlgorithmConstraints(getAlgorithmConstraints());
            jsonWebEncryption.setContentEncryptionAlgorithmConstraints(getContentEncryptionAlgorithmConstraints());
            jsonWebEncryption.setContentTypeHeaderValue(JoseConstants.TYPE_JWT);
            jsonWebEncryption.setHeader("typ", JoseConstants.TYPE_JWT);
            String str = this.keyId;
            Objects.requireNonNull(jsonWebEncryption);
            FunctionUtils.doIfNotNull(str, jsonWebEncryption::setKeyIdHeaderValue);
            this.headers.forEach((str2, obj) -> {
                jsonWebEncryption.setHeader(str2, obj.toString());
            });
            LOGGER.trace("Encrypting via [{}]", this.encryptionMethod);
            return jsonWebEncryption.getCompactSerialization();
        } catch (Exception e) {
            throw new IllegalArgumentException(e.getMessage(), e);
        }
    }

    private AlgorithmConstraints getAlgorithmConstraints() {
        return (this.allowedAlgorithms.isEmpty() || this.allowedAlgorithms.contains("*")) ? AlgorithmConstraints.DISALLOW_NONE : new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.PERMIT, (String[]) this.allowedAlgorithms.toArray(ArrayUtils.EMPTY_STRING_ARRAY));
    }

    private AlgorithmConstraints getContentEncryptionAlgorithmConstraints() {
        return (this.allowedContentEncryptionAlgorithms.isEmpty() || this.allowedContentEncryptionAlgorithms.contains("*")) ? AlgorithmConstraints.DISALLOW_NONE : new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.PERMIT, (String[]) this.allowedContentEncryptionAlgorithms.toArray(ArrayUtils.EMPTY_STRING_ARRAY));
    }

    @Generated
    private static Map<String, Object> $default$headers() {
        return new LinkedHashMap();
    }

    @Generated
    private static Set<String> $default$allowedAlgorithms() {
        return new LinkedHashSet();
    }

    @Generated
    private static Set<String> $default$allowedContentEncryptionAlgorithms() {
        return new LinkedHashSet();
    }

    @Generated
    private static String $default$keyId() {
        return UUID.randomUUID().toString();
    }

    @Generated
    protected JsonWebTokenEncryptor(JsonWebTokenEncryptorBuilder<?, ?> jsonWebTokenEncryptorBuilder) {
        this.algorithm = ((JsonWebTokenEncryptorBuilder) jsonWebTokenEncryptorBuilder).algorithm;
        if (((JsonWebTokenEncryptorBuilder) jsonWebTokenEncryptorBuilder).headers$set) {
            this.headers = ((JsonWebTokenEncryptorBuilder) jsonWebTokenEncryptorBuilder).headers$value;
        } else {
            this.headers = $default$headers();
        }
        this.key = ((JsonWebTokenEncryptorBuilder) jsonWebTokenEncryptorBuilder).key;
        if (((JsonWebTokenEncryptorBuilder) jsonWebTokenEncryptorBuilder).allowedAlgorithms$set) {
            this.allowedAlgorithms = ((JsonWebTokenEncryptorBuilder) jsonWebTokenEncryptorBuilder).allowedAlgorithms$value;
        } else {
            this.allowedAlgorithms = $default$allowedAlgorithms();
        }
        if (((JsonWebTokenEncryptorBuilder) jsonWebTokenEncryptorBuilder).allowedContentEncryptionAlgorithms$set) {
            this.allowedContentEncryptionAlgorithms = ((JsonWebTokenEncryptorBuilder) jsonWebTokenEncryptorBuilder).allowedContentEncryptionAlgorithms$value;
        } else {
            this.allowedContentEncryptionAlgorithms = $default$allowedContentEncryptionAlgorithms();
        }
        if (((JsonWebTokenEncryptorBuilder) jsonWebTokenEncryptorBuilder).keyId$set) {
            this.keyId = ((JsonWebTokenEncryptorBuilder) jsonWebTokenEncryptorBuilder).keyId$value;
        } else {
            this.keyId = $default$keyId();
        }
        this.encryptionMethod = ((JsonWebTokenEncryptorBuilder) jsonWebTokenEncryptorBuilder).encryptionMethod;
    }

    @Generated
    public static JsonWebTokenEncryptorBuilder<?, ?> builder() {
        return new JsonWebTokenEncryptorBuilderImpl();
    }
}
