package org.mitre.jwt.encryption.service.impl;

import com.google.common.base.Strings;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEDecrypter;
import com.nimbusds.jose.JWEEncrypter;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.ECDHDecrypter;
import com.nimbusds.jose.crypto.ECDHEncrypter;
import com.nimbusds.jose.crypto.RSADecrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.OctetSequenceKey;
import com.nimbusds.jose.jwk.RSAKey;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.annotation.PostConstruct;
import org.mitre.jose.keystore.JWKSetKeyStore;
import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/openid-connect-common-1.3.4.jar:org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.class */
public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAndDecryptionService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) DefaultJWTEncryptionAndDecryptionService.class);
    private Map<String, JWEEncrypter> encrypters;
    private Map<String, JWEDecrypter> decrypters;
    private String defaultEncryptionKeyId;
    private String defaultDecryptionKeyId;
    private JWEAlgorithm defaultAlgorithm;
    private Map<String, JWK> keys;

    public DefaultJWTEncryptionAndDecryptionService(Map<String, JWK> map) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
        this.encrypters = new HashMap();
        this.decrypters = new HashMap();
        this.keys = new HashMap();
        this.keys = map;
        buildEncryptersAndDecrypters();
    }

    public DefaultJWTEncryptionAndDecryptionService(JWKSetKeyStore jWKSetKeyStore) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
        this.encrypters = new HashMap();
        this.decrypters = new HashMap();
        this.keys = new HashMap();
        for (JWK jwk : jWKSetKeyStore.getKeys()) {
            if (Strings.isNullOrEmpty(jwk.getKeyID())) {
                throw new IllegalArgumentException("Tried to load a key from a keystore without a 'kid' field: " + jwk);
            }
            this.keys.put(jwk.getKeyID(), jwk);
        }
        buildEncryptersAndDecrypters();
    }

    @PostConstruct
    public void afterPropertiesSet() {
        if (this.keys == null) {
            throw new IllegalArgumentException("Encryption and decryption service must have at least one key configured.");
        }
        try {
            buildEncryptersAndDecrypters();
        } catch (JOSEException e) {
            throw new IllegalArgumentException("Encryption and decryption service was unable to process JOSE object.");
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalArgumentException("Encryption and decryption service could not find given algorithm.");
        } catch (InvalidKeySpecException e3) {
            throw new IllegalArgumentException("Encryption and decryption service saw an invalid key specification.");
        }
    }

    public String getDefaultEncryptionKeyId() {
        if (this.defaultEncryptionKeyId != null) {
            return this.defaultEncryptionKeyId;
        }
        if (this.keys.size() == 1) {
            return this.keys.keySet().iterator().next();
        }
        return null;
    }

    public void setDefaultEncryptionKeyId(String str) {
        this.defaultEncryptionKeyId = str;
    }

    public String getDefaultDecryptionKeyId() {
        if (this.defaultDecryptionKeyId != null) {
            return this.defaultDecryptionKeyId;
        }
        if (this.keys.size() == 1) {
            return this.keys.keySet().iterator().next();
        }
        return null;
    }

    public void setDefaultDecryptionKeyId(String str) {
        this.defaultDecryptionKeyId = str;
    }

    public JWEAlgorithm getDefaultAlgorithm() {
        return this.defaultAlgorithm;
    }

    public void setDefaultAlgorithm(JWEAlgorithm jWEAlgorithm) {
        this.defaultAlgorithm = jWEAlgorithm;
    }

    @Override // org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService
    public void encryptJwt(JWEObject jWEObject) {
        if (getDefaultEncryptionKeyId() == null) {
            throw new IllegalStateException("Tried to call default encryption with no default encrypter ID set");
        }
        try {
            jWEObject.encrypt(this.encrypters.get(getDefaultEncryptionKeyId()));
        } catch (JOSEException e) {
            logger.error("Failed to encrypt JWT, error was: ", (Throwable) e);
        }
    }

    @Override // org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService
    public void decryptJwt(JWEObject jWEObject) {
        if (getDefaultDecryptionKeyId() == null) {
            throw new IllegalStateException("Tried to call default decryption with no default decrypter ID set");
        }
        try {
            jWEObject.decrypt(this.decrypters.get(getDefaultDecryptionKeyId()));
        } catch (JOSEException e) {
            logger.error("Failed to decrypt JWT, error was: ", (Throwable) e);
        }
    }

    private void buildEncryptersAndDecrypters() throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
        for (Map.Entry<String, JWK> entry : this.keys.entrySet()) {
            String key = entry.getKey();
            JWK value = entry.getValue();
            if (value instanceof RSAKey) {
                RSAEncrypter rSAEncrypter = new RSAEncrypter((RSAKey) value);
                rSAEncrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
                this.encrypters.put(key, rSAEncrypter);
                if (value.isPrivate()) {
                    RSADecrypter rSADecrypter = new RSADecrypter((RSAKey) value);
                    rSADecrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
                    this.decrypters.put(key, rSADecrypter);
                } else {
                    logger.warn("No private key for key #" + value.getKeyID());
                }
            } else if (value instanceof ECKey) {
                ECDHEncrypter eCDHEncrypter = new ECDHEncrypter((ECKey) value);
                eCDHEncrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
                this.encrypters.put(key, eCDHEncrypter);
                if (value.isPrivate()) {
                    ECDHDecrypter eCDHDecrypter = new ECDHDecrypter((ECKey) value);
                    eCDHDecrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
                    this.decrypters.put(key, eCDHDecrypter);
                } else {
                    logger.warn("No private key for key # " + value.getKeyID());
                }
            } else if (value instanceof OctetSequenceKey) {
                DirectEncrypter directEncrypter = new DirectEncrypter((OctetSequenceKey) value);
                directEncrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
                DirectDecrypter directDecrypter = new DirectDecrypter((OctetSequenceKey) value);
                directDecrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
                this.encrypters.put(key, directEncrypter);
                this.decrypters.put(key, directDecrypter);
            } else {
                logger.warn("Unknown key type: " + value);
            }
        }
    }

    @Override // org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService
    public Map<String, JWK> getAllPublicKeys() {
        HashMap hashMap = new HashMap();
        for (String str : this.keys.keySet()) {
            JWK publicJWK = this.keys.get(str).toPublicJWK();
            if (publicJWK != null) {
                hashMap.put(str, publicJWK);
            }
        }
        return hashMap;
    }

    @Override // org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService
    public Collection<JWEAlgorithm> getAllEncryptionAlgsSupported() {
        HashSet hashSet = new HashSet();
        Iterator<JWEEncrypter> it = this.encrypters.values().iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().supportedJWEAlgorithms());
        }
        Iterator<JWEDecrypter> it2 = this.decrypters.values().iterator();
        while (it2.hasNext()) {
            hashSet.addAll(it2.next().supportedJWEAlgorithms());
        }
        return hashSet;
    }

    @Override // org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService
    public Collection<EncryptionMethod> getAllEncryptionEncsSupported() {
        HashSet hashSet = new HashSet();
        Iterator<JWEEncrypter> it = this.encrypters.values().iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().supportedEncryptionMethods());
        }
        Iterator<JWEDecrypter> it2 = this.decrypters.values().iterator();
        while (it2.hasNext()) {
            hashSet.addAll(it2.next().supportedEncryptionMethods());
        }
        return hashSet;
    }
}
