package org.wildfly.swarm.jose.provider;

import java.util.List;
import java.util.Properties;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer;
import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweJsonConsumer;
import org.apache.cxf.rs.security.jose.jwe.JweJsonProducer;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsJsonProducer;
import org.apache.cxf.rs.security.jose.jws.JwsJsonSignatureEntry;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.wildfly.swarm.jose.DecryptionOutput;
import org.wildfly.swarm.jose.EncryptionInput;
import org.wildfly.swarm.jose.Jose;
import org.wildfly.swarm.jose.JoseConfiguration;
import org.wildfly.swarm.jose.JoseException;
import org.wildfly.swarm.jose.JoseOperation;
import org.wildfly.swarm.jose.JoseProperties;
import org.wildfly.swarm.jose.SignatureInput;
import org.wildfly.swarm.jose.VerificationOutput;

/* loaded from: input_file:org/wildfly/swarm/jose/provider/DefaultJoseImpl.class */
public class DefaultJoseImpl implements Jose {
    private JoseConfiguration config;

    public DefaultJoseImpl(JoseConfiguration joseConfiguration) {
        this.config = joseConfiguration;
    }

    @Override // org.wildfly.swarm.jose.Jose
    public String sign(String str) {
        return sign(new SignatureInput(str));
    }

    @Override // org.wildfly.swarm.jose.Jose
    public String sign(SignatureInput signatureInput) {
        JwsHeaders jwsHeaders = new JwsHeaders();
        jwsHeaders.asMap().putAll(signatureInput.getHeaders());
        if (!this.config.signatureDataEncoding()) {
            jwsHeaders.setPayloadEncodingStatus(false);
        }
        if (this.config.includeSignatureKeyAlias()) {
            jwsHeaders.setKeyId(signatureKeyAlias());
        }
        Properties prepareSignatureVerificationProperties = prepareSignatureVerificationProperties(JoseOperation.SIGN);
        jwsHeaders.setSignatureAlgorithm(SignatureAlgorithm.getAlgorithm(this.config.signatureAlgorithm()));
        JwsSignatureProvider signatureProvider = getSignatureProvider(prepareSignatureVerificationProperties, jwsHeaders);
        return JoseProperties.DEFAULT_JOSE_FORMAT == this.config.signatureFormat() ? signCompact(signatureProvider, jwsHeaders, signatureInput.getData()) : signJson(signatureProvider, jwsHeaders, signatureInput.getData());
    }

    private String signCompact(JwsSignatureProvider jwsSignatureProvider, JwsHeaders jwsHeaders, String str) {
        try {
            return new JwsCompactProducer(jwsHeaders, str, this.config.signatureDataDetached()).signWith(jwsSignatureProvider);
        } catch (Exception e) {
            throw new JoseException("JWS Compact Signature Creation Failure", e);
        }
    }

    private String signJson(JwsSignatureProvider jwsSignatureProvider, JwsHeaders jwsHeaders, String str) {
        try {
            return new JwsJsonProducer(str, true, this.config.signatureDataDetached()).signWith(jwsSignatureProvider, jwsHeaders);
        } catch (Exception e) {
            throw new JoseException("JWS JOSE Signature Creation Failure", e);
        }
    }

    @Override // org.wildfly.swarm.jose.Jose
    public String verify(String str) throws JoseException {
        return verification(str).getData();
    }

    @Override // org.wildfly.swarm.jose.Jose
    public VerificationOutput verification(String str) throws JoseException {
        return getVerificationOutput(str, null);
    }

    @Override // org.wildfly.swarm.jose.Jose
    public String verifyDetached(String str, String str2) throws JoseException {
        return verificationDetached(str, str2).getData();
    }

    @Override // org.wildfly.swarm.jose.Jose
    public VerificationOutput verificationDetached(String str, String str2) throws JoseException {
        if (this.config.signatureDataEncoding()) {
            str2 = Base64UrlUtility.encode(str2);
        }
        return getVerificationOutput(str, str2);
    }

    private VerificationOutput getVerificationOutput(String str, String str2) throws JoseException {
        Properties prepareSignatureVerificationProperties = prepareSignatureVerificationProperties(JoseOperation.VERIFICATION);
        return JoseProperties.DEFAULT_JOSE_FORMAT == this.config.signatureFormat() ? verifyCompact(prepareSignatureVerificationProperties, str, str2) : verifyJson(prepareSignatureVerificationProperties, str, str2);
    }

    private VerificationOutput verifyCompact(Properties properties, String str, String str2) {
        try {
            JwsCompactConsumer jwsCompactConsumer = new JwsCompactConsumer(str, str2);
            if (jwsCompactConsumer.verifySignatureWith(getJwsSignatureVerifier(properties, jwsCompactConsumer.getJwsHeaders()))) {
                return new VerificationOutput(jwsCompactConsumer.getJwsHeaders().asMap(), jwsCompactConsumer.getDecodedJwsPayload());
            }
            throw new JoseException("JWS Compact Signature Verification Failure");
        } catch (JoseException e) {
            throw e;
        } catch (Exception e2) {
            throw new JoseException("JWS Compact Signature Verification Failure", e2);
        }
    }

    private VerificationOutput verifyJson(Properties properties, String str, String str2) {
        try {
            JwsJsonConsumer jwsJsonConsumer = new JwsJsonConsumer(str, str2);
            List signatureEntries = jwsJsonConsumer.getSignatureEntries();
            if (signatureEntries.size() > 1) {
                throw new JoseException("JWS JSON Signature Verification Failure: only a single recipient is supported at the moment");
            }
            JwsJsonSignatureEntry jwsJsonSignatureEntry = (JwsJsonSignatureEntry) signatureEntries.get(0);
            if (jwsJsonSignatureEntry.verifySignatureWith(getJwsSignatureVerifier(properties, jwsJsonSignatureEntry.getProtectedHeader()))) {
                return new VerificationOutput(jwsJsonSignatureEntry.getProtectedHeader().asMap(), jwsJsonConsumer.getDecodedJwsPayload());
            }
            throw new JoseException("JWS JSON Signature Verification Failure");
        } catch (JoseException e) {
            throw e;
        } catch (Exception e2) {
            throw new JoseException("JWS JSON Signature Verification Failure", e2);
        }
    }

    private JwsSignatureProvider getSignatureProvider(Properties properties, JwsHeaders jwsHeaders) {
        return isInlinedJwkSetAvailable() ? JwsUtils.getSignatureProvider(loadJsonWebKey(signatureKeyAlias())) : JwsUtils.loadSignatureProvider(properties, jwsHeaders);
    }

    private JwsSignatureVerifier getJwsSignatureVerifier(Properties properties, JwsHeaders jwsHeaders) {
        if (this.config.acceptSignatureAlias()) {
            properties.setProperty("rs.security.keystore.alias", jwsHeaders.getKeyId());
        }
        return isInlinedJwkSetAvailable() ? JwsUtils.getSignatureVerifier(loadJsonWebKey(verificationKeyAlias())) : JwsUtils.loadSignatureVerifier(properties, jwsHeaders);
    }

    @Override // org.wildfly.swarm.jose.Jose
    public String encrypt(String str) {
        return encrypt(new EncryptionInput(str));
    }

    @Override // org.wildfly.swarm.jose.Jose
    public String encrypt(EncryptionInput encryptionInput) {
        Properties prepareEncryptionDecryptionProperties = prepareEncryptionDecryptionProperties(JoseOperation.ENCRYPTION);
        JweHeaders jweHeaders = new JweHeaders();
        jweHeaders.asMap().putAll(encryptionInput.getHeaders());
        if (this.config.includeEncryptionKeyAlias()) {
            jweHeaders.setKeyId(encryptionKeyAlias());
        }
        JweEncryptionProvider encryptionProvider = getEncryptionProvider(prepareEncryptionDecryptionProperties, jweHeaders);
        return JoseProperties.DEFAULT_JOSE_FORMAT == this.config.encryptionFormat() ? encryptCompact(encryptionProvider, jweHeaders, encryptionInput.getData()) : encryptJson(encryptionProvider, jweHeaders, encryptionInput.getData());
    }

    private String encryptCompact(JweEncryptionProvider jweEncryptionProvider, JweHeaders jweHeaders, String str) {
        try {
            return new JweCompactProducer(jweHeaders, str).encryptWith(jweEncryptionProvider);
        } catch (Exception e) {
            throw new JoseException("JWE Compact Encryption Failure", e);
        }
    }

    private String encryptJson(JweEncryptionProvider jweEncryptionProvider, JweHeaders jweHeaders, String str) {
        try {
            return new JweJsonProducer(jweHeaders, StringUtils.toBytesUTF8(str), true).encryptWith(jweEncryptionProvider);
        } catch (Exception e) {
            throw new JoseException("JWE JSON Encryption Failure", e);
        }
    }

    @Override // org.wildfly.swarm.jose.Jose
    public String decrypt(String str) throws JoseException {
        return decryption(str).getData();
    }

    @Override // org.wildfly.swarm.jose.Jose
    public DecryptionOutput decryption(String str) throws JoseException {
        Properties prepareEncryptionDecryptionProperties = prepareEncryptionDecryptionProperties(JoseOperation.DECRYPTION);
        return JoseProperties.DEFAULT_JOSE_FORMAT == this.config.signatureFormat() ? decryptCompact(prepareEncryptionDecryptionProperties, str) : decryptJson(prepareEncryptionDecryptionProperties, str);
    }

    private DecryptionOutput decryptCompact(Properties properties, String str) {
        try {
            JweCompactConsumer jweCompactConsumer = new JweCompactConsumer(str);
            if (this.config.acceptEncryptionAlias()) {
                properties.setProperty("rs.security.keystore.alias", jweCompactConsumer.getJweHeaders().getKeyId());
            }
            return new DecryptionOutput(jweCompactConsumer.getJweHeaders().asMap(), jweCompactConsumer.getDecryptedContentText(getDecryptionProvider(properties, jweCompactConsumer.getJweHeaders())));
        } catch (Exception e) {
            throw new JoseException("JWE Compact Decryption Failure");
        }
    }

    private DecryptionOutput decryptJson(Properties properties, String str) {
        try {
            JweJsonConsumer jweJsonConsumer = new JweJsonConsumer(str);
            if (jweJsonConsumer.getRecipients().size() > 1) {
                throw new JoseException("JWE JSON Decryption Failure: only a single recipient is supported at the moment");
            }
            if (this.config.acceptEncryptionAlias()) {
                properties.setProperty("rs.security.keystore.alias", jweJsonConsumer.getProtectedHeader().getKeyId());
            }
            return new DecryptionOutput(jweJsonConsumer.getProtectedHeader().asMap(), jweJsonConsumer.decryptWith(getDecryptionProvider(properties, jweJsonConsumer.getProtectedHeader())).getContentText());
        } catch (JoseException e) {
            throw e;
        } catch (Exception e2) {
            throw new JoseException("JWE JSON Decryption Failure", e2);
        }
    }

    private JweEncryptionProvider getEncryptionProvider(Properties properties, JweHeaders jweHeaders) {
        return isInlinedJwkSetAvailable() ? KeyAlgorithm.DIRECT == KeyAlgorithm.getAlgorithm(this.config.keyEncryptionAlgorithm()) ? JweUtils.getDirectKeyJweEncryption(loadJsonWebKey(encryptionKeyAlias())) : JweUtils.createJweEncryptionProvider(loadJsonWebKey(encryptionKeyAlias()), jweHeaders) : JweUtils.loadEncryptionProvider(properties, jweHeaders);
    }

    private JweDecryptionProvider getDecryptionProvider(Properties properties, JweHeaders jweHeaders) {
        if (this.config.acceptEncryptionAlias()) {
            properties.setProperty("rs.security.keystore.alias", jweHeaders.getKeyId());
        }
        return isInlinedJwkSetAvailable() ? KeyAlgorithm.DIRECT == KeyAlgorithm.getAlgorithm(this.config.keyEncryptionAlgorithm()) ? JweUtils.getDirectKeyJweDecryption(loadJsonWebKey(encryptionKeyAlias())) : JweUtils.createJweDecryptionProvider(loadJsonWebKey(encryptionKeyAlias()), ContentAlgorithm.getAlgorithm(this.config.contentEncryptionAlgorithm())) : JweUtils.loadDecryptionProvider(properties, jweHeaders);
    }

    private boolean isInlinedJwkSetAvailable() {
        return "jwk".equals(this.config.keystoreType()) && JoseProperties.JWK_KEYSTORE_INLINE.equals(this.config.keystorePath()) && !this.config.inlinedKeystoreJwkSet().isEmpty();
    }

    private JsonWebKey loadJsonWebKey(String str) {
        JsonWebKey key = JwkUtils.readJwkSet(this.config.inlinedKeystoreJwkSet()).getKey(str);
        if (key == null) {
            throw new JoseException("JWK key is not available");
        }
        return key;
    }

    private Properties prepareEncryptionDecryptionProperties(JoseOperation joseOperation) {
        Properties properties = new Properties();
        properties.setProperty("rs.security.keystore.type", this.config.keystoreType());
        properties.setProperty("rs.security.keystore.file", this.config.keystorePath());
        properties.setProperty("rs.security.keystore.password", this.config.keystorePassword());
        properties.setProperty("rs.security.key.password", this.config.encryptionKeyPassword());
        properties.setProperty("rs.security.encryption.key.algorithm", this.config.keyEncryptionAlgorithm());
        properties.setProperty("rs.security.encryption.content.algorithm", this.config.contentEncryptionAlgorithm());
        if (joseOperation.equals(JoseOperation.ENCRYPTION)) {
            properties.setProperty("rs.security.keystore.alias", encryptionKeyAlias());
        } else if (joseOperation.equals(JoseOperation.DECRYPTION)) {
            properties.setProperty("rs.security.keystore.alias", decryptionKeyAlias());
        }
        return properties;
    }

    private Properties prepareSignatureVerificationProperties(JoseOperation joseOperation) {
        Properties properties = new Properties();
        properties.setProperty("rs.security.keystore.type", this.config.keystoreType());
        properties.setProperty("rs.security.keystore.file", this.config.keystorePath());
        properties.setProperty("rs.security.keystore.password", this.config.keystorePassword());
        properties.setProperty("rs.security.key.password", this.config.signatureKeyPassword());
        properties.setProperty("rs.security.signature.algorithm", this.config.signatureAlgorithm());
        if (joseOperation.equals(JoseOperation.SIGN)) {
            properties.setProperty("rs.security.keystore.alias", signatureKeyAlias());
        } else if (joseOperation.equals(JoseOperation.VERIFICATION)) {
            properties.setProperty("rs.security.keystore.alias", verificationKeyAlias());
        }
        return properties;
    }

    private String signatureKeyAlias() {
        return this.config.signatureKeyAliasOut() == null ? this.config.signatureKeyAlias() : this.config.signatureKeyAliasOut();
    }

    private String verificationKeyAlias() {
        return this.config.signatureKeyAliasIn() == null ? this.config.signatureKeyAlias() : this.config.signatureKeyAliasIn();
    }

    private String encryptionKeyAlias() {
        return this.config.encryptionKeyAliasOut() == null ? this.config.encryptionKeyAlias() : this.config.encryptionKeyAliasOut();
    }

    private String decryptionKeyAlias() {
        return this.config.encryptionKeyAliasIn() == null ? this.config.encryptionKeyAlias() : this.config.encryptionKeyAliasIn();
    }
}
