package org.forgerock.openam.sso.providers.stateless;

import com.google.common.annotations.VisibleForTesting;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.xmlenc.EncryptionConstants;
import java.security.Key;
import java.security.KeyPair;
import java.util.Map;
import javax.crypto.spec.SecretKeySpec;
import org.forgerock.openam.sdk.org.forgerock.json.jose.jwe.CompressionAlgorithm;
import org.forgerock.openam.sdk.org.forgerock.json.jose.jwe.JweAlgorithmType;
import org.forgerock.openam.sdk.org.forgerock.json.jose.jws.JwsAlgorithm;
import org.forgerock.openam.utils.AMKeyProvider;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:org/forgerock/openam/sso/providers/stateless/JwtSessionMapperConfig.class */
public class JwtSessionMapperConfig {
    static final String SIGNING_ALGORITHM = "openam-session-stateless-signing-type";
    static final String SIGNING_HMAC_SHARED_SECRET = "openam-session-stateless-signing-hmac-shared-secret";
    static final String ENCRYPTION_ALGORITHM = "openam-session-stateless-encryption-type";
    static final String COMPRESSION_TYPE = "openam-session-stateless-compression-type";
    private static final String ASYMMETRIC_SIGNING_KEY_ALIAS = "openam-session-stateless-signing-rsa-certificate-alias";
    private static final String ENCRYPTION_RSA_KEY_ALIAS = "openam-session-stateless-encryption-rsa-certificate-alias";
    private static final String ENCRYPTION_AES_KEY = "openam-session-stateless-encryption-aes-key";
    private static final String NONE = "NONE";
    private final JwtSessionMapper jwtSessionMapper;

    /* renamed from: org.forgerock.openam.sso.providers.stateless.JwtSessionMapperConfig$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:org/forgerock/openam/sso/providers/stateless/JwtSessionMapperConfig$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$forgerock$json$jose$jwe$JweAlgorithmType;
        static final /* synthetic */ int[] $SwitchMap$org$forgerock$json$jose$jws$JwsAlgorithm = new int[JwsAlgorithm.values().length];

        static {
            try {
                $SwitchMap$org$forgerock$json$jose$jws$JwsAlgorithm[JwsAlgorithm.RS256.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$forgerock$json$jose$jws$JwsAlgorithm[JwsAlgorithm.HS256.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$forgerock$json$jose$jws$JwsAlgorithm[JwsAlgorithm.HS384.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$forgerock$json$jose$jws$JwsAlgorithm[JwsAlgorithm.HS512.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$forgerock$json$jose$jws$JwsAlgorithm[JwsAlgorithm.ES256.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$forgerock$json$jose$jws$JwsAlgorithm[JwsAlgorithm.ES384.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$forgerock$json$jose$jws$JwsAlgorithm[JwsAlgorithm.ES512.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$forgerock$json$jose$jws$JwsAlgorithm[JwsAlgorithm.NONE.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            $SwitchMap$org$forgerock$json$jose$jwe$JweAlgorithmType = new int[JweAlgorithmType.values().length];
            try {
                $SwitchMap$org$forgerock$json$jose$jwe$JweAlgorithmType[JweAlgorithmType.RSA.ordinal()] = 1;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$forgerock$json$jose$jwe$JweAlgorithmType[JweAlgorithmType.AES_KEYWRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$forgerock$json$jose$jwe$JweAlgorithmType[JweAlgorithmType.DIRECT.ordinal()] = 3;
            } catch (NoSuchFieldError e11) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:org/forgerock/openam/sso/providers/stateless/JwtSessionMapperConfig$AMKeyProviderHolder.class */
    public static final class AMKeyProviderHolder {
        private static final AMKeyProvider INSTANCE = new AMKeyProvider();

        private AMKeyProviderHolder() {
        }
    }

    public JwtSessionMapperConfig(Map map) {
        JwtSessionMapperBuilder jwtSessionMapperBuilder = new JwtSessionMapperBuilder();
        String mapAttr = CollectionHelper.getMapAttr(map, ENCRYPTION_ALGORITHM, NONE);
        if (!StringUtils.isEqualTo(NONE, mapAttr)) {
            switch (AnonymousClass1.$SwitchMap$org$forgerock$json$jose$jwe$JweAlgorithmType[JweAlgorithmType.valueOf(mapAttr).ordinal()]) {
                case 1:
                    jwtSessionMapperBuilder.encryptedUsingKeyPair(getKeyPair(map, ENCRYPTION_RSA_KEY_ALIAS));
                    break;
                case 2:
                    jwtSessionMapperBuilder.encryptedUsingKeyWrap(getSecretKey(map, ENCRYPTION_AES_KEY));
                    break;
                case 3:
                    jwtSessionMapperBuilder.encryptedUsingDirectKey(getSecretKey(map, ENCRYPTION_AES_KEY));
                    break;
            }
        }
        jwtSessionMapperBuilder.compressedUsing(CompressionAlgorithm.parseAlgorithm(CollectionHelper.getMapAttr(map, COMPRESSION_TYPE, NONE)));
        String mapAttr2 = CollectionHelper.getMapAttr(map, SIGNING_ALGORITHM);
        switch (AnonymousClass1.$SwitchMap$org$forgerock$json$jose$jws$JwsAlgorithm[(mapAttr2 == null ? JwsAlgorithm.NONE : JwsAlgorithm.valueOf(mapAttr2)).ordinal()]) {
            case 1:
                jwtSessionMapperBuilder.signedUsingRS256(getKeyPair(map, ASYMMETRIC_SIGNING_KEY_ALIAS));
                break;
            case 2:
                jwtSessionMapperBuilder.signedUsingHS256(CollectionHelper.getMapAttr(map, SIGNING_HMAC_SHARED_SECRET));
                break;
            case 3:
                jwtSessionMapperBuilder.signedUsingHS384(CollectionHelper.getMapAttr(map, SIGNING_HMAC_SHARED_SECRET));
                break;
            case 4:
                jwtSessionMapperBuilder.signedUsingHS512(CollectionHelper.getMapAttr(map, SIGNING_HMAC_SHARED_SECRET));
                break;
            case 5:
                jwtSessionMapperBuilder.signedUsingES256(getKeyPair(map, ASYMMETRIC_SIGNING_KEY_ALIAS));
                break;
            case 6:
                jwtSessionMapperBuilder.signedUsingES384(getKeyPair(map, ASYMMETRIC_SIGNING_KEY_ALIAS));
                break;
            case 7:
                jwtSessionMapperBuilder.signedUsingES512(getKeyPair(map, ASYMMETRIC_SIGNING_KEY_ALIAS));
                break;
        }
        this.jwtSessionMapper = jwtSessionMapperBuilder.build();
    }

    @VisibleForTesting
    KeyPair getKeyPair(Map map, String str) {
        return AMKeyProviderHolder.INSTANCE.getKeyPair(CollectionHelper.getMapAttr(map, str));
    }

    @VisibleForTesting
    Key getSecretKey(Map map, String str) {
        return new SecretKeySpec(Base64.decode(CollectionHelper.getMapAttr(map, str)), EncryptionConstants.AES);
    }

    public JwtSessionMapper getJwtSessionMapper() {
        return this.jwtSessionMapper;
    }
}
