package org.soulwing.s2ks.metadata;

import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.PrivateKey;
import java.time.Clock;
import javax.crypto.SecretKey;
import org.jose4j.keys.AesKey;
import org.soulwing.jwt.api.Claims;
import org.soulwing.jwt.api.JWS;
import org.soulwing.jwt.api.JWTProvider;
import org.soulwing.jwt.api.JWTProviderLocator;
import org.soulwing.jwt.api.SingletonKeyProvider;
import org.soulwing.jwt.api.exceptions.JWTConfigurationException;
import org.soulwing.jwt.api.exceptions.JWTException;
import org.soulwing.s2ks.KeyWithMetadata;
import org.soulwing.s2ks.Metadata;
import org.soulwing.s2ks.MetadataUnwrapException;
import org.soulwing.s2ks.MetadataWrapException;
import org.soulwing.s2ks.SimpleMetadata;
import org.soulwing.s2ks.base.MetadataWrapOperator;

/* loaded from: input_file:WEB-INF/lib/s2ks-impl-1.2.1.jar:org/soulwing/s2ks/metadata/JwtMetadataWrapOperator.class */
public class JwtMetadataWrapOperator implements MetadataWrapOperator {
    private static final JwtMetadataWrapOperator INSTANCE = new JwtMetadataWrapOperator();
    private final PublicKeyFactory publicKeyFactory = new JcaPublicKeyFactory();
    private final JWTProvider provider = JWTProviderLocator.getProvider();

    public static JwtMetadataWrapOperator getInstance() {
        return INSTANCE;
    }

    private JwtMetadataWrapOperator() {
    }

    @Override // org.soulwing.s2ks.base.MetadataWrapOperator
    public byte[] wrap(KeyWithMetadata keyWithMetadata) throws MetadataWrapException {
        try {
            return this.provider.generator().signature(signatureOperator(keyWithMetadata.getKey())).build().generate(metadataToClaims(keyWithMetadata.getMetadata())).getBytes(StandardCharsets.UTF_8);
        } catch (JWTException e) {
            throw new MetadataWrapException(e.toString(), e);
        }
    }

    @Override // org.soulwing.s2ks.base.MetadataWrapOperator
    public Metadata unwrap(Key key, byte[] bArr) throws MetadataUnwrapException {
        try {
            return claimsToMetadata(this.provider.validator().signatureOperator(signatureOperator(deriveValidationKey(key))).claimsAssertions(this.provider.assertions().build()).clock(Clock.systemUTC()).build().validate(new String(bArr, StandardCharsets.UTF_8)));
        } catch (JWTException e) {
            throw new MetadataUnwrapException(e.toString(), e);
        }
    }

    private Key deriveValidationKey(Key key) throws MetadataUnwrapException {
        if (key instanceof SecretKey) {
            return key;
        }
        if (key instanceof PrivateKey) {
            return this.publicKeyFactory.generatePublic((PrivateKey) key);
        }
        throw new MetadataUnwrapException("unsupported key or algorithm type");
    }

    private JWS signatureOperator(Key key) throws JWTConfigurationException {
        return this.provider.signatureOperator().algorithm(keyToAlgorithm(key)).keyProvider(SingletonKeyProvider.with(key)).build();
    }

    private JWS.Algorithm keyToAlgorithm(Key key) throws IllegalArgumentException {
        if (key.getAlgorithm().equals(AesKey.ALGORITHM)) {
            return JWS.Algorithm.of(String.format("HS%d", Integer.valueOf(key.getEncoded().length * 8)));
        }
        if (key.getAlgorithm().equals("RSA")) {
            return JWS.Algorithm.RS256;
        }
        if (key.getAlgorithm().equals("EC")) {
            return JWS.Algorithm.ES256;
        }
        throw new IllegalArgumentException("unsupported key algorithm");
    }

    private Claims metadataToClaims(Metadata metadata) {
        Claims.Builder claims = this.provider.claims();
        metadata.names().forEach(str -> {
            claims.set(str, metadata.get(str, Object.class), new Object[0]);
        });
        return claims.build();
    }

    private Metadata claimsToMetadata(Claims claims) {
        SimpleMetadata.Builder builder = SimpleMetadata.builder();
        claims.names().forEach(str -> {
            builder.set(str, claims.get(str, Object.class));
        });
        return builder.build();
    }
}
