package de.adorsys.sts.resourceserver.service;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEEncrypter;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKMatcher;
import com.nimbusds.jose.jwk.JWKSelector;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import de.adorsys.sts.cryptoutils.JWEEncryptedSelector;
import de.adorsys.sts.resourceserver.exception.NoJwkFoundException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:BOOT-INF/lib/sts-resource-server-0.29.0.jar:de/adorsys/sts/resourceserver/service/JweEncryptionService.class */
public class JweEncryptionService implements EncryptionService {
    private static final JWKSelector encKeySelector = new JWKSelector(new JWKMatcher.Builder().keyUse(KeyUse.ENCRYPTION).build());
    private final KeyRetrieverService keyRetrieverService;

    public JweEncryptionService(KeyRetrieverService keyRetrieverService) {
        this.keyRetrieverService = keyRetrieverService;
    }

    @Override // de.adorsys.sts.resourceserver.service.EncryptionService
    public String encryptFor(String str, String str2) {
        return encrypt(selectKeyFrom(this.keyRetrieverService.retrieve(str)), str2);
    }

    @Override // de.adorsys.sts.resourceserver.service.EncryptionService
    public Map<String, String> encryptFor(Iterable<String> iterable, String str) {
        HashMap hashMap = new HashMap();
        for (String str2 : iterable) {
            hashMap.put(str2, encryptFor(str2, str));
        }
        return hashMap;
    }

    private JWK selectKeyFrom(JWKSet jWKSet) throws NoJwkFoundException {
        List<JWK> select = encKeySelector.select(jWKSet);
        Collections.shuffle(select);
        return select.stream().findAny().orElseThrow(() -> {
            return new NoJwkFoundException("Cannot find a JWK for encryption");
        });
    }

    @Override // de.adorsys.sts.resourceserver.service.EncryptionService
    public String encrypt(JWK jwk, String str) throws SecretEncryptionException {
        JWEEncrypter encrypter = JWEEncryptedSelector.getEncrypter(jwk, (JWEAlgorithm) null, (EncryptionMethod) null);
        try {
            JWEObject jWEObject = new JWEObject(getHeader(jwk), new Payload(str));
            jWEObject.encrypt(encrypter);
            return jWEObject.serialize();
        } catch (JOSEException e) {
            throw new SecretEncryptionException(e);
        }
    }

    private JWEHeader getHeader(JWK jwk) throws JOSEException {
        JWEHeader jWEHeader;
        if (jwk instanceof RSAKey) {
            jWEHeader = new JWEHeader(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A128GCM);
        } else {
            if (!(jwk instanceof ECKey)) {
                return null;
            }
            jWEHeader = new JWEHeader(JWEAlgorithm.ECDH_ES_A128KW, EncryptionMethod.A192GCM);
        }
        return new JWEHeader.Builder(jWEHeader).keyID(jwk.getKeyID()).build();
    }
}
