package io.mosaicboot.core.jwt;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jose.CompressionAlgorithm;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEDecrypter;
import com.nimbusds.jose.JWEEncrypter;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.crypto.AESDecrypter;
import com.nimbusds.jose.crypto.AESEncrypter;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.ECDHDecrypter;
import com.nimbusds.jose.crypto.ECDHEncrypter;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import io.mosaicboot.core.util.UnreachableException;
import java.text.ParseException;
import java.time.Instant;
import java.util.Date;
import java.util.Map;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.security.authentication.BadCredentialsException;

/* compiled from: JweHelper.kt */
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��^\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\t\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n\u0002\b\u0005\u0018��2\u00020\u0001B'\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\b\u0010\b\u001a\u0004\u0018\u00010\t¢\u0006\u0002\u0010\nJ)\u0010\u0014\u001a\u0002H\u0015\"\u0004\b��\u0010\u00152\u0006\u0010\u0016\u001a\u00020\u00132\f\u0010\u0017\u001a\b\u0012\u0004\u0012\u0002H\u00150\u0018H\u0016¢\u0006\u0002\u0010\u0019J\u0016\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u0016\u001a\u00020\u00132\u0006\u0010\u001c\u001a\u00020\u0013J'\u0010\u001d\u001a\u00020\u0013\"\b\b��\u0010\u0015*\u00020\u001e2\u0006\u0010\u001f\u001a\u00020 2\u0006\u0010!\u001a\u0002H\u0015H\u0016¢\u0006\u0002\u0010\"J)\u0010#\u001a\u00020\u0013\"\u0004\b��\u0010\u00152\u0006\u0010\u001f\u001a\u00020 2\u0006\u0010\u001c\u001a\u00020\u00132\u0006\u0010!\u001a\u0002H\u0015¢\u0006\u0002\u0010$R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u000b\u001a\u00020\fX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\r\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u000f\u001a\u00020\u0010X\u0082\u0004¢\u0006\u0002\n��R\u0012\u0010\b\u001a\u0004\u0018\u00010\tX\u0082\u0004¢\u0006\u0004\n\u0002\u0010\u0011R\u000e\u0010\u0012\u001a\u00020\u0013X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��¨\u0006%"}, d2 = {"Lio/mosaicboot/core/jwt/JweHelper;", "Lio/mosaicboot/core/jwt/JwtCodec;", "algorithm", "Lcom/nimbusds/jose/JWEAlgorithm;", "jwkSecret", "Lcom/nimbusds/jose/jwk/JWK;", "objectMapper", "Lcom/fasterxml/jackson/databind/ObjectMapper;", "expirationSeconds", "", "(Lcom/nimbusds/jose/JWEAlgorithm;Lcom/nimbusds/jose/jwk/JWK;Lcom/fasterxml/jackson/databind/ObjectMapper;Ljava/lang/Long;)V", "decrypter", "Lcom/nimbusds/jose/JWEDecrypter;", "encrypter", "Lcom/nimbusds/jose/JWEEncrypter;", "encryptionMethod", "Lcom/nimbusds/jose/EncryptionMethod;", "Ljava/lang/Long;", "keyId", "", "decode", "T", "token", "type", "Ljava/lang/Class;", "(Ljava/lang/String;Ljava/lang/Class;)Ljava/lang/Object;", "decrypt", "Lcom/nimbusds/jwt/EncryptedJWT;", "cty", "encode", "", "builder", "Lcom/nimbusds/jwt/JWTClaimsSet$Builder;", "claims", "(Lcom/nimbusds/jwt/JWTClaimsSet$Builder;Ljava/lang/Object;)Ljava/lang/String;", "encrypt", "(Lcom/nimbusds/jwt/JWTClaimsSet$Builder;Ljava/lang/String;Ljava/lang/Object;)Ljava/lang/String;", "mosaic-boot-core"})
@SourceDebugExtension({"SMAP\nJweHelper.kt\nKotlin\n*S Kotlin\n*F\n+ 1 JweHelper.kt\nio/mosaicboot/core/jwt/JweHelper\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n+ 3 _Maps.kt\nkotlin/collections/MapsKt___MapsKt\n*L\n1#1,162:1\n1#2:163\n215#3,2:164\n*S KotlinDebug\n*F\n+ 1 JweHelper.kt\nio/mosaicboot/core/jwt/JweHelper\n*L\n99#1:164,2\n*E\n"})
/* loaded from: input_file:io/mosaicboot/core/jwt/JweHelper.class */
public final class JweHelper implements JwtCodec {

    @NotNull
    private final JWEAlgorithm algorithm;

    @NotNull
    private final ObjectMapper objectMapper;

    @Nullable
    private final Long expirationSeconds;

    @NotNull
    private final String keyId;

    @NotNull
    private final JWEEncrypter encrypter;

    @NotNull
    private final JWEDecrypter decrypter;

    @NotNull
    private final EncryptionMethod encryptionMethod;

    public JweHelper(@NotNull JWEAlgorithm jWEAlgorithm, @NotNull JWK jwk, @NotNull ObjectMapper objectMapper, @Nullable Long l) {
        EncryptionMethod encryptionMethod;
        EncryptionMethod encryptionMethod2;
        Intrinsics.checkNotNullParameter(jWEAlgorithm, "algorithm");
        Intrinsics.checkNotNullParameter(jwk, "jwkSecret");
        Intrinsics.checkNotNullParameter(objectMapper, "objectMapper");
        this.algorithm = jWEAlgorithm;
        this.objectMapper = objectMapper;
        this.expirationSeconds = l;
        String keyID = jwk.getKeyID();
        Intrinsics.checkNotNullExpressionValue(keyID, "getKeyID(...)");
        this.keyId = keyID;
        JWEAlgorithm jWEAlgorithm2 = this.algorithm;
        if (Intrinsics.areEqual(jWEAlgorithm2, JWEAlgorithm.DIR)) {
            this.encrypter = new DirectEncrypter(jwk.toOctetSequenceKey());
            this.decrypter = new DirectDecrypter(jwk.toOctetSequenceKey());
            EncryptionMethod encryptionMethod3 = EncryptionMethod.A256GCM;
            Intrinsics.checkNotNullExpressionValue(encryptionMethod3, "A256GCM");
            this.encryptionMethod = encryptionMethod3;
            return;
        }
        if (!(Intrinsics.areEqual(jWEAlgorithm2, JWEAlgorithm.A128KW) ? true : Intrinsics.areEqual(jWEAlgorithm2, JWEAlgorithm.A192KW) ? true : Intrinsics.areEqual(jWEAlgorithm2, JWEAlgorithm.A256KW) ? true : Intrinsics.areEqual(jWEAlgorithm2, JWEAlgorithm.A128GCMKW) ? true : Intrinsics.areEqual(jWEAlgorithm2, JWEAlgorithm.A192GCMKW) ? true : Intrinsics.areEqual(jWEAlgorithm2, JWEAlgorithm.A256GCMKW))) {
            if (!(Intrinsics.areEqual(jWEAlgorithm2, JWEAlgorithm.ECDH_ES) ? true : Intrinsics.areEqual(jWEAlgorithm2, JWEAlgorithm.ECDH_ES_A128KW) ? true : Intrinsics.areEqual(jWEAlgorithm2, JWEAlgorithm.ECDH_ES_A192KW) ? true : Intrinsics.areEqual(jWEAlgorithm2, JWEAlgorithm.ECDH_ES_A256KW))) {
                throw new IllegalArgumentException("Unsupported algorithm: " + jwk.getAlgorithm());
            }
            this.encrypter = new ECDHEncrypter(jwk.toECKey());
            this.decrypter = new ECDHDecrypter(jwk.toECKey());
            JWEAlgorithm jWEAlgorithm3 = this.algorithm;
            if (Intrinsics.areEqual(jWEAlgorithm3, JWEAlgorithm.ECDH_ES)) {
                encryptionMethod = EncryptionMethod.A256GCM;
                Intrinsics.checkNotNullExpressionValue(encryptionMethod, "A256GCM");
            } else if (Intrinsics.areEqual(jWEAlgorithm3, JWEAlgorithm.ECDH_ES_A128KW)) {
                encryptionMethod = EncryptionMethod.A128GCM;
                Intrinsics.checkNotNullExpressionValue(encryptionMethod, "A128GCM");
            } else if (Intrinsics.areEqual(jWEAlgorithm3, JWEAlgorithm.ECDH_ES_A192KW)) {
                encryptionMethod = EncryptionMethod.A192GCM;
                Intrinsics.checkNotNullExpressionValue(encryptionMethod, "A192GCM");
            } else {
                if (!Intrinsics.areEqual(jWEAlgorithm3, JWEAlgorithm.ECDH_ES_A256KW)) {
                    throw new UnreachableException();
                }
                encryptionMethod = EncryptionMethod.A256GCM;
                Intrinsics.checkNotNullExpressionValue(encryptionMethod, "A256GCM");
            }
            this.encryptionMethod = encryptionMethod;
            return;
        }
        this.encrypter = new AESEncrypter(jwk.toOctetSequenceKey());
        this.decrypter = new AESDecrypter(jwk.toOctetSequenceKey());
        JWEAlgorithm jWEAlgorithm4 = this.algorithm;
        if (Intrinsics.areEqual(jWEAlgorithm4, JWEAlgorithm.A128KW)) {
            encryptionMethod2 = EncryptionMethod.A128GCM;
            Intrinsics.checkNotNullExpressionValue(encryptionMethod2, "A128GCM");
        } else if (Intrinsics.areEqual(jWEAlgorithm4, JWEAlgorithm.A192KW)) {
            encryptionMethod2 = EncryptionMethod.A192GCM;
            Intrinsics.checkNotNullExpressionValue(encryptionMethod2, "A192GCM");
        } else if (Intrinsics.areEqual(jWEAlgorithm4, JWEAlgorithm.A256KW)) {
            encryptionMethod2 = EncryptionMethod.A256GCM;
            Intrinsics.checkNotNullExpressionValue(encryptionMethod2, "A256GCM");
        } else if (Intrinsics.areEqual(jWEAlgorithm4, JWEAlgorithm.A128GCMKW)) {
            encryptionMethod2 = EncryptionMethod.A128GCM;
            Intrinsics.checkNotNullExpressionValue(encryptionMethod2, "A128GCM");
        } else if (Intrinsics.areEqual(jWEAlgorithm4, JWEAlgorithm.A192GCMKW)) {
            encryptionMethod2 = EncryptionMethod.A192GCM;
            Intrinsics.checkNotNullExpressionValue(encryptionMethod2, "A192GCM");
        } else {
            if (!Intrinsics.areEqual(jWEAlgorithm4, JWEAlgorithm.A256GCMKW)) {
                throw new UnreachableException();
            }
            encryptionMethod2 = EncryptionMethod.A256GCM;
            Intrinsics.checkNotNullExpressionValue(encryptionMethod2, "A256GCM");
        }
        this.encryptionMethod = encryptionMethod2;
    }

    @NotNull
    public final <T> String encrypt(@NotNull JWTClaimsSet.Builder builder, @NotNull String str, T t) {
        Intrinsics.checkNotNullParameter(builder, "builder");
        Intrinsics.checkNotNullParameter(str, "cty");
        JWTClaimsSet.Builder issueTime = builder.issueTime(Date.from(Instant.now()));
        Long l = this.expirationSeconds;
        if (l != null) {
            Date from = Date.from(Instant.now().plusSeconds(l.longValue()));
            if (from != null) {
                issueTime.expirationTime(from);
            }
        }
        Object convertValue = this.objectMapper.convertValue(t, new TypeReference<Map<String, ? extends Object>>() { // from class: io.mosaicboot.core.jwt.JweHelper$encrypt$3
        });
        Intrinsics.checkNotNullExpressionValue(convertValue, "convertValue(...)");
        for (Map.Entry entry : ((Map) convertValue).entrySet()) {
            issueTime.claim((String) entry.getKey(), entry.getValue());
        }
        EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader.Builder(this.algorithm, this.encryptionMethod).keyID(this.keyId).contentType(str).compressionAlgorithm(CompressionAlgorithm.DEF).build(), issueTime.build());
        try {
            encryptedJWT.encrypt(this.encrypter);
            String serialize = encryptedJWT.serialize();
            Intrinsics.checkNotNullExpressionValue(serialize, "serialize(...)");
            return serialize;
        } catch (JOSEException e) {
            throw new RuntimeException("Failed to sign JWT", e);
        }
    }

    @Override // io.mosaicboot.core.jwt.JwtCodec
    @NotNull
    public <T> String encode(@NotNull JWTClaimsSet.Builder builder, @NotNull T t) {
        Intrinsics.checkNotNullParameter(builder, "builder");
        Intrinsics.checkNotNullParameter(t, "claims");
        return encrypt(builder, ((JwtContentType) t.getClass().getAnnotation(JwtContentType.class)).value(), t);
    }

    @NotNull
    public final EncryptedJWT decrypt(@NotNull String str, @NotNull String str2) {
        Intrinsics.checkNotNullParameter(str, "token");
        Intrinsics.checkNotNullParameter(str2, "cty");
        try {
            EncryptedJWT parse = EncryptedJWT.parse(str);
            parse.decrypt(this.decrypter);
            JWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
            if (jWTClaimsSet.getExpirationTime().before(Date.from(Instant.now()))) {
                throw new BadCredentialsException("Expired JWT token");
            }
            if (!Intrinsics.areEqual(parse.getHeader().getContentType(), str2)) {
                throw new BadCredentialsException("Invalid Content Type");
            }
            Intrinsics.checkNotNull(parse);
            return parse;
        } catch (ParseException e) {
            throw new BadCredentialsException("Invalid JWT token", e);
        } catch (JOSEException e2) {
            throw new BadCredentialsException("Failed to verify JWT token", e2);
        }
    }

    @Override // io.mosaicboot.core.jwt.JwtCodec
    public <T> T decode(@NotNull String str, @NotNull Class<T> cls) {
        Intrinsics.checkNotNullParameter(str, "token");
        Intrinsics.checkNotNullParameter(cls, "type");
        return (T) this.objectMapper.convertValue(decrypt(str, ((JwtContentType) cls.getAnnotation(JwtContentType.class)).value()).getJWTClaimsSet().toJSONObject(), cls);
    }
}
