package org.apache.cxf.rs.security.jose.jwe;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.jwe.JweException;
import org.eclipse.jdt.internal.compiler.impl.CompilerOptions;

/* loaded from: input_file:org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.class */
public class JweJsonProducer {
    protected static final Logger LOG = LogUtils.getL7dLogger(JweJsonProducer.class);
    private JsonMapObjectReaderWriter writer;
    private JweHeaders protectedHeader;
    private JweHeaders unprotectedHeader;
    private byte[] content;
    private byte[] aad;
    private boolean canBeFlat;

    public JweJsonProducer(JweHeaders jweHeaders, byte[] bArr) {
        this(jweHeaders, bArr, false);
    }

    public JweJsonProducer(JweHeaders jweHeaders, byte[] bArr, boolean z) {
        this(jweHeaders, bArr, null, z);
    }

    public JweJsonProducer(JweHeaders jweHeaders, byte[] bArr, byte[] bArr2, boolean z) {
        this.writer = new JsonMapObjectReaderWriter();
        this.protectedHeader = jweHeaders;
        this.content = bArr;
        this.aad = bArr2;
        this.canBeFlat = z;
    }

    public JweJsonProducer(JweHeaders jweHeaders, JweHeaders jweHeaders2, byte[] bArr, byte[] bArr2, boolean z) {
        this(jweHeaders, bArr, bArr2, z);
        this.unprotectedHeader = jweHeaders2;
    }

    public String encryptWith(JweEncryptionProvider jweEncryptionProvider) {
        return encryptWith(Collections.singletonList(jweEncryptionProvider), (List<JweHeaders>) null);
    }

    public String encryptWith(JweEncryptionProvider jweEncryptionProvider, JweHeaders jweHeaders) {
        return encryptWith(Collections.singletonList(jweEncryptionProvider), Collections.singletonList(jweHeaders));
    }

    public String encryptWith(List<JweEncryptionProvider> list) {
        return encryptWith(list, (List<JweHeaders>) null);
    }

    public String encryptWith(List<JweEncryptionProvider> list, List<JweHeaders> list2) {
        JweHeaders jweHeaders;
        checkAndGetContentAlgorithm(list);
        if (list2 != null && list2.size() != list.size()) {
            throw new IllegalArgumentException();
        }
        JweHeaders jweHeaders2 = new JweHeaders();
        if (this.protectedHeader != null) {
            jweHeaders2.asMap().putAll(this.protectedHeader.asMap());
        }
        if (this.unprotectedHeader != null) {
            if (!Collections.disjoint(jweHeaders2.asMap().keySet(), this.unprotectedHeader.asMap().keySet())) {
                LOG.warning("Protected and unprotected headers have duplicate values");
                throw new JweException(JweException.Error.INVALID_JSON_JWE);
            }
            checkCriticalHeaders(this.unprotectedHeader);
            jweHeaders2.asMap().putAll(this.unprotectedHeader.asMap());
        }
        ArrayList arrayList = new ArrayList(list.size());
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        byte[] bArr = null;
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        for (int i = 0; i < list.size(); i++) {
            JweEncryptionProvider jweEncryptionProvider = list.get(i);
            JweHeaders jweHeaders3 = list2 == null ? null : list2.get(i);
            if (jweHeaders3 != null) {
                checkCriticalHeaders(jweHeaders3);
                if (!Collections.disjoint(jweHeaders2.asMap().keySet(), jweHeaders3.asMap().keySet())) {
                    LOG.warning("union and recipient unprotected headers have duplicate values");
                    throw new JweException(JweException.Error.INVALID_JSON_JWE);
                }
                jweHeaders = new JweHeaders(jweHeaders2.asMap());
                jweHeaders.asMap().putAll(jweHeaders3.asMap());
            } else {
                jweHeaders = jweHeaders2;
            }
            jweHeaders.setProtectedHeaders(this.protectedHeader);
            JweEncryptionInput createEncryptionInput = createEncryptionInput(jweHeaders);
            if (i > 0) {
                createEncryptionInput.setContent(null);
            }
            JweEncryptionOutput encryptionOutput = jweEncryptionProvider.getEncryptionOutput(createEncryptionInput);
            byte[] encryptedContent = encryptionOutput.getEncryptedContent();
            byte[] authTag = encryptionOutput.getAuthTag();
            byte[] iv = encryptionOutput.getIv();
            if (bArr == null) {
                bArr = encryptedContent;
            }
            if (bArr2 == null) {
                bArr2 = authTag;
            }
            if (bArr3 == null) {
                bArr3 = iv;
            }
            byte[] contentEncryptionKey = encryptionOutput.getContentEncryptionKey();
            if (contentEncryptionKey.length == 0 && jweEncryptionProvider.getKeyAlgorithm() != null) {
                LOG.warning("Unexpected key encryption algorithm");
                throw new JweException(JweException.Error.INVALID_JSON_JWE);
            }
            arrayList.add(new JweJsonEncryptionEntry(jweHeaders3, contentEncryptionKey.length == 0 ? null : Base64UrlUtility.encode(contentEncryptionKey)));
        }
        if (this.protectedHeader != null) {
            linkedHashMap.put(CompilerOptions.PROTECTED, Base64UrlUtility.encode(this.writer.toJson(this.protectedHeader)));
        }
        if (this.unprotectedHeader != null) {
            linkedHashMap.put("unprotected", this.unprotectedHeader);
        }
        if (arrayList.size() == 1 && this.canBeFlat) {
            JweHeaders unprotectedHeader = ((JweJsonEncryptionEntry) arrayList.get(0)).getUnprotectedHeader();
            if (unprotectedHeader != null) {
                linkedHashMap.put("header", unprotectedHeader);
            }
            String encodedEncryptedKey = ((JweJsonEncryptionEntry) arrayList.get(0)).getEncodedEncryptedKey();
            if (encodedEncryptedKey != null) {
                linkedHashMap.put("encrypted_key", encodedEncryptedKey);
            }
        } else {
            linkedHashMap.put("recipients", arrayList);
        }
        if (this.aad != null) {
            linkedHashMap.put("aad", Base64UrlUtility.encode(this.aad));
        }
        linkedHashMap.put("iv", Base64UrlUtility.encode(bArr3));
        linkedHashMap.put("ciphertext", Base64UrlUtility.encode(bArr));
        linkedHashMap.put("tag", Base64UrlUtility.encode(bArr2));
        return this.writer.toJson(linkedHashMap);
    }

    protected JweEncryptionInput createEncryptionInput(JweHeaders jweHeaders) {
        return new JweEncryptionInput(jweHeaders, this.content, this.aad);
    }

    private String checkAndGetContentAlgorithm(List<JweEncryptionProvider> list) {
        HashSet hashSet = new HashSet();
        Iterator<JweEncryptionProvider> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getContentAlgorithm().getJwaName());
        }
        if (hashSet.size() == 1) {
            return (String) hashSet.iterator().next();
        }
        LOG.warning("Invalid content encryption algorithm");
        throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
    }

    private static void checkCriticalHeaders(JweHeaders jweHeaders) {
        if (jweHeaders.asMap().containsKey(JoseConstants.HEADER_CRITICAL)) {
            LOG.warning("Unprotected headers contain critical headers");
            throw new JweException(JweException.Error.INVALID_JSON_JWE);
        }
    }
}
