package org.apache.cxf.rs.security.oauth2.provider;

import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rt.security.crypto.CryptoUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.class */
public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsumer {
    private boolean decryptWithClientSecret;
    private boolean verifyWithClientSecret;

    protected JwtToken getJwtToken(String str, String str2) {
        return getJwtToken(str, getInitializedDecryptionProvider(str2), getInitializedSignatureVerifier(str2));
    }

    protected JwsSignatureVerifier getInitializedSignatureVerifier(String str) {
        return this.verifyWithClientSecret ? JwsUtils.getHmacSignatureVerifier(CryptoUtils.decodeSequence(str), SignatureAlgorithm.HS256) : super.getInitializedSignatureVerifier();
    }

    protected JweDecryptionProvider getInitializedDecryptionProvider(String str) {
        JweDecryptionProvider jweDecryptionProvider = null;
        if (this.decryptWithClientSecret) {
            jweDecryptionProvider = JweUtils.getDirectKeyJweDecryption(CryptoUtils.decodeSecretKey(str), ContentAlgorithm.A128GCM);
        }
        if (jweDecryptionProvider == null) {
            jweDecryptionProvider = super.getInitializedDecryptionProvider();
        }
        return jweDecryptionProvider;
    }

    public void setDecryptWithClientSecret(boolean z) {
        if (this.verifyWithClientSecret) {
            throw new SecurityException();
        }
        this.decryptWithClientSecret = this.verifyWithClientSecret;
    }

    public void setVerifyWithClientSecret(boolean z) {
        if (z) {
            throw new SecurityException();
        }
        this.verifyWithClientSecret = z;
    }
}
