package org.apache.cxf.rs.security.oauth2.provider;

import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.class */
public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvider {
    private JwsSignatureProvider jwsProvider;
    private JwsSignatureVerifier jwsVerifier;
    private JweEncryptionProvider jweEncryptor;
    private JweDecryptionProvider jweDecryptor;
    private boolean jwsRequired;
    private boolean jweRequired;
    private int maxDefaultSessionInterval;

    @Override // org.apache.cxf.rs.security.oauth2.provider.SessionAuthenticityTokenProvider
    public String createSessionToken(MessageContext messageContext, MultivaluedMap<String, String> multivaluedMap, UserSubject userSubject, OAuthRedirectionState oAuthRedirectionState) {
        return OAuthUtils.setSessionToken(messageContext, protectStateString(convertStateToString(oAuthRedirectionState)), this.maxDefaultSessionInterval);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.SessionAuthenticityTokenProvider
    public String getSessionToken(MessageContext messageContext, MultivaluedMap<String, String> multivaluedMap, UserSubject userSubject) {
        return OAuthUtils.getSessionToken(messageContext);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.SessionAuthenticityTokenProvider
    public String removeSessionToken(MessageContext messageContext, MultivaluedMap<String, String> multivaluedMap, UserSubject userSubject) {
        return getSessionToken(messageContext, multivaluedMap, userSubject);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.SessionAuthenticityTokenProvider
    public OAuthRedirectionState getSessionState(MessageContext messageContext, String str, UserSubject userSubject) {
        return convertStateStringToState(decryptStateString(str));
    }

    public void setJwsProvider(JwsSignatureProvider jwsSignatureProvider) {
        this.jwsProvider = jwsSignatureProvider;
    }

    public void setJwsVerifier(JwsSignatureVerifier jwsSignatureVerifier) {
        this.jwsVerifier = jwsSignatureVerifier;
    }

    public void setJweEncryptor(JweEncryptionProvider jweEncryptionProvider) {
        this.jweEncryptor = jweEncryptionProvider;
    }

    public void setJweDecryptor(JweDecryptionProvider jweDecryptionProvider) {
        this.jweDecryptor = jweDecryptionProvider;
    }

    protected JwsSignatureProvider getInitializedSigProvider() {
        return this.jwsProvider != null ? this.jwsProvider : JwsUtils.loadSignatureProvider(this.jwsRequired);
    }

    protected JweEncryptionProvider getInitializedEncryptionProvider() {
        return this.jweEncryptor != null ? this.jweEncryptor : JweUtils.loadEncryptionProvider(this.jweRequired);
    }

    public void setJwsRequired(boolean z) {
        this.jwsRequired = z;
    }

    public void setJweRequired(boolean z) {
        this.jweRequired = z;
    }

    protected JweDecryptionProvider getInitializedDecryptionProvider() {
        return this.jweDecryptor != null ? this.jweDecryptor : JweUtils.loadDecryptionProvider(this.jweRequired);
    }

    protected JwsSignatureVerifier getInitializedSigVerifier() {
        return this.jwsVerifier != null ? this.jwsVerifier : JwsUtils.loadSignatureVerifier(this.jwsRequired);
    }

    private String decryptStateString(String str) {
        String contentText = getInitializedDecryptionProvider().decrypt(str).getContentText();
        JwsSignatureVerifier initializedSigVerifier = getInitializedSigVerifier();
        if (initializedSigVerifier != null) {
            contentText = JwsUtils.verify(initializedSigVerifier, contentText).getUnsignedEncodedSequence();
        }
        return contentText;
    }

    private String protectStateString(String str) {
        JwsSignatureProvider initializedSigProvider = getInitializedSigProvider();
        JweEncryptionProvider initializedEncryptionProvider = getInitializedEncryptionProvider();
        if (initializedSigProvider == null && initializedEncryptionProvider == null) {
            throw new OAuthServiceException("Session token can not be created");
        }
        if (initializedSigProvider != null) {
            str = JwsUtils.sign(initializedSigProvider, str, (String) null);
        }
        if (initializedEncryptionProvider != null) {
            str = initializedEncryptionProvider.encrypt(StringUtils.toBytesUTF8(str), null);
        }
        return str;
    }

    private OAuthRedirectionState convertStateStringToState(String str) {
        String[] parts = ModelEncryptionSupport.getParts(str);
        OAuthRedirectionState oAuthRedirectionState = new OAuthRedirectionState();
        oAuthRedirectionState.setClientId(parts[0]);
        if (!StringUtils.isEmpty(parts[1])) {
            oAuthRedirectionState.setAudience(parts[1]);
        }
        if (!StringUtils.isEmpty(parts[2])) {
            oAuthRedirectionState.setClientCodeChallenge(parts[2]);
        }
        if (!StringUtils.isEmpty(parts[3])) {
            oAuthRedirectionState.setState(parts[3]);
        }
        if (!StringUtils.isEmpty(parts[4])) {
            oAuthRedirectionState.setProposedScope(parts[4]);
        }
        if (!StringUtils.isEmpty(parts[5])) {
            oAuthRedirectionState.setRedirectUri(parts[5]);
        }
        return oAuthRedirectionState;
    }

    protected String convertStateToString(OAuthRedirectionState oAuthRedirectionState) {
        return ModelEncryptionSupport.tokenizeString(oAuthRedirectionState.getClientId()) + "|" + ModelEncryptionSupport.tokenizeString(oAuthRedirectionState.getAudience()) + "|" + ModelEncryptionSupport.tokenizeString(oAuthRedirectionState.getClientCodeChallenge()) + "|" + ModelEncryptionSupport.tokenizeString(oAuthRedirectionState.getState()) + "|" + ModelEncryptionSupport.tokenizeString(oAuthRedirectionState.getProposedScope()) + "|" + ModelEncryptionSupport.tokenizeString(oAuthRedirectionState.getRedirectUri());
    }

    public void setMaxDefaultSessionInterval(int i) {
        this.maxDefaultSessionInterval = i;
    }
}
