package org.apache.cxf.rs.security.oidc.idp;

import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwe.DirectKeyJweEncryption;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.oauth2.common.Client;

/* loaded from: input_file:org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.class */
public abstract class AbstractJwsJweProducer {
    private JwsSignatureProvider sigProvider;
    private JweEncryptionProvider encryptionProvider;
    private boolean encryptWithClientCertificates;
    private boolean encryptWithClientSecret;
    private boolean signWithClientSecret;

    public void setSignatureProvider(JwsSignatureProvider jwsSignatureProvider) {
        this.sigProvider = jwsSignatureProvider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JwsSignatureProvider getInitializedSigProvider(Client client, boolean z) {
        return this.sigProvider != null ? this.sigProvider : this.signWithClientSecret ? JwsUtils.getHmacSignatureProvider(CryptoUtils.decodeSequence(client.getClientSecret()), "HS256") : JwsUtils.loadSignatureProvider(z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JweEncryptionProvider getInitializedEncryptionProvider(Client client, boolean z) {
        if (this.encryptionProvider != null) {
            return this.encryptionProvider;
        }
        DirectKeyJweEncryption directKeyJweEncryption = null;
        if (this.encryptWithClientSecret) {
            directKeyJweEncryption = JweUtils.getDirectKeyJweEncryption(CryptoUtils.decodeSecretKey(client.getClientSecret()), "A128GCM");
        } else if (this.encryptWithClientCertificates) {
            directKeyJweEncryption = JweUtils.createJweEncryptionProvider((RSAPublicKey) ((X509Certificate) CryptoUtils.decodeCertificate((String) client.getApplicationCertificates().get(0))).getPublicKey(), "RSA-OAEP", "A128GCM", (String) null);
        }
        if (directKeyJweEncryption == null) {
            directKeyJweEncryption = JweUtils.loadEncryptionProvider(z);
        }
        return directKeyJweEncryption;
    }

    public void setEncryptWithClientCertificates(boolean z) {
        if (this.encryptWithClientSecret) {
            throw new SecurityException();
        }
        this.encryptWithClientCertificates = z;
    }

    public void setEncryptWithClientSecret(boolean z) {
        if (this.signWithClientSecret || this.encryptWithClientCertificates) {
            throw new SecurityException();
        }
        this.encryptWithClientSecret = z;
    }

    public void setSignWithClientSecret(boolean z) {
        if (this.encryptWithClientSecret) {
            throw new SecurityException();
        }
        this.signWithClientSecret = z;
    }
}
