package org.apache.cxf.rs.security.jose.jwe;

import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.JweException;

/* loaded from: input_file:org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.class */
public class JweJsonConsumer {
    protected static final Logger LOG = LogUtils.getL7dLogger(JweJsonConsumer.class);
    private String protectedHeaderJson;
    private JweHeaders protectedHeaderJwe;
    private JweHeaders sharedUnprotectedHeader;
    private byte[] aad;
    private byte[] iv;
    private byte[] cipherBytes;
    private byte[] authTag;
    private List<JweJsonEncryptionEntry> recipients = new LinkedList();
    private Map<JweJsonEncryptionEntry, JweHeaders> recipientsMap = new LinkedHashMap();
    private JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();

    public JweJsonConsumer(String str) {
        prepare(str);
    }

    public JweDecryptionOutput decryptWith(JweDecryptionProvider jweDecryptionProvider) {
        return decryptWith(jweDecryptionProvider, (Map<String, Object>) null);
    }

    public JweDecryptionOutput decryptWith(JweDecryptionProvider jweDecryptionProvider, Map<String, Object> map) {
        return decryptWith(jweDecryptionProvider, getJweDecryptionEntry(jweDecryptionProvider, map));
    }

    public JweDecryptionOutput decryptWith(JweDecryptionProvider jweDecryptionProvider, JweJsonEncryptionEntry jweJsonEncryptionEntry) {
        JweDecryptionInput jweDecryptionInput = getJweDecryptionInput(jweJsonEncryptionEntry);
        return new JweDecryptionOutput(jweDecryptionInput.getJweHeaders(), jweDecryptionProvider.decrypt(jweDecryptionInput));
    }

    private JweDecryptionInput getJweDecryptionInput(JweJsonEncryptionEntry jweJsonEncryptionEntry) {
        if (jweJsonEncryptionEntry == null) {
            LOG.warning("JWE JSON Entry is not available");
            throw new JweException(JweException.Error.INVALID_JSON_JWE);
        }
        JweHeaders jweHeaders = this.recipientsMap.get(jweJsonEncryptionEntry);
        if (jweHeaders != null) {
            return new JweDecryptionInput(jweJsonEncryptionEntry.getEncryptedKey(), this.iv, this.cipherBytes, this.authTag, this.aad, this.protectedHeaderJson, jweHeaders);
        }
        LOG.warning("JWE JSON Entry union headers are not available");
        throw new JweException(JweException.Error.INVALID_JSON_JWE);
    }

    public JweJsonEncryptionEntry getJweDecryptionEntry(JweDecryptionProvider jweDecryptionProvider) {
        return getJweDecryptionEntry(jweDecryptionProvider, null);
    }

    public JweJsonEncryptionEntry getJweDecryptionEntry(JweDecryptionProvider jweDecryptionProvider, Map<String, Object> map) {
        for (Map.Entry<JweJsonEncryptionEntry, JweHeaders> entry : this.recipientsMap.entrySet()) {
            KeyAlgorithm keyEncryptionAlgorithm = entry.getValue().getKeyEncryptionAlgorithm();
            if ((keyEncryptionAlgorithm != null && keyEncryptionAlgorithm.equals(jweDecryptionProvider.getKeyAlgorithm())) || (keyEncryptionAlgorithm == null && (jweDecryptionProvider.getKeyAlgorithm() == null || KeyAlgorithm.DIRECT.equals(jweDecryptionProvider.getKeyAlgorithm())))) {
                if (map == null || entry.getValue().asMap().entrySet().containsAll(map.entrySet())) {
                    return entry.getKey();
                }
            }
        }
        return null;
    }

    private void prepare(String str) {
        Map<String, Object> fromJson = this.reader.fromJson(str);
        String str2 = (String) fromJson.get("protected");
        if (str2 != null) {
            this.protectedHeaderJson = JoseUtils.decodeToString(str2);
            this.protectedHeaderJwe = new JweHeaders((Map<String, Object>) this.reader.fromJson(this.protectedHeaderJson));
        }
        Map cast = CastUtils.cast((Map) fromJson.get("unprotected"));
        this.sharedUnprotectedHeader = cast == null ? null : new JweHeaders((Map<String, Object>) cast);
        List cast2 = CastUtils.cast((List) fromJson.get("recipients"));
        if (cast2 == null) {
            this.recipients.add(getEncryptionObject(fromJson));
        } else {
            if (fromJson.containsKey("encryption_key")) {
                LOG.warning("JWE JSON encryption_key is missing");
                throw new JweException(JweException.Error.INVALID_JSON_JWE);
            }
            Iterator it = cast2.iterator();
            while (it.hasNext()) {
                this.recipients.add(getEncryptionObject((Map) it.next()));
            }
        }
        this.aad = getDecodedBytes(fromJson, "aad");
        this.cipherBytes = getDecodedBytes(fromJson, "ciphertext");
        this.iv = getDecodedBytes(fromJson, "iv");
        this.authTag = getDecodedBytes(fromJson, "tag");
    }

    protected final JweJsonEncryptionEntry getEncryptionObject(Map<String, Object> map) {
        Map cast = CastUtils.cast((Map) map.get("header"));
        JweHeaders jweHeaders = cast == null ? null : new JweHeaders((Map<String, Object>) cast);
        JweJsonEncryptionEntry jweJsonEncryptionEntry = new JweJsonEncryptionEntry(jweHeaders, (String) map.get("encrypted_key"));
        JweHeaders jweHeaders2 = new JweHeaders();
        if (this.protectedHeaderJwe != null) {
            jweHeaders2.asMap().putAll(this.protectedHeaderJwe.asMap());
            jweHeaders2.setProtectedHeaders(this.protectedHeaderJwe);
        }
        if (this.sharedUnprotectedHeader != null) {
            if (!Collections.disjoint(jweHeaders2.asMap().keySet(), this.sharedUnprotectedHeader.asMap().keySet())) {
                LOG.warning("Protected and unprotected headers have duplicate values");
                throw new JweException(JweException.Error.INVALID_JSON_JWE);
            }
            jweHeaders2.asMap().putAll(this.sharedUnprotectedHeader.asMap());
        }
        if (jweHeaders != null) {
            if (!Collections.disjoint(jweHeaders2.asMap().keySet(), jweHeaders.asMap().keySet())) {
                LOG.warning("Union and recipient unprotected headers have duplicate values");
                throw new JweException(JweException.Error.INVALID_JSON_JWE);
            }
            jweHeaders2.asMap().putAll(jweHeaders.asMap());
        }
        this.recipientsMap.put(jweJsonEncryptionEntry, jweHeaders2);
        return jweJsonEncryptionEntry;
    }

    protected byte[] getDecodedBytes(Map<String, Object> map, String str) {
        String str2 = (String) map.get(str);
        if (str2 != null) {
            return JoseUtils.decode(str2);
        }
        return null;
    }

    public JweHeaders getProtectedHeader() {
        return this.protectedHeaderJwe;
    }

    public JweHeaders getSharedUnprotectedHeader() {
        return this.sharedUnprotectedHeader;
    }

    public byte[] getAad() {
        return this.aad;
    }

    public String getAadText() {
        if (this.aad == null) {
            return null;
        }
        return new String(this.aad, StandardCharsets.UTF_8);
    }

    public byte[] getIvBytes() {
        return this.iv;
    }

    public String getIvText() {
        if (this.iv == null) {
            return null;
        }
        return new String(this.iv, StandardCharsets.UTF_8);
    }

    public byte[] getCipherBytes() {
        return this.cipherBytes;
    }

    public String getCipherText() {
        if (this.cipherBytes == null) {
            return null;
        }
        return new String(this.cipherBytes, StandardCharsets.UTF_8);
    }

    public byte[] getAuthTagBytes() {
        return this.authTag;
    }

    public String getAuthTagText() {
        if (this.authTag == null) {
            return null;
        }
        return new String(this.authTag, StandardCharsets.UTF_8);
    }

    public List<JweJsonEncryptionEntry> getRecipients() {
        return this.recipients;
    }

    public Map<JweJsonEncryptionEntry, JweHeaders> getRecipientsMap() {
        return this.recipientsMap;
    }
}
