package io.smallrye.jwt.build.impl;

import io.smallrye.jwt.algorithm.SignatureAlgorithm;
import io.smallrye.jwt.build.JwtEncryptionBuilder;
import io.smallrye.jwt.build.JwtSignature;
import io.smallrye.jwt.build.JwtSignatureException;
import io.smallrye.jwt.util.KeyUtils;
import java.security.Key;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKey;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;

/* loaded from: input_file:io/smallrye/jwt/build/impl/JwtSignatureImpl.class */
class JwtSignatureImpl implements JwtSignature {
    private static final String KEY_LOCATION_PROPERTY = "smallrye.jwt.sign.key.location";
    private static final String DEPRECATED_KEY_LOCATION_PROPERTY = "smallrye.jwt.sign.key-location";
    JwtClaims claims;
    Map<String, Object> headers;
    Long tokenLifespan;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwtSignatureImpl() {
        this.claims = new JwtClaims();
        this.headers = new HashMap();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwtSignatureImpl(JwtClaims jwtClaims) {
        this.claims = new JwtClaims();
        this.headers = new HashMap();
        this.claims = jwtClaims;
    }

    @Override // io.smallrye.jwt.build.JwtSignature
    public String sign(PrivateKey privateKey) throws JwtSignatureException {
        return signInternal(privateKey);
    }

    @Override // io.smallrye.jwt.build.JwtSignature
    public String sign(SecretKey secretKey) throws JwtSignatureException {
        return signInternal(secretKey);
    }

    @Override // io.smallrye.jwt.build.JwtSignature
    public String sign(String str) throws JwtSignatureException {
        try {
            return signInternal(getSigningKeyFromKeyLocation(str));
        } catch (JwtSignatureException e) {
            throw e;
        } catch (Exception e2) {
            throw ImplMessages.msg.signatureException(e2);
        }
    }

    @Override // io.smallrye.jwt.build.JwtSignature
    public String sign() throws JwtSignatureException {
        try {
            Key key = null;
            if (!"none".equals(this.headers.get("alg"))) {
                key = getSigningKeyFromKeyLocation(getKeyLocationFromConfig(true));
            }
            return signInternal(key);
        } catch (JwtSignatureException e) {
            throw e;
        } catch (Exception e2) {
            throw ImplMessages.msg.signatureException(e2);
        }
    }

    @Override // io.smallrye.jwt.build.JwtSignature
    public String signWithSecret(String str) throws JwtSignatureException {
        return sign(KeyUtils.createSecretKeyFromSecret(str));
    }

    @Override // io.smallrye.jwt.build.JwtSignature
    public JwtEncryptionBuilder innerSign(PrivateKey privateKey) throws JwtSignatureException {
        return new JwtEncryptionImpl(sign(privateKey), true);
    }

    @Override // io.smallrye.jwt.build.JwtSignature
    public JwtEncryptionBuilder innerSign(SecretKey secretKey) throws JwtSignatureException {
        return new JwtEncryptionImpl(sign(secretKey), true);
    }

    @Override // io.smallrye.jwt.build.JwtSignature
    public JwtEncryptionBuilder innerSign(String str) throws JwtSignatureException {
        return new JwtEncryptionImpl(sign(str), true);
    }

    @Override // io.smallrye.jwt.build.JwtSignature
    public JwtEncryptionBuilder innerSign() throws JwtSignatureException {
        if (getKeyLocationFromConfig(false) == null) {
            if (this.headers.containsKey("alg") && !"none".equals(this.headers.get("alg"))) {
                throw ImplMessages.msg.signKeyPropertyRequired(this.headers.get("alg").toString());
            }
            if (this.headers.containsKey("kid")) {
                throw ImplMessages.msg.signAlgorithmRequired();
            }
            this.headers.put("alg", "none");
        }
        return new JwtEncryptionImpl(sign(), true);
    }

    @Override // io.smallrye.jwt.build.JwtSignature
    public JwtEncryptionBuilder innerSignWithSecret(String str) throws JwtSignatureException {
        return innerSign(KeyUtils.createSecretKeyFromSecret(str));
    }

    private String signInternal(Key key) {
        JwtBuildUtils.setDefaultJwtClaims(this.claims, this.tokenLifespan);
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        for (Map.Entry<String, Object> entry : this.headers.entrySet()) {
            jsonWebSignature.setHeader(entry.getKey(), entry.getValue());
        }
        if (!this.headers.containsKey("typ")) {
            jsonWebSignature.setHeader("typ", "JWT");
        }
        String str = (String) this.headers.get("alg");
        if ("none".equals(str)) {
            jsonWebSignature.setAlgorithmConstraints(AlgorithmConstraints.ALLOW_ONLY_NONE);
        } else {
            str = keyAlgorithm(this.headers, key, str);
        }
        jsonWebSignature.setAlgorithmHeaderValue(str);
        jsonWebSignature.setPayload(this.claims.toJson());
        jsonWebSignature.setKey(key);
        try {
            return jsonWebSignature.getCompactSerialization();
        } catch (Exception e) {
            throw ImplMessages.msg.signJwtTokenFailed(e.getMessage(), e);
        }
    }

    static String keyAlgorithm(Map<String, Object> map, Key key, String str) {
        if (key instanceof RSAPrivateKey) {
            if (str == null) {
                return SignatureAlgorithm.RS256.name();
            }
            if (str.startsWith("RS") || str.startsWith("PS")) {
                return str;
            }
        } else if (key instanceof ECPrivateKey) {
            if (str == null) {
                return SignatureAlgorithm.ES256.name();
            }
            if (str.startsWith("ES")) {
                return str;
            }
        } else if (key instanceof SecretKey) {
            if (str == null) {
                return SignatureAlgorithm.HS256.name();
            }
            if (str.startsWith("HS")) {
                return str;
            }
        }
        throw ImplMessages.msg.unsupportedSignatureAlgorithm(key.getAlgorithm());
    }

    static String getKeyLocationFromConfig(boolean z) {
        String str = (String) JwtBuildUtils.getConfigProperty(KEY_LOCATION_PROPERTY, String.class);
        if (str != null) {
            return str;
        }
        String str2 = (String) JwtBuildUtils.getConfigProperty(DEPRECATED_KEY_LOCATION_PROPERTY, String.class);
        if (str2 != null) {
            ImplLogging.log.deprecatedProperty(DEPRECATED_KEY_LOCATION_PROPERTY);
            return str2;
        }
        if (z) {
            throw ImplMessages.msg.signKeyLocationNotConfigured();
        }
        return null;
    }

    Key getSigningKeyFromKeyLocation(String str) {
        try {
            String str2 = (String) this.headers.get("alg");
            Key readSigningKey = KeyUtils.readSigningKey(str, (String) this.headers.get("kid"), str2 == null ? SignatureAlgorithm.RS256 : SignatureAlgorithm.fromAlgorithm(str2));
            if (readSigningKey == null) {
                throw ImplMessages.msg.signingKeyCanNotBeLoadedFromLocation(str);
            }
            return readSigningKey;
        } catch (Exception e) {
            throw ImplMessages.msg.signingKeyCanNotBeLoadedFromLocation(str);
        }
    }
}
