package org.mitre.springboot.config;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import org.mitre.jose.keystore.JWKSetKeyStore;
import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
import org.mitre.jwt.encryption.service.impl.DefaultJWTEncryptionAndDecryptionService;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
import org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;

@Configuration
/* loaded from: input_file:org/mitre/springboot/config/CryptoConfig.class */
public class CryptoConfig {
    @ConditionalOnMissingBean({JWKSetKeyStore.class})
    @Bean
    public JWKSetKeyStore defaultKeyStore(@Value("${openid.connect.crypto.keystore.path}") Resource resource) {
        JWKSetKeyStore jWKSetKeyStore = new JWKSetKeyStore();
        jWKSetKeyStore.setLocation(resource);
        return jWKSetKeyStore;
    }

    @ConditionalOnMissingBean({JWTSigningAndValidationService.class})
    @Bean
    public JWTSigningAndValidationService defaultJwtSigningAndValidationService(JWKSetKeyStore jWKSetKeyStore, @Value("${openid.connect.crypto.signing.defaultSignerKeyId}") String str, @Value("${openid.connect.crypto.signing.defaultSigningAlgorithmName}") String str2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        DefaultJWTSigningAndValidationService defaultJWTSigningAndValidationService = new DefaultJWTSigningAndValidationService(jWKSetKeyStore);
        defaultJWTSigningAndValidationService.setDefaultSignerKeyId(str);
        defaultJWTSigningAndValidationService.setDefaultSigningAlgorithmName(str2);
        return defaultJWTSigningAndValidationService;
    }

    @ConditionalOnMissingBean({JWTEncryptionAndDecryptionService.class})
    @Bean
    public JWTEncryptionAndDecryptionService defaultJwtEncryptionAndDecryptionService(JWKSetKeyStore jWKSetKeyStore, @Value("${openid.connect.crypto.encrypt.defaultAlgorithm}") JWEAlgorithm jWEAlgorithm, @Value("${openid.connect.crypto.encrypt.defaultDecryptionKeyId}") String str, @Value("${openid.connect.crypto.encrypt.defaultEncryptionKeyId}") String str2) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
        DefaultJWTEncryptionAndDecryptionService defaultJWTEncryptionAndDecryptionService = new DefaultJWTEncryptionAndDecryptionService(jWKSetKeyStore);
        defaultJWTEncryptionAndDecryptionService.setDefaultAlgorithm(jWEAlgorithm);
        defaultJWTEncryptionAndDecryptionService.setDefaultDecryptionKeyId(str);
        defaultJWTEncryptionAndDecryptionService.setDefaultEncryptionKeyId(str2);
        return defaultJWTEncryptionAndDecryptionService;
    }
}
