package net.tokensmith.jwt.builder.compact;

import java.io.ByteArrayOutputStream;
import java.util.Base64;
import java.util.Optional;
import net.tokensmith.jwt.builder.exception.CompactException;
import net.tokensmith.jwt.config.JwtAppFactory;
import net.tokensmith.jwt.entity.jwe.EncryptionAlgorithm;
import net.tokensmith.jwt.entity.jwk.RSAPublicKey;
import net.tokensmith.jwt.entity.jwk.SymmetricKey;
import net.tokensmith.jwt.entity.jwt.header.Algorithm;
import net.tokensmith.jwt.entity.jwt.header.Header;
import net.tokensmith.jwt.jwe.entity.JWE;
import net.tokensmith.jwt.jwe.factory.exception.CipherException;
import net.tokensmith.jwt.jwe.serialization.JweSerializer;
import net.tokensmith.jwt.jws.signer.factory.rsa.exception.PublicKeyException;
import net.tokensmith.jwt.serialization.exception.EncryptException;
import net.tokensmith.jwt.serialization.exception.JsonToJwtException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/tokensmith/jwt/builder/compact/EncryptedCompactBuilder.class */
public class EncryptedCompactBuilder {
    public static final String UNABLE_TO_BUILD_COMPACT_JWE = "Unable to build compact jwe";
    private byte[] payload;
    private SymmetricKey cek;
    private Algorithm alg;
    private EncryptionAlgorithm encAlg;
    private RSAPublicKey publicKey;
    private static final Logger LOGGER = LoggerFactory.getLogger(EncryptedCompactBuilder.class);
    private static JwtAppFactory jwtAppFactory = new JwtAppFactory();

    public EncryptedCompactBuilder payload(byte[] bArr) {
        this.payload = bArr;
        return this;
    }

    public EncryptedCompactBuilder rsa(RSAPublicKey rSAPublicKey) {
        this.publicKey = rSAPublicKey;
        return this;
    }

    public EncryptedCompactBuilder cek(SymmetricKey symmetricKey) {
        this.cek = symmetricKey;
        return this;
    }

    public EncryptedCompactBuilder alg(Algorithm algorithm) {
        this.alg = algorithm;
        return this;
    }

    public EncryptedCompactBuilder encAlg(EncryptionAlgorithm encryptionAlgorithm) {
        this.encAlg = encryptionAlgorithm;
        return this;
    }

    public ByteArrayOutputStream build() throws CompactException {
        try {
            return jweSerializer().JWEToCompact(jwe());
        } catch (CipherException | EncryptException | JsonToJwtException e) {
            LOGGER.error(e.getMessage(), e);
            throw new CompactException(UNABLE_TO_BUILD_COMPACT_JWE, e);
        }
    }

    protected JweSerializer jweSerializer() throws CompactException {
        return this.publicKey != null ? jweRsaSerializer() : jwtAppFactory.jweDirectSerializer();
    }

    protected JweSerializer jweRsaSerializer() throws CompactException {
        try {
            return jwtAppFactory.jweRsaSerializer(this.publicKey);
        } catch (CipherException | PublicKeyException e) {
            LOGGER.error(e.getMessage(), e);
            throw new CompactException(UNABLE_TO_BUILD_COMPACT_JWE, e);
        }
    }

    protected JWE jwe() {
        return this.publicKey != null ? jweForRsa() : jweForDirect();
    }

    protected JWE jweForDirect() {
        Base64.Decoder urlDecoder = jwtAppFactory.urlDecoder();
        JWE jwe = new JWE();
        Header header = new Header();
        header.setEncryptionAlgorithm(Optional.of(this.encAlg));
        header.setAlgorithm(this.alg);
        header.setKeyId(this.cek.getKeyId());
        jwe.setHeader(header);
        jwe.setPayload(this.payload);
        jwe.setCek(urlDecoder.decode(this.cek.getKey()));
        return jwe;
    }

    protected JWE jweForRsa() {
        JWE jwe = new JWE();
        Header header = new Header();
        header.setKeyId(this.publicKey.getKeyId());
        header.setEncryptionAlgorithm(Optional.of(this.encAlg));
        header.setAlgorithm(this.alg);
        jwe.setHeader(header);
        jwe.setPayload(this.payload);
        return jwe;
    }
}
