package org.apache.cxf.rs.security.jose.jwt.token;

import javax.crypto.SecretKey;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
import org.apache.cxf.rs.security.jose.jwe.AesGcmContentDecryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.AesGcmContentEncryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.DirectKeyJweDecryption;
import org.apache.cxf.rs.security.jose.jwe.DirectKeyJweEncryption;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
import org.apache.cxf.rs.security.jose.jws.JwsSignature;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;

/* loaded from: input_file:org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils.class */
public final class JwtAccessTokenUtils {

    /* loaded from: input_file:org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils$NoneJwsSignature.class */
    private static class NoneJwsSignature implements JwsSignature {
        private NoneJwsSignature() {
        }

        public void update(byte[] bArr, int i, int i2) {
        }

        public byte[] sign() {
            return new byte[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils$NoneSignatureProvider.class */
    public static class NoneSignatureProvider implements JwsSignatureProvider {
        private NoneSignatureProvider() {
        }

        public String getAlgorithm() {
            return "none";
        }

        public JwsSignature createJwsSignature(JwsHeaders jwsHeaders) {
            return new NoneJwsSignature();
        }
    }

    private JwtAccessTokenUtils() {
    }

    public static ServerAccessToken toAccessToken(JwtToken jwtToken, Client client, SecretKey secretKey) {
        return toAccessToken(jwtToken, client, (JweEncryptionProvider) new DirectKeyJweEncryption(new AesGcmContentEncryptionAlgorithm(secretKey, (byte[]) null, Algorithm.A128GCM.getJwtName())));
    }

    public static ServerAccessToken toAccessToken(JwtToken jwtToken, Client client, JweEncryptionProvider jweEncryptionProvider) {
        String encrypt = jweEncryptionProvider.encrypt(getBytes(new JwsJwtCompactProducer(jwtToken).signWith(new NoneSignatureProvider())), (String) null);
        Long issuedAt = jwtToken.getClaims().getIssuedAt();
        Long notBefore = jwtToken.getClaims().getNotBefore();
        if (issuedAt == null) {
            issuedAt = Long.valueOf(System.currentTimeMillis());
            notBefore = null;
        }
        return new BearerAccessToken(client, encrypt, issuedAt.longValue(), (notBefore == null ? 3600L : Long.valueOf(notBefore.longValue() - issuedAt.longValue())).longValue());
    }

    public static JwtToken fromAccessTokenId(String str, SecretKey secretKey) {
        return fromAccessTokenId(str, (JweDecryptionProvider) new DirectKeyJweDecryption(secretKey, new AesGcmContentDecryptionAlgorithm(Algorithm.A128GCM.getJwtName())));
    }

    public static JwtToken fromAccessTokenId(String str, JweDecryptionProvider jweDecryptionProvider) {
        return new JwsJwtCompactConsumer(jweDecryptionProvider.decrypt(str).getContentText()).getJwtToken();
    }

    private static byte[] getBytes(String str) {
        try {
            return str.getBytes("UTF-8");
        } catch (Exception e) {
            return null;
        }
    }
}
