package org.apache.cxf.rs.security.oauth2.grants.code;

import java.net.URI;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rt.security.crypto.CryptoUtils;

/* JADX WARN: Classes with same name are omitted:
  
 */
/* loaded from: input_file:lib/cxf-rt-rs-security-oauth2-3.1.3.jar:org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.class */
public class JwtRequestCodeGrant extends AuthorizationCodeGrant {
    private static final long serialVersionUID = -3738825769770411453L;
    private JwsSignatureProvider sigProvider;
    private JweEncryptionProvider encryptionProvider;
    private String clientSecret;
    private boolean encryptWithClientSecret;
    private boolean signWithClientSecret;
    private String issuer;

    public JwtRequestCodeGrant() {
    }

    public JwtRequestCodeGrant(String str) {
        this.issuer = str;
    }

    public JwtRequestCodeGrant(String str, String str2) {
        super(str);
        this.issuer = str2;
    }

    public JwtRequestCodeGrant(String str, URI uri, String str2) {
        super(str, uri);
        this.issuer = str2;
    }

    public void setSignatureProvider(JwsSignatureProvider jwsSignatureProvider) {
        this.sigProvider = jwsSignatureProvider;
    }

    public void setEncryptionProvider(JweEncryptionProvider jweEncryptionProvider) {
        this.encryptionProvider = jweEncryptionProvider;
    }

    protected JwsSignatureProvider getInitializedSigProvider() {
        return this.sigProvider != null ? this.sigProvider : this.signWithClientSecret ? JwsUtils.getHmacSignatureProvider(CryptoUtils.decodeSequence(this.clientSecret), SignatureAlgorithm.HS256) : JwsUtils.loadSignatureProvider(true);
    }

    @Override // org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant, org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant
    public MultivaluedMap<String, String> toMap() {
        String request = getRequest();
        MetadataMap metadataMap = new MetadataMap();
        metadataMap.putSingle("request", request);
        return metadataMap;
    }

    public String getRequest() {
        MultivaluedMap<String, String> map = super.toMap();
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer(this.issuer);
        for (String str : map.keySet()) {
            jwtClaims.setClaim(str, map.getFirst(str));
        }
        String signWith = new JwsJwtCompactProducer(jwtClaims).signWith(getInitializedSigProvider());
        JweEncryptionProvider initializedEncryptionProvider = getInitializedEncryptionProvider();
        if (initializedEncryptionProvider != null) {
            signWith = initializedEncryptionProvider.encrypt(StringUtils.toBytesUTF8(signWith), null);
        }
        return signWith;
    }

    protected JweEncryptionProvider getInitializedEncryptionProvider() {
        return this.encryptionProvider != null ? this.encryptionProvider : this.encryptWithClientSecret ? JweUtils.getDirectKeyJweEncryption(CryptoUtils.decodeSecretKey(this.clientSecret), ContentAlgorithm.A128GCM) : JweUtils.loadEncryptionProvider(false);
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public void setClientSecret(String str) {
        this.clientSecret = str;
    }

    public void setEncryptWithClientSecret(boolean z) {
        if (this.signWithClientSecret) {
            throw new SecurityException();
        }
        this.encryptWithClientSecret = z;
    }

    public void setSignWithClientSecret(boolean z) {
        if (this.encryptWithClientSecret) {
            throw new SecurityException();
        }
        this.signWithClientSecret = z;
    }
}
