package be.atbash.ee.security.octopus.jwt.encoder;

import be.atbash.ee.security.octopus.jwt.keys.HMACSecret;
import be.atbash.ee.security.octopus.jwt.parameter.JWTParametersSigning;
import be.atbash.util.exception.AtbashIllegalActionException;
import be.atbash.util.exception.AtbashUnexpectedException;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.RSAKey;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/octopus-jwt-support-0.5.0.jar:be/atbash/ee/security/octopus/jwt/encoder/JWTSignerFactory.class */
public class JWTSignerFactory {

    @Inject
    private HMACAlgorithmFactory hmacAlgorithmFactory;

    public JWSSigner createSigner(JWTParametersSigning jWTParametersSigning) {
        JWSSigner mACSigner;
        switch (jWTParametersSigning.getSecretKeyType()) {
            case HMAC:
                try {
                    if (!(jWTParametersSigning.getJWK() instanceof HMACSecret)) {
                        throw new AtbashIllegalActionException("(OCT-DEV-102) Secret is expected to be an instance of be.atbash.ee.security.octopus.jwt.keys.HMACSecret");
                    }
                    mACSigner = new MACSigner(((HMACSecret) jWTParametersSigning.getJWK()).toSecretKey());
                    break;
                } catch (KeyLengthException e) {
                    throw new AtbashUnexpectedException(e);
                }
            case RSA:
                if (!(jWTParametersSigning.getJWK() instanceof RSAKey)) {
                    throw new AtbashIllegalActionException("(OCT-DEV-103) Secret is expected to be an instance of com.nimbusds.jose.jwk.RSAKey");
                }
                try {
                    mACSigner = new RSASSASigner((RSAKey) jWTParametersSigning.getJWK());
                    break;
                } catch (JOSEException e2) {
                    throw new AtbashUnexpectedException(e2);
                }
            case EC:
                if (!(jWTParametersSigning.getJWK() instanceof ECKey)) {
                    throw new AtbashIllegalActionException("(OCT-DEV-104) Secret is expected to be an instance of com.nimbusds.jose.jwk.ECKey");
                }
                try {
                    mACSigner = new ECDSASigner((ECKey) jWTParametersSigning.getJWK());
                    break;
                } catch (JOSEException e3) {
                    throw new AtbashUnexpectedException(e3);
                }
            default:
                throw new IllegalArgumentException(String.format("Unsupported value for SecretKeyType : %s", jWTParametersSigning.getSecretKeyType()));
        }
        return mACSigner;
    }

    public JWSAlgorithm defineJWSAlgorithm(JWTParametersSigning jWTParametersSigning) {
        JWSAlgorithm jWSAlgorithm;
        checkDependencies();
        switch (jWTParametersSigning.getSecretKeyType()) {
            case HMAC:
                jWSAlgorithm = this.hmacAlgorithmFactory.determineOptimalAlgorithm(((HMACSecret) jWTParametersSigning.getJWK()).toSecretKey().getEncoded());
                break;
            case RSA:
                jWSAlgorithm = JWSAlgorithm.RS256;
                break;
            case EC:
                jWSAlgorithm = JWSAlgorithm.ES256;
                break;
            default:
                throw new IllegalArgumentException(String.format("Unsupported value for SecretKeyType : %s", jWTParametersSigning.getSecretKeyType()));
        }
        return jWSAlgorithm;
    }

    private void checkDependencies() {
        if (this.hmacAlgorithmFactory == null) {
            this.hmacAlgorithmFactory = new HMACAlgorithmFactory();
        }
    }
}
