package be.atbash.ee.security.octopus.jwt.encoder;

import be.atbash.ee.security.octopus.config.JwtSupportConfiguration;
import be.atbash.ee.security.octopus.jwt.parameter.JWTParameters;
import be.atbash.ee.security.octopus.jwt.parameter.JWTParametersEncryption;
import be.atbash.ee.security.octopus.jwt.parameter.JWTParametersPlain;
import be.atbash.ee.security.octopus.jwt.parameter.JWTParametersSigning;
import be.atbash.ee.security.octopus.nimbus.jose.Header;
import be.atbash.ee.security.octopus.nimbus.jose.JOSEObjectType;
import be.atbash.ee.security.octopus.nimbus.jose.KeyTypeException;
import be.atbash.ee.security.octopus.nimbus.jose.Payload;
import be.atbash.ee.security.octopus.nimbus.jose.PlainHeader;
import be.atbash.ee.security.octopus.nimbus.jwk.KeyType;
import be.atbash.ee.security.octopus.nimbus.jwt.JWTClaimsSet;
import be.atbash.ee.security.octopus.nimbus.jwt.PlainJWT;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.EncryptionMethod;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEAlgorithm;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEHeader;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEObject;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSHeader;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSObject;
import be.atbash.ee.security.octopus.nimbus.util.JSONObjectUtils;
import be.atbash.ee.security.octopus.util.JsonbUtil;
import be.atbash.util.PublicAPI;
import be.atbash.util.exception.AtbashUnexpectedException;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.json.JsonObject;
import java.text.ParseException;

@PublicAPI
@ApplicationScoped
/* loaded from: input_file:be/atbash/ee/security/octopus/jwt/encoder/JWTEncoder.class */
public class JWTEncoder {

    @Inject
    private JWTSignerFactory signerFactory;

    @Inject
    private JWEEncryptionFactory encryptionFactory;

    @Inject
    private JwtSupportConfiguration jwtSupportConfiguration;

    public String encode(Object obj, JWTParameters jWTParameters) {
        String serialize;
        checkDependencies();
        switch (jWTParameters.getEncoding()) {
            case NONE:
                serialize = createJSONString(obj);
                break;
            case PLAIN:
                serialize = createPlainJWT(obj, (JWTParametersPlain) jWTParameters).serialize();
                break;
            case JWS:
                serialize = createJWTObject(obj, (JWTParametersSigning) jWTParameters).serialize();
                break;
            case JWE:
                serialize = createEncryptedJWE(obj, (JWTParametersEncryption) jWTParameters).serialize();
                break;
            default:
                throw new IllegalArgumentException(String.format("JWTEncoding not supported %s", jWTParameters.getEncoding()));
        }
        return serialize;
    }

    public JsonObject encodeAsJson(Object obj, JWTParameters jWTParameters) {
        JsonObject serializeToJson;
        checkDependencies();
        switch (jWTParameters.getEncoding()) {
            case NONE:
                throw new UnsupportedOperationException("Encoding NONE is not supported to JWT JSON Serialization format");
            case PLAIN:
                serializeToJson = createPlainJWT(obj, (JWTParametersPlain) jWTParameters).serializeToJson();
                break;
            case JWS:
                serializeToJson = createJWTObject(obj, (JWTParametersSigning) jWTParameters).serializeToJson();
                break;
            case JWE:
                serializeToJson = createEncryptedJWE(obj, (JWTParametersEncryption) jWTParameters).serializeToJson();
                break;
            default:
                throw new IllegalArgumentException(String.format("JWTEncoding not supported %s", jWTParameters.getEncoding()));
        }
        return serializeToJson;
    }

    private PlainJWT createPlainJWT(Object obj, JWTParametersPlain jWTParametersPlain) {
        PlainJWT plainJWT;
        PlainHeader build = new PlainHeader.Builder().parameters(jWTParametersPlain.getHeaderValues()).build();
        if (obj instanceof JWTClaimsSet) {
            plainJWT = new PlainJWT(build, (JWTClaimsSet) obj);
        } else {
            String createJSONString = createJSONString(obj);
            try {
                plainJWT = new PlainJWT(build, JSONObjectUtils.parse(createJSONString, Header.MAX_HEADER_STRING_LENGTH));
            } catch (ParseException e) {
                throw new AtbashUnexpectedException(String.format("JSON string can't be parsed which is unexpected %n%s%n%s", createJSONString, e.getMessage()));
            }
        }
        return plainJWT;
    }

    private JWEObject createEncryptedJWE(Object obj, JWTParametersEncryption jWTParametersEncryption) {
        JWEAlgorithm jweAlgorithm = jWTParametersEncryption.getJweAlgorithm();
        if (jweAlgorithm == null) {
            jweAlgorithm = defineDefaultJWEAlgorithm(jWTParametersEncryption);
        }
        if (jweAlgorithm == null) {
            throw new KeyTypeException(jWTParametersEncryption.getKeyType(), "JWE creation");
        }
        JWEObject jWEObject = new JWEObject(new JWEHeader.Builder(jweAlgorithm, EncryptionMethod.A256GCM).keyID(jWTParametersEncryption.getKeyID()).parameters(jWTParametersEncryption.getHeaderValues()).contentType("JWT").build(), new Payload(createJWTObject(obj, jWTParametersEncryption.getParametersSigning()).serialize()));
        jWEObject.encrypt(this.encryptionFactory.createEncryptor(jWTParametersEncryption));
        return jWEObject;
    }

    private JWEAlgorithm defineDefaultJWEAlgorithm(JWTParametersEncryption jWTParametersEncryption) {
        JWEAlgorithm jWEAlgorithm = null;
        if (jWTParametersEncryption.getKeyType() == KeyType.RSA) {
            jWEAlgorithm = this.jwtSupportConfiguration.getDefaultJWEAlgorithmRSA();
        }
        if (jWTParametersEncryption.getKeyType() == KeyType.EC) {
            jWEAlgorithm = this.jwtSupportConfiguration.getDefaultJWEAlgorithmEC();
        }
        if (jWTParametersEncryption.getKeyType() == KeyType.OCT) {
            jWEAlgorithm = this.jwtSupportConfiguration.getDefaultJWEAlgorithmOCT();
        }
        return jWEAlgorithm;
    }

    private JWSObject createJWTObject(Object obj, JWTParametersSigning jWTParametersSigning) {
        JWSHeader build = new JWSHeader.Builder(this.signerFactory.defineJWSAlgorithm(jWTParametersSigning)).type(JOSEObjectType.JWT).keyID(jWTParametersSigning.getKeyID()).parameters(jWTParametersSigning.getHeaderValues()).build();
        JWSObject jWSObject = obj instanceof JWTClaimsSet ? new JWSObject(build, new Payload(((JWTClaimsSet) obj).toJSONObject())) : new JWSObject(build, new Payload(createJSONString(obj)));
        jWSObject.sign(this.signerFactory.createSigner(jWTParametersSigning));
        return jWSObject;
    }

    private String createJSONString(Object obj) {
        return JsonbUtil.getJsonb().toJson(obj);
    }

    private void checkDependencies() {
        if (this.signerFactory == null) {
            this.signerFactory = new JWTSignerFactory();
        }
        if (this.encryptionFactory == null) {
            this.encryptionFactory = new JWEEncryptionFactory();
        }
        if (this.jwtSupportConfiguration == null) {
            this.jwtSupportConfiguration = JwtSupportConfiguration.getInstance();
        }
    }
}
