package be.atbash.ee.security.octopus.jwt.parameter;

import be.atbash.ee.security.octopus.jwt.JWTEncoding;
import be.atbash.ee.security.octopus.jwt.keys.SecretKeyType;
import be.atbash.util.exception.AtbashIllegalActionException;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyType;
import java.util.HashMap;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/atbash/ee/security/octopus/jwt/parameter/JWTParametersBuilder.class */
public final class JWTParametersBuilder {
    private Logger logger = LoggerFactory.getLogger(JWTParametersBuilder.class);
    private JWTEncoding encoding;
    private Map<String, Object> headerValues;
    private JWK secretKeySigning;
    private SecretKeyType secretKeyType;
    private JWK secretKeyEncryption;
    private JWTParametersSigning parametersSigning;

    private JWTParametersBuilder(JWTEncoding jWTEncoding) {
        this.encoding = jWTEncoding;
    }

    public JWTParametersBuilder withHeader(String str, String str2) {
        if (this.encoding == JWTEncoding.NONE) {
            this.logger.warn("Header values are not supported with JWTEncoding.NONE");
        }
        if (this.headerValues == null) {
            this.headerValues = new HashMap();
        }
        this.headerValues.put(str, str2);
        return this;
    }

    public JWTParametersBuilder withSecretKeyForSigning(JWK jwk) {
        if (this.encoding == JWTEncoding.NONE) {
            this.logger.warn("SecretKey value is not supported with JWTEncoding.NONE");
        }
        this.secretKeySigning = jwk;
        determineSecretKeyType();
        return this;
    }

    private void determineSecretKeyType() {
        if (KeyType.OCT.equals(this.secretKeySigning.getKeyType())) {
            this.secretKeyType = SecretKeyType.HMAC;
        }
        if (KeyType.RSA.equals(this.secretKeySigning.getKeyType())) {
            this.secretKeyType = SecretKeyType.RSA;
        }
        if (KeyType.EC.equals(this.secretKeySigning.getKeyType())) {
            this.secretKeyType = SecretKeyType.EC;
        }
    }

    public JWTParametersBuilder withSecretKeyForEncryption(JWK jwk) {
        if (this.encoding != JWTEncoding.JWE) {
            this.logger.warn("SecretKey value for encryption only needed for JWTEncoding.JWE");
        }
        this.secretKeyEncryption = jwk;
        return this;
    }

    public JWTParametersBuilder withSigningParameters(JWTParametersSigning jWTParametersSigning) {
        this.parametersSigning = jWTParametersSigning;
        return this;
    }

    public JWTParameters build() {
        JWTParameters jWTParametersEncryption;
        validateParameters();
        switch (this.encoding) {
            case NONE:
                jWTParametersEncryption = new JWTParametersNone();
                break;
            case JWS:
                jWTParametersEncryption = new JWTParametersSigning(this.headerValues, this.secretKeyType, this.secretKeySigning);
                break;
            case JWE:
                jWTParametersEncryption = new JWTParametersEncryption(this.parametersSigning, this.headerValues, this.secretKeyEncryption);
                break;
            default:
                throw new IllegalArgumentException(String.format("Unsupported value for JWTEncoding : %s", this.encoding));
        }
        return jWTParametersEncryption;
    }

    private void validateParameters() {
        switch (this.encoding) {
            case NONE:
                return;
            case JWS:
                validateJWSParameters();
                return;
            case JWE:
                validateJWEParameters();
                return;
            default:
                throw new IllegalArgumentException(String.format("Unsupported value for JWTEncoding : %s", this.encoding));
        }
    }

    private void validateJWEParameters() {
        if (this.secretKeyEncryption == null) {
            throw new AtbashIllegalActionException("(OCT-DEV-106) JWE encoding requires a JWK secret for the encryption");
        }
    }

    private void validateJWSParameters() {
        if (this.secretKeySigning == null) {
            throw new AtbashIllegalActionException("(OCT-DEV-105) JWS encoding requires a JWK secret for the signing");
        }
    }

    public static JWTParametersBuilder newBuilderFor(JWTEncoding jWTEncoding) {
        return new JWTParametersBuilder(jWTEncoding);
    }
}
