package org.adorsys.encobject.service.impl;

import com.nimbusds.jose.CompressionAlgorithm;
import com.nimbusds.jose.JWEEncrypter;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.factories.DefaultJWEDecrypterFactory;
import java.security.Key;
import org.adorsys.cryptoutils.exceptions.BaseException;
import org.adorsys.cryptoutils.exceptions.BaseExceptionHandler;
import org.adorsys.encobject.domain.ContentMetaInfo;
import org.adorsys.encobject.exceptions.ExtendedPersistenceException;
import org.adorsys.encobject.params.EncParamSelector;
import org.adorsys.encobject.params.EncryptionParams;
import org.adorsys.encobject.service.api.EncryptionService;
import org.adorsys.encobject.service.api.KeySource;
import org.adorsys.encobject.types.EncryptionType;
import org.adorsys.encobject.types.KeyID;
import org.adorsys.encobject.types.PersistenceLayerContentMetaInfoUtil;
import org.adorsys.jjwk.selector.JWEEncryptedSelector;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.CharEncoding;

/* loaded from: input_file:BOOT-INF/lib/encobject-0.14.0.jar:org/adorsys/encobject/service/impl/JWEncryptionServiceImpl.class */
public class JWEncryptionServiceImpl implements EncryptionService {
    private DefaultJWEDecrypterFactory decrypterFactory = new DefaultJWEDecrypterFactory();

    @Override // org.adorsys.encobject.service.api.EncryptionService
    public byte[] encrypt(byte[] bArr, KeySource keySource, KeyID keyID, Boolean bool) {
        try {
            ContentMetaInfo contentMetaInfo = new ContentMetaInfo();
            Key readKey = keySource.readKey(keyID);
            PersistenceLayerContentMetaInfoUtil.setKeyID(contentMetaInfo, keyID);
            PersistenceLayerContentMetaInfoUtil.setEncryptionType(contentMetaInfo, EncryptionType.JWE);
            EncryptionParams selectEncryptionParams = EncParamSelector.selectEncryptionParams(readKey);
            JWEHeader.Builder keyID2 = new JWEHeader.Builder(selectEncryptionParams.getEncAlgo(), selectEncryptionParams.getEncMethod()).keyID(keyID.getValue());
            ContentMetaInfoUtils.metaInfo2Header(contentMetaInfo, keyID2);
            if (bool != null && bool.booleanValue()) {
                keyID2 = keyID2.compressionAlgorithm(CompressionAlgorithm.DEF);
            }
            JWEHeader build = keyID2.build();
            JWEEncrypter geEncrypter = JWEEncryptedSelector.geEncrypter(readKey, selectEncryptionParams.getEncAlgo(), selectEncryptionParams.getEncMethod());
            JWEObject jWEObject = new JWEObject(build, new Payload(bArr));
            jWEObject.encrypt(geEncrypter);
            return jWEObject.serialize().getBytes(CharEncoding.UTF_8);
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    @Override // org.adorsys.encobject.service.api.EncryptionService
    public byte[] decrypt(byte[] bArr, KeySource keySource, KeyID keyID) {
        try {
            JWEObject parse = JWEObject.parse(IOUtils.toString(bArr, CharEncoding.UTF_8));
            ContentMetaInfo contentMetaInfo = new ContentMetaInfo();
            ContentMetaInfoUtils.header2MetaInfo(parse.getHeader(), contentMetaInfo);
            EncryptionType encryptionnType = PersistenceLayerContentMetaInfoUtil.getEncryptionnType(contentMetaInfo);
            if (!encryptionnType.equals(EncryptionType.JWE)) {
                throw new BaseException("Expected EncryptionType is " + EncryptionType.JWE + " but was " + encryptionnType);
            }
            KeyID keyID2 = PersistenceLayerContentMetaInfoUtil.getKeyID(contentMetaInfo);
            KeyID keyID3 = new KeyID(parse.getHeader().getKeyID());
            if (!keyID.equals(keyID2)) {
                throw new BaseException("die in der MetaInfo hinterlegte keyID " + keyID + " passt nicht zu der im header hinterlegten KeyID " + keyID2);
            }
            if (!keyID2.equals(keyID3)) {
                throw new BaseException("die in der MetaInfo hinterlegte keyID " + keyID2 + " passt nicht zu der im header hinterlegten KeyID " + keyID3);
            }
            Key readKey = keySource.readKey(keyID);
            if (readKey == null) {
                throw new ExtendedPersistenceException("can not read key with keyID " + keyID + " from keySource of class " + keySource.getClass().getName());
            }
            parse.decrypt(this.decrypterFactory.createJWEDecrypter(parse.getHeader(), readKey));
            return parse.getPayload().toBytes();
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }
}
