package software.sandc.springframework.security.jwt.impl;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SigningKeyResolverAdapter;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.impl.TextCodec;
import java.security.Key;
import javax.crypto.spec.SecretKeySpec;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import software.sandc.springframework.security.jwt.consumer.KeyProvider;
import software.sandc.springframework.security.jwt.model.KeyType;
import software.sandc.springframework.security.jwt.util.RSAUtils;

/* loaded from: input_file:software/sandc/springframework/security/jwt/impl/DefaultSigningKeyResolver.class */
public class DefaultSigningKeyResolver extends SigningKeyResolverAdapter implements InitializingBean {
    private KeyProvider keyProvider;

    public DefaultSigningKeyResolver(KeyProvider keyProvider) {
        this.keyProvider = keyProvider;
    }

    public Key resolveSigningKey(JwsHeader jwsHeader, Claims claims) {
        SignatureAlgorithm forName = SignatureAlgorithm.forName(jwsHeader.getAlgorithm());
        if (forName.isRsa()) {
            return RSAUtils.toPublicKey(getSigningKey(jwsHeader));
        }
        if (forName.isHmac()) {
            return new SecretKeySpec(resolveSigningKeyBytes(jwsHeader, claims), forName.getJcaName());
        }
        throw new UnsupportedJwtException("Not supported signature algorithm " + forName.getValue());
    }

    public Key resolveSigningKey(JwsHeader jwsHeader, String str) {
        SignatureAlgorithm forName = SignatureAlgorithm.forName(jwsHeader.getAlgorithm());
        if (forName.isRsa()) {
            return RSAUtils.toPublicKey(getSigningKey(jwsHeader));
        }
        if (forName.isHmac()) {
            return new SecretKeySpec(resolveSigningKeyBytes(jwsHeader, str), forName.getJcaName());
        }
        throw new UnsupportedJwtException("Not supported signature algorithm " + forName.getValue());
    }

    public byte[] resolveSigningKeyBytes(JwsHeader jwsHeader, Claims claims) {
        return getBinarySigningKey(jwsHeader);
    }

    public byte[] resolveSigningKeyBytes(JwsHeader jwsHeader, String str) {
        return getBinarySigningKey(jwsHeader);
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.keyProvider, "keyProvider must be specified");
    }

    private byte[] getBinarySigningKey(JwsHeader jwsHeader) {
        return TextCodec.BASE64.decode(getSigningKey(jwsHeader));
    }

    private String getSigningKey(JwsHeader jwsHeader) {
        String privateKey;
        String keyId = jwsHeader.getKeyId();
        if (keyId == null || keyId.isEmpty()) {
            throw new JwtException("JWT header does not contain key id. ");
        }
        KeyType keyType = this.keyProvider.getKeyType(keyId);
        if (KeyType.ASYMMETRIC.equals(keyType)) {
            privateKey = this.keyProvider.getPublicKey(keyId);
        } else {
            if (!KeyType.SYMMETRIC.equals(keyType)) {
                throw new JwtException("Unknown or empty key type detected.");
            }
            privateKey = this.keyProvider.getPrivateKey(keyId);
        }
        if (privateKey == null) {
            throw new JwtException("No key can be found for given key JWT header.");
        }
        return privateKey;
    }
}
