package com.floragunn.searchguard.support;

import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.errors.InvalidAttributeValue;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
import org.apache.cxf.rs.security.jose.jwk.KeyType;
import org.apache.cxf.rs.security.jose.jwk.PublicKeyUse;

/* loaded from: input_file:com/floragunn/searchguard/support/JoseParsers.class */
public class JoseParsers {
    public static JsonWebKey parseJwkSigningKey(String str) throws ConfigValidationException {
        JsonWebKey readJwkKey = JwkUtils.readJwkKey(str);
        PublicKeyUse publicKeyUse = readJwkKey.getPublicKeyUse();
        if (publicKeyUse == null || publicKeyUse == PublicKeyUse.SIGN) {
            return readJwkKey;
        }
        throw new ConfigValidationException(new InvalidAttributeValue("use", publicKeyUse, "The use claim must designate the JWK for signing"));
    }

    public static JsonWebKey parseJwkHs512SigningKey(String str) throws ConfigValidationException {
        try {
            if (JoseUtils.decode(str).length < 64) {
                throw new ConfigValidationException(new InvalidAttributeValue((String) null, "The key contains less than 512 bit", "A Base64URL encoded HMAC512 key with at least 512 bit (64 bytes, 86 Base64 encoded characters)"));
            }
            JsonWebKey jsonWebKey = new JsonWebKey();
            jsonWebKey.setKeyType(KeyType.OCTET);
            jsonWebKey.setAlgorithm("HS512");
            jsonWebKey.setPublicKeyUse(PublicKeyUse.SIGN);
            jsonWebKey.setProperty("k", str);
            return jsonWebKey;
        } catch (Exception e) {
            throw new ConfigValidationException(new InvalidAttributeValue((String) null, e.getMessage(), "A Base64URL encoded HMAC512 key with at least 512 bit (64 bytes, 86 Base64 encoded characters)").cause(e));
        }
    }

    public static JsonWebKey parseJwkEcryptionKey(String str) throws ConfigValidationException {
        JsonWebKey readJwkKey = JwkUtils.readJwkKey(str);
        PublicKeyUse publicKeyUse = readJwkKey.getPublicKeyUse();
        if (publicKeyUse == null || publicKeyUse == PublicKeyUse.ENCRYPT) {
            return readJwkKey;
        }
        throw new ConfigValidationException(new InvalidAttributeValue("use", publicKeyUse, "The use claim must designate the JWK for encryption"));
    }

    public static JsonWebKey parseJwkA256kwEncryptionKey(String str) throws ConfigValidationException {
        try {
            if (JoseUtils.decode(str).length < 32) {
                throw new ConfigValidationException(new InvalidAttributeValue((String) null, "The key contains less than 256 bit", "A Base64URL encoded A256KW key with at least 256 bit (32 bytes, 43 Base64 encoded characters)"));
            }
            JsonWebKey jsonWebKey = new JsonWebKey();
            jsonWebKey.setKeyType(KeyType.OCTET);
            jsonWebKey.setAlgorithm("A256KW");
            jsonWebKey.setPublicKeyUse(PublicKeyUse.ENCRYPT);
            jsonWebKey.setProperty("k", str);
            return jsonWebKey;
        } catch (Exception e) {
            throw new ConfigValidationException(new InvalidAttributeValue((String) null, e.getMessage(), "A Base64URL encoded A256KW key with at least 256 bit (32 bytes, 43 Base64 encoded characters)").cause(e));
        }
    }
}
