package io.nixer.nixerplugin.stigma.crypto;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEDecrypter;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.KeySourceException;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.JWEDecryptionKeySelector;
import com.nimbusds.jose.proc.JWEKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import java.security.Key;
import java.util.List;
import javax.crypto.SecretKey;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:io/nixer/nixerplugin/stigma/crypto/DirectDecrypterFactory.class */
public class DirectDecrypterFactory extends DecrypterFactory {
    private static final Log logger = LogFactory.getLog(DirectDecrypterFactory.class);
    private static final JWEAlgorithm ALGORITHM = JWEAlgorithm.DIR;
    private static final EncryptionMethod ENCRYPTION_METHOD = EncryptionMethod.A128CBC_HS256;
    private final JWEKeySelector keySelector;

    public DirectDecrypterFactory(JWKSource jWKSource) {
        super(ALGORITHM, ENCRYPTION_METHOD);
        Assert.notNull(jWKSource, "JWKSource must not be null");
        this.keySelector = new JWEDecryptionKeySelector(ALGORITHM, ENCRYPTION_METHOD, jWKSource);
    }

    public static DirectDecrypterFactory withKeysFrom(KeysLoader keysLoader) {
        Assert.notNull(keysLoader, "KeysLoader must not be null");
        return new DirectDecrypterFactory(keysLoader.getDecryptionKeySet());
    }

    @Override // io.nixer.nixerplugin.stigma.crypto.DecrypterFactory
    public JWEDecrypter decrypter(JWEHeader jWEHeader) {
        Assert.notNull(jWEHeader, "JWE header must not be null");
        Assert.hasText(jWEHeader.getKeyID(), "JWE header must contain key ID (kid)");
        List<Key> selectKeys = selectKeys(jWEHeader);
        if (selectKeys.isEmpty()) {
            throw new IllegalStateException("No keys found for header: " + jWEHeader);
        }
        if (selectKeys.size() > 1 && logger.isWarnEnabled()) {
            logger.warn(String.format("Found '%s' keys for header '%s' while expecting exactly one.", Integer.valueOf(selectKeys.size()), jWEHeader));
        }
        Key key = selectKeys.get(0);
        if (!(key instanceof SecretKey)) {
            throw new IllegalStateException(String.format("Invalid key type for header '%s'. Expected '%s' but got '%s'", jWEHeader, SecretKey.class, key.getClass()));
        }
        try {
            return new DirectDecrypter((SecretKey) key);
        } catch (KeyLengthException e) {
            throw new IllegalStateException("Could not create encrypter for header: " + jWEHeader, e);
        }
    }

    private List<Key> selectKeys(JWEHeader jWEHeader) {
        try {
            return this.keySelector.selectJWEKeys(jWEHeader, (SecurityContext) null);
        } catch (KeySourceException e) {
            throw new IllegalStateException("Could not select key for header: " + jWEHeader, e);
        }
    }
}
