package org.apache.cxf.rs.security.oauth2.client;

import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.class */
public class JoseClientCodeStateManager implements ClientCodeStateManager {
    private JwsSignatureProvider sigProvider;
    private JweEncryptionProvider encryptionProvider;
    private JweDecryptionProvider decryptionProvider;
    private JwsSignatureVerifier signatureVerifier;
    private JsonMapObjectReaderWriter jsonp = new JsonMapObjectReaderWriter();

    @Override // org.apache.cxf.rs.security.oauth2.client.ClientCodeStateManager
    public String toString(MessageContext messageContext, MultivaluedMap<String, String> multivaluedMap) {
        String signWith = new JwsCompactProducer(this.jsonp.toJson(CastUtils.cast(multivaluedMap))).signWith(getInitializedSigProvider());
        JweEncryptionProvider initializedEncryptionProvider = getInitializedEncryptionProvider();
        if (initializedEncryptionProvider != null) {
            signWith = initializedEncryptionProvider.encrypt(StringUtils.toBytesUTF8(signWith), null);
        }
        return signWith;
    }

    @Override // org.apache.cxf.rs.security.oauth2.client.ClientCodeStateManager
    public MultivaluedMap<String, String> toState(MessageContext messageContext, String str) {
        JweDecryptionProvider initializedDecryptionProvider = getInitializedDecryptionProvider();
        if (initializedDecryptionProvider != null) {
            str = initializedDecryptionProvider.decrypt(str).getContentText();
        }
        JwsCompactConsumer jwsCompactConsumer = new JwsCompactConsumer(str);
        if (!jwsCompactConsumer.verifySignatureWith(getInitializedSigVerifier())) {
            throw new SecurityException();
        }
        return (MultivaluedMap) CastUtils.cast(this.jsonp.fromJson(jwsCompactConsumer.getUnsignedEncodedSequence()));
    }

    public void setSignatureProvider(JwsSignatureProvider jwsSignatureProvider) {
        this.sigProvider = jwsSignatureProvider;
    }

    protected JwsSignatureProvider getInitializedSigProvider() {
        if (this.sigProvider != null) {
            return this.sigProvider;
        }
        JwsSignatureProvider loadSignatureProvider = JwsUtils.loadSignatureProvider(false);
        if (loadSignatureProvider == null) {
            loadSignatureProvider = new NoneJwsSignatureProvider();
        }
        return loadSignatureProvider;
    }

    public void setDecryptionProvider(JweDecryptionProvider jweDecryptionProvider) {
        this.decryptionProvider = jweDecryptionProvider;
    }

    protected JweDecryptionProvider getInitializedDecryptionProvider() {
        return this.decryptionProvider != null ? this.decryptionProvider : JweUtils.loadDecryptionProvider(false);
    }

    public void setSignatureVerifier(JwsSignatureVerifier jwsSignatureVerifier) {
        this.signatureVerifier = jwsSignatureVerifier;
    }

    protected JwsSignatureVerifier getInitializedSigVerifier() {
        return this.signatureVerifier != null ? this.signatureVerifier : JwsUtils.loadSignatureVerifier(false);
    }

    public void setEncryptionProvider(JweEncryptionProvider jweEncryptionProvider) {
        this.encryptionProvider = jweEncryptionProvider;
    }

    protected JweEncryptionProvider getInitializedEncryptionProvider() {
        return this.encryptionProvider != null ? this.encryptionProvider : JweUtils.loadEncryptionProvider(false);
    }
}
