package net.tokensmith.otter.security.session.util;

import com.fasterxml.jackson.databind.ObjectReader;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import net.tokensmith.jwt.config.JwtAppFactory;
import net.tokensmith.jwt.entity.jwk.SymmetricKey;
import net.tokensmith.jwt.exception.InvalidJWT;
import net.tokensmith.jwt.jwe.factory.exception.CipherException;
import net.tokensmith.jwt.jwe.serialization.exception.KeyException;
import net.tokensmith.jwt.serialization.exception.DecryptException;
import net.tokensmith.jwt.serialization.exception.JsonToJwtException;
import net.tokensmith.otter.security.session.exception.InvalidSessionException;
import net.tokensmith.otter.security.session.exception.SessionDecryptException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/tokensmith/otter/security/session/util/Decrypt.class */
public class Decrypt<S> {
    protected static Logger LOGGER = LoggerFactory.getLogger(Decrypt.class);
    public static final String NOT_A_JWT = "Session cookie was not a JWE: %s";
    public static final String COULD_NOT_GET_HEADER_JWE = "Session cookie did have a header member: %s";
    public static final String COULD_NOT_DESERIALIZE_JWE = "Session cookie could not be de-serialized to JSON: %s";
    public static final String COULD_NOT_DECRYPT_JWE = "Session cookie could not be decrypted: %s";
    public static final String COULD_NOT_DESERIALIZE = "decrypted payload not could be deserialized to session: %s";
    private JwtAppFactory jwtAppFactory;
    private ObjectReader objectReader;
    private SymmetricKey preferredKey;
    private Map<String, SymmetricKey> rotationKeys;

    public Decrypt(JwtAppFactory jwtAppFactory, ObjectReader objectReader, SymmetricKey symmetricKey, Map<String, SymmetricKey> map) {
        this.jwtAppFactory = jwtAppFactory;
        this.objectReader = objectReader;
        this.preferredKey = symmetricKey;
        this.rotationKeys = map;
    }

    public S decrypt(String str) throws InvalidSessionException, SessionDecryptException {
        try {
            try {
                return toSession(this.jwtAppFactory.jweDirectDesializer().stringToJWE(str, getKey((String) this.jwtAppFactory.headerDeserializer().toHeader(str).getKeyId().get())).getPayload());
            } catch (JsonToJwtException e) {
                throw new InvalidSessionException(String.format(COULD_NOT_DESERIALIZE_JWE, str), e);
            } catch (DecryptException | CipherException | KeyException e2) {
                throw new SessionDecryptException(String.format(COULD_NOT_DECRYPT_JWE, str), e2);
            }
        } catch (InvalidJWT e3) {
            throw new InvalidSessionException(String.format(COULD_NOT_GET_HEADER_JWE, str), e3);
        } catch (JsonToJwtException e4) {
            throw new InvalidSessionException(String.format(NOT_A_JWT, str), e4);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected S toSession(byte[] bArr) {
        S s = null;
        try {
            s = this.objectReader.readValue(bArr);
        } catch (IOException e) {
            LOGGER.error(String.format(COULD_NOT_DESERIALIZE, new String(bArr, StandardCharsets.UTF_8)));
            LOGGER.error(e.getMessage(), e);
        }
        return s;
    }

    protected SymmetricKey getKey(String str) {
        return ((String) this.preferredKey.getKeyId().get()).equals(str) ? this.preferredKey : this.rotationKeys.get(str);
    }

    public void setPreferredKey(SymmetricKey symmetricKey) {
        this.preferredKey = symmetricKey;
    }
}
