package com.stormpath.sdk.servlet.oauth.impl;

import com.stormpath.sdk.authc.AuthenticationResult;
import com.stormpath.sdk.client.Client;
import com.stormpath.sdk.lang.Assert;
import com.stormpath.sdk.servlet.client.ClientResolver;
import com.stormpath.sdk.servlet.filter.account.JwtSigningKeyResolver;
import com.stormpath.sdk.servlet.util.RedirectUrlBuilder;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.SignatureAlgorithm;
import java.nio.charset.Charset;
import java.security.Key;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/stormpath/sdk/servlet/oauth/impl/JwtTokenSigningKeyResolver.class */
public class JwtTokenSigningKeyResolver implements JwtSigningKeyResolver {
    private static final String RSA_ERR_MSG = "RSA signatures are not currently supported by the " + JwtTokenSigningKeyResolver.class.getName() + " implementation.  You may want to implement your own JwtSigningKeyResolver implementation to support RSA keys.";
    private static final String EC_ERR_MSG = "Elliptic Curve signatures are not currently supported by the " + JwtTokenSigningKeyResolver.class.getName() + " implementation.  You may want to implement your own JwtSigningKeyResolver implementation to support Elliptic Curve keys.";

    @Override // com.stormpath.sdk.servlet.filter.account.JwtSigningKeyResolver
    public Key getSigningKey(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationResult authenticationResult, SignatureAlgorithm signatureAlgorithm) {
        Assert.isTrue(!signatureAlgorithm.isRsa(), RSA_ERR_MSG);
        Assert.isTrue(!signatureAlgorithm.isEllipticCurve(), EC_ERR_MSG);
        return getSigningKey(httpServletRequest, signatureAlgorithm);
    }

    @Override // com.stormpath.sdk.servlet.filter.account.JwtSigningKeyResolver
    public Key getSigningKey(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, JwsHeader jwsHeader, Claims claims) {
        return getSigningKey(httpServletRequest, SignatureAlgorithm.forName(jwsHeader.getAlgorithm()));
    }

    protected Key getSigningKey(HttpServletRequest httpServletRequest, SignatureAlgorithm signatureAlgorithm) {
        Client client = ClientResolver.INSTANCE.getClient((ServletRequest) httpServletRequest);
        Assert.notNull(client, "Client must be accessible as a request attribute.");
        return new SecretKeySpec(client.getApiKey().getSecret().getBytes(Charset.forName(RedirectUrlBuilder.DEFAULT_ENCODING_SCHEME)), signatureAlgorithm.getJcaName());
    }
}
