class JWEToken

# File lib/ons-jwe/jwe_token.rb, line 9
def initialize(key_id, claims, public_key, private_key)
  validate_key_id(key_id)
  validate_claims(claims)
  validate_public_key(public_key)
  validate_private_key(private_key)
  jwt    = build_jwt(claims, key_id)
  jws    = build_jws(jwt, private_key)
  @value = build_jwe(jws, public_key).to_s
end

# File lib/ons-jwe/jwe_token.rb, line 19
def to_s
  @value
end

# File lib/ons-jwe/jwe_token.rb, line 25
def build_jwe(jws, public_key)
  jws.encrypt(public_key, :'RSA-OAEP', :A256GCM)
end

# File lib/ons-jwe/jwe_token.rb, line 37
def build_jws(jwt, private_key)
  jwt.sign(private_key, :RS256)
end

# File lib/ons-jwe/jwe_token.rb, line 29
def build_jwt(claims, key_id)
  jwt = JSON::JWT.new(claims)
  jwt.kid = key_id
  jwt.alg = :RS256
  jwt.header[:jti] = SecureRandom.uuid
  jwt
end

# File lib/ons-jwe/jwe_token.rb, line 41
def validate_claims(claims)
  raise ArgumentError, 'claims must be specified' if claims.nil? ||
                                                     claims.empty?
end

# File lib/ons-jwe/jwe_token.rb, line 46
def validate_key_id(key_id)
  raise ArgumentError, 'key_id must be specified' if key_id.nil? ||
                                                     key_id.empty?
end

# File lib/ons-jwe/jwe_token.rb, line 51
def validate_private_key(private_key)
  raise ArgumentError, 'private_key must be specified' if private_key.nil?
  validate_rsa_key(private_key, 'private_key')
end

# File lib/ons-jwe/jwe_token.rb, line 56
def validate_public_key(public_key)
  raise ArgumentError, 'public_key must be specified' if public_key.nil?
  validate_rsa_key(public_key, 'public_key')
end

# File lib/ons-jwe/jwe_token.rb, line 61
def validate_rsa_key(key, key_type)
  unless key.instance_of? OpenSSL::PKey::RSA
    raise ArgumentError, "#{key_type} must be an RSA key"
  end
end