package org.tomitribe.churchkey.jwk;

import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.json.Json;
import javax.json.JsonArray;
import javax.json.JsonObject;
import javax.json.JsonObjectBuilder;
import javax.json.JsonValue;
import org.tomitribe.churchkey.Key;
import org.tomitribe.churchkey.dsa.Dsa;
import org.tomitribe.churchkey.ec.Curve;
import org.tomitribe.churchkey.ec.ECParameterSpecs;
import org.tomitribe.churchkey.ec.Ecdsa;
import org.tomitribe.churchkey.ec.UnsupportedCurveException;
import org.tomitribe.churchkey.util.Utils;
import org.tomitribe.util.IO;

/* loaded from: input_file:org/tomitribe/churchkey/jwk/JwkParser.class */
public class JwkParser implements Key.Format.Parser {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.tomitribe.churchkey.jwk.JwkParser$1, reason: invalid class name */
    /* loaded from: input_file:org/tomitribe/churchkey/jwk/JwkParser$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$json$JsonValue$ValueType;

        static {
            try {
                $SwitchMap$org$tomitribe$churchkey$Key$Algorithm[Key.Algorithm.RSA.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$tomitribe$churchkey$Key$Algorithm[Key.Algorithm.DSA.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$tomitribe$churchkey$Key$Algorithm[Key.Algorithm.EC.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$tomitribe$churchkey$Key$Algorithm[Key.Algorithm.OCT.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$javax$json$JsonValue$ValueType = new int[JsonValue.ValueType.values().length];
            try {
                $SwitchMap$javax$json$JsonValue$ValueType[JsonValue.ValueType.STRING.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$javax$json$JsonValue$ValueType[JsonValue.ValueType.NULL.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$json$JsonValue$ValueType[JsonValue.ValueType.ARRAY.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$javax$json$JsonValue$ValueType[JsonValue.ValueType.OBJECT.ordinal()] = 4;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/tomitribe/churchkey/jwk/JwkParser$Jwk.class */
    public static class Jwk {
        private final JsonObject jwk;

        public Jwk(JsonObject jsonObject) {
            this.jwk = jsonObject;
        }

        public BigInteger getBigInteger(String str) {
            if (!this.jwk.containsKey(str)) {
                return null;
            }
            return new BigInteger(1, Base64.getUrlDecoder().decode(this.jwk.getString(str)));
        }

        public byte[] getBytes(String str) {
            if (!this.jwk.containsKey(str)) {
                return null;
            }
            return Base64.getUrlDecoder().decode(this.jwk.getString(str));
        }

        public String getString(String str) {
            return this.jwk.getString(str);
        }

        public String getString(String str, String str2) {
            return this.jwk.getString(str, str2);
        }
    }

    @Override // org.tomitribe.churchkey.Key.Format.Parser
    public Key decode(byte[] bArr) {
        byte[] normalize = normalize(bArr);
        if (!Utils.startsWith("{", normalize)) {
            return null;
        }
        String str = new String(normalize);
        HashMap hashMap = new HashMap();
        hashMap.put("org.apache.johnzon.buffer-strategy", "BY_INSTANCE");
        try {
            JsonObject jwk = getJwk(Json.createReaderFactory(hashMap).createReader(IO.read(normalize)).readObject());
            if (!jwk.containsKey("kty")) {
                throw new MissingKtyException();
            }
            String string = jwk.getString("kty");
            if ("RSA".equalsIgnoreCase(string)) {
                return asRsaKey(jwk);
            }
            if ("OCT".equalsIgnoreCase(string)) {
                return asOctKey(jwk);
            }
            if ("DSA".equals(string)) {
                return asDsaKey(jwk);
            }
            if ("EC".equals(string)) {
                return asEcKey(jwk);
            }
            throw new UnsupportedKtyAlgorithmException(string);
        } catch (Exception e) {
            throw new InvalidJwkException(e, str);
        }
    }

    private Key asDsaKey(JsonObject jsonObject) {
        Jwk jwk = new Jwk(jsonObject);
        BigInteger bigInteger = jwk.getBigInteger("p");
        BigInteger bigInteger2 = jwk.getBigInteger("q");
        BigInteger bigInteger3 = jwk.getBigInteger("g");
        BigInteger bigInteger4 = jwk.getBigInteger("x");
        BigInteger bigInteger5 = jwk.getBigInteger("y");
        ArrayList arrayList = new ArrayList();
        if (bigInteger == null) {
            arrayList.add("p");
        }
        if (bigInteger2 == null) {
            arrayList.add("q");
        }
        if (bigInteger3 == null) {
            arrayList.add("g");
        }
        if (arrayList.size() != 0) {
            throw new InvalidJwkKeySpecException("DSA", arrayList);
        }
        if (bigInteger4 != null) {
            return new Key(Dsa.Private.builder().p(bigInteger).q(bigInteger2).g(bigInteger3).x(bigInteger4).build().toKey(), Key.Type.PRIVATE, Key.Algorithm.DSA, Key.Format.JWK, getAttributes(jsonObject, "kty", "p", "q", "q", "x", "y"));
        }
        if (bigInteger5 != null) {
            return new Key(Dsa.Public.builder().p(bigInteger).q(bigInteger2).g(bigInteger3).y(bigInteger5).build().toKey(), Key.Type.PUBLIC, Key.Algorithm.DSA, Key.Format.JWK, getAttributes(jsonObject, "kty", "p", "q", "q", "x", "y"));
        }
        throw new InvalidJwkKeySpecException("DSA", "x", "y");
    }

    private Key asEcKey(JsonObject jsonObject) {
        Jwk jwk = new Jwk(jsonObject);
        String string = jwk.getString("crv");
        BigInteger bigInteger = jwk.getBigInteger("d");
        BigInteger bigInteger2 = jwk.getBigInteger("x");
        BigInteger bigInteger3 = jwk.getBigInteger("y");
        if (string == null) {
            throw new InvalidJwkKeySpecException("EC", "crv");
        }
        Curve resolve = Curve.resolve(string);
        if (bigInteger != null) {
            return new Key(Ecdsa.Private.builder().curve(resolve).d(bigInteger).build().toKey(), Key.Type.PRIVATE, Key.Algorithm.EC, Key.Format.JWK, getAttributes(jsonObject, "kty", "crv", "d"));
        }
        ArrayList arrayList = new ArrayList();
        if (bigInteger3 == null) {
            arrayList.add("y");
        }
        if (bigInteger2 == null) {
            arrayList.add("x");
        }
        if (arrayList.size() != 0) {
            throw new InvalidJwkKeySpecException("EC", arrayList);
        }
        return new Key(Ecdsa.Public.builder().curve(resolve).x(bigInteger2).y(bigInteger3).build().toKey(), Key.Type.PUBLIC, Key.Algorithm.EC, Key.Format.JWK, getAttributes(jsonObject, "kty", "crv", "x", "y"));
    }

    private Key asRsaKey(JsonObject jsonObject) throws NoSuchAlgorithmException, InvalidKeySpecException {
        Jwk jwk = new Jwk(jsonObject);
        BigInteger bigInteger = jwk.getBigInteger("n");
        BigInteger bigInteger2 = jwk.getBigInteger("e");
        BigInteger bigInteger3 = jwk.getBigInteger("d");
        BigInteger bigInteger4 = jwk.getBigInteger("p");
        BigInteger bigInteger5 = jwk.getBigInteger("q");
        BigInteger bigInteger6 = jwk.getBigInteger("dp");
        BigInteger bigInteger7 = jwk.getBigInteger("dq");
        BigInteger bigInteger8 = jwk.getBigInteger("qi");
        RSAPublicKeySpec rSAPublicKeySpec = new RSAPublicKeySpec(bigInteger, bigInteger2);
        RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec = new RSAPrivateCrtKeySpec(bigInteger, bigInteger2, bigInteger3, bigInteger4, bigInteger5, bigInteger6, bigInteger7, bigInteger8);
        checkPublicKey(rSAPublicKeySpec);
        checkPrivateKey(rSAPrivateCrtKeySpec);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        return bigInteger3 != null ? new Key(keyFactory.generatePrivate(rSAPrivateCrtKeySpec), Key.Type.PRIVATE, Key.Algorithm.RSA, Key.Format.JWK, getAttributes(jsonObject, "kty", "n", "e", "d", "p", "q", "dp", "dq", "qi")) : new Key(keyFactory.generatePublic(rSAPublicKeySpec), Key.Type.PUBLIC, Key.Algorithm.RSA, Key.Format.JWK, getAttributes(jsonObject, "kty", "n", "e"));
    }

    private void toRsaKey(Key key, JsonObjectBuilder jsonObjectBuilder) {
        if (key.getKey() instanceof RSAPrivateCrtKey) {
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) key.getKey();
            jsonObjectBuilder.add("n", encode(rSAPrivateCrtKey.getModulus()));
            jsonObjectBuilder.add("e", encode(rSAPrivateCrtKey.getPublicExponent()));
            jsonObjectBuilder.add("d", encode(rSAPrivateCrtKey.getPrivateExponent()));
            jsonObjectBuilder.add("p", encode(rSAPrivateCrtKey.getPrimeP()));
            jsonObjectBuilder.add("q", encode(rSAPrivateCrtKey.getPrimeQ()));
            jsonObjectBuilder.add("dp", encode(rSAPrivateCrtKey.getPrimeExponentP()));
            jsonObjectBuilder.add("dq", encode(rSAPrivateCrtKey.getPrimeExponentQ()));
            jsonObjectBuilder.add("qi", encode(rSAPrivateCrtKey.getCrtCoefficient()));
        } else if (key.getKey() instanceof RSAPrivateKey) {
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) key.getKey();
            jsonObjectBuilder.add("n", encode(rSAPrivateKey.getModulus()));
            jsonObjectBuilder.add("d", encode(rSAPrivateKey.getPrivateExponent()));
        } else {
            if (!(key.getKey() instanceof RSAPublicKey)) {
                throw new UnsupportedOperationException("Unkown RSA Key type: " + key.getKey().getClass().getName());
            }
            RSAPublicKey rSAPublicKey = (RSAPublicKey) key.getKey();
            jsonObjectBuilder.add("n", encode(rSAPublicKey.getModulus()));
            jsonObjectBuilder.add("e", encode(rSAPublicKey.getPublicExponent()));
        }
        jsonObjectBuilder.add("kty", "RSA");
    }

    private void toDsaKey(Key key, JsonObjectBuilder jsonObjectBuilder) {
        if (key.getKey() instanceof DSAPrivateKey) {
            DSAPrivateKey dSAPrivateKey = (DSAPrivateKey) key.getKey();
            jsonObjectBuilder.add("x", encode(dSAPrivateKey.getX()));
            jsonObjectBuilder.add("p", encode(dSAPrivateKey.getParams().getP()));
            jsonObjectBuilder.add("q", encode(dSAPrivateKey.getParams().getQ()));
            jsonObjectBuilder.add("g", encode(dSAPrivateKey.getParams().getG()));
        } else {
            if (!(key.getKey() instanceof DSAPublicKey)) {
                throw new UnsupportedOperationException("Unkown DSA Key type: " + key.getKey().getClass().getName());
            }
            DSAPublicKey dSAPublicKey = (DSAPublicKey) key.getKey();
            jsonObjectBuilder.add("y", encode(dSAPublicKey.getY()));
            jsonObjectBuilder.add("p", encode(dSAPublicKey.getParams().getP()));
            jsonObjectBuilder.add("q", encode(dSAPublicKey.getParams().getQ()));
            jsonObjectBuilder.add("g", encode(dSAPublicKey.getParams().getG()));
        }
        jsonObjectBuilder.add("kty", "DSA");
    }

    private void toEcKey(Key key, JsonObjectBuilder jsonObjectBuilder) {
        if (key.getKey() instanceof ECPrivateKey) {
            ECPrivateKey eCPrivateKey = (ECPrivateKey) key.getKey();
            jsonObjectBuilder.add("d", encode(eCPrivateKey.getS()));
            jsonObjectBuilder.add("crv", curveName(eCPrivateKey.getParams()));
        } else {
            if (!(key.getKey() instanceof ECPublicKey)) {
                throw new UnsupportedOperationException("Unkown EC Key type: " + key.getKey().getClass().getName());
            }
            ECPublicKey eCPublicKey = (ECPublicKey) key.getKey();
            ECPoint w = eCPublicKey.getW();
            jsonObjectBuilder.add("y", encode(w.getAffineY()));
            jsonObjectBuilder.add("x", encode(w.getAffineX()));
            jsonObjectBuilder.add("crv", curveName(eCPublicKey.getParams()));
        }
        jsonObjectBuilder.add("kty", "EC");
    }

    private String curveName(ECParameterSpec eCParameterSpec) {
        if (Curve.p256.isEqual(eCParameterSpec)) {
            return "P-256";
        }
        if (Curve.p384.isEqual(eCParameterSpec)) {
            return "P-384";
        }
        if (Curve.p521.isEqual(eCParameterSpec)) {
            return "P-521";
        }
        for (Curve curve : Curve.values()) {
            if (curve.isEqual(eCParameterSpec)) {
                return curve.getName();
            }
        }
        throw new UnsupportedCurveException(String.format("The specified ECParameterSpec has no known name.  Params:%n%s", ECParameterSpecs.toString(eCParameterSpec)));
    }

    private Key asOctKey(JsonObject jsonObject) {
        Jwk jwk = new Jwk(jsonObject);
        return new Key(new SecretKeySpec(jwk.getBytes("k"), jwk.getString("alg", "HS256").toUpperCase().replace("HS", "HmacSHA")), Key.Type.SECRET, Key.Algorithm.OCT, Key.Format.JWK, getAttributes(jsonObject, "kty", "k"));
    }

    private void toOctKey(Key key, JsonObjectBuilder jsonObjectBuilder) {
        if (!(key.getKey() instanceof SecretKey)) {
            throw new UnsupportedOperationException("Unkown RSA Key type: " + key.getKey().getClass().getName());
        }
        jsonObjectBuilder.add("k", encode(((SecretKey) key.getKey()).getEncoded()));
        jsonObjectBuilder.add("kty", "oct");
    }

    private Map<String, String> getAttributes(JsonObject jsonObject, String... strArr) {
        return getAttributes(jsonObject, Arrays.asList(strArr));
    }

    private Map<String, String> getAttributes(JsonObject jsonObject, Collection<String> collection) {
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : jsonObject.entrySet()) {
            if (!collection.contains(entry.getKey())) {
                hashMap.put(entry.getKey(), toString((JsonValue) entry.getValue()));
            }
        }
        return hashMap;
    }

    private String toString(JsonValue jsonValue) {
        switch (AnonymousClass1.$SwitchMap$javax$json$JsonValue$ValueType[jsonValue.getValueType().ordinal()]) {
            case 1:
                String jsonValue2 = jsonValue.toString();
                return jsonValue2.substring(1, jsonValue2.length() - 1);
            case 2:
                return null;
            default:
                return jsonValue.toString();
        }
    }

    private void checkPublicKey(RSAPublicKeySpec rSAPublicKeySpec) {
        ArrayList arrayList = new ArrayList();
        if (rSAPublicKeySpec.getModulus() == null) {
            arrayList.add("n");
        }
        if (rSAPublicKeySpec.getPublicExponent() == null) {
            arrayList.add("e");
        }
        if (arrayList.size() > 0) {
            throw new InvalidJwkKeySpecException("rsa", arrayList);
        }
    }

    private void checkPrivateKey(RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec) {
        ArrayList arrayList = new ArrayList();
        if (rSAPrivateCrtKeySpec.getPrivateExponent() == null) {
            arrayList.add("d");
        }
        if (rSAPrivateCrtKeySpec.getPrimeP() == null) {
            arrayList.add("p");
        }
        if (rSAPrivateCrtKeySpec.getPrimeQ() == null) {
            arrayList.add("q");
        }
        if (rSAPrivateCrtKeySpec.getPrimeExponentP() == null) {
            arrayList.add("dp");
        }
        if (rSAPrivateCrtKeySpec.getPrimeExponentQ() == null) {
            arrayList.add("dq");
        }
        if (rSAPrivateCrtKeySpec.getCrtCoefficient() == null) {
            arrayList.add("qi");
        }
        if (arrayList.size() != 6 && arrayList.size() != 0) {
            throw new InvalidJwkKeySpecException("rsa", arrayList);
        }
    }

    public static String encode(BigInteger bigInteger) {
        Base64.Encoder withoutPadding = Base64.getUrlEncoder().withoutPadding();
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray[0] != 0) {
            return withoutPadding.encodeToString(byteArray);
        }
        byte[] bArr = new byte[byteArray.length - 1];
        System.arraycopy(byteArray, 1, bArr, 0, bArr.length);
        return withoutPadding.encodeToString(bArr);
    }

    public static String encode(byte[] bArr) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    private JsonObject getJwk(JsonObject jsonObject) {
        if (jsonObject.containsKey("keys")) {
            return getJwkFromJwks(jsonObject);
        }
        if (jsonObject.containsKey("kty")) {
            return jsonObject;
        }
        throw new UnknownJsonFormatFoundException();
    }

    private JsonObject getJwkFromJwks(JsonObject jsonObject) {
        JsonValue value = jsonObject.getValue("keys");
        if (value == null) {
            throw new IllegalArgumentException("Invalid JWKS; 'keys' entry is missing.");
        }
        switch (AnonymousClass1.$SwitchMap$javax$json$JsonValue$ValueType[value.getValueType().ordinal()]) {
            case 3:
                return getFirstJwk(jsonObject, value.asJsonArray());
            case 4:
                return value.asJsonObject();
            default:
                throw new IllegalArgumentException("Invalid JWKS; 'keys' entry should be an array.");
        }
    }

    private JsonObject getFirstJwk(JsonObject jsonObject, JsonArray jsonArray) {
        if (jsonArray.size() == 0) {
            throw new IllegalArgumentException("Invalid JWKS; 'keys' entry is empty.\n" + jsonObject.toString());
        }
        JsonValue jsonValue = (JsonValue) jsonArray.get(0);
        if (JsonValue.ValueType.OBJECT.equals(jsonValue.getValueType())) {
            return jsonValue.asJsonObject();
        }
        throw new IllegalArgumentException("Invalid JWKS; 'keys' array should contain jwk objects.\n" + jsonObject.toString());
    }

    private byte[] normalize(byte[] bArr) {
        if (Utils.startsWith("e", bArr) && !Utils.startsWith("ecdsa", bArr)) {
            return Base64.getUrlDecoder().decode(bArr);
        }
        return bArr;
    }

    @Override // org.tomitribe.churchkey.Key.Format.Parser
    public byte[] encode(Key key) {
        JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
        for (Map.Entry<String, String> entry : key.getAttributes().entrySet()) {
            createObjectBuilder.add(entry.getKey(), entry.getValue());
        }
        switch (key.getAlgorithm()) {
            case RSA:
                toRsaKey(key, createObjectBuilder);
                break;
            case DSA:
                toDsaKey(key, createObjectBuilder);
                break;
            case EC:
                toEcKey(key, createObjectBuilder);
                break;
            case OCT:
                toOctKey(key, createObjectBuilder);
                break;
            default:
                throw new UnsupportedOperationException("Cannot encode key type: " + key.getAlgorithm());
        }
        return createObjectBuilder.build().toString().getBytes();
    }
}
