package org.shredzone.acme4j.toolbox;

import com.foilen.infra.resource.infraconfig.InfraConfigPlugin;
import edu.umd.cs.findbugs.annotations.Nullable;
import java.net.URL;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.Map;
import javax.crypto.SecretKey;
import org.jose4j.jwk.EllipticCurveJsonWebKey;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwx.HeaderParameterNames;
import org.jose4j.keys.EllipticCurves;
import org.jose4j.keys.HmacKey;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/shredzone/acme4j/toolbox/JoseUtils.class */
public final class JoseUtils {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) JoseUtils.class);

    private JoseUtils() {
    }

    public static JSONBuilder createJoseRequest(URL url, KeyPair keyPair, @Nullable JSONBuilder jSONBuilder, @Nullable String str, @Nullable String str2) {
        try {
            PublicJsonWebKey newPublicJwk = PublicJsonWebKey.Factory.newPublicJwk(keyPair.getPublic());
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.getHeaders().setObjectHeaderValue(InfraConfigPlugin.PROPERTY_URL, url);
            if (str2 != null) {
                jsonWebSignature.getHeaders().setObjectHeaderValue("kid", str2);
            } else {
                jsonWebSignature.getHeaders().setJwkHeaderValue(HeaderParameterNames.JWK, newPublicJwk);
            }
            if (str != null) {
                jsonWebSignature.getHeaders().setObjectHeaderValue("nonce", str);
            }
            jsonWebSignature.setPayload(jSONBuilder != null ? jSONBuilder.toString() : "");
            jsonWebSignature.setAlgorithmHeaderValue(keyAlgorithm(newPublicJwk));
            jsonWebSignature.setKey(keyPair.getPrivate());
            jsonWebSignature.sign();
            if (LOG.isDebugEnabled()) {
                LOG.debug("{} {}", jSONBuilder != null ? "POST" : "POST-as-GET", url);
                if (jSONBuilder != null) {
                    LOG.debug("  Payload: {}", jSONBuilder);
                }
                LOG.debug("  JWS Header: {}", jsonWebSignature.getHeaders().getFullHeaderAsJsonString());
            }
            JSONBuilder jSONBuilder2 = new JSONBuilder();
            jSONBuilder2.put("protected", jsonWebSignature.getHeaders().getEncodedHeader());
            jSONBuilder2.put("payload", jsonWebSignature.getEncodedPayload());
            jSONBuilder2.put("signature", jsonWebSignature.getEncodedSignature());
            return jSONBuilder2;
        } catch (JoseException e) {
            throw new IllegalArgumentException("Could not create a JOSE request", e);
        }
    }

    public static Map<String, Object> createExternalAccountBinding(String str, PublicKey publicKey, SecretKey secretKey, URL url) {
        try {
            PublicJsonWebKey newPublicJwk = PublicJsonWebKey.Factory.newPublicJwk(publicKey);
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setPayload(newPublicJwk.toJson());
            jsonWebSignature.getHeaders().setObjectHeaderValue(InfraConfigPlugin.PROPERTY_URL, url);
            jsonWebSignature.getHeaders().setObjectHeaderValue("kid", str);
            jsonWebSignature.setAlgorithmHeaderValue(macKeyAlgorithm(secretKey));
            jsonWebSignature.setKey(secretKey);
            jsonWebSignature.setDoKeyValidation(false);
            jsonWebSignature.sign();
            JSONBuilder jSONBuilder = new JSONBuilder();
            jSONBuilder.put("protected", jsonWebSignature.getHeaders().getEncodedHeader());
            jSONBuilder.put("signature", jsonWebSignature.getEncodedSignature());
            jSONBuilder.put("payload", jsonWebSignature.getEncodedPayload());
            return jSONBuilder.toMap();
        } catch (JoseException e) {
            throw new IllegalArgumentException("Could not create external account binding", e);
        }
    }

    public static Map<String, Object> publicKeyToJWK(PublicKey publicKey) {
        try {
            return PublicJsonWebKey.Factory.newPublicJwk(publicKey).toParams(JsonWebKey.OutputControlLevel.PUBLIC_ONLY);
        } catch (JoseException e) {
            throw new IllegalArgumentException("Bad public key", e);
        }
    }

    public static PublicKey jwkToPublicKey(Map<String, Object> map) {
        try {
            return PublicJsonWebKey.Factory.newPublicJwk(map).getPublicKey();
        } catch (JoseException e) {
            throw new IllegalArgumentException("Bad JWK", e);
        }
    }

    public static byte[] thumbprint(PublicKey publicKey) {
        try {
            return PublicJsonWebKey.Factory.newPublicJwk(publicKey).calculateThumbprint("SHA-256");
        } catch (JoseException e) {
            throw new IllegalArgumentException("Bad public key", e);
        }
    }

    public static String keyAlgorithm(JsonWebKey jsonWebKey) {
        if (!(jsonWebKey instanceof EllipticCurveJsonWebKey)) {
            if (jsonWebKey instanceof RsaJsonWebKey) {
                return AlgorithmIdentifiers.RSA_USING_SHA256;
            }
            throw new IllegalArgumentException("Unknown algorithm " + jsonWebKey.getAlgorithm());
        }
        EllipticCurveJsonWebKey ellipticCurveJsonWebKey = (EllipticCurveJsonWebKey) jsonWebKey;
        String curveName = ellipticCurveJsonWebKey.getCurveName();
        boolean z = -1;
        switch (curveName.hashCode()) {
            case 75272022:
                if (curveName.equals(EllipticCurves.P_256)) {
                    z = false;
                    break;
                }
                break;
            case 75273074:
                if (curveName.equals(EllipticCurves.P_384)) {
                    z = true;
                    break;
                }
                break;
            case 75274807:
                if (curveName.equals(EllipticCurves.P_521)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256;
            case true:
                return AlgorithmIdentifiers.ECDSA_USING_P384_CURVE_AND_SHA384;
            case true:
                return AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512;
            default:
                throw new IllegalArgumentException("Unknown EC name " + ellipticCurveJsonWebKey.getCurveName());
        }
    }

    public static String macKeyAlgorithm(SecretKey secretKey) {
        if (!HmacKey.ALGORITHM.equals(secretKey.getAlgorithm())) {
            throw new IllegalArgumentException("Bad algorithm: " + secretKey.getAlgorithm());
        }
        int length = secretKey.getEncoded().length * 8;
        switch (length) {
            case 256:
                return AlgorithmIdentifiers.HMAC_SHA256;
            case 384:
                return AlgorithmIdentifiers.HMAC_SHA384;
            case 512:
                return AlgorithmIdentifiers.HMAC_SHA512;
            default:
                throw new IllegalArgumentException("Bad key size: " + length);
        }
    }
}
