package com.nimbusds.openid.connect.provider.jwkset.validator;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.crypto.Ed25519Signer;
import com.nimbusds.jose.crypto.Ed25519Verifier;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.OctetKeyPair;
import com.nimbusds.jose.jwk.RSAKey;
import java.security.Provider;

/* loaded from: input_file:com/nimbusds/openid/connect/provider/jwkset/validator/SigningJWKValidator.class */
public class SigningJWKValidator {
    private static JWSObject createTestJWSObject(JWSAlgorithm jWSAlgorithm) {
        return new JWSObject(new JWSHeader(jWSAlgorithm), new Payload("test"));
    }

    @Deprecated
    public static void testSignAndVerify(RSAKey rSAKey, Provider provider) throws JOSEException {
        testSignAndVerify(rSAKey, provider, provider);
    }

    public static void testSignAndVerify(RSAKey rSAKey, Provider provider, Provider provider2) throws JOSEException {
        if (!rSAKey.isPrivate()) {
            throw new JOSEException("The RSA JWK (kid=" + rSAKey.getKeyID() + ") has no private part");
        }
        try {
            RSASSASigner rSASSASigner = new RSASSASigner(rSAKey.toPrivateKey(), true);
            if (provider != null) {
                rSASSASigner.getJCAContext().setProvider(provider);
            }
            JWSObject createTestJWSObject = createTestJWSObject(JWSAlgorithm.RS256);
            createTestJWSObject.sign(rSASSASigner);
            RSASSAVerifier rSASSAVerifier = new RSASSAVerifier(rSAKey);
            if (provider2 != null) {
                rSASSAVerifier.getJCAContext().setProvider(provider2);
            }
            if (createTestJWSObject.verify(rSASSAVerifier)) {
            } else {
                throw new JOSEException("Test RSA JWK (kid=" + rSAKey.getKeyID() + ") signature verification failed");
            }
        } catch (Exception e) {
            throw new JOSEException("RSA JWK (kid=" + rSAKey.getKeyID() + ") validation failed: " + e.getMessage(), e);
        }
    }

    @Deprecated
    public static void testSignAndVerify(ECKey eCKey, Provider provider) throws JOSEException {
        testSignAndVerify(eCKey, provider, provider);
    }

    public static void testSignAndVerify(ECKey eCKey, Provider provider, Provider provider2) throws JOSEException {
        JWSAlgorithm jWSAlgorithm;
        if (!eCKey.isPrivate()) {
            throw new JOSEException("The EC JWK (crv=" + eCKey.getCurve() + " kid=" + eCKey.getKeyID() + ") has no private part");
        }
        try {
            ECDSASigner eCDSASigner = new ECDSASigner(eCKey.toPrivateKey(), eCKey.getCurve());
            if (provider != null) {
                eCDSASigner.getJCAContext().setProvider(provider);
            }
            if (Curve.P_256.equals(eCKey.getCurve())) {
                jWSAlgorithm = JWSAlgorithm.ES256;
            } else if (Curve.P_384.equals(eCKey.getCurve())) {
                jWSAlgorithm = JWSAlgorithm.ES384;
            } else if (Curve.P_521.equals(eCKey.getCurve())) {
                jWSAlgorithm = JWSAlgorithm.ES512;
            } else {
                if (!Curve.SECP256K1.equals(eCKey.getCurve())) {
                    throw new JOSEException("Unsupported EC JWK (kid=" + eCKey.getKeyID() + ") curve: " + eCKey.getCurve());
                }
                jWSAlgorithm = JWSAlgorithm.ES256K;
            }
            JWSObject createTestJWSObject = createTestJWSObject(jWSAlgorithm);
            createTestJWSObject.sign(eCDSASigner);
            ECDSAVerifier eCDSAVerifier = new ECDSAVerifier(eCKey);
            if (provider2 != null) {
                eCDSAVerifier.getJCAContext().setProvider(provider2);
            }
            if (!createTestJWSObject.verify(eCDSAVerifier)) {
                throw new JOSEException("Test EC JWK (crv=" + eCKey.getCurve() + " kid=" + eCKey.getKeyID() + ") signature verification failed");
            }
        } catch (Exception e) {
            throw new JOSEException("EC JWK (crv=" + eCKey.getCurve() + " kid=" + eCKey.getKeyID() + ") validation failed: " + e.getMessage(), e);
        }
    }

    public static void testSignAndVerify(OctetKeyPair octetKeyPair) throws JOSEException {
        if (!octetKeyPair.isPrivate()) {
            throw new JOSEException("The OKP JWK (kid=" + octetKeyPair.getKeyID() + ") has not private part");
        }
        try {
            Ed25519Signer ed25519Signer = new Ed25519Signer(octetKeyPair);
            JWSObject createTestJWSObject = createTestJWSObject(JWSAlgorithm.EdDSA);
            createTestJWSObject.sign(ed25519Signer);
            if (createTestJWSObject.verify(new Ed25519Verifier(octetKeyPair.toPublicJWK()))) {
            } else {
                throw new JOSEException("Test Ed25519 JWK (kid=" + octetKeyPair.getKeyID() + ") signature verification failed");
            }
        } catch (Exception e) {
            throw new JOSEException("Ed25519 JWK (kid=" + octetKeyPair.getKeyID() + ") validation failed: " + e.getMessage(), e);
        }
    }
}
