package otoroshi.utils.jwk;

import com.auth0.jwk.GuavaCachedJwkProvider;
import com.auth0.jwk.JwkProvider;
import com.auth0.jwk.UrlJwkProvider;
import com.auth0.jwt.algorithms.Algorithm;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Base64;
import scala.MatchError;
import scala.collection.concurrent.TrieMap;

/* compiled from: jwk.scala */
/* loaded from: input_file:otoroshi/utils/jwk/JwtVerifierHelper$.class */
public final class JwtVerifierHelper$ {
    public static JwtVerifierHelper$ MODULE$;
    private final TrieMap<String, JwkProvider> cache;

    static {
        new JwtVerifierHelper$();
    }

    public TrieMap<String, JwkProvider> cache() {
        return this.cache;
    }

    public byte[] fromBase64(String str) {
        return Base64.decodeBase64(str);
    }

    public Algorithm algorithm(String str, String str2, String str3) {
        if (str2.startsWith("https://") || str2.startsWith("http://")) {
            PublicKey publicKey = ((JwkProvider) cache().getOrElseUpdate(str2, () -> {
                return new GuavaCachedJwkProvider(new UrlJwkProvider(str2));
            })).get(str3).getPublicKey();
            if ("RS256".equals(str)) {
                return Algorithm.RSA256((RSAPublicKey) publicKey, (RSAPrivateKey) null);
            }
            if ("RS384".equals(str)) {
                return Algorithm.RSA384((RSAPublicKey) publicKey, (RSAPrivateKey) null);
            }
            if ("RS512".equals(str)) {
                return Algorithm.RSA512((RSAPublicKey) publicKey, (RSAPrivateKey) null);
            }
            if ("ES256".equals(str)) {
                return Algorithm.ECDSA256((ECPublicKey) publicKey, (ECPrivateKey) null);
            }
            if ("ES384".equals(str)) {
                return Algorithm.ECDSA384((ECPublicKey) publicKey, (ECPrivateKey) null);
            }
            if ("ES512".equals(str)) {
                return Algorithm.ECDSA512((ECPublicKey) publicKey, (ECPrivateKey) null);
            }
            throw new MatchError(str);
        }
        if ("HS256".equals(str)) {
            return Algorithm.HMAC256(str2);
        }
        if ("HS384".equals(str)) {
            return Algorithm.HMAC384(str2);
        }
        if ("HS512".equals(str)) {
            return Algorithm.HMAC512(str2);
        }
        if ("RS256".equals(str)) {
            return Algorithm.RSA256((RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(fromBase64(str2))), (RSAPrivateKey) null);
        }
        if ("RS384".equals(str)) {
            return Algorithm.RSA384((RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(fromBase64(str2))), (RSAPrivateKey) null);
        }
        if ("RS512".equals(str)) {
            return Algorithm.RSA512((RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(fromBase64(str2))), (RSAPrivateKey) null);
        }
        if ("ES256".equals(str)) {
            return Algorithm.ECDSA256((ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(fromBase64(str2))), (ECPrivateKey) null);
        }
        if ("ES384".equals(str)) {
            return Algorithm.ECDSA384((ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(fromBase64(str2))), (ECPrivateKey) null);
        }
        if ("ES512".equals(str)) {
            return Algorithm.ECDSA512((ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(fromBase64(str2))), (ECPrivateKey) null);
        }
        throw new MatchError(str);
    }

    public String algorithm$default$3() {
        return "none";
    }

    private JwtVerifierHelper$() {
        MODULE$ = this;
        this.cache = new TrieMap<>();
    }
}
