package io.personium.plugin.auth.oidc;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.SigningKeyResolverAdapter;
import io.jsonwebtoken.UnsupportedJwtException;
import io.personium.plugin.base.utils.PluginUtils;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.KeySpec;
import java.security.spec.RSAPublicKeySpec;
import org.json.simple.JSONObject;

/* loaded from: input_file:io/personium/plugin/auth/oidc/JwkResolver.class */
public class JwkResolver extends SigningKeyResolverAdapter {
    private JwkSet jwkSet;

    public JwkResolver(JwkSet jwkSet) {
        this.jwkSet = jwkSet;
    }

    public Key resolveSigningKey(String str, String str2) {
        for (JSONObject jSONObject : this.jwkSet.getKeys()) {
            if (str != null && str.equals(jSONObject.get("kid")) && str2 != null && str2.equals(jSONObject.get("alg"))) {
                try {
                    return generateKeyFromJwk(jSONObject);
                } catch (IllegalArgumentException | NoSuchAlgorithmException e) {
                    throw new UnsupportedJwtException("Failed to resolve a signing key.", e);
                }
            }
        }
        return null;
    }

    @Override // io.jsonwebtoken.SigningKeyResolverAdapter, io.jsonwebtoken.SigningKeyResolver
    public Key resolveSigningKey(JwsHeader jwsHeader, Claims claims) {
        return resolveSigningKey(jwsHeader.getKeyId(), jwsHeader.getAlgorithm());
    }

    @Override // io.jsonwebtoken.SigningKeyResolverAdapter, io.jsonwebtoken.SigningKeyResolver
    public Key resolveSigningKey(JwsHeader jwsHeader, String str) {
        return resolveSigningKey(jwsHeader, (Claims) null);
    }

    private Key generateKeyFromJwk(JSONObject jSONObject) throws IllegalArgumentException, NoSuchAlgorithmException {
        KeySpec eCPublicKeySpec;
        String str = (String) jSONObject.get(Jwk.KEY_TYPE);
        if (str == null) {
            throw new IllegalArgumentException("`kty` must not be null");
        }
        KeyFactory keyFactory = KeyFactory.getInstance(str);
        boolean z = -1;
        switch (str.hashCode()) {
            case 2206:
                if (str.equals("EC")) {
                    z = true;
                    break;
                }
                break;
            case 81440:
                if (str.equals("RSA")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                String str2 = (String) jSONObject.get("n");
                String str3 = (String) jSONObject.get("e");
                if (str2 != null && str3 != null) {
                    eCPublicKeySpec = new RSAPublicKeySpec(new BigInteger(1, PluginUtils.decodeBase64Url(str2)), new BigInteger(1, PluginUtils.decodeBase64Url(str3)));
                    break;
                } else {
                    throw new IllegalArgumentException("`RSA` key must contain `n` and `e`.");
                }
                break;
            case true:
                AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
                String str4 = (String) jSONObject.get("crv");
                if (!"P-256".equals(str4)) {
                    throw new IllegalArgumentException(String.format("curve %s is not supported", str4));
                }
                String str5 = (String) jSONObject.get("x");
                String str6 = (String) jSONObject.get("y");
                if (str5 == null || str6 == null) {
                    throw new IllegalArgumentException("`EC` key must contain `x` and `y`.");
                }
                ECPoint eCPoint = new ECPoint(new BigInteger(1, PluginUtils.decodeBase64Url(str5)), new BigInteger(1, PluginUtils.decodeBase64Url(str6)));
                try {
                    algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
                    eCPublicKeySpec = new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class));
                    break;
                } catch (NullPointerException | InvalidParameterSpecException e) {
                    throw new IllegalArgumentException("ECGenParameterSpec failed.", e);
                }
            default:
                throw new IllegalArgumentException(String.format("kty %s is not supported", str));
        }
        try {
            return keyFactory.generatePublic(eCPublicKeySpec);
        } catch (InvalidKeySpecException e2) {
            throw new IllegalArgumentException("Generating public key failed", e2);
        }
    }
}
