package org.soulwing.jwt.api.jca;

import java.math.BigInteger;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObject;
import javax.json.JsonObjectBuilder;
import javax.json.JsonValue;
import javax.json.stream.JsonCollectors;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.soulwing.jwt.api.JWK;

/* loaded from: input_file:org/soulwing/jwt/api/jca/JcaJsonWebKey.class */
public class JcaJsonWebKey implements JWK {
    private static final Map<String, String> OID_TO_CURVE = new HashMap();
    private final Key key;
    private final JsonObject delegate;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/soulwing/jwt/api/jca/JcaJsonWebKey$Builder.class */
    public static class Builder implements JWK.Builder {
        private String id;
        private String type;
        private String algorithm;
        private JWK.Use use;
        private Key key;
        private Set<JWK.KeyOp> ops = new HashSet();
        private List<X509Certificate> certificates = new ArrayList();

        Builder() {
        }

        @Override // org.soulwing.jwt.api.JWK.Builder
        public JWK.Builder id(String str) {
            this.id = str;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWK.Builder
        public JWK.Builder type(String str) {
            this.type = str;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWK.Builder
        public JWK.Builder algorithm(String str) {
            this.algorithm = str;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWK.Builder
        public JWK.Builder use(JWK.Use use) {
            this.use = use;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWK.Builder
        public JWK.Builder ops(JWK.KeyOp... keyOpArr) {
            return ops(Arrays.asList(keyOpArr));
        }

        @Override // org.soulwing.jwt.api.JWK.Builder
        public JWK.Builder ops(Collection<JWK.KeyOp> collection) {
            this.ops.addAll(collection);
            return this;
        }

        @Override // org.soulwing.jwt.api.JWK.Builder
        public JWK.Builder key(Key key) {
            this.key = key;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWK.Builder
        public JWK.Builder certificates(X509Certificate... x509CertificateArr) {
            return certificates(Arrays.asList(x509CertificateArr));
        }

        @Override // org.soulwing.jwt.api.JWK.Builder
        public JWK.Builder certificates(List<X509Certificate> list) {
            this.certificates.addAll(list);
            return this;
        }

        private void defaultType() {
            if (this.type == null) {
                if (this.key instanceof SecretKey) {
                    this.type = "oct";
                    return;
                }
                if (this.key instanceof ECPublicKey) {
                    this.type = "EC";
                } else if (this.key instanceof RSAPublicKey) {
                    this.type = "RSA";
                } else {
                    this.type = this.key.getAlgorithm();
                }
            }
        }

        private void defaultKey() {
            if (this.key == null) {
                this.key = this.certificates.get(0).getPublicKey();
            }
        }

        @Override // org.soulwing.jwt.api.JWK.Builder
        public JWK build() {
            validateKey();
            defaultKey();
            defaultType();
            return new JcaJsonWebKey(this.key, createJwk());
        }

        private JsonObject createJwk() {
            JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
            if (this.id != null) {
                createObjectBuilder.add("kid", this.id);
            }
            if (this.type != null) {
                createObjectBuilder.add("kty", this.type);
            }
            Base64.Encoder withoutPadding = Base64.getUrlEncoder().withoutPadding();
            if (this.key instanceof SecretKey) {
                JcaJsonWebKey.describeKey((SecretKey) this.key, withoutPadding, createObjectBuilder);
            } else if (this.key instanceof RSAPublicKey) {
                JcaJsonWebKey.describeKey((RSAPublicKey) this.key, withoutPadding, createObjectBuilder);
            } else if (this.key instanceof ECPublicKey) {
                JcaJsonWebKey.describeKey((ECPublicKey) this.key, withoutPadding, createObjectBuilder);
            } else if (this.key != null) {
                throw new IllegalArgumentException("unsupported key type: " + this.key.getAlgorithm());
            }
            if (!this.certificates.isEmpty()) {
                JcaJsonWebKey.describeCertificates(this.certificates, withoutPadding, createObjectBuilder);
            }
            if (this.algorithm != null) {
                createObjectBuilder.add("alg", this.algorithm);
            }
            if (this.use != null) {
                createObjectBuilder.add("use", this.use.toString());
            }
            if (!this.ops.isEmpty()) {
                createObjectBuilder.add("key_ops", (JsonValue) this.ops.stream().map((v0) -> {
                    return v0.toString();
                }).map(Json::createValue).collect(JsonCollectors.toJsonArray()));
            }
            return createObjectBuilder.build();
        }

        private void validateKey() {
            if (this.key == null && this.certificates.isEmpty()) {
                throw new IllegalArgumentException("either a key or certificate is required");
            }
        }
    }

    private JcaJsonWebKey(Key key, JsonObject jsonObject) {
        this.key = key;
        this.delegate = jsonObject;
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // org.soulwing.jwt.api.JWK
    public Key getKey() {
        return this.key;
    }

    @Override // org.soulwing.jwt.api.JWK
    public JsonObject toJson() {
        return this.delegate;
    }

    @Override // org.soulwing.jwt.api.JWK
    public String toString() {
        return this.delegate.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void describeKey(SecretKey secretKey, Base64.Encoder encoder, JsonObjectBuilder jsonObjectBuilder) {
        jsonObjectBuilder.add("k", encoder.encodeToString(secretKey.getEncoded()));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void describeKey(RSAPublicKey rSAPublicKey, Base64.Encoder encoder, JsonObjectBuilder jsonObjectBuilder) {
        byte[] unsignedRaw = unsignedRaw(rSAPublicKey.getPublicExponent());
        jsonObjectBuilder.add("n", encoder.encodeToString(unsignedRaw(rSAPublicKey.getModulus())));
        jsonObjectBuilder.add("e", encoder.encodeToString(unsignedRaw));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void describeKey(ECPublicKey eCPublicKey, Base64.Encoder encoder, JsonObjectBuilder jsonObjectBuilder) {
        int bitsToOctets = bitsToOctets(eCPublicKey.getParams().getCurve().getField().getFieldSize());
        byte[] ecPad = ecPad(eCPublicKey.getW().getAffineX(), bitsToOctets);
        byte[] ecPad2 = ecPad(eCPublicKey.getW().getAffineY(), bitsToOctets);
        jsonObjectBuilder.add("crv", ecCurve(eCPublicKey));
        jsonObjectBuilder.add("x", encoder.encodeToString(ecPad));
        jsonObjectBuilder.add("y", encoder.encodeToString(ecPad2));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void describeCertificates(List<X509Certificate> list, Base64.Encoder encoder, JsonObjectBuilder jsonObjectBuilder) {
        try {
            X509Certificate x509Certificate = list.get(0);
            JsonArrayBuilder createArrayBuilder = Json.createArrayBuilder();
            Iterator<X509Certificate> it = list.iterator();
            while (it.hasNext()) {
                createArrayBuilder.add(Base64.getEncoder().encodeToString(it.next().getEncoded()));
            }
            jsonObjectBuilder.add("x5c", createArrayBuilder);
            jsonObjectBuilder.add("x5t", encoder.encodeToString(certThumbprint(x509Certificate, "SHA")));
            jsonObjectBuilder.add("x5t#s256", encoder.encodeToString(certThumbprint(x509Certificate, "SHA-256")));
        } catch (CertificateEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    static byte[] certThumbprint(Certificate certificate, String str) {
        try {
            return MessageDigest.getInstance(str).digest(certificate.getEncoded());
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    static int bitsToOctets(int i) {
        int i2 = i / 8;
        if (i % 8 != 0) {
            i2++;
        }
        return i2;
    }

    static byte[] ecPad(BigInteger bigInteger, int i) {
        byte[] unsignedRaw = unsignedRaw(bigInteger);
        if (unsignedRaw.length < i) {
            byte[] bArr = new byte[i];
            Arrays.fill(bArr, (byte) 0);
            System.arraycopy(unsignedRaw, 0, bArr, i - unsignedRaw.length, unsignedRaw.length);
            unsignedRaw = bArr;
        }
        return unsignedRaw;
    }

    static String ecCurve(ECPublicKey eCPublicKey) {
        String str = OID_TO_CURVE.get(SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(eCPublicKey.getEncoded())).getAlgorithm().getParameters().toString());
        if (str == null) {
            throw new IllegalArgumentException("unsupported EC curve");
        }
        return str;
    }

    static byte[] unsignedRaw(BigInteger bigInteger) {
        if (bigInteger.signum() < 0) {
            throw new IllegalArgumentException("value must be non-negative");
        }
        byte[] byteArray = bigInteger.toByteArray();
        if (bigInteger.signum() >= 0 && byteArray.length > 1 && byteArray[0] == 0) {
            byteArray = Arrays.copyOfRange(byteArray, 1, byteArray.length);
        }
        return byteArray;
    }

    static {
        OID_TO_CURVE.put("1.2.840.10045.3.1.7", "P-256");
        OID_TO_CURVE.put("1.3.132.0.34", "P-384");
        OID_TO_CURVE.put("1.3.132.0.35", "P-521");
        OID_TO_CURVE.put("1.3.132.0.10", "secp256k1");
    }
}
