package com.nimbusds.jose.jwk;

import com.google.android.gms.internal.mlkit_vision_internal_vkp.e2;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.shaded.json.JSONObject;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import java.io.Serializable;
import java.net.URI;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECParameterSpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import oi.c;
import oi.d;
import wi.e;
import wi.f;
import wi.g;
import wi.h;

/* loaded from: classes.dex */
public abstract class JWK implements Serializable {
    public static final String MIME_TYPE = "application/jwk+json; charset=UTF-8";

    /* renamed from: a, reason: collision with root package name */
    public final KeyType f34932a;

    /* renamed from: b, reason: collision with root package name */
    public final KeyUse f34933b;

    /* renamed from: c, reason: collision with root package name */
    public final Set<KeyOperation> f34934c;

    /* renamed from: d, reason: collision with root package name */
    public final Algorithm f34935d;

    /* renamed from: e, reason: collision with root package name */
    public final String f34936e;

    /* renamed from: f, reason: collision with root package name */
    public final URI f34937f;

    /* renamed from: g, reason: collision with root package name */
    @Deprecated
    public final Base64URL f34938g;

    /* renamed from: h, reason: collision with root package name */
    public final Base64URL f34939h;

    /* renamed from: i, reason: collision with root package name */
    public final List<Base64> f34940i;

    /* renamed from: j, reason: collision with root package name */
    public final LinkedList f34941j;

    /* renamed from: k, reason: collision with root package name */
    public final KeyStore f34942k;

    public JWK(KeyType keyType, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL, Base64URL base64URL2, List<Base64> list, KeyStore keyStore) {
        if (keyType == null) {
            throw new IllegalArgumentException("The key type \"kty\" parameter must not be null");
        }
        this.f34932a = keyType;
        Map<KeyUse, Set<KeyOperation>> map = c.f54550a;
        boolean z10 = true;
        if (keyUse != null && set != null) {
            Map<KeyUse, Set<KeyOperation>> map2 = c.f54550a;
            if (map2.containsKey(keyUse) && !map2.get(keyUse).containsAll(set)) {
                z10 = false;
            }
        }
        if (!z10) {
            throw new IllegalArgumentException("The key use \"use\" and key options \"key_ops\" parameters are not consistent, see RFC 7517, section 4.3");
        }
        this.f34933b = keyUse;
        this.f34934c = set;
        this.f34935d = algorithm;
        this.f34936e = str;
        this.f34937f = uri;
        this.f34938g = base64URL;
        this.f34939h = base64URL2;
        if (list != null && list.isEmpty()) {
            throw new IllegalArgumentException("The X.509 certificate chain \"x5c\" must not be empty");
        }
        this.f34940i = list;
        try {
            this.f34941j = g.a(list);
            this.f34942k = keyStore;
        } catch (ParseException e10) {
            StringBuilder b10 = e2.b("Invalid X.509 certificate chain \"x5c\": ");
            b10.append(e10.getMessage());
            throw new IllegalArgumentException(b10.toString(), e10);
        }
    }

    public static JWK load(KeyStore keyStore, String str, char[] cArr) throws KeyStoreException, JOSEException {
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate == null) {
            return OctetSequenceKey.load(keyStore, str, cArr);
        }
        if (certificate.getPublicKey() instanceof RSAPublicKey) {
            return RSAKey.load(keyStore, str, cArr);
        }
        if (certificate.getPublicKey() instanceof ECPublicKey) {
            return ECKey.load(keyStore, str, cArr);
        }
        StringBuilder b10 = e2.b("Unsupported public key algorithm: ");
        b10.append(certificate.getPublicKey().getAlgorithm());
        throw new JOSEException(b10.toString());
    }

    public static JWK parse(String str) throws ParseException {
        return parse(e.h(-1, str));
    }

    public static JWK parse(X509Certificate x509Certificate) throws JOSEException {
        if (x509Certificate.getPublicKey() instanceof RSAPublicKey) {
            return RSAKey.parse(x509Certificate);
        }
        if (x509Certificate.getPublicKey() instanceof ECPublicKey) {
            return ECKey.parse(x509Certificate);
        }
        StringBuilder b10 = e2.b("Unsupported public key algorithm: ");
        b10.append(x509Certificate.getPublicKey().getAlgorithm());
        throw new JOSEException(b10.toString());
    }

    public static JWK parse(Map<String, Object> map) throws ParseException {
        String str = (String) e.b(map, "kty", String.class);
        if (str == null) {
            throw new ParseException("Missing key type \"kty\" parameter", 0);
        }
        KeyType parse = KeyType.parse(str);
        if (parse == KeyType.EC) {
            return ECKey.parse(map);
        }
        if (parse == KeyType.RSA) {
            return RSAKey.parse(map);
        }
        if (parse == KeyType.OCT) {
            return OctetSequenceKey.parse(map);
        }
        if (parse == KeyType.OKP) {
            return OctetKeyPair.parse(map);
        }
        throw new ParseException("Unsupported key type \"kty\" parameter: " + parse, 0);
    }

    public static JWK parseFromPEMEncodedObjects(String str) throws JOSEException {
        KeyPair keyPair;
        KeyPair keyPair2;
        Base64URL base64URL;
        ArrayList a10 = d.a(str);
        if (a10.isEmpty()) {
            throw new JOSEException("No PEM-encoded keys found");
        }
        if (a10.size() == 1) {
            keyPair2 = (KeyPair) a10.get(0);
        } else {
            if (a10.size() != 2) {
                throw new JOSEException("Expected key or pair of PEM-encoded keys");
            }
            KeyPair keyPair3 = (KeyPair) a10.get(0);
            KeyPair keyPair4 = (KeyPair) a10.get(1);
            if (keyPair3.getPublic() != null && keyPair4.getPrivate() != null) {
                keyPair = new KeyPair(keyPair3.getPublic(), keyPair4.getPrivate());
            } else {
                if (keyPair3.getPrivate() == null || keyPair4.getPublic() == null) {
                    throw new JOSEException("Not a public/private key pair");
                }
                keyPair = new KeyPair(keyPair4.getPublic(), keyPair3.getPrivate());
            }
            keyPair2 = keyPair;
        }
        PublicKey publicKey = keyPair2.getPublic();
        PrivateKey privateKey = keyPair2.getPrivate();
        if (publicKey == null) {
            throw new JOSEException("Missing PEM-encoded public key to construct JWK");
        }
        if (!(publicKey instanceof ECPublicKey)) {
            if (!(publicKey instanceof RSAPublicKey)) {
                StringBuilder b10 = e2.b("Unsupported algorithm of PEM-encoded key: ");
                b10.append(publicKey.getAlgorithm());
                throw new JOSEException(b10.toString());
            }
            RSAKey.a aVar = new RSAKey.a((RSAPublicKey) publicKey);
            if (privateKey instanceof RSAPrivateKey) {
                aVar.b((RSAPrivateKey) privateKey);
            } else if (privateKey != null) {
                StringBuilder b11 = e2.b("Unsupported ");
                b11.append(KeyType.RSA.getValue());
                b11.append(" private key type: ");
                b11.append(privateKey);
                throw new JOSEException(b11.toString());
            }
            return aVar.a();
        }
        ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
        ECParameterSpec params = eCPublicKey.getParams();
        if (privateKey instanceof ECPrivateKey) {
            ECParameterSpec params2 = eCPublicKey.getParams();
            ECParameterSpec params3 = ((ECPrivateKey) privateKey).getParams();
            if (!params2.getCurve().equals(params3.getCurve())) {
                StringBuilder b12 = e2.b("Public/private ");
                b12.append(KeyType.EC.getValue());
                b12.append(" key curve mismatch: ");
                b12.append(eCPublicKey);
                throw new JOSEException(b12.toString());
            }
            if (params2.getCofactor() != params3.getCofactor()) {
                StringBuilder b13 = e2.b("Public/private ");
                b13.append(KeyType.EC.getValue());
                b13.append(" key cofactor mismatch: ");
                b13.append(eCPublicKey);
                throw new JOSEException(b13.toString());
            }
            if (!params2.getGenerator().equals(params3.getGenerator())) {
                StringBuilder b14 = e2.b("Public/private ");
                b14.append(KeyType.EC.getValue());
                b14.append(" key generator mismatch: ");
                b14.append(eCPublicKey);
                throw new JOSEException(b14.toString());
            }
            if (!params2.getOrder().equals(params3.getOrder())) {
                StringBuilder b15 = e2.b("Public/private ");
                b15.append(KeyType.EC.getValue());
                b15.append(" key order mismatch: ");
                b15.append(eCPublicKey);
                throw new JOSEException(b15.toString());
            }
        }
        if (privateKey != null && !(privateKey instanceof ECPrivateKey)) {
            StringBuilder b16 = e2.b("Unsupported ");
            b16.append(KeyType.EC.getValue());
            b16.append(" private key type: ");
            b16.append(privateKey);
            throw new JOSEException(b16.toString());
        }
        Curve forECParameterSpec = Curve.forECParameterSpec(params);
        Base64URL encodeCoordinate = ECKey.encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX());
        Base64URL encodeCoordinate2 = ECKey.encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY());
        if (forECParameterSpec == null) {
            throw new IllegalArgumentException("The curve must not be null");
        }
        if (encodeCoordinate == null) {
            throw new IllegalArgumentException("The 'x' coordinate must not be null");
        }
        if (encodeCoordinate2 == null) {
            throw new IllegalArgumentException("The 'y' coordinate must not be null");
        }
        if (privateKey != null) {
            ECPrivateKey eCPrivateKey = (ECPrivateKey) privateKey;
            base64URL = ECKey.encodeCoordinate(eCPrivateKey.getParams().getCurve().getField().getFieldSize(), eCPrivateKey.getS());
        } else {
            base64URL = null;
        }
        try {
            return base64URL == null ? new ECKey(forECParameterSpec, encodeCoordinate, encodeCoordinate2, (KeyUse) null, (Set<KeyOperation>) null, (Algorithm) null, (String) null, (URI) null, (Base64URL) null, (Base64URL) null, (List<Base64>) null, (KeyStore) null) : new ECKey(forECParameterSpec, encodeCoordinate, encodeCoordinate2, base64URL, (KeyUse) null, (Set<KeyOperation>) null, (Algorithm) null, (String) null, (URI) null, (Base64URL) null, (Base64URL) null, (List<Base64>) null, (KeyStore) null);
        } catch (IllegalArgumentException e10) {
            throw new IllegalStateException(e10.getMessage(), e10);
        }
    }

    public static JWK parseFromPEMEncodedX509Cert(String str) throws JOSEException {
        int indexOf;
        String substring;
        int indexOf2;
        X509Certificate x509Certificate = null;
        if (str != null && !str.isEmpty() && (indexOf = str.indexOf("-----BEGIN CERTIFICATE-----")) >= 0 && (indexOf2 = (substring = str.substring(indexOf + 27)).indexOf("-----END CERTIFICATE-----")) >= 0) {
            try {
                x509Certificate = h.a(new Base64(substring.substring(0, indexOf2).replaceAll("\\s", "")).decode());
            } catch (CertificateException unused) {
            }
        }
        if (x509Certificate != null) {
            return parse(x509Certificate);
        }
        throw new JOSEException("Couldn't parse PEM-encoded X.509 certificate");
    }

    public Base64URL computeThumbprint() throws JOSEException {
        return computeThumbprint("SHA-256");
    }

    public Base64URL computeThumbprint(String str) throws JOSEException {
        String jSONString = JSONObject.toJSONString(getRequiredParams());
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(jSONString.getBytes(f.f65188a));
            return Base64URL.encode(messageDigest.digest());
        } catch (NoSuchAlgorithmException e10) {
            StringBuilder b10 = e2.b("Couldn't compute JWK thumbprint: Unsupported hash algorithm: ");
            b10.append(e10.getMessage());
            throw new JOSEException(b10.toString(), e10);
        }
    }

    public oi.f computeThumbprintURI() throws JOSEException {
        return new oi.f(computeThumbprint("SHA-256"));
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof JWK)) {
            return false;
        }
        JWK jwk = (JWK) obj;
        return Objects.equals(this.f34932a, jwk.f34932a) && Objects.equals(this.f34933b, jwk.f34933b) && Objects.equals(this.f34934c, jwk.f34934c) && Objects.equals(this.f34935d, jwk.f34935d) && Objects.equals(this.f34936e, jwk.f34936e) && Objects.equals(this.f34937f, jwk.f34937f) && Objects.equals(this.f34938g, jwk.f34938g) && Objects.equals(this.f34939h, jwk.f34939h) && Objects.equals(this.f34940i, jwk.f34940i) && Objects.equals(this.f34942k, jwk.f34942k);
    }

    public Algorithm getAlgorithm() {
        return this.f34935d;
    }

    public String getKeyID() {
        return this.f34936e;
    }

    public Set<KeyOperation> getKeyOperations() {
        return this.f34934c;
    }

    public KeyStore getKeyStore() {
        return this.f34942k;
    }

    public KeyType getKeyType() {
        return this.f34932a;
    }

    public KeyUse getKeyUse() {
        return this.f34933b;
    }

    public List<X509Certificate> getParsedX509CertChain() {
        LinkedList linkedList = this.f34941j;
        if (linkedList == null) {
            return null;
        }
        return Collections.unmodifiableList(linkedList);
    }

    public abstract LinkedHashMap<String, ?> getRequiredParams();

    public List<Base64> getX509CertChain() {
        List<Base64> list = this.f34940i;
        if (list == null) {
            return null;
        }
        return Collections.unmodifiableList(list);
    }

    public Base64URL getX509CertSHA256Thumbprint() {
        return this.f34939h;
    }

    @Deprecated
    public Base64URL getX509CertThumbprint() {
        return this.f34938g;
    }

    public URI getX509CertURL() {
        return this.f34937f;
    }

    public int hashCode() {
        return Objects.hash(this.f34932a, this.f34933b, this.f34934c, this.f34935d, this.f34936e, this.f34937f, this.f34938g, this.f34939h, this.f34940i, this.f34942k);
    }

    public abstract boolean isPrivate();

    public abstract int size();

    public ECKey toECKey() {
        return (ECKey) this;
    }

    public Map<String, Object> toJSONObject() {
        HashMap hashMap = new HashMap();
        hashMap.put("kty", this.f34932a.getValue());
        KeyUse keyUse = this.f34933b;
        if (keyUse != null) {
            hashMap.put("use", keyUse.identifier());
        }
        if (this.f34934c != null) {
            ArrayList arrayList = new ArrayList();
            Iterator<KeyOperation> it = this.f34934c.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().identifier());
            }
            hashMap.put("key_ops", arrayList);
        }
        Algorithm algorithm = this.f34935d;
        if (algorithm != null) {
            hashMap.put("alg", algorithm.getName());
        }
        String str = this.f34936e;
        if (str != null) {
            hashMap.put("kid", str);
        }
        URI uri = this.f34937f;
        if (uri != null) {
            hashMap.put("x5u", uri.toString());
        }
        Base64URL base64URL = this.f34938g;
        if (base64URL != null) {
            hashMap.put("x5t", base64URL.toString());
        }
        Base64URL base64URL2 = this.f34939h;
        if (base64URL2 != null) {
            hashMap.put("x5t#S256", base64URL2.toString());
        }
        if (this.f34940i != null) {
            ArrayList arrayList2 = new ArrayList();
            Iterator<Base64> it2 = this.f34940i.iterator();
            while (it2.hasNext()) {
                arrayList2.add(it2.next().toString());
            }
            hashMap.put("x5c", arrayList2);
        }
        return hashMap;
    }

    public String toJSONString() {
        return JSONObject.toJSONString((Map<String, ? extends Object>) toJSONObject());
    }

    public OctetKeyPair toOctetKeyPair() {
        return (OctetKeyPair) this;
    }

    public OctetSequenceKey toOctetSequenceKey() {
        return (OctetSequenceKey) this;
    }

    public abstract JWK toPublicJWK();

    public RSAKey toRSAKey() {
        return (RSAKey) this;
    }

    public String toString() {
        return JSONObject.toJSONString((Map<String, ? extends Object>) toJSONObject());
    }
}
