package io.vertx.ext.jwt;

import ch.qos.logback.core.rolling.helper.DateTokenConverter;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.jwt.impl.SignatureHelper;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:io/vertx/ext/jwt/JWK.class */
public final class JWK implements Crypto {
    private static final Charset UTF8 = StandardCharsets.UTF_8;
    private final String kid;
    private String alg;
    private PrivateKey privateKey;
    private PublicKey publicKey;
    private Signature signature;
    private Cipher cipher;
    private X509Certificate certificate;
    private Mac mac;
    private boolean symmetric;
    private boolean ecdsa;
    private int ecdsaLength;

    public JWK(String str, String str2, String str3) {
        this(str, false, str2, str3);
    }

    public JWK(String str, boolean z, String str2, String str3) {
        KeyFactory keyFactory;
        try {
            HashMap<String, String> hashMap = new HashMap<String, String>() { // from class: io.vertx.ext.jwt.JWK.1
                {
                    put("RS256", "SHA256withRSA");
                    put("RS384", "SHA384withRSA");
                    put("RS512", "SHA512withRSA");
                    put("ES256", "SHA256withECDSA");
                    put("ES384", "SHA384withECDSA");
                    put("ES512", "SHA512withECDSA");
                }
            };
            boolean z2 = -1;
            switch (str.hashCode()) {
                case 66245349:
                    if (str.equals("ES256")) {
                        z2 = 3;
                        break;
                    }
                    break;
                case 66246401:
                    if (str.equals("ES384")) {
                        z2 = 4;
                        break;
                    }
                    break;
                case 66248104:
                    if (str.equals("ES512")) {
                        z2 = 5;
                        break;
                    }
                    break;
                case 78251122:
                    if (str.equals("RS256")) {
                        z2 = false;
                        break;
                    }
                    break;
                case 78252174:
                    if (str.equals("RS384")) {
                        z2 = true;
                        break;
                    }
                    break;
                case 78253877:
                    if (str.equals("RS512")) {
                        z2 = 2;
                        break;
                    }
                    break;
            }
            switch (z2) {
                case false:
                case true:
                case true:
                    keyFactory = KeyFactory.getInstance("RSA");
                    break;
                case true:
                case true:
                case true:
                    keyFactory = KeyFactory.getInstance("EC");
                    this.ecdsa = true;
                    this.ecdsaLength = ECDSALength(hashMap.get(str));
                    break;
                default:
                    throw new RuntimeException("Unknown algorithm factory for: " + str);
            }
            this.alg = str;
            this.kid = str + (str2 != null ? Integer.valueOf(str2.hashCode()) : "") + "-" + (str3 != null ? Integer.valueOf(str3.hashCode()) : "");
            if (str2 != null) {
                if (z) {
                    this.certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str2.getBytes(UTF8)));
                } else {
                    this.publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(Base64.getMimeDecoder().decode(str2)));
                }
            }
            if (str3 != null) {
                this.privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.getMimeDecoder().decode(str3)));
            }
            this.signature = Signature.getInstance(hashMap.get(this.alg));
        } catch (NoSuchAlgorithmException | CertificateException | InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    public JWK(String str, String str2) {
        try {
            HashMap<String, String> hashMap = new HashMap<String, String>() { // from class: io.vertx.ext.jwt.JWK.2
                {
                    put("HS256", "HMacSHA256");
                    put("HS384", "HMacSHA384");
                    put("HS512", "HMacSHA512");
                }
            };
            this.alg = str;
            if (!hashMap.containsKey(this.alg)) {
                throw new NoSuchAlgorithmException(this.alg);
            }
            this.kid = str + str2.hashCode();
            this.mac = Mac.getInstance(hashMap.get(this.alg));
            this.mac.init(new SecretKeySpec(str2.getBytes(UTF8), hashMap.get(this.alg)));
            this.symmetric = true;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public JWK(JsonObject jsonObject) {
        this.kid = jsonObject.getString("kid", UUID.randomUUID().toString());
        try {
            String string = jsonObject.getString("kty");
            boolean z = -1;
            switch (string.hashCode()) {
                case 2206:
                    if (string.equals("EC")) {
                        z = true;
                        break;
                    }
                    break;
                case 81440:
                    if (string.equals("RSA")) {
                        z = false;
                        break;
                    }
                    break;
                case 109856:
                    if (string.equals("oct")) {
                        z = 2;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    createRSA(jsonObject);
                    break;
                case true:
                    createEC(jsonObject);
                    break;
                case true:
                    createOCT(jsonObject);
                    break;
                default:
                    throw new RuntimeException("Unsupported key type: " + jsonObject.getString("kty"));
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException | InvalidParameterSpecException | NoSuchPaddingException e) {
            throw new RuntimeException(e);
        }
    }

    private void createRSA(JsonObject jsonObject) throws NoSuchAlgorithmException, InvalidKeySpecException, CertificateException, NoSuchPaddingException {
        HashMap<String, String> hashMap = new HashMap<String, String>() { // from class: io.vertx.ext.jwt.JWK.3
            {
                put("RS256", "SHA256withRSA");
                put("RS384", "SHA384withRSA");
                put("RS512", "SHA512withRSA");
            }
        };
        this.alg = jsonObject.getString("alg", "RS256");
        if (!hashMap.containsKey(this.alg)) {
            throw new NoSuchAlgorithmException(this.alg);
        }
        if (jsonHasProperties(jsonObject, "n", "e")) {
            this.publicKey = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString("n"))), new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString("e")))));
        }
        if (jsonHasProperties(jsonObject, "n", "e", DateTokenConverter.CONVERTER_KEY, "p", "q", "dp", "dq", "qi")) {
            this.privateKey = KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateCrtKeySpec(new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString("n"))), new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString("e"))), new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString(DateTokenConverter.CONVERTER_KEY))), new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString("p"))), new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString("q"))), new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString("dp"))), new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString("dq"))), new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString("qi")))));
        }
        if (jsonObject.containsKey("x5c")) {
            JsonArray jsonArray = jsonObject.getJsonArray("x5c");
            if (jsonArray.size() > 1) {
                throw new RuntimeException("Certificate Chain length > 1 is not supported");
            }
            this.certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(jsonArray.getString(0).getBytes(UTF8)));
        }
        String string = jsonObject.getString("use", "sig");
        boolean z = -1;
        switch (string.hashCode()) {
            case 100570:
                if (string.equals("enc")) {
                    z = true;
                    break;
                }
                break;
            case 113873:
                if (string.equals("sig")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                try {
                    this.signature = Signature.getInstance(hashMap.get(this.alg));
                    return;
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException(e);
                }
            case true:
                this.cipher = Cipher.getInstance("RSA");
                return;
            default:
                return;
        }
    }

    private void createEC(JsonObject jsonObject) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidParameterSpecException, NoSuchPaddingException {
        HashMap<String, String> hashMap = new HashMap<String, String>() { // from class: io.vertx.ext.jwt.JWK.4
            {
                put("ES256", "SHA256withECDSA");
                put("ES384", "SHA384withECDSA");
                put("ES512", "SHA512withECDSA");
            }
        };
        this.alg = jsonObject.getString("alg", "ES256");
        this.ecdsa = true;
        if (!hashMap.containsKey(this.alg)) {
            throw new NoSuchAlgorithmException(this.alg);
        }
        this.ecdsaLength = ECDSALength(hashMap.get(this.alg));
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
        algorithmParameters.init(new ECGenParameterSpec(translate(jsonObject.getString("crv"))));
        if (jsonHasProperties(jsonObject, "x", "y")) {
            this.publicKey = KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString("x"))), new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString("y")))), (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }
        if (jsonHasProperties(jsonObject, "x", "y", DateTokenConverter.CONVERTER_KEY)) {
            new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString("x")));
            new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString("y")));
            this.privateKey = KeyFactory.getInstance("EC").generatePrivate(new ECPrivateKeySpec(new BigInteger(1, Base64.getUrlDecoder().decode(jsonObject.getString(DateTokenConverter.CONVERTER_KEY))), (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }
        String string = jsonObject.getString("use", "sig");
        boolean z = -1;
        switch (string.hashCode()) {
            case 100570:
                if (string.equals("enc")) {
                    z = true;
                    break;
                }
                break;
            case 113873:
                if (string.equals("sig")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                try {
                    this.signature = Signature.getInstance(hashMap.get(this.alg));
                    return;
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException(e);
                }
            case true:
            default:
                throw new RuntimeException("EC Encryption not supported");
        }
    }

    private void createOCT(JsonObject jsonObject) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
        HashMap<String, String> hashMap = new HashMap<String, String>() { // from class: io.vertx.ext.jwt.JWK.5
            {
                put("HS256", "HMacSHA256");
                put("HS384", "HMacSHA384");
                put("HS512", "HMacSHA512");
            }
        };
        this.alg = jsonObject.getString("alg", "HS256");
        if (!hashMap.containsKey(this.alg)) {
            throw new NoSuchAlgorithmException(this.alg);
        }
        this.mac = Mac.getInstance(hashMap.get(this.alg));
        this.mac.init(new SecretKeySpec(jsonObject.getString("k").getBytes(UTF8), hashMap.get(this.alg)));
        this.symmetric = true;
    }

    public String getAlgorithm() {
        return this.alg;
    }

    @Override // io.vertx.ext.jwt.Crypto
    public String getId() {
        return this.kid;
    }

    public synchronized byte[] encrypt(byte[] bArr) {
        if (this.cipher == null) {
            throw new RuntimeException("Key use is not 'enc'");
        }
        try {
            this.cipher.init(1, this.publicKey);
            this.cipher.update(bArr);
            return this.cipher.doFinal();
        } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            throw new RuntimeException(e);
        }
    }

    public synchronized byte[] decrypt(byte[] bArr) {
        if (this.cipher == null) {
            throw new RuntimeException("Key use is not 'enc'");
        }
        try {
            this.cipher.init(2, this.privateKey);
            this.cipher.update(bArr);
            return this.cipher.doFinal();
        } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // io.vertx.ext.jwt.Crypto
    public synchronized byte[] sign(byte[] bArr) {
        if (this.symmetric) {
            return this.mac.doFinal(bArr);
        }
        if (this.signature == null) {
            throw new RuntimeException("Key use is not 'sig'");
        }
        try {
            this.signature.initSign(this.privateKey);
            this.signature.update(bArr);
            return this.ecdsa ? SignatureHelper.toJWS(this.signature.sign(), this.ecdsaLength) : this.signature.sign();
        } catch (InvalidKeyException | SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // io.vertx.ext.jwt.Crypto
    public synchronized boolean verify(byte[] bArr, byte[] bArr2) {
        if (this.symmetric) {
            return Arrays.equals(bArr, sign(bArr2));
        }
        if (this.signature == null) {
            throw new RuntimeException("Key use is not 'sig'");
        }
        try {
            if (this.publicKey != null) {
                this.signature.initVerify(this.publicKey);
            }
            if (this.certificate != null) {
                this.signature.initVerify(this.certificate);
            }
            this.signature.update(bArr2);
            return this.ecdsa ? this.signature.verify(SignatureHelper.toDER(bArr)) : this.signature.verify(bArr);
        } catch (InvalidKeyException | SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    private static String translate(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case 75272022:
                if (str.equals("P-256")) {
                    z = false;
                    break;
                }
                break;
            case 75273074:
                if (str.equals("P-384")) {
                    z = true;
                    break;
                }
                break;
            case 75274807:
                if (str.equals("P-521")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return "secp256r1";
            case true:
                return "secp384r1";
            case true:
                return "secp521r1";
            default:
                return "";
        }
    }

    private static boolean jsonHasProperties(JsonObject jsonObject, String... strArr) {
        for (String str : strArr) {
            if (!jsonObject.containsKey(str)) {
                return false;
            }
        }
        return true;
    }
}
