package swim.security;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.RSAMultiPrimePrivateCrtKeySpec;
import java.security.spec.RSAOtherPrimeInfo;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Iterator;
import javax.crypto.spec.SecretKeySpec;
import swim.codec.Base64;
import swim.codec.Debug;
import swim.codec.Format;
import swim.codec.Output;
import swim.codec.Unicode;
import swim.collections.FingerTrieSeq;
import swim.collections.HashTrieSet;
import swim.json.Json;
import swim.structure.Item;
import swim.structure.Value;
import swim.util.Murmur3;

/* loaded from: input_file:swim/security/JsonWebKey.class */
public class JsonWebKey implements Debug {
    protected final Value value;
    private static int hashSeed;
    static ECParameterSpec p256;
    static ECParameterSpec p384;
    static ECParameterSpec p521;

    public JsonWebKey(Value value) {
        this.value = value.commit();
    }

    public Value get(String str) {
        return this.value.get(str);
    }

    public String keyType() {
        return this.value.get("kty").stringValue((String) null);
    }

    public String publicKeyUse() {
        return this.value.get("use").stringValue((String) null);
    }

    public HashTrieSet<String> keyOperations() {
        HashTrieSet<String> empty = HashTrieSet.empty();
        Iterator it = this.value.get("key_ops").iterator();
        while (it.hasNext()) {
            String stringValue = ((Item) it.next()).stringValue((String) null);
            if (stringValue != null) {
                empty = empty.added(stringValue);
            }
        }
        return empty;
    }

    public String algorithm() {
        return this.value.get("alg").stringValue((String) null);
    }

    public String keyId() {
        return this.value.get("kid").stringValue((String) null);
    }

    public String x509Url() {
        return this.value.get("x5u").stringValue((String) null);
    }

    public FingerTrieSeq<String> x509CertificateChain() {
        FingerTrieSeq<String> empty = FingerTrieSeq.empty();
        Iterator it = this.value.get("x5c").iterator();
        while (it.hasNext()) {
            String stringValue = ((Item) it.next()).stringValue((String) null);
            if (stringValue != null) {
                empty = empty.appended(stringValue);
            }
        }
        return empty;
    }

    public String x509Sha1Thumbprint() {
        return this.value.get("x5t").stringValue((String) null);
    }

    public String x509Sha256Thumbprint() {
        return this.value.get("x5t#S256").stringValue((String) null);
    }

    public Key key() {
        String keyType = keyType();
        if ("EC".equals(keyType)) {
            return (Key) ecKey();
        }
        if ("RSA".equals(keyType)) {
            return (Key) rsaKey();
        }
        if ("oct".equals(keyType)) {
            return symmetricKey();
        }
        return null;
    }

    public KeyDef keyDef() {
        Key key = key();
        if (key != null) {
            return KeyDef.from(key);
        }
        return null;
    }

    public PublicKey publicKey() {
        String keyType = keyType();
        if ("EC".equals(keyType)) {
            return ecPublicKey();
        }
        if ("RSA".equals(keyType)) {
            return rsaPublicKey();
        }
        return null;
    }

    public PublicKeyDef publicKeyDef() {
        PublicKey publicKey = publicKey();
        if (publicKey != null) {
            return PublicKeyDef.from(publicKey);
        }
        return null;
    }

    public PrivateKey privateKey() {
        String keyType = keyType();
        if ("EC".equals(keyType)) {
            return ecPrivateKey();
        }
        if ("RSA".equals(keyType)) {
            return rsaPrivateKey();
        }
        return null;
    }

    public PrivateKeyDef privateKeyDef() {
        PrivateKey privateKey = privateKey();
        if (privateKey != null) {
            return PrivateKeyDef.from(privateKey);
        }
        return null;
    }

    public ECKey ecKey() {
        return this.value.containsKey("d") ? ecPrivateKey() : ecPublicKey();
    }

    public ECPublicKey ecPublicKey() {
        try {
            return (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(parseBase64UrlUInt(this.value.get("x").stringValue()), parseBase64UrlUInt(this.value.get("y").stringValue())), ecParameterSpec(this.value.get("crv").stringValue())));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public ECPrivateKey ecPrivateKey() {
        try {
            return (ECPrivateKey) KeyFactory.getInstance("EC").generatePrivate(new ECPrivateKeySpec(parseBase64UrlUInt(this.value.get("d").stringValue()), ecParameterSpec(this.value.get("crv").stringValue())));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public RSAKey rsaKey() {
        return this.value.containsKey("d") ? rsaPrivateKey() : rsaPublicKey();
    }

    public RSAPublicKey rsaPublicKey() {
        try {
            return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(parseBase64UrlUInt(this.value.get("n").stringValue()), parseBase64UrlUInt(this.value.get("e").stringValue())));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public RSAPrivateKey rsaPrivateKey() {
        RSAPrivateKeySpec rSAMultiPrimePrivateCrtKeySpec;
        BigInteger parseBase64UrlUInt = parseBase64UrlUInt(this.value.get("n").stringValue());
        BigInteger parseBase64UrlUInt2 = parseBase64UrlUInt(this.value.get("d").stringValue());
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            Value value = this.value.get("p");
            if (value.isDefined()) {
                BigInteger parseBase64UrlUInt3 = parseBase64UrlUInt(this.value.get("e").stringValue());
                BigInteger parseBase64UrlUInt4 = parseBase64UrlUInt(value.stringValue());
                BigInteger parseBase64UrlUInt5 = parseBase64UrlUInt(this.value.get("q").stringValue());
                BigInteger parseBase64UrlUInt6 = parseBase64UrlUInt(this.value.get("dp").stringValue());
                BigInteger parseBase64UrlUInt7 = parseBase64UrlUInt(this.value.get("dq").stringValue());
                BigInteger parseBase64UrlUInt8 = parseBase64UrlUInt(this.value.get("qi").stringValue());
                Value value2 = this.value.get("oth");
                if (value2.isDefined()) {
                    RSAOtherPrimeInfo[] rSAOtherPrimeInfoArr = new RSAOtherPrimeInfo[value2.length()];
                    for (int i = 0; i < rSAOtherPrimeInfoArr.length; i++) {
                        value2.getItem(i);
                        rSAOtherPrimeInfoArr[i] = new RSAOtherPrimeInfo(parseBase64UrlUInt(value2.get("r").stringValue()), parseBase64UrlUInt(value2.get("d").stringValue()), parseBase64UrlUInt(value2.get("t").stringValue()));
                    }
                    rSAMultiPrimePrivateCrtKeySpec = new RSAMultiPrimePrivateCrtKeySpec(parseBase64UrlUInt, parseBase64UrlUInt3, parseBase64UrlUInt2, parseBase64UrlUInt4, parseBase64UrlUInt5, parseBase64UrlUInt6, parseBase64UrlUInt7, parseBase64UrlUInt8, rSAOtherPrimeInfoArr);
                } else {
                    rSAMultiPrimePrivateCrtKeySpec = new RSAPrivateCrtKeySpec(parseBase64UrlUInt, parseBase64UrlUInt3, parseBase64UrlUInt2, parseBase64UrlUInt4, parseBase64UrlUInt5, parseBase64UrlUInt6, parseBase64UrlUInt7, parseBase64UrlUInt8);
                }
            } else {
                rSAMultiPrimePrivateCrtKeySpec = new RSAPrivateKeySpec(parseBase64UrlUInt, parseBase64UrlUInt2);
            }
            return (RSAPrivateKey) keyFactory.generatePrivate(rSAMultiPrimePrivateCrtKeySpec);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public Key symmetricKey(String str) {
        return new SecretKeySpec(parseBase64Url(this.value.get("k").stringValue()), str);
    }

    public Key symmetricKey() {
        String algorithm = algorithm();
        return "HS256".equals(algorithm) ? symmetricKey("HmacSHA256") : "HS384".equals(algorithm) ? symmetricKey("HmacSHA384") : "HS512".equals(algorithm) ? symmetricKey("HmacSHA512") : symmetricKey("");
    }

    public final Value toValue() {
        return this.value;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj instanceof JsonWebKey) {
            return this.value.equals(((JsonWebKey) obj).value);
        }
        return false;
    }

    public int hashCode() {
        if (hashSeed == 0) {
            hashSeed = Murmur3.seed(JsonWebKey.class);
        }
        return Murmur3.mash(Murmur3.mix(hashSeed, this.value.hashCode()));
    }

    public void debug(Output<?> output) {
        output.write("JsonWebKey").write(46).write("from").write(40).debug(this.value).write(41);
    }

    public String toString() {
        return Format.debug(this);
    }

    public static JsonWebKey from(Value value) {
        return new JsonWebKey(value);
    }

    public static JsonWebKey parse(String str) {
        return from(Json.parse(str));
    }

    private static byte[] parseBase64Url(String str) {
        return (byte[]) Base64.urlUnpadded().parseByteArray(Unicode.stringInput(str)).bind();
    }

    private static BigInteger parseBase64UrlUInt(String str) {
        return new BigInteger(1, parseBase64Url(str));
    }

    private static ECParameterSpec ecParameterSpec(String str) {
        if ("P-256".equals(str)) {
            if (p256 == null) {
                p256 = createECParameterSpec("secp256r1");
            }
            return p256;
        }
        if ("P-384".equals(str)) {
            if (p384 == null) {
                p384 = createECParameterSpec("secp384r1");
            }
            return p384;
        }
        if (!"P-521".equals(str)) {
            return null;
        }
        if (p521 == null) {
            p521 = createECParameterSpec("secp521r1");
        }
        return p521;
    }

    private static ECParameterSpec createECParameterSpec(String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(new ECGenParameterSpec(str));
            return ((ECPublicKey) keyPairGenerator.generateKeyPair().getPublic()).getParams();
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }
}
