package org.clazzes.login.oauth.jwt;

import com.google.gson.TypeAdapter;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonWriter;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/clazzes/login/oauth/jwt/JWKeyParser.class */
public class JWKeyParser {
    private static final Logger log = LoggerFactory.getLogger(JWKeyParser.class);
    private static final Map<String, String> ECC_CURVE_NAMES = new HashMap();
    private static final Map<String, String> RSA_ALGORITHM_NAMES;
    private static final Map<String, String> ECC_ALGORITHM_NAMES;
    private static final Map<String, String> JWK_CURVE_NAMES;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/clazzes/login/oauth/jwt/JWKeyParser$JWKPubKeyAdapter.class */
    public static class JWKPubKeyAdapter extends TypeAdapter<JWKPubKey> {
        private JWKPubKeyAdapter() {
        }

        /* renamed from: read, reason: merged with bridge method [inline-methods] */
        public JWKPubKey m21read(JsonReader jsonReader) throws IOException {
            PublicKey generatePublic;
            String str;
            jsonReader.beginObject();
            String str2 = null;
            String str3 = null;
            String str4 = null;
            String str5 = null;
            JWKeyOp[] jWKeyOpArr = null;
            String str6 = null;
            Certificate[] certificateArr = null;
            byte[] bArr = null;
            byte[] bArr2 = null;
            String str7 = null;
            BigInteger bigInteger = null;
            BigInteger bigInteger2 = null;
            BigInteger bigInteger3 = null;
            BigInteger bigInteger4 = null;
            while (jsonReader.hasNext()) {
                String nextName = jsonReader.nextName();
                if ("kid".equals(nextName)) {
                    str2 = jsonReader.nextString();
                } else if ("kty".equals(nextName)) {
                    str3 = jsonReader.nextString();
                } else if ("alg".equals(nextName)) {
                    str4 = jsonReader.nextString();
                } else if ("use".equals(nextName)) {
                    str5 = jsonReader.nextString();
                } else if ("crv".equals(nextName)) {
                    str7 = jsonReader.nextString();
                } else if ("x5u".equals(nextName)) {
                    str6 = jsonReader.nextString();
                } else if ("key_ops".equals(nextName)) {
                    ArrayList arrayList = new ArrayList();
                    jsonReader.beginArray();
                    while (jsonReader.hasNext()) {
                        arrayList.add(JWKeyOp.valueOf(jsonReader.nextString()));
                    }
                    jsonReader.endArray();
                    jWKeyOpArr = (JWKeyOp[]) arrayList.toArray(new JWKeyOp[arrayList.size()]);
                } else if ("x5c".equals(nextName)) {
                    ArrayList arrayList2 = new ArrayList();
                    try {
                        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                        jsonReader.beginArray();
                        while (jsonReader.hasNext()) {
                            arrayList2.add(certificateFactory.generateCertificate(new ByteArrayInputStream(Helpers.parseBase64(jsonReader.nextString()))));
                        }
                        jsonReader.endArray();
                        certificateArr = (Certificate[]) arrayList2.toArray(new Certificate[arrayList2.size()]);
                    } catch (CertificateException e) {
                        throw new IllegalArgumentException("Unable to parse x5c certificate chain", e);
                    }
                } else if ("x5t".equals(nextName)) {
                    byte[] parseBase64 = Helpers.parseBase64(jsonReader.nextString());
                    if (parseBase64.length != 20) {
                        throw new IllegalArgumentException("x5t SHA1 certificate thumbprint has length [" + parseBase64.length + "], which is not 20.");
                    }
                    bArr = parseBase64;
                } else if ("x5t#S256".equals(nextName)) {
                    byte[] parseBase642 = Helpers.parseBase64(jsonReader.nextString());
                    if (parseBase642.length != 32) {
                        throw new IllegalArgumentException("x5t#S256 SHA256 certificate thumbprint has length [" + parseBase642.length + "], which is not 32.");
                    }
                    bArr2 = parseBase642;
                } else if ("e".equals(nextName)) {
                    bigInteger4 = Helpers.parsePositiveBigInt(jsonReader.nextString());
                } else if ("n".equals(nextName)) {
                    bigInteger3 = Helpers.parsePositiveBigInt(jsonReader.nextString());
                } else if ("x".equals(nextName)) {
                    bigInteger = Helpers.parsePositiveBigInt(jsonReader.nextString());
                } else if ("y".equals(nextName)) {
                    bigInteger2 = Helpers.parsePositiveBigInt(jsonReader.nextString());
                } else {
                    JWKeyParser.log.warn("Invalid attribute [{}] in JSON Web Key.", nextName);
                    jsonReader.skipValue();
                }
            }
            jsonReader.endObject();
            if ("RSA".equals(str3)) {
                if (bigInteger4 == null || bigInteger3 == null) {
                    throw new IllegalArgumentException("Public RSA JSON Web Key with missing modulus or exponent.");
                }
                try {
                    generatePublic = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(bigInteger3, bigInteger4));
                    str = (String) JWKeyParser.RSA_ALGORITHM_NAMES.get(str4);
                    if (str == null) {
                        throw new IllegalArgumentException("Public RSA JSON Web Key with invalid algorithm [" + str4 + "].");
                    }
                } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
                    throw new IllegalArgumentException("Public RSA JSON Web Key could not be instantiated.", e2);
                }
            } else {
                if (!"EC".equals(str3)) {
                    throw new IllegalArgumentException("Invalid JSON Web Key type [" + str3 + "].");
                }
                if (bigInteger == null || bigInteger2 == null) {
                    throw new IllegalArgumentException("EC JSON Web Key with missing x or y base.");
                }
                String str8 = (String) JWKeyParser.ECC_CURVE_NAMES.get(str7);
                if (str8 == null) {
                    throw new IllegalArgumentException("RSA JSON Web Key with invalid curve name [" + str7 + "]");
                }
                try {
                    AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
                    algorithmParameters.init(new ECGenParameterSpec(str8));
                    generatePublic = KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(bigInteger, bigInteger2), (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
                    str = (String) JWKeyParser.ECC_ALGORITHM_NAMES.get(str4 == null ? str7 : str4);
                    if (str == null) {
                        throw new IllegalArgumentException("Public EC JSON Web Key with invalid algorithm [" + str4 + "].");
                    }
                } catch (Exception e3) {
                    throw new IllegalArgumentException("Public EC JSON Web Key could not be instantiated.", e3);
                }
            }
            if (certificateArr != null && certificateArr.length == 0) {
                throw new IllegalArgumentException("Public JSON Web Key has an empty X.509 certificate chain.");
            }
            if (bArr == null) {
                if (certificateArr != null) {
                    bArr = Helpers.getSha1Fingerprint(certificateArr[0]);
                }
            } else {
                if (certificateArr == null && str6 == null) {
                    throw new IllegalArgumentException("Public JSON Web Key has an empty X.509 certificate chain but a given thumbprint.");
                }
                if (certificateArr != null && !Arrays.equals(bArr, Helpers.getSha1Fingerprint(certificateArr[0]))) {
                    throw new IllegalArgumentException("Public JSON Web Key has a X.509 certificate and a differing x5t thumbprint.");
                }
            }
            if (bArr2 == null) {
                if (certificateArr != null) {
                    bArr2 = Helpers.getSha256Fingerprint(certificateArr[0]);
                }
            } else {
                if (certificateArr == null && str6 == null) {
                    throw new IllegalArgumentException("Public JSON Web Key has an empty X.509 certificate chain but a given SHA-256 thumbprint.");
                }
                if (certificateArr != null && !Arrays.equals(bArr2, Helpers.getSha256Fingerprint(certificateArr[0]))) {
                    throw new IllegalArgumentException("Public JSON Web Key has a X.509 certificate and a differing x5t#S256 thumbprint.");
                }
            }
            if (jWKeyOpArr == null) {
                if ("enc".equals(str5)) {
                    jWKeyOpArr = new JWKeyOp[]{JWKeyOp.encrypt, JWKeyOp.wrapKey};
                } else {
                    if (str5 != null && !"sig".equals(str5)) {
                        throw new IllegalArgumentException("JSON Web Key has invalid key usage [" + str5 + "]");
                    }
                    jWKeyOpArr = new JWKeyOp[]{JWKeyOp.verify};
                }
            } else if (str5 != null) {
                JWKeyParser.log.warn("JSON Web Key has key usage [" + str5 + "] will be ignored because of the presence of key_ops.");
            }
            if (certificateArr == null || Helpers.pubKeysAreEqual(generatePublic, certificateArr[0].getPublicKey())) {
                return new JWKPubKey(str2, str3, str, jWKeyOpArr, str6, certificateArr, bArr, bArr2, generatePublic);
            }
            throw new IllegalArgumentException("Public JSON Web Key has a X.509 certificate with a non-matching public key.");
        }

        public void write(JsonWriter jsonWriter, JWKPubKey jWKPubKey) throws IOException {
            jsonWriter.beginObject();
            jsonWriter.name("kid");
            jsonWriter.value(jWKPubKey.getKeyId());
            jsonWriter.name("kty");
            jsonWriter.value(jWKPubKey.getKeyType());
            boolean z = false;
            boolean z2 = false;
            if (jWKPubKey.getKeyOperations() != null) {
                jsonWriter.name("key_ops");
                jsonWriter.beginArray();
                for (JWKeyOp jWKeyOp : jWKPubKey.getKeyOperations()) {
                    jsonWriter.value(jWKeyOp.toString());
                    if (jWKeyOp == JWKeyOp.verify) {
                        z = true;
                    }
                    if (jWKeyOp == JWKeyOp.encrypt || jWKeyOp == JWKeyOp.wrapKey) {
                        z2 = true;
                    }
                }
                jsonWriter.endArray();
            }
            jsonWriter.name("use");
            jsonWriter.value(z ? "sig" : z2 ? "enc" : "sig");
            jsonWriter.name("alg");
            jsonWriter.value(Helpers.getJwkAlgorithmName(jWKPubKey.getAlgorithm()));
            if ("RSA".equals(jWKPubKey.getKeyType())) {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) jWKPubKey.getPubKey();
                jsonWriter.name("n");
                jsonWriter.value(Helpers.formatPositiveBigInt(rSAPublicKey.getModulus()));
                jsonWriter.name("e");
                jsonWriter.value(Helpers.formatPositiveBigInt(rSAPublicKey.getPublicExponent()));
            } else {
                if (!"EC".equals(jWKPubKey.getKeyType())) {
                    throw new IllegalArgumentException("Invalid JSON Web Key type [" + jWKPubKey.getKeyType() + "].");
                }
                ECPublicKey eCPublicKey = (ECPublicKey) jWKPubKey.getPubKey();
                jsonWriter.name("crv");
                jsonWriter.value((String) JWKeyParser.JWK_CURVE_NAMES.get(eCPublicKey.getParams().toString().replaceFirst(" .*$", "")));
                jsonWriter.name("x");
                jsonWriter.value(Helpers.formatPositiveBigInt(eCPublicKey.getW().getAffineX()));
                jsonWriter.name("y");
                jsonWriter.value(Helpers.formatPositiveBigInt(eCPublicKey.getW().getAffineY()));
            }
            if (jWKPubKey.getCertificateUrl() != null) {
                jsonWriter.name("x5u");
                jsonWriter.value(jWKPubKey.getCertificateUrl());
            }
            if (jWKPubKey.getCertificateThumbprint() != null) {
                jsonWriter.name("x5t");
                jsonWriter.value(Helpers.formatBase64(jWKPubKey.getCertificateThumbprint()));
            }
            if (jWKPubKey.getCertificateThumbprintSha256() != null) {
                jsonWriter.name("x5t#S256");
                jsonWriter.value(Helpers.formatBase64(jWKPubKey.getCertificateThumbprintSha256()));
            }
            if (jWKPubKey.getCertificateChain() != null) {
                jsonWriter.name("x5c");
                jsonWriter.beginArray();
                for (Certificate certificate : jWKPubKey.getCertificateChain()) {
                    try {
                        jsonWriter.value(Base64.encodeBase64String(certificate.getEncoded()));
                    } catch (CertificateEncodingException e) {
                        throw new IllegalArgumentException("JWK public key with unencodable certificate in chain.", e);
                    }
                }
                jsonWriter.endArray();
            }
            jsonWriter.endObject();
        }
    }

    /* loaded from: input_file:org/clazzes/login/oauth/jwt/JWKeyParser$JWKPubKeyListAdapter.class */
    private static class JWKPubKeyListAdapter extends TypeAdapter<List<JWKPubKey>> {
        private JWKPubKeyListAdapter() {
        }

        public void write(JsonWriter jsonWriter, List<JWKPubKey> list) throws IOException {
            jsonWriter.beginObject();
            jsonWriter.name("keys");
            if (list == null) {
                jsonWriter.nullValue();
            } else {
                jsonWriter.beginArray();
                JWKPubKeyAdapter jWKPubKeyAdapter = new JWKPubKeyAdapter();
                Iterator<JWKPubKey> it = list.iterator();
                while (it.hasNext()) {
                    jWKPubKeyAdapter.write(jsonWriter, it.next());
                }
            }
            jsonWriter.endArray();
            jsonWriter.endObject();
        }

        /* renamed from: read, reason: merged with bridge method [inline-methods] */
        public List<JWKPubKey> m22read(JsonReader jsonReader) throws IOException {
            ArrayList arrayList = new ArrayList();
            jsonReader.beginObject();
            while (jsonReader.hasNext()) {
                String nextName = jsonReader.nextName();
                if ("keys".equals(nextName)) {
                    JWKPubKeyAdapter jWKPubKeyAdapter = new JWKPubKeyAdapter();
                    jsonReader.beginArray();
                    while (jsonReader.hasNext()) {
                        arrayList.add(jWKPubKeyAdapter.m21read(jsonReader));
                    }
                    jsonReader.endArray();
                } else {
                    JWKeyParser.log.warn("Invalid attribute [{}] in JSON Web Key.", nextName);
                    jsonReader.skipValue();
                }
            }
            jsonReader.endObject();
            return arrayList;
        }
    }

    public static JWKPubKey parsePubKey(InputStream inputStream) throws IOException {
        JsonReader jsonReader = new JsonReader(new InputStreamReader(inputStream, "UTF-8"));
        Throwable th = null;
        try {
            JWKPubKey m21read = new JWKPubKeyAdapter().m21read(jsonReader);
            if (jsonReader != null) {
                if (0 != 0) {
                    try {
                        jsonReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    jsonReader.close();
                }
            }
            return m21read;
        } catch (Throwable th3) {
            if (jsonReader != null) {
                if (0 != 0) {
                    try {
                        jsonReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    jsonReader.close();
                }
            }
            throw th3;
        }
    }

    public static void formatPubKey(OutputStream outputStream, JWKPubKey jWKPubKey) throws IOException {
        JsonWriter jsonWriter = new JsonWriter(new OutputStreamWriter(outputStream, "UTF-8"));
        Throwable th = null;
        try {
            try {
                new JWKPubKeyAdapter().write(jsonWriter, jWKPubKey);
                if (jsonWriter != null) {
                    if (0 == 0) {
                        jsonWriter.close();
                        return;
                    }
                    try {
                        jsonWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (jsonWriter != null) {
                if (th != null) {
                    try {
                        jsonWriter.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    jsonWriter.close();
                }
            }
            throw th4;
        }
    }

    public static List<JWKPubKey> parsePubKeyList(InputStream inputStream) throws IOException {
        JsonReader jsonReader = new JsonReader(new InputStreamReader(inputStream, "UTF-8"));
        Throwable th = null;
        try {
            List<JWKPubKey> m22read = new JWKPubKeyListAdapter().m22read(jsonReader);
            if (jsonReader != null) {
                if (0 != 0) {
                    try {
                        jsonReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    jsonReader.close();
                }
            }
            return m22read;
        } catch (Throwable th3) {
            if (jsonReader != null) {
                if (0 != 0) {
                    try {
                        jsonReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    jsonReader.close();
                }
            }
            throw th3;
        }
    }

    public static void formatPubKeyList(OutputStream outputStream, List<JWKPubKey> list) throws IOException {
        JsonWriter jsonWriter = new JsonWriter(new OutputStreamWriter(outputStream, "UTF-8"));
        Throwable th = null;
        try {
            try {
                new JWKPubKeyListAdapter().write(jsonWriter, list);
                if (jsonWriter != null) {
                    if (0 == 0) {
                        jsonWriter.close();
                        return;
                    }
                    try {
                        jsonWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (jsonWriter != null) {
                if (th != null) {
                    try {
                        jsonWriter.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    jsonWriter.close();
                }
            }
            throw th4;
        }
    }

    static {
        ECC_CURVE_NAMES.put("P-256", "secp256r1");
        ECC_CURVE_NAMES.put("P-384", "secp384r1");
        ECC_CURVE_NAMES.put("P-521", "secp521r1");
        JWK_CURVE_NAMES = new HashMap();
        JWK_CURVE_NAMES.put("secp256r1", "P-256");
        JWK_CURVE_NAMES.put("secp384r1", "P-384");
        JWK_CURVE_NAMES.put("secp521r1", "P-521");
        RSA_ALGORITHM_NAMES = new HashMap();
        RSA_ALGORITHM_NAMES.put(null, "SHA256withRSA");
        RSA_ALGORITHM_NAMES.put("RS256", "SHA256withRSA");
        RSA_ALGORITHM_NAMES.put("RS384", "SHA384withRSA");
        RSA_ALGORITHM_NAMES.put("RS512", "SHA512withRSA");
        RSA_ALGORITHM_NAMES.put("PS256", "SHA256withRSAandMGF1");
        RSA_ALGORITHM_NAMES.put("PS384", "SHA384withRSAandMGF1");
        RSA_ALGORITHM_NAMES.put("PS512", "SHA512withRSAandMGF1");
        ECC_ALGORITHM_NAMES = new HashMap();
        ECC_ALGORITHM_NAMES.put("ES256", "SHA256withECDSA");
        ECC_ALGORITHM_NAMES.put("ES384", "SHA384withECDSA");
        ECC_ALGORITHM_NAMES.put("ES512", "SHA512withECDSA");
        ECC_ALGORITHM_NAMES.put("P-256", "SHA256withECDSA");
        ECC_ALGORITHM_NAMES.put("P-384", "SHA384withECDSA");
        ECC_ALGORITHM_NAMES.put("P-521", "SHA512withECDSA");
    }
}
