package io.fusionauth.jwks;

import io.fusionauth.der.DerInputStream;
import io.fusionauth.der.DerValue;
import io.fusionauth.der.ObjectIdentifier;
import io.fusionauth.jwks.domain.JSONWebKey;
import io.fusionauth.jwt.JWTUtils;
import io.fusionauth.jwt.domain.Algorithm;
import io.fusionauth.jwt.domain.KeyType;
import io.fusionauth.pem.domain.PEM;
import io.fusionauth.security.KeyUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Base64;
import java.util.Collections;
import java.util.Objects;

/* loaded from: classes5.dex */
public class JSONWebKeyBuilder {
    private int getCoordinateLength(ECKey eCKey) {
        return (int) Math.ceil(eCKey.getParams().getCurve().getField().getFieldSize() / 8.0d);
    }

    private KeyType getKeyType(Key key) {
        if (key.getAlgorithm().equals("RSA")) {
            return KeyType.RSA;
        }
        if (key.getAlgorithm().equals("EC")) {
            return KeyType.EC;
        }
        return null;
    }

    private String readCurveObjectIdentifier(Key key) {
        try {
            DerValue[] sequence = new DerInputStream(key.getEncoded()).getSequence();
            if (key instanceof PrivateKey) {
                sequence[1].getOID();
                return sequence[1].getOID().decode();
            }
            sequence[0].getOID();
            return sequence[0].getOID().decode();
        } catch (IOException e) {
            throw new JSONWebKeyBuilderException("Unable to read the Object Identifier of the public key.", e);
        }
    }

    public JSONWebKey build(String str) {
        Objects.requireNonNull(str);
        PEM decode = PEM.decode(str);
        if (decode.privateKey != null) {
            return build(decode.privateKey);
        }
        if (decode.certificate != null) {
            return build(decode.certificate);
        }
        if (decode.publicKey != null) {
            return build(decode.publicKey);
        }
        throw new JSONWebKeyBuilderException("The provided PEM did not contain a public or private key.");
    }

    public JSONWebKey build(PrivateKey privateKey) {
        Objects.requireNonNull(privateKey);
        JSONWebKey jSONWebKey = new JSONWebKey();
        jSONWebKey.kty = getKeyType(privateKey);
        jSONWebKey.use = "sig";
        if (privateKey instanceof RSAPrivateKey) {
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) privateKey;
            jSONWebKey.n = JWKUtils.base64EncodeUint(rSAPrivateKey.getModulus());
            jSONWebKey.d = JWKUtils.base64EncodeUint(rSAPrivateKey.getPrivateExponent());
        }
        if (privateKey instanceof RSAPrivateCrtKey) {
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
            jSONWebKey.e = JWKUtils.base64EncodeUint(rSAPrivateCrtKey.getPublicExponent());
            jSONWebKey.p = JWKUtils.base64EncodeUint(rSAPrivateCrtKey.getPrimeP());
            jSONWebKey.q = JWKUtils.base64EncodeUint(rSAPrivateCrtKey.getPrimeQ());
            jSONWebKey.qi = JWKUtils.base64EncodeUint(rSAPrivateCrtKey.getCrtCoefficient());
            BigInteger mod = rSAPrivateCrtKey.getPrivateExponent().mod(rSAPrivateCrtKey.getPrimeP().subtract(BigInteger.valueOf(1L)));
            BigInteger mod2 = rSAPrivateCrtKey.getPrivateExponent().mod(rSAPrivateCrtKey.getPrimeQ().subtract(BigInteger.valueOf(1L)));
            jSONWebKey.dp = JWKUtils.base64EncodeUint(mod);
            jSONWebKey.dq = JWKUtils.base64EncodeUint(mod2);
        }
        if (privateKey instanceof ECPrivateKey) {
            ECPrivateKey eCPrivateKey = (ECPrivateKey) privateKey;
            jSONWebKey.crv = getCurveOID(privateKey);
            if (jSONWebKey.crv != null) {
                String str = jSONWebKey.crv;
                str.hashCode();
                char c = 65535;
                switch (str.hashCode()) {
                    case 75272022:
                        if (str.equals("P-256")) {
                            c = 0;
                            break;
                        }
                        break;
                    case 75273074:
                        if (str.equals("P-384")) {
                            c = 1;
                            break;
                        }
                        break;
                    case 75274807:
                        if (str.equals("P-521")) {
                            c = 2;
                            break;
                        }
                        break;
                }
                switch (c) {
                    case 0:
                        jSONWebKey.alg = Algorithm.ES256;
                        break;
                    case 1:
                        jSONWebKey.alg = Algorithm.ES384;
                        break;
                    case 2:
                        jSONWebKey.alg = Algorithm.ES512;
                        break;
                }
            }
            int coordinateLength = getCoordinateLength(eCPrivateKey);
            jSONWebKey.d = JWKUtils.base64EncodeUint(eCPrivateKey.getS(), coordinateLength);
            jSONWebKey.x = JWKUtils.base64EncodeUint(eCPrivateKey.getParams().getGenerator().getAffineX(), coordinateLength);
            jSONWebKey.y = JWKUtils.base64EncodeUint(eCPrivateKey.getParams().getGenerator().getAffineY(), coordinateLength);
        }
        return jSONWebKey;
    }

    public JSONWebKey build(PublicKey publicKey) {
        Objects.requireNonNull(publicKey);
        JSONWebKey jSONWebKey = new JSONWebKey();
        jSONWebKey.kty = getKeyType(publicKey);
        jSONWebKey.use = "sig";
        if (publicKey instanceof RSAPublicKey) {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            jSONWebKey.e = JWKUtils.base64EncodeUint(rSAPublicKey.getPublicExponent());
            jSONWebKey.n = JWKUtils.base64EncodeUint(rSAPublicKey.getModulus());
        }
        if (jSONWebKey.kty == KeyType.EC) {
            ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
            jSONWebKey.crv = getCurveOID(eCPublicKey);
            int keyLength = KeyUtils.getKeyLength(publicKey);
            if (keyLength == 256) {
                jSONWebKey.alg = Algorithm.ES256;
            } else if (keyLength == 384) {
                jSONWebKey.alg = Algorithm.ES384;
            } else {
                jSONWebKey.alg = Algorithm.ES512;
            }
            int coordinateLength = getCoordinateLength(eCPublicKey);
            jSONWebKey.x = JWKUtils.base64EncodeUint(eCPublicKey.getW().getAffineX(), coordinateLength);
            jSONWebKey.y = JWKUtils.base64EncodeUint(eCPublicKey.getW().getAffineY(), coordinateLength);
        }
        return jSONWebKey;
    }

    public JSONWebKey build(Certificate certificate) {
        Objects.requireNonNull(certificate);
        JSONWebKey build = build(certificate.getPublicKey());
        if (certificate instanceof X509Certificate) {
            build.alg = Algorithm.fromName(((X509Certificate) certificate).getSigAlgName());
            try {
                String str = new String(Base64.getEncoder().encode(certificate.getEncoded()));
                build.x5c = Collections.singletonList(str);
                build.x5t = JWTUtils.generateJWS_x5t(str);
                build.x5t_256 = JWTUtils.generateJWS_x5t("SHA-256", str);
            } catch (CertificateEncodingException e) {
                throw new JSONWebKeyBuilderException("Failed to decode X.509 certificate", e);
            }
        }
        return build;
    }

    String getCurveOID(Key key) {
        String readCurveObjectIdentifier = readCurveObjectIdentifier(key);
        readCurveObjectIdentifier.hashCode();
        char c = 65535;
        switch (readCurveObjectIdentifier.hashCode()) {
            case 367694928:
                if (readCurveObjectIdentifier.equals(ObjectIdentifier.ECDSA_P256)) {
                    c = 0;
                    break;
                }
                break;
            case 1290711797:
                if (readCurveObjectIdentifier.equals(ObjectIdentifier.ECDSA_P384)) {
                    c = 1;
                    break;
                }
                break;
            case 1290711798:
                if (readCurveObjectIdentifier.equals(ObjectIdentifier.ECDSA_P521)) {
                    c = 2;
                    break;
                }
                break;
        }
        switch (c) {
            case 0:
                return "P-256";
            case 1:
                return "P-384";
            case 2:
                return "P-521";
            default:
                return null;
        }
    }
}
