package com.google.crypto.tink.jwt;

import android.support.v4.media.p;
import com.google.crypto.tink.Key;
import com.google.crypto.tink.KeyStatus;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.SecretKeyAccess;
import com.google.crypto.tink.internal.LegacyProtoKey;
import com.google.crypto.tink.internal.ProtoKeySerialization;
import com.google.crypto.tink.proto.JwtEcdsaAlgorithm;
import com.google.crypto.tink.proto.JwtEcdsaPublicKey;
import com.google.crypto.tink.proto.JwtRsaSsaPkcs1Algorithm;
import com.google.crypto.tink.proto.JwtRsaSsaPkcs1PublicKey;
import com.google.crypto.tink.proto.JwtRsaSsaPssAlgorithm;
import com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.google.crypto.tink.subtle.Base64;
import com.google.crypto.tink.tinkkey.KeyAccess;
import com.google.errorprone.annotations.InlineMe;
import com.google.firebase.crashlytics.internal.metadata.UserMetadata;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import com.google.gson.internal.Streams;
import com.google.gson.stream.JsonReader;
import com.microsoft.identity.common.internal.dto.AccessTokenRecord;
import com.ms.engage.utils.Constants;
import j$.util.Optional;
import java.io.IOException;
import java.io.StringReader;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.util.Iterator;
import ms.imfusion.util.MMasterConstants;
import p4.AbstractC2608a;

/* loaded from: classes7.dex */
public final class JwkSetConverter {
    public static void a(JsonObject jsonObject, String str, String str2) {
        String c = c(jsonObject, str);
        if (!c.equals(str2)) {
            throw new GeneralSecurityException(p.n("unexpected ", str, " value: ", c));
        }
    }

    public static Optional b(Integer num) {
        return num == null ? Optional.empty() : Optional.of(Base64.urlSafeEncode(ByteBuffer.allocate(4).putInt(num.intValue()).array()));
    }

    public static String c(JsonObject jsonObject, String str) {
        if (!jsonObject.has(str)) {
            throw new GeneralSecurityException(str.concat(" not found"));
        }
        if (jsonObject.get(str).isJsonPrimitive() && jsonObject.get(str).getAsJsonPrimitive().isString()) {
            return jsonObject.get(str).getAsString();
        }
        throw new GeneralSecurityException(str.concat(" is not a string"));
    }

    public static void d(JsonObject jsonObject) {
        if (jsonObject.has("key_ops")) {
            if (!jsonObject.get("key_ops").isJsonArray()) {
                throw new GeneralSecurityException("key_ops is not an array");
            }
            JsonArray asJsonArray = jsonObject.get("key_ops").getAsJsonArray();
            if (asJsonArray.size() != 1) {
                throw new GeneralSecurityException("key_ops must contain exactly one element");
            }
            if (!asJsonArray.get(0).isJsonPrimitive() || !asJsonArray.get(0).getAsJsonPrimitive().isString()) {
                throw new GeneralSecurityException("key_ops is not a string");
            }
            if (asJsonArray.get(0).getAsString().equals("verify")) {
                return;
            }
            throw new GeneralSecurityException("unexpected keyOps value: " + asJsonArray.get(0).getAsString());
        }
    }

    @InlineMe(imports = {"com.google.crypto.tink.jwt.JwkSetConverter"}, replacement = "JwkSetConverter.fromPublicKeysetHandle(handle)")
    @Deprecated
    public static String fromKeysetHandle(KeysetHandle keysetHandle, KeyAccess keyAccess) throws IOException, GeneralSecurityException {
        return fromPublicKeysetHandle(keysetHandle);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:23:0x0073. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:33:0x009a. Please report as an issue. */
    public static String fromPublicKeysetHandle(KeysetHandle keysetHandle) throws IOException, GeneralSecurityException {
        int i5;
        String str;
        String str2;
        String str3;
        String str4;
        JsonArray jsonArray = new JsonArray();
        for (int i9 = 0; i9 < keysetHandle.size(); i9 = i5 + 1) {
            KeysetHandle.Entry at = keysetHandle.getAt(i9);
            if (at.getStatus() != KeyStatus.ENABLED) {
                i5 = i9;
            } else {
                Key key = at.getKey();
                if (!(key instanceof LegacyProtoKey)) {
                    throw new GeneralSecurityException("only LegacyProtoKey is currently supported");
                }
                ProtoKeySerialization serialization = ((LegacyProtoKey) key).getSerialization(null);
                if (serialization.getOutputPrefixType() != OutputPrefixType.RAW && serialization.getOutputPrefixType() != OutputPrefixType.TINK) {
                    throw new GeneralSecurityException("only OutputPrefixType RAW and TINK are supported");
                }
                if (serialization.getKeyMaterialType() != KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC) {
                    throw new GeneralSecurityException("only public keys can be converted");
                }
                String typeUrl = serialization.getTypeUrl();
                typeUrl.getClass();
                char c = 65535;
                switch (typeUrl.hashCode()) {
                    case -1204668709:
                        if (typeUrl.equals("type.googleapis.com/google.crypto.tink.JwtEcdsaPublicKey")) {
                            c = 0;
                            break;
                        }
                        break;
                    case 516334794:
                        if (typeUrl.equals("type.googleapis.com/google.crypto.tink.JwtRsaSsaPkcs1PublicKey")) {
                            c = 1;
                            break;
                        }
                        break;
                    case 1174255008:
                        if (typeUrl.equals("type.googleapis.com/google.crypto.tink.JwtRsaSsaPssPublicKey")) {
                            c = 2;
                            break;
                        }
                        break;
                }
                switch (c) {
                    case 0:
                        i5 = i9;
                        try {
                            JwtEcdsaPublicKey parseFrom = JwtEcdsaPublicKey.parseFrom(serialization.getValue(), ExtensionRegistryLite.getEmptyRegistry());
                            int i10 = AbstractC2608a.f71961a[parseFrom.getAlgorithm().ordinal()];
                            if (i10 == 1) {
                                str2 = "ES256";
                                str3 = "P-256";
                            } else if (i10 == 2) {
                                str2 = "ES384";
                                str3 = "P-384";
                            } else {
                                if (i10 != 3) {
                                    throw new GeneralSecurityException("unknown algorithm");
                                }
                                str2 = "ES512";
                                str3 = "P-521";
                            }
                            JsonObject jsonObject = new JsonObject();
                            jsonObject.addProperty("kty", "EC");
                            jsonObject.addProperty("crv", str3);
                            jsonObject.addProperty(MMasterConstants.STR_MULTIPY, Base64.urlSafeEncode(parseFrom.getX().toByteArray()));
                            jsonObject.addProperty("y", Base64.urlSafeEncode(parseFrom.getY().toByteArray()));
                            jsonObject.addProperty("use", "sig");
                            jsonObject.addProperty("alg", str2);
                            JsonArray jsonArray2 = new JsonArray();
                            jsonArray2.add("verify");
                            jsonObject.add("key_ops", jsonArray2);
                            Optional b = b(serialization.getIdRequirementOrNull());
                            if (b.isPresent()) {
                                jsonObject.addProperty(AccessTokenRecord.SerializedNames.KID, (String) b.get());
                            } else if (parseFrom.hasCustomKid()) {
                                jsonObject.addProperty(AccessTokenRecord.SerializedNames.KID, parseFrom.getCustomKid().getValue());
                            }
                            jsonArray.add(jsonObject);
                        } catch (InvalidProtocolBufferException e3) {
                            throw new GeneralSecurityException("failed to parse value as JwtEcdsaPublicKey proto", e3);
                        }
                    case 1:
                        i5 = i9;
                        try {
                            JwtRsaSsaPkcs1PublicKey parseFrom2 = JwtRsaSsaPkcs1PublicKey.parseFrom(serialization.getValue(), ExtensionRegistryLite.getEmptyRegistry());
                            int i11 = AbstractC2608a.b[parseFrom2.getAlgorithm().ordinal()];
                            if (i11 == 1) {
                                str4 = "RS256";
                            } else if (i11 == 2) {
                                str4 = "RS384";
                            } else {
                                if (i11 != 3) {
                                    throw new GeneralSecurityException("unknown algorithm");
                                }
                                str4 = "RS512";
                            }
                            JsonObject jsonObject2 = new JsonObject();
                            jsonObject2.addProperty("kty", "RSA");
                            jsonObject2.addProperty("n", Base64.urlSafeEncode(parseFrom2.getN().toByteArray()));
                            jsonObject2.addProperty("e", Base64.urlSafeEncode(parseFrom2.getE().toByteArray()));
                            jsonObject2.addProperty("use", "sig");
                            jsonObject2.addProperty("alg", str4);
                            JsonArray jsonArray3 = new JsonArray();
                            jsonArray3.add("verify");
                            jsonObject2.add("key_ops", jsonArray3);
                            Optional b2 = b(serialization.getIdRequirementOrNull());
                            if (b2.isPresent()) {
                                jsonObject2.addProperty(AccessTokenRecord.SerializedNames.KID, (String) b2.get());
                            } else if (parseFrom2.hasCustomKid()) {
                                jsonObject2.addProperty(AccessTokenRecord.SerializedNames.KID, parseFrom2.getCustomKid().getValue());
                            }
                            jsonArray.add(jsonObject2);
                            break;
                        } catch (InvalidProtocolBufferException e5) {
                            throw new GeneralSecurityException("failed to parse value as JwtRsaSsaPkcs1PublicKey proto", e5);
                        }
                    case 2:
                        try {
                            JwtRsaSsaPssPublicKey parseFrom3 = JwtRsaSsaPssPublicKey.parseFrom(serialization.getValue(), ExtensionRegistryLite.getEmptyRegistry());
                            int i12 = AbstractC2608a.c[parseFrom3.getAlgorithm().ordinal()];
                            i5 = i9;
                            if (i12 == 1) {
                                str = "PS256";
                            } else if (i12 == 2) {
                                str = "PS384";
                            } else {
                                if (i12 != 3) {
                                    throw new GeneralSecurityException("unknown algorithm");
                                }
                                str = "PS512";
                            }
                            JsonObject jsonObject3 = new JsonObject();
                            jsonObject3.addProperty("kty", "RSA");
                            jsonObject3.addProperty("n", Base64.urlSafeEncode(parseFrom3.getN().toByteArray()));
                            jsonObject3.addProperty("e", Base64.urlSafeEncode(parseFrom3.getE().toByteArray()));
                            jsonObject3.addProperty("use", "sig");
                            jsonObject3.addProperty("alg", str);
                            JsonArray jsonArray4 = new JsonArray();
                            jsonArray4.add("verify");
                            jsonObject3.add("key_ops", jsonArray4);
                            Optional b6 = b(serialization.getIdRequirementOrNull());
                            if (b6.isPresent()) {
                                jsonObject3.addProperty(AccessTokenRecord.SerializedNames.KID, (String) b6.get());
                            } else if (parseFrom3.hasCustomKid()) {
                                jsonObject3.addProperty(AccessTokenRecord.SerializedNames.KID, parseFrom3.getCustomKid().getValue());
                            }
                            jsonArray.add(jsonObject3);
                            break;
                        } catch (InvalidProtocolBufferException e6) {
                            throw new GeneralSecurityException("failed to parse value as JwtRsaSsaPssPublicKey proto", e6);
                        }
                    default:
                        throw new GeneralSecurityException(p.m("key type ", serialization.getTypeUrl(), " is not supported"));
                }
            }
        }
        JsonObject jsonObject4 = new JsonObject();
        jsonObject4.add(UserMetadata.KEYDATA_FILENAME, jsonArray);
        return jsonObject4.toString();
    }

    @InlineMe(imports = {"com.google.crypto.tink.jwt.JwkSetConverter"}, replacement = "JwkSetConverter.toPublicKeysetHandle(jwkSet)")
    @Deprecated
    public static KeysetHandle toKeysetHandle(String str, KeyAccess keyAccess) throws IOException, GeneralSecurityException {
        return toPublicKeysetHandle(str);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0095. Please report as an issue. */
    public static KeysetHandle toPublicKeysetHandle(String str) throws IOException, GeneralSecurityException {
        char c;
        char c9;
        JwtEcdsaAlgorithm jwtEcdsaAlgorithm;
        SecretKeyAccess secretKeyAccess;
        ProtoKeySerialization create;
        String str2;
        char c10;
        JwtRsaSsaPssAlgorithm jwtRsaSsaPssAlgorithm;
        char c11;
        JwtRsaSsaPkcs1Algorithm jwtRsaSsaPkcs1Algorithm;
        int i5 = 2;
        int i9 = 0;
        try {
            JsonReader jsonReader = new JsonReader(new StringReader(str));
            jsonReader.setLenient(false);
            JsonObject asJsonObject = Streams.parse(jsonReader).getAsJsonObject();
            KeysetHandle.Builder newBuilder = KeysetHandle.newBuilder();
            Iterator<JsonElement> it = asJsonObject.get(UserMetadata.KEYDATA_FILENAME).getAsJsonArray().iterator();
            while (it.hasNext()) {
                JsonObject asJsonObject2 = it.next().getAsJsonObject();
                String substring = c(asJsonObject2, "alg").substring(i9, i5);
                substring.getClass();
                Iterator<JsonElement> it2 = it;
                KeysetHandle.Builder builder = newBuilder;
                switch (substring.hashCode()) {
                    case 2222:
                        if (substring.equals(Constants.XML_FEED_EVENT_START_DATE)) {
                            c = 0;
                            break;
                        }
                        break;
                    case 2563:
                        if (substring.equals("PS")) {
                            c = 1;
                            break;
                        }
                        break;
                    case 2625:
                        if (substring.equals("RS")) {
                            c = 2;
                            break;
                        }
                        break;
                }
                c = 65535;
                switch (c) {
                    case 0:
                        String c12 = c(asJsonObject2, "alg");
                        c12.getClass();
                        switch (c12.hashCode()) {
                            case 66245349:
                                if (c12.equals("ES256")) {
                                    c9 = 0;
                                    break;
                                }
                                break;
                            case 66246401:
                                if (c12.equals("ES384")) {
                                    c9 = 1;
                                    break;
                                }
                                break;
                            case 66248104:
                                if (c12.equals("ES512")) {
                                    c9 = 2;
                                    break;
                                }
                                break;
                        }
                        c9 = 65535;
                        switch (c9) {
                            case 0:
                                a(asJsonObject2, "crv", "P-256");
                                jwtEcdsaAlgorithm = JwtEcdsaAlgorithm.ES256;
                                break;
                            case 1:
                                a(asJsonObject2, "crv", "P-384");
                                jwtEcdsaAlgorithm = JwtEcdsaAlgorithm.ES384;
                                break;
                            case 2:
                                a(asJsonObject2, "crv", "P-521");
                                jwtEcdsaAlgorithm = JwtEcdsaAlgorithm.ES512;
                                break;
                            default:
                                throw new GeneralSecurityException("Unknown Ecdsa Algorithm: " + c(asJsonObject2, "alg"));
                        }
                        if (asJsonObject2.has("d")) {
                            throw new UnsupportedOperationException("importing ECDSA private keys is not implemented");
                        }
                        a(asJsonObject2, "kty", "EC");
                        if (asJsonObject2.has("use")) {
                            a(asJsonObject2, "use", "sig");
                        }
                        d(asJsonObject2);
                        JwtEcdsaPublicKey.Builder y = JwtEcdsaPublicKey.newBuilder().setVersion(0).setAlgorithm(jwtEcdsaAlgorithm).setX(ByteString.copyFrom(Base64.urlSafeDecode(c(asJsonObject2, MMasterConstants.STR_MULTIPY)))).setY(ByteString.copyFrom(Base64.urlSafeDecode(c(asJsonObject2, "y"))));
                        if (asJsonObject2.has(AccessTokenRecord.SerializedNames.KID)) {
                            y.setCustomKid(JwtEcdsaPublicKey.CustomKid.newBuilder().setValue(c(asJsonObject2, AccessTokenRecord.SerializedNames.KID)).build());
                        }
                        secretKeyAccess = null;
                        create = ProtoKeySerialization.create("type.googleapis.com/google.crypto.tink.JwtEcdsaPublicKey", y.build().toByteString(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, OutputPrefixType.RAW, null);
                        builder.addEntry(KeysetHandle.importKey(new LegacyProtoKey(create, secretKeyAccess)).withRandomId());
                        it = it2;
                        newBuilder = builder;
                        i5 = 2;
                        i9 = 0;
                    case 1:
                        String c13 = c(asJsonObject2, "alg");
                        c13.getClass();
                        switch (c13.hashCode()) {
                            case 76404080:
                                str2 = AccessTokenRecord.SerializedNames.KID;
                                if (c13.equals("PS256")) {
                                    c10 = 0;
                                    break;
                                }
                                break;
                            case 76405132:
                                str2 = AccessTokenRecord.SerializedNames.KID;
                                if (c13.equals("PS384")) {
                                    c10 = 1;
                                    break;
                                }
                                break;
                            case 76406835:
                                str2 = AccessTokenRecord.SerializedNames.KID;
                                if (c13.equals("PS512")) {
                                    c10 = 2;
                                    break;
                                }
                                break;
                            default:
                                str2 = AccessTokenRecord.SerializedNames.KID;
                                break;
                        }
                        c10 = 65535;
                        switch (c10) {
                            case 0:
                                jwtRsaSsaPssAlgorithm = JwtRsaSsaPssAlgorithm.PS256;
                                break;
                            case 1:
                                jwtRsaSsaPssAlgorithm = JwtRsaSsaPssAlgorithm.PS384;
                                break;
                            case 2:
                                jwtRsaSsaPssAlgorithm = JwtRsaSsaPssAlgorithm.PS512;
                                break;
                            default:
                                throw new GeneralSecurityException("Unknown Rsa Algorithm: " + c(asJsonObject2, "alg"));
                        }
                        if (asJsonObject2.has("p") || asJsonObject2.has("q") || asJsonObject2.has("dq") || asJsonObject2.has("dq") || asJsonObject2.has("d") || asJsonObject2.has("qi")) {
                            throw new UnsupportedOperationException("importing RSA private keys is not implemented");
                        }
                        a(asJsonObject2, "kty", "RSA");
                        if (asJsonObject2.has("use")) {
                            a(asJsonObject2, "use", "sig");
                        }
                        d(asJsonObject2);
                        JwtRsaSsaPssPublicKey.Builder n2 = JwtRsaSsaPssPublicKey.newBuilder().setVersion(0).setAlgorithm(jwtRsaSsaPssAlgorithm).setE(ByteString.copyFrom(Base64.urlSafeDecode(c(asJsonObject2, "e")))).setN(ByteString.copyFrom(Base64.urlSafeDecode(c(asJsonObject2, "n"))));
                        String str3 = str2;
                        if (asJsonObject2.has(str3)) {
                            n2.setCustomKid(JwtRsaSsaPssPublicKey.CustomKid.newBuilder().setValue(c(asJsonObject2, str3)).build());
                        }
                        create = ProtoKeySerialization.create("type.googleapis.com/google.crypto.tink.JwtRsaSsaPssPublicKey", n2.build().toByteString(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, OutputPrefixType.RAW, null);
                        secretKeyAccess = null;
                        builder.addEntry(KeysetHandle.importKey(new LegacyProtoKey(create, secretKeyAccess)).withRandomId());
                        it = it2;
                        newBuilder = builder;
                        i5 = 2;
                        i9 = 0;
                        break;
                    case 2:
                        String c14 = c(asJsonObject2, "alg");
                        c14.getClass();
                        switch (c14.hashCode()) {
                            case 78251122:
                                if (c14.equals("RS256")) {
                                    c11 = 0;
                                    break;
                                }
                                break;
                            case 78252174:
                                if (c14.equals("RS384")) {
                                    c11 = 1;
                                    break;
                                }
                                break;
                            case 78253877:
                                if (c14.equals("RS512")) {
                                    c11 = 2;
                                    break;
                                }
                                break;
                        }
                        c11 = 65535;
                        switch (c11) {
                            case 0:
                                jwtRsaSsaPkcs1Algorithm = JwtRsaSsaPkcs1Algorithm.RS256;
                                break;
                            case 1:
                                jwtRsaSsaPkcs1Algorithm = JwtRsaSsaPkcs1Algorithm.RS384;
                                break;
                            case 2:
                                jwtRsaSsaPkcs1Algorithm = JwtRsaSsaPkcs1Algorithm.RS512;
                                break;
                            default:
                                throw new GeneralSecurityException("Unknown Rsa Algorithm: " + c(asJsonObject2, "alg"));
                        }
                        if (asJsonObject2.has("p") || asJsonObject2.has("q") || asJsonObject2.has("dp") || asJsonObject2.has("dq") || asJsonObject2.has("d") || asJsonObject2.has("qi")) {
                            throw new UnsupportedOperationException("importing RSA private keys is not implemented");
                        }
                        a(asJsonObject2, "kty", "RSA");
                        if (asJsonObject2.has("use")) {
                            a(asJsonObject2, "use", "sig");
                        }
                        d(asJsonObject2);
                        JwtRsaSsaPkcs1PublicKey.Builder n5 = JwtRsaSsaPkcs1PublicKey.newBuilder().setVersion(0).setAlgorithm(jwtRsaSsaPkcs1Algorithm).setE(ByteString.copyFrom(Base64.urlSafeDecode(c(asJsonObject2, "e")))).setN(ByteString.copyFrom(Base64.urlSafeDecode(c(asJsonObject2, "n"))));
                        if (asJsonObject2.has(AccessTokenRecord.SerializedNames.KID)) {
                            n5.setCustomKid(JwtRsaSsaPkcs1PublicKey.CustomKid.newBuilder().setValue(c(asJsonObject2, AccessTokenRecord.SerializedNames.KID)).build());
                        }
                        create = ProtoKeySerialization.create("type.googleapis.com/google.crypto.tink.JwtRsaSsaPkcs1PublicKey", n5.build().toByteString(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, OutputPrefixType.RAW, null);
                        secretKeyAccess = null;
                        builder.addEntry(KeysetHandle.importKey(new LegacyProtoKey(create, secretKeyAccess)).withRandomId());
                        it = it2;
                        newBuilder = builder;
                        i5 = 2;
                        i9 = 0;
                        break;
                    default:
                        throw new GeneralSecurityException("unexpected alg value: " + c(asJsonObject2, "alg"));
                }
            }
            KeysetHandle.Builder builder2 = newBuilder;
            if (builder2.size() <= 0) {
                throw new GeneralSecurityException("empty keyset");
            }
            builder2.getAt(0).makePrimary();
            return builder2.build();
        } catch (JsonParseException | IllegalStateException | StackOverflowError e3) {
            throw new GeneralSecurityException("JWK set is invalid JSON", e3);
        }
    }
}
