package com.nimbusds.jose.jwk;

import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.utils.ECChecks;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.BigIntegerUtils;
import com.nimbusds.jose.util.JSONObjectUtils;
import java.math.BigInteger;
import java.net.URI;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import net.jcip.annotations.Immutable;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.pqc.crypto.xmss.XMSSKeyParameters;

@Immutable
/* loaded from: classes6.dex */
public final class ECKey extends JWK {

    /* renamed from: s, reason: collision with root package name */
    public static final Set<Curve> f30792s = Collections.unmodifiableSet(new HashSet(Arrays.asList(Curve.f30780e, Curve.f30781f, Curve.f30783h, Curve.f30784i)));
    private static final long serialVersionUID = 1;

    /* renamed from: n, reason: collision with root package name */
    private final Curve f30793n;

    /* renamed from: o, reason: collision with root package name */
    private final Base64URL f30794o;

    /* renamed from: p, reason: collision with root package name */
    private final Base64URL f30795p;

    /* renamed from: q, reason: collision with root package name */
    private final Base64URL f30796q;

    /* renamed from: r, reason: collision with root package name */
    private final PrivateKey f30797r;

    /* loaded from: classes6.dex */
    public static class Builder {

        /* renamed from: a, reason: collision with root package name */
        private final Curve f30798a;

        /* renamed from: b, reason: collision with root package name */
        private final Base64URL f30799b;

        /* renamed from: c, reason: collision with root package name */
        private final Base64URL f30800c;

        /* renamed from: d, reason: collision with root package name */
        private Base64URL f30801d;

        /* renamed from: e, reason: collision with root package name */
        private PrivateKey f30802e;

        /* renamed from: f, reason: collision with root package name */
        private KeyUse f30803f;

        /* renamed from: g, reason: collision with root package name */
        private Set<KeyOperation> f30804g;

        /* renamed from: h, reason: collision with root package name */
        private Algorithm f30805h;

        /* renamed from: i, reason: collision with root package name */
        private String f30806i;

        /* renamed from: j, reason: collision with root package name */
        private URI f30807j;

        /* renamed from: k, reason: collision with root package name */
        @Deprecated
        private Base64URL f30808k;

        /* renamed from: l, reason: collision with root package name */
        private Base64URL f30809l;

        /* renamed from: m, reason: collision with root package name */
        private List<Base64> f30810m;

        /* renamed from: n, reason: collision with root package name */
        private KeyStore f30811n;

        public Builder(Curve curve, Base64URL base64URL, Base64URL base64URL2) {
            if (curve == null) {
                throw new IllegalArgumentException("The curve must not be null");
            }
            this.f30798a = curve;
            if (base64URL == null) {
                throw new IllegalArgumentException("The 'x' coordinate must not be null");
            }
            this.f30799b = base64URL;
            if (base64URL2 == null) {
                throw new IllegalArgumentException("The 'y' coordinate must not be null");
            }
            this.f30800c = base64URL2;
        }

        public Builder(Curve curve, ECPublicKey eCPublicKey) {
            this(curve, ECKey.O(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), ECKey.O(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()));
        }

        public Builder(ECKey eCKey) {
            this.f30798a = eCKey.f30793n;
            this.f30799b = eCKey.f30794o;
            this.f30800c = eCKey.f30795p;
            this.f30801d = eCKey.f30796q;
            this.f30802e = eCKey.f30797r;
            this.f30803f = eCKey.h();
            this.f30804g = eCKey.e();
            this.f30805h = eCKey.c();
            this.f30806i = eCKey.d();
            this.f30807j = eCKey.n();
            this.f30808k = eCKey.m();
            this.f30809l = eCKey.l();
            this.f30810m = eCKey.k();
            this.f30811n = eCKey.f();
        }

        public Builder a(Algorithm algorithm) {
            this.f30805h = algorithm;
            return this;
        }

        public ECKey b() {
            try {
                return (this.f30801d == null && this.f30802e == null) ? new ECKey(this.f30798a, this.f30799b, this.f30800c, this.f30803f, this.f30804g, this.f30805h, this.f30806i, this.f30807j, this.f30808k, this.f30809l, this.f30810m, this.f30811n) : this.f30802e != null ? new ECKey(this.f30798a, this.f30799b, this.f30800c, this.f30802e, this.f30803f, this.f30804g, this.f30805h, this.f30806i, this.f30807j, this.f30808k, this.f30809l, this.f30810m, this.f30811n) : new ECKey(this.f30798a, this.f30799b, this.f30800c, this.f30801d, this.f30803f, this.f30804g, this.f30805h, this.f30806i, this.f30807j, this.f30808k, this.f30809l, this.f30810m, this.f30811n);
            } catch (IllegalArgumentException e6) {
                throw new IllegalStateException(e6.getMessage(), e6);
            }
        }

        public Builder c(Base64URL base64URL) {
            this.f30801d = base64URL;
            return this;
        }

        public Builder d(String str) {
            this.f30806i = str;
            return this;
        }

        public Builder e() throws JOSEException {
            return f(XMSSKeyParameters.f49003d);
        }

        public Builder f(String str) throws JOSEException {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("crv", this.f30798a.toString());
            linkedHashMap.put("kty", KeyType.f30838d.c());
            linkedHashMap.put("x", this.f30799b.toString());
            linkedHashMap.put("y", this.f30800c.toString());
            this.f30806i = ThumbprintUtils.c(str, linkedHashMap).toString();
            return this;
        }

        public Builder g(Set<KeyOperation> set) {
            this.f30804g = set;
            return this;
        }

        public Builder h(KeyStore keyStore) {
            this.f30811n = keyStore;
            return this;
        }

        public Builder i(KeyUse keyUse) {
            this.f30803f = keyUse;
            return this;
        }

        public Builder j(PrivateKey privateKey) {
            if (privateKey instanceof ECPrivateKey) {
                return k((ECPrivateKey) privateKey);
            }
            if (!"EC".equalsIgnoreCase(privateKey.getAlgorithm())) {
                throw new IllegalArgumentException("The private key algorithm must be EC");
            }
            this.f30802e = privateKey;
            return this;
        }

        public Builder k(ECPrivateKey eCPrivateKey) {
            if (eCPrivateKey != null) {
                this.f30801d = ECKey.O(eCPrivateKey.getParams().getCurve().getField().getFieldSize(), eCPrivateKey.getS());
            }
            return this;
        }

        public Builder l(List<Base64> list) {
            this.f30810m = list;
            return this;
        }

        public Builder m(Base64URL base64URL) {
            this.f30809l = base64URL;
            return this;
        }

        @Deprecated
        public Builder n(Base64URL base64URL) {
            this.f30808k = base64URL;
            return this;
        }

        public Builder o(URI uri) {
            this.f30807j = uri;
            return this;
        }
    }

    public ECKey(Curve curve, Base64URL base64URL, Base64URL base64URL2, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL3, Base64URL base64URL4, List<Base64> list, KeyStore keyStore) {
        super(KeyType.f30838d, keyUse, set, algorithm, str, uri, base64URL3, base64URL4, list, keyStore);
        if (curve == null) {
            throw new IllegalArgumentException("The curve must not be null");
        }
        this.f30793n = curve;
        if (base64URL == null) {
            throw new IllegalArgumentException("The 'x' coordinate must not be null");
        }
        this.f30794o = base64URL;
        if (base64URL2 == null) {
            throw new IllegalArgumentException("The 'y' coordinate must not be null");
        }
        this.f30795p = base64URL2;
        Q(curve, base64URL, base64URL2);
        P(i());
        this.f30796q = null;
        this.f30797r = null;
    }

    public ECKey(Curve curve, Base64URL base64URL, Base64URL base64URL2, Base64URL base64URL3, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL4, Base64URL base64URL5, List<Base64> list, KeyStore keyStore) {
        super(KeyType.f30838d, keyUse, set, algorithm, str, uri, base64URL4, base64URL5, list, keyStore);
        if (curve == null) {
            throw new IllegalArgumentException("The curve must not be null");
        }
        this.f30793n = curve;
        if (base64URL == null) {
            throw new IllegalArgumentException("The 'x' coordinate must not be null");
        }
        this.f30794o = base64URL;
        if (base64URL2 == null) {
            throw new IllegalArgumentException("The 'y' coordinate must not be null");
        }
        this.f30795p = base64URL2;
        Q(curve, base64URL, base64URL2);
        P(i());
        if (base64URL3 == null) {
            throw new IllegalArgumentException("The 'd' coordinate must not be null");
        }
        this.f30796q = base64URL3;
        this.f30797r = null;
    }

    public ECKey(Curve curve, Base64URL base64URL, Base64URL base64URL2, PrivateKey privateKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL3, Base64URL base64URL4, List<Base64> list, KeyStore keyStore) {
        super(KeyType.f30838d, keyUse, set, algorithm, str, uri, base64URL3, base64URL4, list, keyStore);
        if (curve == null) {
            throw new IllegalArgumentException("The curve must not be null");
        }
        this.f30793n = curve;
        if (base64URL == null) {
            throw new IllegalArgumentException("The 'x' coordinate must not be null");
        }
        this.f30794o = base64URL;
        if (base64URL2 == null) {
            throw new IllegalArgumentException("The 'y' coordinate must not be null");
        }
        this.f30795p = base64URL2;
        Q(curve, base64URL, base64URL2);
        P(i());
        this.f30796q = null;
        this.f30797r = privateKey;
    }

    public ECKey(Curve curve, ECPublicKey eCPublicKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL, Base64URL base64URL2, List<Base64> list, KeyStore keyStore) {
        this(curve, O(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), O(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()), keyUse, set, algorithm, str, uri, base64URL, base64URL2, list, keyStore);
    }

    public ECKey(Curve curve, ECPublicKey eCPublicKey, PrivateKey privateKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL, Base64URL base64URL2, List<Base64> list, KeyStore keyStore) {
        this(curve, O(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), O(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()), privateKey, keyUse, set, algorithm, str, uri, base64URL, base64URL2, list, keyStore);
    }

    public ECKey(Curve curve, ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL, Base64URL base64URL2, List<Base64> list, KeyStore keyStore) {
        this(curve, O(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), O(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()), O(eCPrivateKey.getParams().getCurve().getField().getFieldSize(), eCPrivateKey.getS()), keyUse, set, algorithm, str, uri, base64URL, base64URL2, list, keyStore);
    }

    public static Base64URL O(int i5, BigInteger bigInteger) {
        byte[] a6 = BigIntegerUtils.a(bigInteger);
        int i6 = (i5 + 7) / 8;
        if (a6.length >= i6) {
            return Base64URL.k(a6);
        }
        byte[] bArr = new byte[i6];
        System.arraycopy(a6, 0, bArr, i6 - a6.length, a6.length);
        return Base64URL.k(bArr);
    }

    private void P(List<X509Certificate> list) {
        if (list != null && !b0(list.get(0))) {
            throw new IllegalArgumentException("The public subject key info of the first X.509 certificate in the chain must match the JWK type and public parameters");
        }
    }

    private static void Q(Curve curve, Base64URL base64URL, Base64URL base64URL2) {
        if (!f30792s.contains(curve)) {
            throw new IllegalArgumentException("Unknown / unsupported curve: " + curve);
        }
        if (ECChecks.a(base64URL.b(), base64URL2.b(), curve.h())) {
            return;
        }
        throw new IllegalArgumentException("Invalid EC JWK: The 'x' and 'y' public coordinates are not on the " + curve + " curve");
    }

    public static ECKey a0(KeyStore keyStore, String str, char[] cArr) throws KeyStoreException, JOSEException {
        Certificate certificate = keyStore.getCertificate(str);
        if (!(certificate instanceof X509Certificate)) {
            return null;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!(x509Certificate.getPublicKey() instanceof ECPublicKey)) {
            throw new JOSEException("Couldn't load EC JWK: The key algorithm is not EC");
        }
        ECKey b6 = new Builder(d0(x509Certificate)).d(str).h(keyStore).b();
        try {
            Key key = keyStore.getKey(str, cArr);
            return key instanceof ECPrivateKey ? new Builder(b6).k((ECPrivateKey) key).b() : ((key instanceof PrivateKey) && "EC".equalsIgnoreCase(key.getAlgorithm())) ? new Builder(b6).j((PrivateKey) key).b() : b6;
        } catch (NoSuchAlgorithmException | UnrecoverableKeyException e6) {
            throw new JOSEException("Couldn't retrieve private EC key (bad pin?): " + e6.getMessage(), e6);
        }
    }

    public static ECKey c0(String str) throws ParseException {
        return f0(JSONObjectUtils.o(str));
    }

    public static ECKey d0(X509Certificate x509Certificate) throws JOSEException {
        if (!(x509Certificate.getPublicKey() instanceof ECPublicKey)) {
            throw new JOSEException("The public key of the X.509 certificate is not EC");
        }
        ECPublicKey eCPublicKey = (ECPublicKey) x509Certificate.getPublicKey();
        try {
            String obj = new JcaX509CertificateHolder(x509Certificate).getSubjectPublicKeyInfo().j().m().toString();
            Curve c6 = Curve.c(obj);
            if (c6 != null) {
                return new Builder(c6, eCPublicKey).i(KeyUse.a(x509Certificate)).d(x509Certificate.getSerialNumber().toString(10)).l(Collections.singletonList(Base64.f(x509Certificate.getEncoded()))).m(Base64URL.k(MessageDigest.getInstance(XMSSKeyParameters.f49003d).digest(x509Certificate.getEncoded()))).b();
            }
            throw new JOSEException("Couldn't determine EC JWK curve for OID " + obj);
        } catch (NoSuchAlgorithmException e6) {
            throw new JOSEException("Couldn't encode x5t parameter: " + e6.getMessage(), e6);
        } catch (CertificateEncodingException e7) {
            throw new JOSEException("Couldn't encode x5c parameter: " + e7.getMessage(), e7);
        }
    }

    public static ECKey f0(Map<String, Object> map) throws ParseException {
        if (!KeyType.f30838d.equals(JWKMetadata.d(map))) {
            throw new ParseException("The key type \"kty\" must be EC", 0);
        }
        try {
            Curve g6 = Curve.g(JSONObjectUtils.j(map, "crv"));
            Base64URL a6 = JSONObjectUtils.a(map, "x");
            Base64URL a7 = JSONObjectUtils.a(map, "y");
            Base64URL a8 = JSONObjectUtils.a(map, "d");
            try {
                return a8 == null ? new ECKey(g6, a6, a7, JWKMetadata.e(map), JWKMetadata.c(map), JWKMetadata.a(map), JWKMetadata.b(map), JWKMetadata.i(map), JWKMetadata.h(map), JWKMetadata.g(map), JWKMetadata.f(map), (KeyStore) null) : new ECKey(g6, a6, a7, a8, JWKMetadata.e(map), JWKMetadata.c(map), JWKMetadata.a(map), JWKMetadata.b(map), JWKMetadata.i(map), JWKMetadata.h(map), JWKMetadata.g(map), JWKMetadata.f(map), (KeyStore) null);
            } catch (IllegalArgumentException e6) {
                throw new ParseException(e6.getMessage(), 0);
            }
        } catch (IllegalArgumentException e7) {
            throw new ParseException(e7.getMessage(), 0);
        }
    }

    public Curve S() {
        return this.f30793n;
    }

    public Base64URL U() {
        return this.f30796q;
    }

    public Base64URL W() {
        return this.f30794o;
    }

    public Base64URL Y() {
        return this.f30795p;
    }

    public boolean b0(X509Certificate x509Certificate) {
        try {
            ECPublicKey eCPublicKey = (ECPublicKey) i().get(0).getPublicKey();
            if (W().b().equals(eCPublicKey.getW().getAffineX())) {
                return Y().b().equals(eCPublicKey.getW().getAffineY());
            }
            return false;
        } catch (ClassCastException unused) {
            return false;
        }
    }

    @Override // com.nimbusds.jose.jwk.JWK
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof ECKey) || !super.equals(obj)) {
            return false;
        }
        ECKey eCKey = (ECKey) obj;
        return Objects.equals(this.f30793n, eCKey.f30793n) && Objects.equals(this.f30794o, eCKey.f30794o) && Objects.equals(this.f30795p, eCKey.f30795p) && Objects.equals(this.f30796q, eCKey.f30796q) && Objects.equals(this.f30797r, eCKey.f30797r);
    }

    public ECPrivateKey g0() throws JOSEException {
        return h0(null);
    }

    public ECPrivateKey h0(Provider provider) throws JOSEException {
        if (this.f30796q == null) {
            return null;
        }
        ECParameterSpec h6 = this.f30793n.h();
        if (h6 != null) {
            try {
                return (ECPrivateKey) (provider == null ? KeyFactory.getInstance("EC") : KeyFactory.getInstance("EC", provider)).generatePrivate(new ECPrivateKeySpec(this.f30796q.b(), h6));
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e6) {
                throw new JOSEException(e6.getMessage(), e6);
            }
        }
        throw new JOSEException("Couldn't get EC parameter spec for curve " + this.f30793n);
    }

    @Override // com.nimbusds.jose.jwk.JWK
    public int hashCode() {
        return Objects.hash(Integer.valueOf(super.hashCode()), this.f30793n, this.f30794o, this.f30795p, this.f30796q, this.f30797r);
    }

    public ECPublicKey i0() throws JOSEException {
        return k0(null);
    }

    @Override // com.nimbusds.jose.jwk.JWK
    public LinkedHashMap<String, ?> j() {
        LinkedHashMap<String, ?> linkedHashMap = new LinkedHashMap<>();
        linkedHashMap.put("crv", this.f30793n.toString());
        linkedHashMap.put("kty", g().c());
        linkedHashMap.put("x", this.f30794o.toString());
        linkedHashMap.put("y", this.f30795p.toString());
        return linkedHashMap;
    }

    public ECPublicKey k0(Provider provider) throws JOSEException {
        ECParameterSpec h6 = this.f30793n.h();
        if (h6 != null) {
            try {
                return (ECPublicKey) (provider == null ? KeyFactory.getInstance("EC") : KeyFactory.getInstance("EC", provider)).generatePublic(new ECPublicKeySpec(new ECPoint(this.f30794o.b(), this.f30795p.b()), h6));
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e6) {
                throw new JOSEException(e6.getMessage(), e6);
            }
        }
        throw new JOSEException("Couldn't get EC parameter spec for curve " + this.f30793n);
    }

    public KeyPair l0() throws JOSEException {
        return m0(null);
    }

    public KeyPair m0(Provider provider) throws JOSEException {
        return this.f30797r != null ? new KeyPair(k0(provider), this.f30797r) : new KeyPair(k0(provider), h0(provider));
    }

    public PrivateKey n0() throws JOSEException {
        ECPrivateKey g02 = g0();
        return g02 != null ? g02 : this.f30797r;
    }

    @Override // com.nimbusds.jose.jwk.JWK
    public boolean o() {
        return (this.f30796q == null && this.f30797r == null) ? false : true;
    }

    @Override // com.nimbusds.jose.jwk.JWK
    /* renamed from: o0, reason: merged with bridge method [inline-methods] */
    public ECKey F() {
        return new ECKey(S(), W(), Y(), h(), e(), c(), d(), n(), m(), l(), k(), f());
    }

    public PublicKey p0() throws JOSEException {
        return i0();
    }

    @Override // com.nimbusds.jose.jwk.JWK
    public int x() {
        ECParameterSpec h6 = this.f30793n.h();
        if (h6 != null) {
            return h6.getCurve().getField().getFieldSize();
        }
        throw new UnsupportedOperationException("Couldn't determine field size for curve " + this.f30793n.getName());
    }

    @Override // com.nimbusds.jose.jwk.JWK
    public Map<String, Object> z() {
        Map<String, Object> z5 = super.z();
        z5.put("crv", this.f30793n.toString());
        z5.put("x", this.f30794o.toString());
        z5.put("y", this.f30795p.toString());
        Base64URL base64URL = this.f30796q;
        if (base64URL != null) {
            z5.put("d", base64URL.toString());
        }
        return z5;
    }
}
