package com.nimbusds.jose.jwk;

import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.JSONArrayUtils;
import com.nimbusds.jose.util.JSONObjectUtils;
import com.nimbusds.jose.util.X509CertChainUtils;
import com.nimbusds.jose.util.X509CertUtils;
import java.io.Serializable;
import java.net.URI;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECParameterSpec;
import java.text.ParseException;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.bouncycastle.pqc.crypto.xmss.XMSSKeyParameters;

/* loaded from: classes6.dex */
public abstract class JWK implements Serializable {

    /* renamed from: m, reason: collision with root package name */
    public static final String f30816m = "application/jwk+json; charset=UTF-8";
    private static final long serialVersionUID = 1;

    /* renamed from: b, reason: collision with root package name */
    private final KeyType f30817b;

    /* renamed from: c, reason: collision with root package name */
    private final KeyUse f30818c;

    /* renamed from: d, reason: collision with root package name */
    private final Set<KeyOperation> f30819d;

    /* renamed from: e, reason: collision with root package name */
    private final Algorithm f30820e;

    /* renamed from: f, reason: collision with root package name */
    private final String f30821f;

    /* renamed from: g, reason: collision with root package name */
    private final URI f30822g;

    /* renamed from: h, reason: collision with root package name */
    @Deprecated
    private final Base64URL f30823h;

    /* renamed from: i, reason: collision with root package name */
    private final Base64URL f30824i;

    /* renamed from: j, reason: collision with root package name */
    private final List<Base64> f30825j;

    /* renamed from: k, reason: collision with root package name */
    private final List<X509Certificate> f30826k;

    /* renamed from: l, reason: collision with root package name */
    private final KeyStore f30827l;

    public JWK(KeyType keyType, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL, Base64URL base64URL2, List<Base64> list, KeyStore keyStore) {
        if (keyType == null) {
            throw new IllegalArgumentException("The key type \"kty\" parameter must not be null");
        }
        this.f30817b = keyType;
        if (!KeyUseAndOpsConsistency.a(keyUse, set)) {
            throw new IllegalArgumentException("The key use \"use\" and key options \"key_ops\" parameters are not consistent, see RFC 7517, section 4.3");
        }
        this.f30818c = keyUse;
        this.f30819d = set;
        this.f30820e = algorithm;
        this.f30821f = str;
        this.f30822g = uri;
        this.f30823h = base64URL;
        this.f30824i = base64URL2;
        if (list != null && list.isEmpty()) {
            throw new IllegalArgumentException("The X.509 certificate chain \"x5c\" must not be empty");
        }
        this.f30825j = list;
        try {
            this.f30826k = X509CertChainUtils.c(list);
            this.f30827l = keyStore;
        } catch (ParseException e6) {
            throw new IllegalArgumentException("Invalid X.509 certificate chain \"x5c\": " + e6.getMessage(), e6);
        }
    }

    private static KeyPair H(List<? extends KeyPair> list) throws JOSEException {
        KeyPair keyPair = list.get(0);
        KeyPair keyPair2 = list.get(1);
        if (keyPair.getPublic() != null && keyPair2.getPrivate() != null) {
            return new KeyPair(keyPair.getPublic(), keyPair2.getPrivate());
        }
        if (keyPair.getPrivate() == null || keyPair2.getPublic() == null) {
            throw new JOSEException("Not a public/private key pair");
        }
        return new KeyPair(keyPair2.getPublic(), keyPair.getPrivate());
    }

    private static void I(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey) throws JOSEException {
        ECParameterSpec params = eCPublicKey.getParams();
        ECParameterSpec params2 = eCPrivateKey.getParams();
        if (!params.getCurve().equals(params2.getCurve())) {
            throw new JOSEException("Public/private " + KeyType.f30838d.c() + " key curve mismatch: " + eCPublicKey);
        }
        if (params.getCofactor() != params2.getCofactor()) {
            throw new JOSEException("Public/private " + KeyType.f30838d.c() + " key cofactor mismatch: " + eCPublicKey);
        }
        if (!params.getGenerator().equals(params2.getGenerator())) {
            throw new JOSEException("Public/private " + KeyType.f30838d.c() + " key generator mismatch: " + eCPublicKey);
        }
        if (params.getOrder().equals(params2.getOrder())) {
            return;
        }
        throw new JOSEException("Public/private " + KeyType.f30838d.c() + " key order mismatch: " + eCPublicKey);
    }

    public static JWK p(KeyStore keyStore, String str, char[] cArr) throws KeyStoreException, JOSEException {
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate == null) {
            return OctetSequenceKey.K(keyStore, str, cArr);
        }
        if (certificate.getPublicKey() instanceof RSAPublicKey) {
            return RSAKey.i0(keyStore, str, cArr);
        }
        if (certificate.getPublicKey() instanceof ECPublicKey) {
            return ECKey.a0(keyStore, str, cArr);
        }
        throw new JOSEException("Unsupported public key algorithm: " + certificate.getPublicKey().getAlgorithm());
    }

    private static KeyPair r(List<KeyPair> list) throws JOSEException {
        if (list.size() == 1) {
            return list.get(0);
        }
        if (list.size() == 2) {
            return H(list);
        }
        throw new JOSEException("Expected key or pair of PEM-encoded keys");
    }

    public static JWK s(String str) throws ParseException {
        return u(JSONObjectUtils.o(str));
    }

    public static JWK t(X509Certificate x509Certificate) throws JOSEException {
        if (x509Certificate.getPublicKey() instanceof RSAPublicKey) {
            return RSAKey.m0(x509Certificate);
        }
        if (x509Certificate.getPublicKey() instanceof ECPublicKey) {
            return ECKey.d0(x509Certificate);
        }
        throw new JOSEException("Unsupported public key algorithm: " + x509Certificate.getPublicKey().getAlgorithm());
    }

    public static JWK u(Map<String, Object> map) throws ParseException {
        String j5 = JSONObjectUtils.j(map, "kty");
        if (j5 == null) {
            throw new ParseException("Missing key type \"kty\" parameter", 0);
        }
        KeyType d6 = KeyType.d(j5);
        if (d6 == KeyType.f30838d) {
            return ECKey.f0(map);
        }
        if (d6 == KeyType.f30839e) {
            return RSAKey.n0(map);
        }
        if (d6 == KeyType.f30840f) {
            return OctetSequenceKey.M(map);
        }
        if (d6 == KeyType.f30841g) {
            return OctetKeyPair.W(map);
        }
        throw new ParseException("Unsupported key type \"kty\" parameter: " + d6, 0);
    }

    public static JWK v(String str) throws JOSEException {
        List<KeyPair> a6 = PEMEncodedKeyParser.a(str);
        if (a6.isEmpty()) {
            throw new JOSEException("No PEM-encoded keys found");
        }
        KeyPair r5 = r(a6);
        PublicKey publicKey = r5.getPublic();
        PrivateKey privateKey = r5.getPrivate();
        if (publicKey == null) {
            throw new JOSEException("Missing PEM-encoded public key to construct JWK");
        }
        if (publicKey instanceof ECPublicKey) {
            ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
            ECParameterSpec params = eCPublicKey.getParams();
            if (privateKey instanceof ECPrivateKey) {
                I(eCPublicKey, (ECPrivateKey) privateKey);
            }
            if (privateKey == null || (privateKey instanceof ECPrivateKey)) {
                ECKey.Builder builder = new ECKey.Builder(Curve.a(params), eCPublicKey);
                if (privateKey != null) {
                    builder.k((ECPrivateKey) privateKey);
                }
                return builder.b();
            }
            throw new JOSEException("Unsupported " + KeyType.f30838d.c() + " private key type: " + privateKey);
        }
        if (!(publicKey instanceof RSAPublicKey)) {
            throw new JOSEException("Unsupported algorithm of PEM-encoded key: " + publicKey.getAlgorithm());
        }
        RSAKey.Builder builder2 = new RSAKey.Builder((RSAPublicKey) publicKey);
        if (privateKey instanceof RSAPrivateKey) {
            builder2.q((RSAPrivateKey) privateKey);
        } else if (privateKey != null) {
            throw new JOSEException("Unsupported " + KeyType.f30839e.c() + " private key type: " + privateKey);
        }
        return builder2.b();
    }

    public static JWK w(String str) throws JOSEException {
        X509Certificate c6 = X509CertUtils.c(str);
        if (c6 != null) {
            return t(c6);
        }
        throw new JOSEException("Couldn't parse PEM-encoded X.509 certificate");
    }

    public String A() {
        return JSONObjectUtils.r(z());
    }

    public OctetKeyPair D() {
        return (OctetKeyPair) this;
    }

    public OctetSequenceKey E() {
        return (OctetSequenceKey) this;
    }

    public abstract JWK F();

    public RSAKey G() {
        return (RSAKey) this;
    }

    public Base64URL a() throws JOSEException {
        return b(XMSSKeyParameters.f49003d);
    }

    public Base64URL b(String str) throws JOSEException {
        return ThumbprintUtils.b(str, this);
    }

    public Algorithm c() {
        return this.f30820e;
    }

    public String d() {
        return this.f30821f;
    }

    public Set<KeyOperation> e() {
        return this.f30819d;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof JWK)) {
            return false;
        }
        JWK jwk = (JWK) obj;
        return Objects.equals(this.f30817b, jwk.f30817b) && Objects.equals(this.f30818c, jwk.f30818c) && Objects.equals(this.f30819d, jwk.f30819d) && Objects.equals(this.f30820e, jwk.f30820e) && Objects.equals(this.f30821f, jwk.f30821f) && Objects.equals(this.f30822g, jwk.f30822g) && Objects.equals(this.f30823h, jwk.f30823h) && Objects.equals(this.f30824i, jwk.f30824i) && Objects.equals(this.f30825j, jwk.f30825j) && Objects.equals(this.f30827l, jwk.f30827l);
    }

    public KeyStore f() {
        return this.f30827l;
    }

    public KeyType g() {
        return this.f30817b;
    }

    public KeyUse h() {
        return this.f30818c;
    }

    public int hashCode() {
        return Objects.hash(this.f30817b, this.f30818c, this.f30819d, this.f30820e, this.f30821f, this.f30822g, this.f30823h, this.f30824i, this.f30825j, this.f30827l);
    }

    public List<X509Certificate> i() {
        List<X509Certificate> list = this.f30826k;
        if (list == null) {
            return null;
        }
        return Collections.unmodifiableList(list);
    }

    public abstract LinkedHashMap<String, ?> j();

    public List<Base64> k() {
        List<Base64> list = this.f30825j;
        if (list == null) {
            return null;
        }
        return Collections.unmodifiableList(list);
    }

    public Base64URL l() {
        return this.f30824i;
    }

    @Deprecated
    public Base64URL m() {
        return this.f30823h;
    }

    public URI n() {
        return this.f30822g;
    }

    public abstract boolean o();

    public String toString() {
        return JSONObjectUtils.r(z());
    }

    public abstract int x();

    public ECKey y() {
        return (ECKey) this;
    }

    public Map<String, Object> z() {
        Map<String, Object> n5 = JSONObjectUtils.n();
        n5.put("kty", this.f30817b.c());
        KeyUse keyUse = this.f30818c;
        if (keyUse != null) {
            n5.put("use", keyUse.c());
        }
        if (this.f30819d != null) {
            List<Object> a6 = JSONArrayUtils.a();
            Iterator<KeyOperation> it = this.f30819d.iterator();
            while (it.hasNext()) {
                a6.add(it.next().d());
            }
            n5.put("key_ops", a6);
        }
        Algorithm algorithm = this.f30820e;
        if (algorithm != null) {
            n5.put("alg", algorithm.getName());
        }
        String str = this.f30821f;
        if (str != null) {
            n5.put("kid", str);
        }
        URI uri = this.f30822g;
        if (uri != null) {
            n5.put("x5u", uri.toString());
        }
        Base64URL base64URL = this.f30823h;
        if (base64URL != null) {
            n5.put("x5t", base64URL.toString());
        }
        Base64URL base64URL2 = this.f30824i;
        if (base64URL2 != null) {
            n5.put("x5t#S256", base64URL2.toString());
        }
        if (this.f30825j != null) {
            List<Object> a7 = JSONArrayUtils.a();
            Iterator<Base64> it2 = this.f30825j.iterator();
            while (it2.hasNext()) {
                a7.add(it2.next().toString());
            }
            n5.put("x5c", a7);
        }
        return n5;
    }
}
