package uk.co.spudsoft.jwtvalidatorvertx;

import com.google.common.primitives.Bytes;
import io.vertx.core.json.JsonObject;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.EdECPoint;
import java.security.spec.EdECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.NamedParameterSpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:uk/co/spudsoft/jwtvalidatorvertx/JWK.class */
public class JWK {
    private static final Logger logger = LoggerFactory.getLogger(JWK.class);
    private final long expiryMs;
    private final String kid;
    private final String use;
    private final String kty;
    private final Key key;

    public JWK(long j, JsonObject jsonObject) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidParameterSpecException {
        this.expiryMs = j;
        this.kid = jsonObject.getString("kid");
        this.use = jsonObject.getString("use");
        this.kty = jsonObject.getString("kty");
        if (!hasValue(this.kid)) {
            throw new IllegalArgumentException("Key ID (kid) not specified in JWK");
        }
        if (!hasValue(this.kty)) {
            throw new IllegalArgumentException("Key type (kty) not specified in JWK");
        }
        String str = this.kty;
        boolean z = -1;
        switch (str.hashCode()) {
            case -1868705855:
                if (str.equals("RSASSA")) {
                    z = true;
                    break;
                }
                break;
            case 2206:
                if (str.equals("EC")) {
                    z = 2;
                    break;
                }
                break;
            case 78324:
                if (str.equals("OKP")) {
                    z = 3;
                    break;
                }
                break;
            case 81440:
                if (str.equals("RSA")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
                validateAlg(jsonObject, "RSA");
                this.key = createRSA(jsonObject);
                return;
            case true:
                validateAlg(jsonObject, "ECDSA");
                this.key = createEC(jsonObject);
                return;
            case true:
                validateAlg(jsonObject, "EdDSA");
                this.key = createOKP(jsonObject);
                return;
            default:
                throw new IllegalArgumentException("Unsupported key type: " + this.kty);
        }
    }

    private void validateAlg(JsonObject jsonObject, String str) {
        String string = jsonObject.getString("alg");
        if (string == null || str.equals(JsonWebAlgorithm.valueOf(string).getFamilyName())) {
            return;
        }
        logger.warn("Algorithm ({}) does not match key type ({})", string, this.kty);
        throw new IllegalArgumentException("Algorithm (" + string + ") does not match key type (" + this.kty + ")");
    }

    public long getExpiryMs() {
        return this.expiryMs;
    }

    public String getKid() {
        return this.kid;
    }

    public String getUse() {
        return this.use;
    }

    public Key getKey() {
        return this.key;
    }

    public boolean verify(JsonWebAlgorithm jsonWebAlgorithm, byte[] bArr, byte[] bArr2) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, InvalidAlgorithmParameterException {
        Signature signature = Signature.getInstance(jsonWebAlgorithm.getJdkAlgName());
        if (jsonWebAlgorithm.getParameter() != null) {
            signature.setParameter(jsonWebAlgorithm.getParameter());
        }
        signature.initVerify((PublicKey) this.key);
        signature.update(bArr2);
        return signature.verify(bArr);
    }

    private static boolean hasValue(String str) {
        return (str == null || str.isBlank()) ? false : true;
    }

    private static Key createRSA(JsonObject jsonObject) throws NoSuchAlgorithmException, InvalidKeySpecException {
        String string = jsonObject.getString("n");
        String string2 = jsonObject.getString("e");
        if (!hasValue(string) || !hasValue(string2)) {
            throw new IllegalArgumentException("JWK (" + jsonObject + ") does not contain valid RSA public key");
        }
        return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.getUrlDecoder().decode(string)), new BigInteger(1, Base64.getUrlDecoder().decode(string2))));
    }

    private static String getJdkEcCurveName(String str) {
        if (!hasValue(str)) {
            throw new IllegalArgumentException("JWK does not contain valid EC public key (curve not specified)");
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case 75272022:
                if (str.equals("P-256")) {
                    z = false;
                    break;
                }
                break;
            case 75273074:
                if (str.equals("P-384")) {
                    z = true;
                    break;
                }
                break;
            case 75274807:
                if (str.equals("P-521")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return "secp256r1";
            case true:
                return "secp384r1";
            case true:
                return "secp521r1";
            default:
                return str;
        }
    }

    private static Key createEC(JsonObject jsonObject) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidParameterSpecException {
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
        algorithmParameters.init(new ECGenParameterSpec(getJdkEcCurveName(jsonObject.getString("crv"))));
        String string = jsonObject.getString("x");
        String string2 = jsonObject.getString("y");
        if (!hasValue(string) || !hasValue(string2)) {
            throw new IllegalArgumentException("JWK (" + jsonObject + ") does not contain valid EC public key");
        }
        return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Base64.getUrlDecoder().decode(string)), new BigInteger(1, Base64.getUrlDecoder().decode(string2))), (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
    }

    private static EdECPoint byteArrayToEdPoint(byte[] bArr) {
        boolean z = (bArr[bArr.length - 1] & 128) != 0;
        int length = bArr.length - 1;
        bArr[length] = (byte) (bArr[length] & Byte.MAX_VALUE);
        Bytes.reverse(bArr, 0, bArr.length);
        return new EdECPoint(z, new BigInteger(1, bArr));
    }

    private static Key createOKP(JsonObject jsonObject) throws NoSuchAlgorithmException, InvalidKeySpecException {
        String string = jsonObject.getString("x");
        String string2 = jsonObject.getString("crv");
        if (hasValue(string) && hasValue(string2)) {
            return KeyFactory.getInstance("EdDSA").generatePublic(new EdECPublicKeySpec(new NamedParameterSpec(string2), byteArrayToEdPoint(Base64.getUrlDecoder().decode(string))));
        }
        throw new IllegalArgumentException("JWK (" + jsonObject + ") does not contain valid OKP public key");
    }
}
