package be.atbash.ee.security.octopus.keys.writer.encoder;

import be.atbash.ee.security.octopus.jwk.EncryptedJSONJWK;
import be.atbash.ee.security.octopus.keys.AtbashKey;
import be.atbash.ee.security.octopus.keys.ECCurveHelper;
import be.atbash.ee.security.octopus.keys.writer.KeyEncoderParameters;
import be.atbash.ee.security.octopus.nimbus.jose.KeyTypeException;
import be.atbash.ee.security.octopus.nimbus.jwk.Curve;
import be.atbash.ee.security.octopus.nimbus.jwk.ECKey;
import be.atbash.ee.security.octopus.nimbus.jwk.KeyType;
import be.atbash.ee.security.octopus.nimbus.jwk.OctetKeyPair;
import be.atbash.ee.security.octopus.nimbus.jwk.RSAKey;
import be.atbash.ee.security.octopus.nimbus.util.Base64URLValue;
import be.atbash.ee.security.octopus.nimbus.util.KeyUtils;
import be.atbash.util.exception.AtbashUnexpectedException;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DLSequence;

/* loaded from: input_file:be/atbash/ee/security/octopus/keys/writer/encoder/JwkKeyEncoderPrivatePart.class */
public class JwkKeyEncoderPrivatePart implements KeyEncoder {
    @Override // be.atbash.ee.security.octopus.keys.writer.encoder.KeyEncoder
    public byte[] encodeKey(AtbashKey atbashKey, KeyEncoderParameters keyEncoderParameters) {
        if (KeyType.RSA.equals(atbashKey.getSecretKeyType().getKeyType())) {
            return encodeRSAKey(atbashKey, keyEncoderParameters);
        }
        if (KeyType.EC.equals(atbashKey.getSecretKeyType().getKeyType())) {
            return encodeECKey(atbashKey, keyEncoderParameters);
        }
        if (KeyType.OKP.equals(atbashKey.getSecretKeyType().getKeyType())) {
            return encodeOKPKey(atbashKey, keyEncoderParameters);
        }
        throw new KeyTypeException(atbashKey.getSecretKeyType().getKeyType(), "writing JWK");
    }

    private byte[] encodeRSAKey(AtbashKey atbashKey, KeyEncoderParameters keyEncoderParameters) {
        RSAKey build = new RSAKey.Builder((RSAPublicKey) KeyUtils.getPublicKey(atbashKey)).keyID(atbashKey.getKeyId()).privateKey((RSAPrivateKey) atbashKey.getKey()).build();
        return (keyEncoderParameters.getKeyPassword() != null ? EncryptedJSONJWK.encryptedOutput(build, keyEncoderParameters.getKeyPassword()) : build.toJSONObject().build().toString()).getBytes(StandardCharsets.UTF_8);
    }

    private byte[] encodeECKey(AtbashKey atbashKey, KeyEncoderParameters keyEncoderParameters) {
        ECKey build = new ECKey.Builder(ECCurveHelper.getCurve((java.security.interfaces.ECKey) atbashKey.getKey()), (ECPublicKey) KeyUtils.getPublicKey(atbashKey)).keyID(atbashKey.getKeyId()).privateKey((ECPrivateKey) atbashKey.getKey()).build();
        return (keyEncoderParameters.getKeyPassword() != null ? EncryptedJSONJWK.encryptedOutput(build, keyEncoderParameters.getKeyPassword()) : build.toJSONObject().build().toString()).getBytes(StandardCharsets.UTF_8);
    }

    private byte[] encodeOKPKey(AtbashKey atbashKey, KeyEncoderParameters keyEncoderParameters) {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(atbashKey.getKey().getEncoded());
            try {
                try {
                    DLSequence readObject = aSN1InputStream.readObject();
                    aSN1InputStream.close();
                    DLSequence dLSequence = readObject;
                    DEROctetString objectAt = dLSequence.getObjectAt(2);
                    byte[] bArr = new byte[32];
                    System.arraycopy(objectAt.getOctets(), 2, bArr, 0, 32);
                    DEROctetString baseObject = dLSequence.getObjectAt(3).getBaseObject();
                    byte[] bArr2 = new byte[32];
                    System.arraycopy(baseObject.getOctets(), 1, bArr2, 0, 32);
                    OctetKeyPair build = new OctetKeyPair.Builder(Curve.Ed25519, Base64URLValue.encode(bArr2)).keyID(atbashKey.getKeyId()).d(Base64URLValue.encode(bArr)).build();
                    return (keyEncoderParameters.getKeyPassword() != null ? EncryptedJSONJWK.encryptedOutput(build, keyEncoderParameters.getKeyPassword()) : build.toJSONObject().build().toString()).getBytes(StandardCharsets.UTF_8);
                } finally {
                }
            } catch (IOException e) {
                throw new AtbashUnexpectedException(e);
            }
        } catch (IOException e2) {
            throw new AtbashUnexpectedException(e2);
        }
    }
}
