package be.atbash.ee.security.octopus.nimbus.jwk;

import be.atbash.ee.security.octopus.exception.InvalidKeyException;
import be.atbash.ee.security.octopus.keys.AtbashKey;
import be.atbash.ee.security.octopus.keys.selector.AsymmetricPart;
import be.atbash.ee.security.octopus.nimbus.jose.Algorithm;
import be.atbash.ee.security.octopus.nimbus.jose.JOSEException;
import be.atbash.ee.security.octopus.nimbus.jose.KeyTypeException;
import be.atbash.ee.security.octopus.nimbus.util.Base64URLValue;
import be.atbash.ee.security.octopus.nimbus.util.Base64Value;
import be.atbash.ee.security.octopus.nimbus.util.ByteUtils;
import be.atbash.ee.security.octopus.nimbus.util.IntegerOverflowException;
import be.atbash.ee.security.octopus.nimbus.util.JSONObjectUtils;
import jakarta.json.Json;
import jakarta.json.JsonArray;
import jakarta.json.JsonArrayBuilder;
import jakarta.json.JsonObject;
import jakarta.json.JsonObjectBuilder;
import jakarta.json.JsonValue;
import java.math.BigInteger;
import java.net.URI;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAMultiPrimePrivateCrtKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAMultiPrimePrivateCrtKeySpec;
import java.security.spec.RSAOtherPrimeInfo;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Objects;
import java.util.Set;

/* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jwk/RSAKey.class */
public final class RSAKey extends JWK implements AsymmetricJWK {
    private final Base64URLValue n;
    private final Base64URLValue e;
    private final Base64URLValue d;
    private final Base64URLValue p;
    private final Base64URLValue q;
    private final Base64URLValue dp;
    private final Base64URLValue dq;
    private final Base64URLValue qi;
    private final List<OtherPrimesInfo> oth;
    private final PrivateKey privateKey;

    /* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jwk/RSAKey$Builder.class */
    public static class Builder {
        private final Base64URLValue n;
        private final Base64URLValue e;
        private Base64URLValue d;
        private Base64URLValue p;
        private Base64URLValue q;
        private Base64URLValue dp;
        private Base64URLValue dq;
        private Base64URLValue qi;
        private List<OtherPrimesInfo> oth;
        private PrivateKey priv;
        private KeyUse use;
        private Set<KeyOperation> ops;
        private Algorithm alg;
        private String kid;
        private URI x5u;
        private Base64URLValue x5t256;
        private List<Base64Value> x5c;
        private KeyStore keystore;

        public Builder(Base64URLValue base64URLValue, Base64URLValue base64URLValue2) {
            if (base64URLValue == null) {
                throw new IllegalArgumentException("The modulus value must not be null");
            }
            this.n = base64URLValue;
            if (base64URLValue2 == null) {
                throw new IllegalArgumentException("The public exponent value must not be null");
            }
            this.e = base64URLValue2;
        }

        public Builder(RSAPublicKey rSAPublicKey) {
            this.n = Base64URLValue.encode(rSAPublicKey.getModulus());
            this.e = Base64URLValue.encode(rSAPublicKey.getPublicExponent());
        }

        public Builder(RSAKey rSAKey) {
            this.n = rSAKey.n;
            this.e = rSAKey.e;
            this.d = rSAKey.d;
            this.p = rSAKey.p;
            this.q = rSAKey.q;
            this.dp = rSAKey.dp;
            this.dq = rSAKey.dq;
            this.qi = rSAKey.qi;
            this.oth = rSAKey.oth;
            this.priv = rSAKey.privateKey;
            this.use = rSAKey.getKeyUse();
            this.ops = rSAKey.getKeyOperations();
            this.alg = rSAKey.getAlgorithm();
            this.kid = rSAKey.getKeyID();
            this.x5u = rSAKey.getX509CertURL();
            this.x5t256 = rSAKey.getX509CertSHA256Thumbprint();
            this.x5c = rSAKey.getX509CertChain();
            this.keystore = rSAKey.getKeyStore();
        }

        public Builder(AtbashKey atbashKey) {
            this(getRSAPublicKey(atbashKey));
        }

        private static RSAPublicKey getRSAPublicKey(AtbashKey atbashKey) {
            if (atbashKey.getSecretKeyType().getKeyType() != KeyType.RSA) {
                throw new KeyTypeException(atbashKey.getSecretKeyType().getKeyType(), "RSAKey creation");
            }
            if (atbashKey.getSecretKeyType().getAsymmetricPart() != AsymmetricPart.PUBLIC) {
                throw new KeyTypeException(AsymmetricPart.PUBLIC, "RSAKey creation");
            }
            return (RSAPublicKey) atbashKey.getKey();
        }

        public Builder privateExponent(Base64URLValue base64URLValue) {
            this.d = base64URLValue;
            return this;
        }

        public Builder privateKey(RSAPrivateKey rSAPrivateKey) {
            if (rSAPrivateKey instanceof RSAPrivateCrtKey) {
                return privateKey((RSAPrivateCrtKey) rSAPrivateKey);
            }
            if (rSAPrivateKey instanceof RSAMultiPrimePrivateCrtKey) {
                return privateKey((RSAMultiPrimePrivateCrtKey) rSAPrivateKey);
            }
            this.d = Base64URLValue.encode(rSAPrivateKey.getPrivateExponent());
            return this;
        }

        public Builder privateKey(PrivateKey privateKey) {
            if (privateKey instanceof RSAPrivateKey) {
                return privateKey((RSAPrivateKey) privateKey);
            }
            if (!JWKIdentifiers.RSA_KEY_TYPE.equalsIgnoreCase(privateKey.getAlgorithm())) {
                throw new IllegalArgumentException("The private key algorithm must be RSA");
            }
            this.priv = privateKey;
            return this;
        }

        public Builder firstPrimeFactor(Base64URLValue base64URLValue) {
            this.p = base64URLValue;
            return this;
        }

        public Builder secondPrimeFactor(Base64URLValue base64URLValue) {
            this.q = base64URLValue;
            return this;
        }

        public Builder firstFactorCRTExponent(Base64URLValue base64URLValue) {
            this.dp = base64URLValue;
            return this;
        }

        public Builder secondFactorCRTExponent(Base64URLValue base64URLValue) {
            this.dq = base64URLValue;
            return this;
        }

        public Builder firstCRTCoefficient(Base64URLValue base64URLValue) {
            this.qi = base64URLValue;
            return this;
        }

        public Builder otherPrimes(List<OtherPrimesInfo> list) {
            this.oth = list;
            return this;
        }

        public Builder privateKey(RSAPrivateCrtKey rSAPrivateCrtKey) {
            this.d = Base64URLValue.encode(rSAPrivateCrtKey.getPrivateExponent());
            this.p = Base64URLValue.encode(rSAPrivateCrtKey.getPrimeP());
            this.q = Base64URLValue.encode(rSAPrivateCrtKey.getPrimeQ());
            this.dp = Base64URLValue.encode(rSAPrivateCrtKey.getPrimeExponentP());
            this.dq = Base64URLValue.encode(rSAPrivateCrtKey.getPrimeExponentQ());
            this.qi = Base64URLValue.encode(rSAPrivateCrtKey.getCrtCoefficient());
            return this;
        }

        public Builder privateKey(RSAMultiPrimePrivateCrtKey rSAMultiPrimePrivateCrtKey) {
            this.d = Base64URLValue.encode(rSAMultiPrimePrivateCrtKey.getPrivateExponent());
            this.p = Base64URLValue.encode(rSAMultiPrimePrivateCrtKey.getPrimeP());
            this.q = Base64URLValue.encode(rSAMultiPrimePrivateCrtKey.getPrimeQ());
            this.dp = Base64URLValue.encode(rSAMultiPrimePrivateCrtKey.getPrimeExponentP());
            this.dq = Base64URLValue.encode(rSAMultiPrimePrivateCrtKey.getPrimeExponentQ());
            this.qi = Base64URLValue.encode(rSAMultiPrimePrivateCrtKey.getCrtCoefficient());
            this.oth = OtherPrimesInfo.toList(rSAMultiPrimePrivateCrtKey.getOtherPrimeInfo());
            return this;
        }

        public Builder keyUse(KeyUse keyUse) {
            this.use = keyUse;
            return this;
        }

        public Builder keyOperations(Set<KeyOperation> set) {
            this.ops = set;
            return this;
        }

        public Builder algorithm(Algorithm algorithm) {
            this.alg = algorithm;
            return this;
        }

        public Builder keyID(String str) {
            this.kid = str;
            return this;
        }

        public Builder keyIDFromThumbprint() {
            return keyIDFromThumbprint("SHA-256");
        }

        public Builder keyIDFromThumbprint(String str) {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put(JWKIdentifiers.EXPONENT, this.e.toString());
            linkedHashMap.put(JWKIdentifiers.KEY_TYPE, KeyType.RSA.getValue());
            linkedHashMap.put(JWKIdentifiers.MODULUS, this.n.toString());
            this.kid = ThumbprintUtils.compute(str, (LinkedHashMap<String, ?>) linkedHashMap).toString();
            return this;
        }

        public Builder x509CertURL(URI uri) {
            this.x5u = uri;
            return this;
        }

        public Builder x509CertSHA256Thumbprint(Base64URLValue base64URLValue) {
            this.x5t256 = base64URLValue;
            return this;
        }

        public Builder x509CertChain(List<Base64Value> list) {
            this.x5c = list;
            return this;
        }

        public Builder keyStore(KeyStore keyStore) {
            this.keystore = keyStore;
            return this;
        }

        public RSAKey build() {
            try {
                return new RSAKey(this.n, this.e, this.d, this.p, this.q, this.dp, this.dq, this.qi, this.oth, this.priv, this.use, this.ops, this.alg, this.kid, this.x5u, this.x5t256, this.x5c, this.keystore);
            } catch (IllegalArgumentException e) {
                throw new IllegalStateException(e.getMessage(), e);
            }
        }
    }

    /* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jwk/RSAKey$OtherPrimesInfo.class */
    public static class OtherPrimesInfo {
        private final Base64URLValue r;
        private final Base64URLValue d;
        private final Base64URLValue t;

        public OtherPrimesInfo(Base64URLValue base64URLValue, Base64URLValue base64URLValue2, Base64URLValue base64URLValue3) {
            if (base64URLValue == null) {
                throw new IllegalArgumentException("The prime factor must not be null");
            }
            this.r = base64URLValue;
            if (base64URLValue2 == null) {
                throw new IllegalArgumentException("The factor CRT exponent must not be null");
            }
            this.d = base64URLValue2;
            if (base64URLValue3 == null) {
                throw new IllegalArgumentException("The factor CRT coefficient must not be null");
            }
            this.t = base64URLValue3;
        }

        public OtherPrimesInfo(RSAOtherPrimeInfo rSAOtherPrimeInfo) {
            this.r = Base64URLValue.encode(rSAOtherPrimeInfo.getPrime());
            this.d = Base64URLValue.encode(rSAOtherPrimeInfo.getExponent());
            this.t = Base64URLValue.encode(rSAOtherPrimeInfo.getCrtCoefficient());
        }

        public Base64URLValue getPrimeFactor() {
            return this.r;
        }

        public Base64URLValue getFactorCRTExponent() {
            return this.d;
        }

        public Base64URLValue getFactorCRTCoefficient() {
            return this.t;
        }

        public static List<OtherPrimesInfo> toList(RSAOtherPrimeInfo[] rSAOtherPrimeInfoArr) {
            ArrayList arrayList = new ArrayList();
            if (rSAOtherPrimeInfoArr == null) {
                return arrayList;
            }
            for (RSAOtherPrimeInfo rSAOtherPrimeInfo : rSAOtherPrimeInfoArr) {
                arrayList.add(new OtherPrimesInfo(rSAOtherPrimeInfo));
            }
            return arrayList;
        }
    }

    public RSAKey(Base64URLValue base64URLValue, Base64URLValue base64URLValue2, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URLValue base64URLValue3, List<Base64Value> list, KeyStore keyStore) {
        this(base64URLValue, base64URLValue2, null, null, null, null, null, null, null, null, keyUse, set, algorithm, str, uri, base64URLValue3, list, keyStore);
    }

    public RSAKey(Base64URLValue base64URLValue, Base64URLValue base64URLValue2, Base64URLValue base64URLValue3, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URLValue base64URLValue4, List<Base64Value> list, KeyStore keyStore) {
        this(base64URLValue, base64URLValue2, base64URLValue3, null, null, null, null, null, null, null, keyUse, set, algorithm, str, uri, base64URLValue4, list, keyStore);
        if (base64URLValue3 == null) {
            throw new IllegalArgumentException("The private exponent must not be null");
        }
    }

    public RSAKey(Base64URLValue base64URLValue, Base64URLValue base64URLValue2, Base64URLValue base64URLValue3, Base64URLValue base64URLValue4, Base64URLValue base64URLValue5, Base64URLValue base64URLValue6, Base64URLValue base64URLValue7, List<OtherPrimesInfo> list, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URLValue base64URLValue8, List<Base64Value> list2, KeyStore keyStore) {
        this(base64URLValue, base64URLValue2, null, base64URLValue3, base64URLValue4, base64URLValue5, base64URLValue6, base64URLValue7, list, null, keyUse, set, algorithm, str, uri, base64URLValue8, list2, keyStore);
        if (base64URLValue3 == null) {
            throw new IllegalArgumentException("The first prime factor must not be null");
        }
    }

    public RSAKey(Base64URLValue base64URLValue, Base64URLValue base64URLValue2, Base64URLValue base64URLValue3, Base64URLValue base64URLValue4, Base64URLValue base64URLValue5, Base64URLValue base64URLValue6, Base64URLValue base64URLValue7, Base64URLValue base64URLValue8, List<OtherPrimesInfo> list, PrivateKey privateKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URLValue base64URLValue9, List<Base64Value> list2, KeyStore keyStore) {
        super(KeyType.RSA, keyUse, set, algorithm, str, uri, base64URLValue9, list2, keyStore);
        if (base64URLValue == null) {
            throw new IllegalArgumentException("The modulus value must not be null");
        }
        this.n = base64URLValue;
        if (base64URLValue2 == null) {
            throw new IllegalArgumentException("The public exponent value must not be null");
        }
        this.e = base64URLValue2;
        if (getParsedX509CertChain() != null && !matches(getParsedX509CertChain().get(0))) {
            throw new IllegalArgumentException("The public subject key info of the first X.509 certificate in the chain must match the JWK type and public parameters");
        }
        this.d = base64URLValue3;
        if (base64URLValue4 != null && base64URLValue5 != null && base64URLValue6 != null && base64URLValue7 != null && base64URLValue8 != null) {
            this.p = base64URLValue4;
            this.q = base64URLValue5;
            this.dp = base64URLValue6;
            this.dq = base64URLValue7;
            this.qi = base64URLValue8;
            if (list != null) {
                this.oth = Collections.unmodifiableList(list);
            } else {
                this.oth = Collections.emptyList();
            }
        } else if (base64URLValue4 == null && base64URLValue5 == null && base64URLValue6 == null && base64URLValue7 == null && base64URLValue8 == null && list == null) {
            this.p = null;
            this.q = null;
            this.dp = null;
            this.dq = null;
            this.qi = null;
            this.oth = Collections.emptyList();
        } else {
            if (base64URLValue4 != null || base64URLValue5 != null || base64URLValue6 != null || base64URLValue7 != null || base64URLValue8 != null) {
                if (base64URLValue4 == null) {
                    throw new IllegalArgumentException("Incomplete second private (CRT) representation: The first prime factor must not be null");
                }
                if (base64URLValue5 == null) {
                    throw new IllegalArgumentException("Incomplete second private (CRT) representation: The second prime factor must not be null");
                }
                if (base64URLValue6 == null) {
                    throw new IllegalArgumentException("Incomplete second private (CRT) representation: The first factor CRT exponent must not be null");
                }
                if (base64URLValue7 != null) {
                    throw new IllegalArgumentException("Incomplete second private (CRT) representation: The first CRT coefficient must not be null");
                }
                throw new IllegalArgumentException("Incomplete second private (CRT) representation: The second factor CRT exponent must not be null");
            }
            this.p = null;
            this.q = null;
            this.dp = null;
            this.dq = null;
            this.qi = null;
            this.oth = Collections.emptyList();
        }
        this.privateKey = privateKey;
    }

    public RSAKey(RSAPublicKey rSAPublicKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URLValue base64URLValue, List<Base64Value> list, KeyStore keyStore) {
        this(Base64URLValue.encode(rSAPublicKey.getModulus()), Base64URLValue.encode(rSAPublicKey.getPublicExponent()), keyUse, set, algorithm, str, uri, base64URLValue, list, keyStore);
    }

    public RSAKey(RSAPublicKey rSAPublicKey, RSAPrivateKey rSAPrivateKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URLValue base64URLValue, List<Base64Value> list, KeyStore keyStore) {
        this(Base64URLValue.encode(rSAPublicKey.getModulus()), Base64URLValue.encode(rSAPublicKey.getPublicExponent()), Base64URLValue.encode(rSAPrivateKey.getPrivateExponent()), keyUse, set, algorithm, str, uri, base64URLValue, list, keyStore);
    }

    public RSAKey(RSAPublicKey rSAPublicKey, RSAPrivateCrtKey rSAPrivateCrtKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URLValue base64URLValue, List<Base64Value> list, KeyStore keyStore) {
        this(Base64URLValue.encode(rSAPublicKey.getModulus()), Base64URLValue.encode(rSAPublicKey.getPublicExponent()), Base64URLValue.encode(rSAPrivateCrtKey.getPrivateExponent()), Base64URLValue.encode(rSAPrivateCrtKey.getPrimeP()), Base64URLValue.encode(rSAPrivateCrtKey.getPrimeQ()), Base64URLValue.encode(rSAPrivateCrtKey.getPrimeExponentP()), Base64URLValue.encode(rSAPrivateCrtKey.getPrimeExponentQ()), Base64URLValue.encode(rSAPrivateCrtKey.getCrtCoefficient()), null, null, keyUse, set, algorithm, str, uri, base64URLValue, list, keyStore);
    }

    public RSAKey(RSAPublicKey rSAPublicKey, RSAMultiPrimePrivateCrtKey rSAMultiPrimePrivateCrtKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URLValue base64URLValue, List<Base64Value> list, KeyStore keyStore) {
        this(Base64URLValue.encode(rSAPublicKey.getModulus()), Base64URLValue.encode(rSAPublicKey.getPublicExponent()), Base64URLValue.encode(rSAMultiPrimePrivateCrtKey.getPrivateExponent()), Base64URLValue.encode(rSAMultiPrimePrivateCrtKey.getPrimeP()), Base64URLValue.encode(rSAMultiPrimePrivateCrtKey.getPrimeQ()), Base64URLValue.encode(rSAMultiPrimePrivateCrtKey.getPrimeExponentP()), Base64URLValue.encode(rSAMultiPrimePrivateCrtKey.getPrimeExponentQ()), Base64URLValue.encode(rSAMultiPrimePrivateCrtKey.getCrtCoefficient()), OtherPrimesInfo.toList(rSAMultiPrimePrivateCrtKey.getOtherPrimeInfo()), null, keyUse, set, algorithm, str, uri, base64URLValue, list, keyStore);
    }

    public RSAKey(RSAPublicKey rSAPublicKey, PrivateKey privateKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URLValue base64URLValue, List<Base64Value> list, KeyStore keyStore) {
        this(Base64URLValue.encode(rSAPublicKey.getModulus()), Base64URLValue.encode(rSAPublicKey.getPublicExponent()), null, null, null, null, null, null, null, privateKey, keyUse, set, algorithm, str, uri, base64URLValue, list, keyStore);
    }

    public Base64URLValue getModulus() {
        return this.n;
    }

    public Base64URLValue getPublicExponent() {
        return this.e;
    }

    public Base64URLValue getPrivateExponent() {
        return this.d;
    }

    public Base64URLValue getFirstPrimeFactor() {
        return this.p;
    }

    public Base64URLValue getSecondPrimeFactor() {
        return this.q;
    }

    public Base64URLValue getFirstFactorCRTExponent() {
        return this.dp;
    }

    public Base64URLValue getSecondFactorCRTExponent() {
        return this.dq;
    }

    public Base64URLValue getFirstCRTCoefficient() {
        return this.qi;
    }

    public List<OtherPrimesInfo> getOtherPrimes() {
        return this.oth;
    }

    public RSAPublicKey toRSAPublicKey() {
        try {
            return (RSAPublicKey) KeyFactory.getInstance(JWKIdentifiers.RSA_KEY_TYPE).generatePublic(new RSAPublicKeySpec(this.n.decodeToBigInteger(), this.e.decodeToBigInteger()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new InvalidKeyException(e.getMessage(), e);
        }
    }

    public RSAPrivateKey toRSAPrivateKey() {
        RSAPrivateKeySpec rSAPrivateCrtKeySpec;
        if (this.d == null) {
            return null;
        }
        BigInteger decodeToBigInteger = this.n.decodeToBigInteger();
        BigInteger decodeToBigInteger2 = this.d.decodeToBigInteger();
        if (this.p == null) {
            rSAPrivateCrtKeySpec = new RSAPrivateKeySpec(decodeToBigInteger, decodeToBigInteger2);
        } else {
            BigInteger decodeToBigInteger3 = this.e.decodeToBigInteger();
            BigInteger decodeToBigInteger4 = this.p.decodeToBigInteger();
            BigInteger decodeToBigInteger5 = this.q.decodeToBigInteger();
            BigInteger decodeToBigInteger6 = this.dp.decodeToBigInteger();
            BigInteger decodeToBigInteger7 = this.dq.decodeToBigInteger();
            BigInteger decodeToBigInteger8 = this.qi.decodeToBigInteger();
            if (this.oth == null || this.oth.isEmpty()) {
                rSAPrivateCrtKeySpec = new RSAPrivateCrtKeySpec(decodeToBigInteger, decodeToBigInteger3, decodeToBigInteger2, decodeToBigInteger4, decodeToBigInteger5, decodeToBigInteger6, decodeToBigInteger7, decodeToBigInteger8);
            } else {
                RSAOtherPrimeInfo[] rSAOtherPrimeInfoArr = new RSAOtherPrimeInfo[this.oth.size()];
                for (int i = 0; i < this.oth.size(); i++) {
                    OtherPrimesInfo otherPrimesInfo = this.oth.get(i);
                    rSAOtherPrimeInfoArr[i] = new RSAOtherPrimeInfo(otherPrimesInfo.getPrimeFactor().decodeToBigInteger(), otherPrimesInfo.getFactorCRTExponent().decodeToBigInteger(), otherPrimesInfo.getFactorCRTCoefficient().decodeToBigInteger());
                }
                rSAPrivateCrtKeySpec = new RSAMultiPrimePrivateCrtKeySpec(decodeToBigInteger, decodeToBigInteger3, decodeToBigInteger2, decodeToBigInteger4, decodeToBigInteger5, decodeToBigInteger6, decodeToBigInteger7, decodeToBigInteger8, rSAOtherPrimeInfoArr);
            }
        }
        try {
            return (RSAPrivateKey) KeyFactory.getInstance(JWKIdentifiers.RSA_KEY_TYPE).generatePrivate(rSAPrivateCrtKeySpec);
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new InvalidKeyException(e.getMessage(), e);
        }
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.AsymmetricJWK
    public PublicKey toPublicKey() {
        return toRSAPublicKey();
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.AsymmetricJWK
    public PrivateKey toPrivateKey() {
        RSAPrivateKey rSAPrivateKey = toRSAPrivateKey();
        return rSAPrivateKey != null ? rSAPrivateKey : this.privateKey;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.AsymmetricJWK
    public KeyPair toKeyPair() {
        return new KeyPair(toRSAPublicKey(), toPrivateKey());
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.AsymmetricJWK
    public boolean matches(X509Certificate x509Certificate) {
        try {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) getParsedX509CertChain().get(0).getPublicKey();
            if (this.e.decodeToBigInteger().equals(rSAPublicKey.getPublicExponent())) {
                return this.n.decodeToBigInteger().equals(rSAPublicKey.getModulus());
            }
            return false;
        } catch (ClassCastException e) {
            return false;
        }
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public LinkedHashMap<String, String> getRequiredParams() {
        LinkedHashMap<String, String> linkedHashMap = new LinkedHashMap<>();
        linkedHashMap.put(JWKIdentifiers.EXPONENT, this.e.toString());
        linkedHashMap.put(JWKIdentifiers.KEY_TYPE, getKeyType().getValue());
        linkedHashMap.put(JWKIdentifiers.MODULUS, this.n.toString());
        return linkedHashMap;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public boolean isPrivate() {
        return (this.d == null && this.p == null && this.privateKey == null) ? false : true;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public int size() {
        try {
            return ByteUtils.safeBitLength(this.n.decode());
        } catch (IntegerOverflowException e) {
            throw new ArithmeticException(e.getMessage());
        }
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public RSAKey toPublicJWK() {
        return new RSAKey(getModulus(), getPublicExponent(), getKeyUse(), getKeyOperations(), getAlgorithm(), getKeyID(), getX509CertURL(), getX509CertSHA256Thumbprint(), getX509CertChain(), getKeyStore());
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public JsonObjectBuilder toJSONObject() {
        JsonObjectBuilder jSONObject = super.toJSONObject();
        jSONObject.add(JWKIdentifiers.MODULUS, this.n.toString());
        jSONObject.add(JWKIdentifiers.EXPONENT, this.e.toString());
        if (this.d != null) {
            jSONObject.add("d", this.d.toString());
        }
        if (this.p != null) {
            jSONObject.add(JWKIdentifiers.FIRST_PRIME_FACTOR, this.p.toString());
        }
        if (this.q != null) {
            jSONObject.add(JWKIdentifiers.SECOND_PRIME_FACTOR, this.q.toString());
        }
        if (this.dp != null) {
            jSONObject.add(JWKIdentifiers.FIRST_FACTOR_CRT_EXPONENT, this.dp.toString());
        }
        if (this.dq != null) {
            jSONObject.add(JWKIdentifiers.SECOND_FACTOR_CRT_EXPONENT, this.dq.toString());
        }
        if (this.qi != null) {
            jSONObject.add(JWKIdentifiers.FIRST_CRT_COEFFICIENT, this.qi.toString());
        }
        if (this.oth != null && !this.oth.isEmpty()) {
            JsonArrayBuilder createArrayBuilder = Json.createArrayBuilder();
            for (OtherPrimesInfo otherPrimesInfo : this.oth) {
                createArrayBuilder.add(Json.createObjectBuilder().add(JWKIdentifiers.PRIME_FACTOR, otherPrimesInfo.r.toString()).add("d", otherPrimesInfo.d.toString()).add(JWKIdentifiers.FACTOR_CRT_COEFFICIENT, otherPrimesInfo.t.toString()));
            }
            jSONObject.add(JWKIdentifiers.OTHER_PRIMES, createArrayBuilder);
        }
        return jSONObject;
    }

    public static RSAKey parse(String str) throws ParseException {
        return parse(JSONObjectUtils.parse(str));
    }

    public static RSAKey parse(JsonObject jsonObject) throws ParseException {
        if (KeyType.parse(JSONObjectUtils.getString(jsonObject, JWKIdentifiers.KEY_TYPE)) != KeyType.RSA) {
            throw new ParseException("The key type \"kty\" must be RSA", 0);
        }
        Base64URLValue base64URL = JSONObjectUtils.getBase64URL(jsonObject, JWKIdentifiers.MODULUS);
        if (base64URL == null) {
            throw new ParseException("The modules \"n\" value must not be null", 0);
        }
        Base64URLValue base64URL2 = JSONObjectUtils.getBase64URL(jsonObject, JWKIdentifiers.EXPONENT);
        if (base64URL2 == null) {
            throw new ParseException("The exp \"e\" value must not be null", 0);
        }
        Base64URLValue base64URL3 = JSONObjectUtils.getBase64URL(jsonObject, "d");
        Base64URLValue base64URL4 = JSONObjectUtils.getBase64URL(jsonObject, JWKIdentifiers.FIRST_PRIME_FACTOR);
        Base64URLValue base64URL5 = JSONObjectUtils.getBase64URL(jsonObject, JWKIdentifiers.SECOND_PRIME_FACTOR);
        Base64URLValue base64URL6 = JSONObjectUtils.getBase64URL(jsonObject, JWKIdentifiers.FIRST_FACTOR_CRT_EXPONENT);
        Base64URLValue base64URL7 = JSONObjectUtils.getBase64URL(jsonObject, JWKIdentifiers.SECOND_FACTOR_CRT_EXPONENT);
        Base64URLValue base64URL8 = JSONObjectUtils.getBase64URL(jsonObject, JWKIdentifiers.FIRST_CRT_COEFFICIENT);
        ArrayList arrayList = null;
        if (jsonObject.containsKey(JWKIdentifiers.OTHER_PRIMES) && ((JsonValue) jsonObject.get(JWKIdentifiers.OTHER_PRIMES)).getValueType() == JsonValue.ValueType.ARRAY) {
            JsonArray jsonArray = jsonObject.getJsonArray(JWKIdentifiers.OTHER_PRIMES);
            arrayList = new ArrayList(jsonArray.size());
            for (Object obj : jsonArray) {
                if (obj instanceof JsonObject) {
                    JsonObject jsonObject2 = (JsonObject) obj;
                    arrayList.add(new OtherPrimesInfo(JSONObjectUtils.getBase64URL(jsonObject2, JWKIdentifiers.PRIME_FACTOR), JSONObjectUtils.getBase64URL(jsonObject2, JWKIdentifiers.SECOND_FACTOR_CRT_EXPONENT), JSONObjectUtils.getBase64URL(jsonObject2, JWKIdentifiers.FACTOR_CRT_COEFFICIENT)));
                }
            }
        }
        try {
            return new RSAKey(base64URL, base64URL2, base64URL3, base64URL4, base64URL5, base64URL6, base64URL7, base64URL8, arrayList, null, JWKMetadata.parseKeyUse(jsonObject), JWKMetadata.parseKeyOperations(jsonObject), JWKMetadata.parseAlgorithm(jsonObject), JWKMetadata.parseKeyID(jsonObject), JWKMetadata.parseX509CertURL(jsonObject), JWKMetadata.parseX509CertSHA256Thumbprint(jsonObject), JWKMetadata.parseX509CertChain(jsonObject), null);
        } catch (IllegalArgumentException e) {
            throw new ParseException(e.getMessage(), 0);
        }
    }

    public static RSAKey parse(X509Certificate x509Certificate) {
        if (!(x509Certificate.getPublicKey() instanceof RSAPublicKey)) {
            throw new JOSEException("The public key of the X.509 certificate is not RSA");
        }
        try {
            return new Builder((RSAPublicKey) x509Certificate.getPublicKey()).keyUse(KeyUse.from(x509Certificate)).keyID(x509Certificate.getSerialNumber().toString(10)).x509CertChain(Collections.singletonList(Base64Value.encode(x509Certificate.getEncoded()))).x509CertSHA256Thumbprint(Base64URLValue.encode(MessageDigest.getInstance("SHA-256").digest(x509Certificate.getEncoded()))).build();
        } catch (NoSuchAlgorithmException e) {
            throw new JOSEException("Couldn't encode x5t parameter: " + e.getMessage(), e);
        } catch (CertificateEncodingException e2) {
            throw new JOSEException("Couldn't encode x5c parameter: " + e2.getMessage(), e2);
        }
    }

    public static RSAKey load(KeyStore keyStore, String str, char[] cArr) throws KeyStoreException {
        Certificate certificate = keyStore.getCertificate(str);
        if (!(certificate instanceof X509Certificate)) {
            return null;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!(x509Certificate.getPublicKey() instanceof RSAPublicKey)) {
            throw new JOSEException("Couldn't load RSA JWK: The key algorithm is not RSA");
        }
        RSAKey build = new Builder(parse(x509Certificate)).keyID(str).keyStore(keyStore).build();
        try {
            Key key = keyStore.getKey(str, cArr);
            return key instanceof RSAPrivateKey ? new Builder(build).privateKey((RSAPrivateKey) key).build() : ((key instanceof PrivateKey) && JWKIdentifiers.RSA_KEY_TYPE.equalsIgnoreCase(key.getAlgorithm())) ? new Builder(build).privateKey((PrivateKey) key).build() : build;
        } catch (NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new JOSEException("Couldn't retrieve private RSA key (bad pin?): " + e.getMessage(), e);
        }
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof RSAKey) || !super.equals(obj)) {
            return false;
        }
        RSAKey rSAKey = (RSAKey) obj;
        return Objects.equals(this.n, rSAKey.n) && Objects.equals(this.e, rSAKey.e) && Objects.equals(this.d, rSAKey.d) && Objects.equals(this.p, rSAKey.p) && Objects.equals(this.q, rSAKey.q) && Objects.equals(this.dp, rSAKey.dp) && Objects.equals(this.dq, rSAKey.dq) && Objects.equals(this.qi, rSAKey.qi) && Objects.equals(this.oth, rSAKey.oth) && Objects.equals(this.privateKey, rSAKey.privateKey);
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public int hashCode() {
        return Objects.hash(Integer.valueOf(super.hashCode()), this.n, this.e, this.d, this.p, this.q, this.dp, this.dq, this.qi, this.oth, this.privateKey);
    }
}
