package be.atbash.ee.security.octopus.nimbus.jwk;

import be.atbash.ee.security.octopus.keys.AtbashKey;
import be.atbash.ee.security.octopus.nimbus.jose.Algorithm;
import be.atbash.ee.security.octopus.nimbus.jose.JOSEException;
import be.atbash.ee.security.octopus.nimbus.jose.KeyTypeException;
import be.atbash.ee.security.octopus.nimbus.util.Base64URLValue;
import be.atbash.ee.security.octopus.nimbus.util.Base64Value;
import be.atbash.ee.security.octopus.nimbus.util.ByteUtils;
import be.atbash.ee.security.octopus.nimbus.util.IntegerOverflowException;
import be.atbash.ee.security.octopus.nimbus.util.JSONObjectUtils;
import java.net.URI;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.text.ParseException;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.json.JsonObject;
import javax.json.JsonObjectBuilder;

/* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jwk/OctetSequenceKey.class */
public final class OctetSequenceKey extends JWK implements SecretJWK {
    private static final String KEY_MUST_NOT_BE_NULL = "The key value must not be null";
    private final Base64URLValue k;

    /* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jwk/OctetSequenceKey$Builder.class */
    public static class Builder {
        private final Base64URLValue k;
        private KeyUse use;
        private Set<KeyOperation> ops;
        private Algorithm alg;
        private String kid;
        private URI x5u;
        private Base64URLValue x5t256;
        private List<Base64Value> x5c;
        private KeyStore ks;

        public Builder(Base64URLValue base64URLValue) {
            if (base64URLValue == null) {
                throw new IllegalArgumentException(OctetSequenceKey.KEY_MUST_NOT_BE_NULL);
            }
            this.k = base64URLValue;
        }

        public Builder(byte[] bArr) {
            this(Base64URLValue.encode(bArr));
            if (bArr.length == 0) {
                throw new IllegalArgumentException("The key must have a positive length");
            }
        }

        public Builder(SecretKey secretKey) {
            this(secretKey.getEncoded());
        }

        public Builder(AtbashKey atbashKey) {
            this(getSecretKey(atbashKey));
        }

        private static SecretKey getSecretKey(AtbashKey atbashKey) {
            if (atbashKey.getSecretKeyType().getKeyType() != KeyType.OCT) {
                throw new KeyTypeException(atbashKey.getSecretKeyType().getKeyType(), "OctetSequenceKey creation");
            }
            return (SecretKey) atbashKey.getKey();
        }

        public Builder keyUse(KeyUse keyUse) {
            this.use = keyUse;
            return this;
        }

        public Builder keyOperations(Set<KeyOperation> set) {
            this.ops = set;
            return this;
        }

        public Builder algorithm(Algorithm algorithm) {
            this.alg = algorithm;
            return this;
        }

        public Builder keyID(String str) {
            this.kid = str;
            return this;
        }

        public Builder keyIDFromThumbprint() {
            return keyIDFromThumbprint("SHA-256");
        }

        public Builder keyIDFromThumbprint(String str) {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put(JWKIdentifiers.OCT_KEY_VALUE, this.k.toString());
            linkedHashMap.put(JWKIdentifiers.KEY_TYPE, KeyType.OCT.getValue());
            this.kid = ThumbprintUtils.compute(str, (LinkedHashMap<String, ?>) linkedHashMap).toString();
            return this;
        }

        public Builder x509CertURL(URI uri) {
            this.x5u = uri;
            return this;
        }

        public Builder x509CertSHA256Thumbprint(Base64URLValue base64URLValue) {
            this.x5t256 = base64URLValue;
            return this;
        }

        public Builder x509CertChain(List<Base64Value> list) {
            this.x5c = list;
            return this;
        }

        public Builder keyStore(KeyStore keyStore) {
            this.ks = keyStore;
            return this;
        }

        public OctetSequenceKey build() {
            try {
                return new OctetSequenceKey(this.k, this.use, this.ops, this.alg, this.kid, this.x5u, this.x5t256, this.x5c, this.ks);
            } catch (IllegalArgumentException e) {
                throw new IllegalStateException(e.getMessage(), e);
            }
        }
    }

    public OctetSequenceKey(Base64URLValue base64URLValue, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URLValue base64URLValue2, List<Base64Value> list, KeyStore keyStore) {
        super(KeyType.OCT, keyUse, set, algorithm, str, uri, base64URLValue2, list, keyStore);
        if (base64URLValue == null) {
            throw new IllegalArgumentException(KEY_MUST_NOT_BE_NULL);
        }
        this.k = base64URLValue;
    }

    public Base64URLValue getKeyValue() {
        return this.k;
    }

    public byte[] toByteArray() {
        return getKeyValue().decode();
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.SecretJWK
    public SecretKey toSecretKey() {
        return new SecretKeySpec(toByteArray(), "AES");
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public LinkedHashMap<String, String> getRequiredParams() {
        LinkedHashMap<String, String> linkedHashMap = new LinkedHashMap<>();
        linkedHashMap.put(JWKIdentifiers.OCT_KEY_VALUE, this.k.toString());
        linkedHashMap.put(JWKIdentifiers.KEY_TYPE, getKeyType().toString());
        return linkedHashMap;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public boolean isPrivate() {
        return true;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public OctetSequenceKey toPublicJWK() {
        return null;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public int size() {
        try {
            return ByteUtils.safeBitLength(this.k.decode());
        } catch (IntegerOverflowException e) {
            throw new ArithmeticException(e.getMessage());
        }
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public JsonObjectBuilder toJSONObject() {
        JsonObjectBuilder jSONObject = super.toJSONObject();
        jSONObject.add(JWKIdentifiers.OCT_KEY_VALUE, this.k.toString());
        return jSONObject;
    }

    public static OctetSequenceKey parse(String str) throws ParseException {
        return parse(JSONObjectUtils.parse(str));
    }

    public static OctetSequenceKey parse(JsonObject jsonObject) throws ParseException {
        if (JWKMetadata.parseKeyType(jsonObject) != KeyType.OCT) {
            throw new ParseException("The key type \"kty\" must be oct", 0);
        }
        Base64URLValue base64URL = JSONObjectUtils.getBase64URL(jsonObject, JWKIdentifiers.OCT_KEY_VALUE);
        if (base64URL == null) {
            throw new ParseException(KEY_MUST_NOT_BE_NULL, 0);
        }
        return new OctetSequenceKey(base64URL, JWKMetadata.parseKeyUse(jsonObject), JWKMetadata.parseKeyOperations(jsonObject), JWKMetadata.parseAlgorithm(jsonObject), JWKMetadata.parseKeyID(jsonObject), JWKMetadata.parseX509CertURL(jsonObject), JWKMetadata.parseX509CertSHA256Thumbprint(jsonObject), JWKMetadata.parseX509CertChain(jsonObject), null);
    }

    public static OctetSequenceKey load(KeyStore keyStore, String str, char[] cArr) throws KeyStoreException {
        try {
            Key key = keyStore.getKey(str, cArr);
            if (key instanceof SecretKey) {
                return new Builder((SecretKey) key).keyID(str).keyStore(keyStore).build();
            }
            return null;
        } catch (NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new JOSEException("Couldn't retrieve secret key (bad pin?): " + e.getMessage(), e);
        }
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if ((obj instanceof OctetSequenceKey) && super.equals(obj)) {
            return Objects.equals(this.k, ((OctetSequenceKey) obj).k);
        }
        return false;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public int hashCode() {
        return Objects.hash(Integer.valueOf(super.hashCode()), this.k);
    }
}
