package be.atbash.ee.security.octopus.nimbus.jwk;

import be.atbash.ee.security.octopus.nimbus.jose.Algorithm;
import be.atbash.ee.security.octopus.nimbus.util.Base64URLValue;
import be.atbash.ee.security.octopus.nimbus.util.Base64Value;
import be.atbash.ee.security.octopus.nimbus.util.ByteUtils;
import be.atbash.ee.security.octopus.nimbus.util.JSONObjectUtils;
import be.atbash.util.exception.AtbashUnexpectedException;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.net.URI;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import javax.json.JsonObject;
import javax.json.JsonObjectBuilder;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPublicKey;

/* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jwk/OctetKeyPair.class */
public class OctetKeyPair extends JWK implements AsymmetricJWK, CurveBasedJWK {
    public static final Set<Curve> SUPPORTED_CURVES = Collections.unmodifiableSet(new HashSet(Arrays.asList(Curve.Ed25519, Curve.Ed448, Curve.X25519, Curve.X448)));
    private static final String CURVE_MUST_NOT_BE_NULL = "The curve must not be null";
    private static final String X_MUST_NOT_BE_NULL = "The 'x' coordinate must not be null";
    private final Curve crv;
    private final Base64URLValue x;
    private final byte[] decodedX;
    private final Base64URLValue d;
    private final byte[] decodedD;

    /* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jwk/OctetKeyPair$Builder.class */
    public static class Builder {
        private final Curve crv;
        private final Base64URLValue x;
        private Base64URLValue d;
        private KeyUse use;
        private Set<KeyOperation> ops;
        private Algorithm alg;
        private String kid;
        private URI x5u;
        private Base64URLValue x5t256;
        private List<Base64Value> x5c;
        private KeyStore ks;

        public Builder(Curve curve, Base64URLValue base64URLValue) {
            if (curve == null) {
                throw new IllegalArgumentException(OctetKeyPair.CURVE_MUST_NOT_BE_NULL);
            }
            this.crv = curve;
            if (base64URLValue == null) {
                throw new IllegalArgumentException(OctetKeyPair.X_MUST_NOT_BE_NULL);
            }
            this.x = base64URLValue;
        }

        public Builder(OctetKeyPair octetKeyPair) {
            this.crv = octetKeyPair.crv;
            this.x = octetKeyPair.x;
            this.d = octetKeyPair.d;
            this.use = octetKeyPair.getKeyUse();
            this.ops = octetKeyPair.getKeyOperations();
            this.alg = octetKeyPair.getAlgorithm();
            this.kid = octetKeyPair.getKeyID();
            this.x5u = octetKeyPair.getX509CertURL();
            this.x5t256 = octetKeyPair.getX509CertSHA256Thumbprint();
            this.x5c = octetKeyPair.getX509CertChain();
            this.ks = octetKeyPair.getKeyStore();
        }

        public Builder d(Base64URLValue base64URLValue) {
            this.d = base64URLValue;
            return this;
        }

        public Builder keyUse(KeyUse keyUse) {
            this.use = keyUse;
            return this;
        }

        public Builder keyOperations(Set<KeyOperation> set) {
            this.ops = set;
            return this;
        }

        public Builder algorithm(Algorithm algorithm) {
            this.alg = algorithm;
            return this;
        }

        public Builder keyID(String str) {
            this.kid = str;
            return this;
        }

        public Builder keyIDFromThumbprint() {
            return keyIDFromThumbprint("SHA-256");
        }

        public Builder keyIDFromThumbprint(String str) {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put(JWKIdentifiers.CURVE, this.crv.toString());
            linkedHashMap.put(JWKIdentifiers.KEY_TYPE, KeyType.OKP.getValue());
            linkedHashMap.put(JWKIdentifiers.X_COORD, this.x.toString());
            this.kid = ThumbprintUtils.compute(str, (LinkedHashMap<String, ?>) linkedHashMap).toString();
            return this;
        }

        public Builder x509CertURL(URI uri) {
            this.x5u = uri;
            return this;
        }

        public Builder x509CertSHA256Thumbprint(Base64URLValue base64URLValue) {
            this.x5t256 = base64URLValue;
            return this;
        }

        public Builder x509CertChain(List<Base64Value> list) {
            this.x5c = list;
            return this;
        }

        public Builder keyStore(KeyStore keyStore) {
            this.ks = keyStore;
            return this;
        }

        public OctetKeyPair build() {
            try {
                return this.d == null ? new OctetKeyPair(this.crv, this.x, this.use, this.ops, this.alg, this.kid, this.x5u, this.x5t256, this.x5c, this.ks) : new OctetKeyPair(this.crv, this.x, this.d, this.use, this.ops, this.alg, this.kid, this.x5u, this.x5t256, this.x5c, this.ks);
            } catch (IllegalArgumentException e) {
                throw new IllegalStateException(e.getMessage(), e);
            }
        }
    }

    public OctetKeyPair(Curve curve, Base64URLValue base64URLValue, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URLValue base64URLValue2, List<Base64Value> list, KeyStore keyStore) {
        super(KeyType.OKP, keyUse, set, algorithm, str, uri, base64URLValue2, list, keyStore);
        if (curve == null) {
            throw new IllegalArgumentException(CURVE_MUST_NOT_BE_NULL);
        }
        if (!SUPPORTED_CURVES.contains(curve)) {
            throw new IllegalArgumentException("Unknown / unsupported curve: " + curve);
        }
        this.crv = curve;
        if (base64URLValue == null) {
            throw new IllegalArgumentException("The 'x' parameter must not be null");
        }
        this.x = base64URLValue;
        this.decodedX = base64URLValue.decode();
        this.d = null;
        this.decodedD = null;
    }

    public OctetKeyPair(Curve curve, Base64URLValue base64URLValue, Base64URLValue base64URLValue2, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URLValue base64URLValue3, List<Base64Value> list, KeyStore keyStore) {
        super(KeyType.OKP, keyUse, set, algorithm, str, uri, base64URLValue3, list, keyStore);
        if (curve == null) {
            throw new IllegalArgumentException(CURVE_MUST_NOT_BE_NULL);
        }
        if (!SUPPORTED_CURVES.contains(curve)) {
            throw new IllegalArgumentException("Unknown / unsupported curve: " + curve);
        }
        this.crv = curve;
        if (base64URLValue == null) {
            throw new IllegalArgumentException("The 'x' parameter must not be null");
        }
        this.x = base64URLValue;
        this.decodedX = base64URLValue.decode();
        if (base64URLValue2 == null) {
            throw new IllegalArgumentException("The 'd' parameter must not be null");
        }
        this.d = base64URLValue2;
        this.decodedD = base64URLValue2.decode();
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.CurveBasedJWK
    public Curve getCurve() {
        return this.crv;
    }

    public Base64URLValue getX() {
        return this.x;
    }

    public byte[] getDecodedX() {
        return (byte[]) this.decodedX.clone();
    }

    public Base64URLValue getD() {
        return this.d;
    }

    public byte[] getDecodedD() {
        if (this.decodedD == null) {
            return null;
        }
        return (byte[]) this.decodedD.clone();
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.AsymmetricJWK
    public PublicKey toPublicKey() {
        Ed25519PublicKeyParameters ed25519PublicKeyParameters = new Ed25519PublicKeyParameters(this.x.decode(), 0);
        BCEdDSAPublicKey bCEdDSAPublicKey = null;
        for (Constructor<?> constructor : BCEdDSAPublicKey.class.getDeclaredConstructors()) {
            if (AsymmetricKeyParameter.class.isAssignableFrom(constructor.getParameterTypes()[0])) {
                constructor.setAccessible(true);
                try {
                    bCEdDSAPublicKey = (BCEdDSAPublicKey) constructor.newInstance(ed25519PublicKeyParameters);
                } catch (IllegalAccessException | InstantiationException | InvocationTargetException e) {
                    throw new AtbashUnexpectedException(e);
                }
            }
        }
        return bCEdDSAPublicKey;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.AsymmetricJWK
    public PrivateKey toPrivateKey() {
        if (this.d == null) {
            return null;
        }
        Ed25519PrivateKeyParameters ed25519PrivateKeyParameters = new Ed25519PrivateKeyParameters(this.d.decode(), 0);
        BCEdDSAPrivateKey bCEdDSAPrivateKey = null;
        for (Constructor<?> constructor : BCEdDSAPrivateKey.class.getDeclaredConstructors()) {
            if (AsymmetricKeyParameter.class.isAssignableFrom(constructor.getParameterTypes()[0])) {
                constructor.setAccessible(true);
                try {
                    bCEdDSAPrivateKey = (BCEdDSAPrivateKey) constructor.newInstance(ed25519PrivateKeyParameters);
                } catch (IllegalAccessException | InstantiationException | InvocationTargetException e) {
                    throw new AtbashUnexpectedException(e);
                }
            }
        }
        return bCEdDSAPrivateKey;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.AsymmetricJWK
    public KeyPair toKeyPair() {
        return new KeyPair(toPublicKey(), toPrivateKey());
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.AsymmetricJWK
    public boolean matches(X509Certificate x509Certificate) {
        return false;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public LinkedHashMap<String, String> getRequiredParams() {
        LinkedHashMap<String, String> linkedHashMap = new LinkedHashMap<>();
        linkedHashMap.put(JWKIdentifiers.CURVE, this.crv.toString());
        linkedHashMap.put(JWKIdentifiers.KEY_TYPE, getKeyType().getValue());
        linkedHashMap.put(JWKIdentifiers.X_COORD, this.x.toString());
        return linkedHashMap;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public boolean isPrivate() {
        return this.d != null;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public OctetKeyPair toPublicJWK() {
        return new OctetKeyPair(getCurve(), getX(), getKeyUse(), getKeyOperations(), getAlgorithm(), getKeyID(), getX509CertURL(), getX509CertSHA256Thumbprint(), getX509CertChain(), getKeyStore());
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public JsonObjectBuilder toJSONObject() {
        JsonObjectBuilder jSONObject = super.toJSONObject();
        jSONObject.add(JWKIdentifiers.CURVE, this.crv.toString());
        jSONObject.add(JWKIdentifiers.X_COORD, this.x.toString());
        if (this.d != null) {
            jSONObject.add("d", this.d.toString());
        }
        return jSONObject;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public int size() {
        return ByteUtils.bitLength(this.x.decode());
    }

    public static OctetKeyPair parse(String str) throws ParseException {
        return parse(JSONObjectUtils.parse(str));
    }

    public static OctetKeyPair parse(JsonObject jsonObject) throws ParseException {
        if (JWKMetadata.parseKeyType(jsonObject) != KeyType.OKP) {
            throw new ParseException("The key type \"kty\" must be OKP", 0);
        }
        String string = JSONObjectUtils.getString(jsonObject, JWKIdentifiers.CURVE);
        if (string == null || string.trim().isEmpty()) {
            throw new ParseException("The cryptographic curve string must not be null or empty", 0);
        }
        Curve parse = Curve.parse(string);
        Base64URLValue base64URL = JSONObjectUtils.getBase64URL(jsonObject, JWKIdentifiers.X_COORD);
        if (base64URL == null) {
            throw new ParseException("The 'x' parameter must not be null", 0);
        }
        Base64URLValue base64URL2 = JSONObjectUtils.getBase64URL(jsonObject, "d");
        try {
            return base64URL2 == null ? new OctetKeyPair(parse, base64URL, JWKMetadata.parseKeyUse(jsonObject), JWKMetadata.parseKeyOperations(jsonObject), JWKMetadata.parseAlgorithm(jsonObject), JWKMetadata.parseKeyID(jsonObject), JWKMetadata.parseX509CertURL(jsonObject), JWKMetadata.parseX509CertSHA256Thumbprint(jsonObject), JWKMetadata.parseX509CertChain(jsonObject), null) : new OctetKeyPair(parse, base64URL, base64URL2, JWKMetadata.parseKeyUse(jsonObject), JWKMetadata.parseKeyOperations(jsonObject), JWKMetadata.parseAlgorithm(jsonObject), JWKMetadata.parseKeyID(jsonObject), JWKMetadata.parseX509CertURL(jsonObject), JWKMetadata.parseX509CertSHA256Thumbprint(jsonObject), JWKMetadata.parseX509CertChain(jsonObject), null);
        } catch (IllegalArgumentException e) {
            throw new ParseException(e.getMessage(), 0);
        }
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof OctetKeyPair) || !super.equals(obj)) {
            return false;
        }
        OctetKeyPair octetKeyPair = (OctetKeyPair) obj;
        return Objects.equals(this.crv, octetKeyPair.crv) && Objects.equals(this.x, octetKeyPair.x) && Arrays.equals(this.decodedX, octetKeyPair.decodedX) && Objects.equals(this.d, octetKeyPair.d) && Arrays.equals(this.decodedD, octetKeyPair.decodedD);
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwk.JWK
    public int hashCode() {
        return (31 * ((31 * Objects.hash(Integer.valueOf(super.hashCode()), this.crv, this.x, this.d)) + Arrays.hashCode(this.decodedX))) + Arrays.hashCode(this.decodedD);
    }
}
