package net.visma.autopay.http.signature;

import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.SecretKey;
import net.visma.autopay.http.signature.SignatureException;

/* loaded from: input_file:net/visma/autopay/http/signature/SignatureKeyFactory.class */
final class SignatureKeyFactory {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/visma/autopay/http/signature/SignatureKeyFactory$HmacKey.class */
    public static class HmacKey implements PrivateKey, PublicKey, SecretKey {
        private static final long serialVersionUID = -623103208224639883L;
        private final byte[] encodedKey;

        private HmacKey(byte[] bArr) {
            this.encodedKey = bArr;
        }

        @Override // java.security.Key
        public String getAlgorithm() {
            return SignatureKeyAlgorithm.HMAC.getJvmName();
        }

        @Override // java.security.Key
        public String getFormat() {
            return "RAW";
        }

        @Override // java.security.Key
        public byte[] getEncoded() {
            return this.encodedKey;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return Arrays.equals(this.encodedKey, ((HmacKey) obj).encodedKey);
        }

        public int hashCode() {
            return Arrays.hashCode(this.encodedKey);
        }

        public String toString() {
            return getClass().getName() + "@" + Integer.toHexString(hashCode());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PublicKey decodePublicKey(String str, SignatureKeyAlgorithm signatureKeyAlgorithm) throws SignatureException {
        return decodePublicKey(decodePemKey(str), signatureKeyAlgorithm);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey decodePrivateKey(String str, SignatureKeyAlgorithm signatureKeyAlgorithm) throws SignatureException {
        return decodePrivateKey(decodePemKey(str), signatureKeyAlgorithm);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PublicKey decodePublicKey(byte[] bArr, SignatureKeyAlgorithm signatureKeyAlgorithm) throws SignatureException {
        return signatureKeyAlgorithm.isSymmetric() ? new HmacKey(bArr) : createAsymmetricPublicKey(bArr, signatureKeyAlgorithm);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey decodePrivateKey(byte[] bArr, SignatureKeyAlgorithm signatureKeyAlgorithm) throws SignatureException {
        return signatureKeyAlgorithm.isSymmetric() ? new HmacKey(bArr) : createAsymmetricPrivateKey(bArr, signatureKeyAlgorithm);
    }

    private static PrivateKey createAsymmetricPrivateKey(byte[] bArr, SignatureKeyAlgorithm signatureKeyAlgorithm) throws SignatureException {
        try {
            return KeyFactory.getInstance(signatureKeyAlgorithm.getJvmName()).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException e) {
            throw new SignatureException(SignatureException.ErrorCode.UNKNOWN_ALGORITHM, "Unknown algorithm " + signatureKeyAlgorithm, e);
        } catch (InvalidKeySpecException e2) {
            if (signatureKeyAlgorithm != SignatureKeyAlgorithm.RSA) {
                throw getInvalidPrivateKeyException(e2);
            }
            try {
                return createAsymmetricPrivateKey(bArr, SignatureKeyAlgorithm.RSA_PSS);
            } catch (Exception e3) {
                throw getInvalidPrivateKeyException(e2);
            }
        } catch (Exception e4) {
            throw getInvalidPrivateKeyException(e4);
        }
    }

    private static SignatureException getInvalidPrivateKeyException(Exception exc) {
        return new SignatureException(SignatureException.ErrorCode.INVALID_KEY, "Invalid private key", exc);
    }

    private static SignatureException getInvalidPublicKeyException(Exception exc) {
        return new SignatureException(SignatureException.ErrorCode.INVALID_KEY, "Invalid public key", exc);
    }

    private static PublicKey createAsymmetricPublicKey(byte[] bArr, SignatureKeyAlgorithm signatureKeyAlgorithm) throws SignatureException {
        try {
            return KeyFactory.getInstance(signatureKeyAlgorithm.getJvmName()).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException e) {
            throw new SignatureException(SignatureException.ErrorCode.UNKNOWN_ALGORITHM, "Unknown algorithm " + signatureKeyAlgorithm, e);
        } catch (InvalidKeySpecException e2) {
            if (signatureKeyAlgorithm != SignatureKeyAlgorithm.RSA) {
                throw getInvalidPublicKeyException(e2);
            }
            try {
                return createAsymmetricPublicKey(bArr, SignatureKeyAlgorithm.RSA_PSS);
            } catch (Exception e3) {
                throw getInvalidPublicKeyException(e2);
            }
        } catch (Exception e4) {
            throw getInvalidPublicKeyException(e4);
        }
    }

    private static byte[] decodePemKey(String str) throws SignatureException {
        try {
            return Base64.getDecoder().decode(str.replaceAll("-----.*", "").replaceAll("[\n\r]", ""));
        } catch (Exception e) {
            throw new SignatureException(SignatureException.ErrorCode.INVALID_KEY, "Key not Base64-encoded", e);
        }
    }

    private SignatureKeyFactory() {
        throw new UnsupportedOperationException();
    }
}
