package com.netflix.msl.crypto;

import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.io.MslArray;
import com.netflix.msl.io.MslEncodable;
import com.netflix.msl.io.MslEncoderException;
import com.netflix.msl.io.MslEncoderFactory;
import com.netflix.msl.io.MslEncoderFormat;
import com.netflix.msl.io.MslEncoderUtils;
import com.netflix.msl.io.MslObject;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class JsonWebKey implements MslEncodable {
    private static final String KEY_ALGORITHM = "alg";
    private static final String KEY_EXTRACTABLE = "extractable";
    private static final String KEY_KEY = "k";
    private static final String KEY_KEY_ID = "kid";
    private static final String KEY_KEY_OPS = "key_ops";
    private static final String KEY_MODULUS = "n";
    private static final String KEY_PRIVATE_EXPONENT = "d";
    private static final String KEY_PUBLIC_EXPONENT = "e";
    private static final String KEY_TYPE = "kty";
    private static final String KEY_USAGE = "use";
    private final Algorithm algo;
    private final boolean extractable;
    private final String id;
    private final byte[] key;
    private final Set<KeyOp> keyOps;
    private final KeyPair keyPair;
    private final SecretKey secretKey;
    private final Type type;
    private final Usage usage;

    /* loaded from: classes2.dex */
    public enum Algorithm {
        HS256("HS256"),
        RSA1_5("RSA1_5"),
        RSA_OAEP("RSA-OAEP"),
        A128KW("A128KW"),
        A128CBC("A128CBC");

        private final String name;

        Algorithm(String str) {
            this.name = str;
        }

        public static Algorithm fromString(String str) {
            for (Algorithm algorithm : values()) {
                if (algorithm.toString().equals(str)) {
                    return algorithm;
                }
            }
            throw new IllegalArgumentException("Algorithm " + str + " is unknown.");
        }

        public String getJcaAlgorithmName() {
            switch (this) {
                case HS256:
                    return JcaAlgorithm.HMAC_SHA256;
                case RSA1_5:
                case RSA_OAEP:
                    return "RSA";
                case A128KW:
                case A128CBC:
                    return "AES";
                default:
                    throw new MslInternalException("No JCA standard algorithm name defined for " + this + ".");
            }
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.name;
        }
    }

    /* loaded from: classes2.dex */
    public enum KeyOp {
        sign,
        verify,
        encrypt,
        decrypt,
        wrapKey,
        unwrapKey,
        deriveKey,
        deriveBits
    }

    /* loaded from: classes2.dex */
    public enum Type {
        rsa,
        oct
    }

    /* loaded from: classes2.dex */
    public enum Usage {
        sig,
        enc,
        wrap
    }

    public JsonWebKey(Usage usage, Algorithm algorithm, boolean z, String str, RSAPublicKey rSAPublicKey, RSAPrivateKey rSAPrivateKey) {
        if (rSAPublicKey == null && rSAPrivateKey == null) {
            throw new MslInternalException("At least one of the public key or private key must be provided.");
        }
        if (algorithm != null) {
            switch (algorithm) {
                case RSA1_5:
                case RSA_OAEP:
                    break;
                default:
                    throw new MslInternalException("The algorithm must be an RSA algorithm.");
            }
        }
        this.type = Type.rsa;
        this.usage = usage;
        this.keyOps = null;
        this.algo = algorithm;
        this.extractable = z;
        this.id = str;
        this.keyPair = new KeyPair(rSAPublicKey, rSAPrivateKey);
        this.key = null;
        this.secretKey = null;
    }

    public JsonWebKey(Usage usage, Algorithm algorithm, boolean z, String str, SecretKey secretKey) {
        if (algorithm != null) {
            switch (algorithm) {
                case HS256:
                case A128KW:
                case A128CBC:
                    break;
                case RSA1_5:
                case RSA_OAEP:
                default:
                    throw new MslInternalException("The algorithm must be a symmetric key algorithm.");
            }
        }
        this.type = Type.oct;
        this.usage = usage;
        this.keyOps = null;
        this.algo = algorithm;
        this.extractable = z;
        this.id = str;
        this.keyPair = null;
        this.key = secretKey.getEncoded();
        this.secretKey = secretKey;
    }

    public JsonWebKey(MslObject mslObject) {
        HashSet hashSet;
        Usage valueOf;
        Algorithm fromString;
        PublicKey publicKey;
        PrivateKey privateKey;
        try {
            String string = mslObject.getString(KEY_TYPE);
            String string2 = mslObject.has(KEY_USAGE) ? mslObject.getString(KEY_USAGE) : null;
            if (mslObject.has(KEY_KEY_OPS)) {
                HashSet hashSet2 = new HashSet();
                MslArray mslArray = mslObject.getMslArray(KEY_KEY_OPS);
                for (int i = 0; i < mslArray.size(); i++) {
                    hashSet2.add(mslArray.getString(i));
                }
                hashSet = hashSet2;
            } else {
                hashSet = null;
            }
            String string3 = mslObject.has(KEY_ALGORITHM) ? mslObject.getString(KEY_ALGORITHM) : null;
            this.extractable = mslObject.has(KEY_EXTRACTABLE) ? mslObject.getBoolean(KEY_EXTRACTABLE) : false;
            this.id = mslObject.has(KEY_KEY_ID) ? mslObject.getString(KEY_KEY_ID) : null;
            try {
                this.type = Type.valueOf(string);
                if (string2 != null) {
                    try {
                        valueOf = Usage.valueOf(string2);
                    } catch (IllegalArgumentException e) {
                        throw new MslCryptoException(MslError.UNIDENTIFIED_JWK_USAGE, string2, e);
                    }
                } else {
                    valueOf = null;
                }
                this.usage = valueOf;
                if (hashSet != null) {
                    EnumSet noneOf = EnumSet.noneOf(KeyOp.class);
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        try {
                            noneOf.add(KeyOp.valueOf((String) it.next()));
                        } catch (IllegalArgumentException e2) {
                            throw new MslCryptoException(MslError.UNIDENTIFIED_JWK_KEYOP, string2, e2);
                        }
                    }
                    this.keyOps = Collections.unmodifiableSet(noneOf);
                } else {
                    this.keyOps = null;
                }
                if (string3 != null) {
                    try {
                        fromString = Algorithm.fromString(string3);
                    } catch (IllegalArgumentException e3) {
                        throw new MslCryptoException(MslError.UNIDENTIFIED_JWK_ALGORITHM, string3, e3);
                    }
                } else {
                    fromString = null;
                }
                this.algo = fromString;
                try {
                    if (this.type == Type.oct) {
                        this.key = MslEncoderUtils.b64urlDecode(mslObject.getString(KEY_KEY));
                        if (this.key == null || this.key.length == 0) {
                            throw new MslCryptoException(MslError.INVALID_JWK_KEYDATA, "symmetric key is empty");
                        }
                        this.secretKey = this.algo != null ? new SecretKeySpec(this.key, this.algo.getJcaAlgorithmName()) : null;
                        this.keyPair = null;
                        return;
                    }
                    this.key = null;
                    KeyFactory keyFactory = CryptoCache.getKeyFactory("RSA");
                    byte[] b64urlDecode = MslEncoderUtils.b64urlDecode(mslObject.getString(KEY_MODULUS));
                    if (b64urlDecode == null || b64urlDecode.length == 0) {
                        throw new MslCryptoException(MslError.INVALID_JWK_KEYDATA, "modulus is empty");
                    }
                    BigInteger bigInteger = new BigInteger(1, b64urlDecode);
                    if (mslObject.has(KEY_PUBLIC_EXPONENT)) {
                        byte[] b64urlDecode2 = MslEncoderUtils.b64urlDecode(mslObject.getString(KEY_PUBLIC_EXPONENT));
                        if (b64urlDecode2 == null || b64urlDecode2.length == 0) {
                            throw new MslCryptoException(MslError.INVALID_JWK_KEYDATA, "public exponent is empty");
                        }
                        publicKey = keyFactory.generatePublic(new RSAPublicKeySpec(bigInteger, new BigInteger(1, b64urlDecode2)));
                    } else {
                        publicKey = null;
                    }
                    if (mslObject.has(KEY_PRIVATE_EXPONENT)) {
                        byte[] b64urlDecode3 = MslEncoderUtils.b64urlDecode(mslObject.getString(KEY_PRIVATE_EXPONENT));
                        if (b64urlDecode3 == null || b64urlDecode3.length == 0) {
                            throw new MslCryptoException(MslError.INVALID_JWK_KEYDATA, "private exponent is empty");
                        }
                        privateKey = keyFactory.generatePrivate(new RSAPrivateKeySpec(bigInteger, new BigInteger(1, b64urlDecode3)));
                    } else {
                        privateKey = null;
                    }
                    if (publicKey == null && privateKey == null) {
                        throw new MslEncodingException(MslError.MSL_PARSE_ERROR, "no public or private key");
                    }
                    this.keyPair = new KeyPair(publicKey, privateKey);
                    this.secretKey = null;
                } catch (MslEncoderException e4) {
                    throw new MslEncodingException(MslError.MSL_PARSE_ERROR, e4);
                } catch (NoSuchAlgorithmException e5) {
                    throw new MslCryptoException(MslError.UNSUPPORTED_JWK_ALGORITHM, e5);
                } catch (InvalidKeySpecException e6) {
                    throw new MslCryptoException(MslError.INVALID_JWK_KEYDATA, e6);
                }
            } catch (IllegalArgumentException e7) {
                throw new MslCryptoException(MslError.UNIDENTIFIED_JWK_TYPE, string, e7);
            }
        } catch (MslEncoderException e8) {
            throw new MslEncodingException(MslError.MSL_PARSE_ERROR, "jwk " + mslObject, e8);
        }
    }

    public JsonWebKey(Set<KeyOp> set, Algorithm algorithm, boolean z, String str, RSAPublicKey rSAPublicKey, RSAPrivateKey rSAPrivateKey) {
        if (rSAPublicKey == null && rSAPrivateKey == null) {
            throw new MslInternalException("At least one of the public key or private key must be provided.");
        }
        if (algorithm != null) {
            switch (algorithm) {
                case RSA1_5:
                case RSA_OAEP:
                    break;
                default:
                    throw new MslInternalException("The algorithm must be an RSA algorithm.");
            }
        }
        this.type = Type.rsa;
        this.usage = null;
        this.keyOps = set != null ? Collections.unmodifiableSet(set) : null;
        this.algo = algorithm;
        this.extractable = z;
        this.id = str;
        this.keyPair = new KeyPair(rSAPublicKey, rSAPrivateKey);
        this.key = null;
        this.secretKey = null;
    }

    public JsonWebKey(Set<KeyOp> set, Algorithm algorithm, boolean z, String str, SecretKey secretKey) {
        if (algorithm != null) {
            switch (algorithm) {
                case HS256:
                case A128KW:
                case A128CBC:
                    break;
                case RSA1_5:
                case RSA_OAEP:
                default:
                    throw new MslInternalException("The algorithm must be a symmetric key algorithm.");
            }
        }
        this.type = Type.oct;
        this.usage = null;
        this.keyOps = set != null ? Collections.unmodifiableSet(set) : null;
        this.algo = algorithm;
        this.extractable = z;
        this.id = str;
        this.keyPair = null;
        this.key = secretKey.getEncoded();
        this.secretKey = secretKey;
    }

    private static byte[] bi2bytes(BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        return Arrays.copyOfRange(byteArray, byteArray.length - ((int) Math.ceil(bigInteger.bitLength() / 8.0d)), byteArray.length);
    }

    public Algorithm getAlgorithm() {
        return this.algo;
    }

    public String getId() {
        return this.id;
    }

    public Set<KeyOp> getKeyOps() {
        return this.keyOps;
    }

    public KeyPair getRsaKeyPair() {
        return this.keyPair;
    }

    public SecretKey getSecretKey() {
        return this.secretKey;
    }

    public SecretKey getSecretKey(String str) {
        if (this.secretKey != null) {
            return this.secretKey;
        }
        if (this.key == null) {
            return null;
        }
        try {
            return new SecretKeySpec(this.key, str);
        } catch (IllegalArgumentException e) {
            throw new MslCryptoException(MslError.INVALID_SYMMETRIC_KEY, e);
        }
    }

    public Type getType() {
        return this.type;
    }

    public Usage getUsage() {
        return this.usage;
    }

    public boolean isExtractable() {
        return this.extractable;
    }

    @Override // com.netflix.msl.io.MslEncodable
    public byte[] toMslEncoding(MslEncoderFactory mslEncoderFactory, MslEncoderFormat mslEncoderFormat) {
        try {
            MslObject createObject = mslEncoderFactory.createObject();
            createObject.put(KEY_TYPE, this.type.name());
            if (this.usage != null) {
                createObject.put(KEY_USAGE, this.usage.name());
            }
            if (this.keyOps != null) {
                MslArray createArray = mslEncoderFactory.createArray();
                Iterator<KeyOp> it = this.keyOps.iterator();
                while (it.hasNext()) {
                    createArray.put(-1, it.next().name());
                }
                createObject.put(KEY_KEY_OPS, createArray);
            }
            if (this.algo != null) {
                createObject.put(KEY_ALGORITHM, this.algo.toString());
            }
            createObject.put(KEY_EXTRACTABLE, Boolean.valueOf(this.extractable));
            if (this.id != null) {
                createObject.put(KEY_KEY_ID, this.id);
            }
            if (this.type == Type.oct) {
                createObject.put(KEY_KEY, MslEncoderUtils.b64urlEncode(this.key));
            } else {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) this.keyPair.getPublic();
                RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) this.keyPair.getPrivate();
                createObject.put(KEY_MODULUS, MslEncoderUtils.b64urlEncode(bi2bytes(rSAPublicKey != null ? rSAPublicKey.getModulus() : rSAPrivateKey.getModulus())));
                if (rSAPublicKey != null) {
                    createObject.put(KEY_PUBLIC_EXPONENT, MslEncoderUtils.b64urlEncode(bi2bytes(rSAPublicKey.getPublicExponent())));
                }
                if (rSAPrivateKey != null) {
                    createObject.put(KEY_PRIVATE_EXPONENT, MslEncoderUtils.b64urlEncode(bi2bytes(rSAPrivateKey.getPrivateExponent())));
                }
            }
            return mslEncoderFactory.encodeObject(createObject, MslEncoderFormat.JSON);
        } catch (MslEncoderException e) {
            throw new MslInternalException("Error encoding " + getClass().getName() + ".", e);
        }
    }
}
