package io.helidon.security.jwt.jwk;

import io.helidon.security.jwt.JwtException;
import io.helidon.security.jwt.JwtUtil;
import io.helidon.security.jwt.jwk.Jwk;
import io.helidon.security.jwt.jwk.JwkPki;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.json.JsonObject;

/* loaded from: input_file:io/helidon/security/jwt/jwk/JwkRSA.class */
public class JwkRSA extends JwkPki {
    public static final String SECURITY_ALGORITHM = "RSA";
    public static final String ALG_RS256 = "RS256";
    public static final String ALG_RS384 = "RS384";
    public static final String ALG_RS512 = "RS512";
    public static final String PARAM_PUB_MODULUS = "n";
    public static final String PARAM_PUB_EXP = "e";
    public static final String PARAM_EXP = "d";
    public static final String PARAM_FIRST_PRIME_FACTOR = "p";
    public static final String PARAM_SECOND_PRIME_FACTOR = "q";
    public static final String PARAM_FIRST_FACTOR_CRT_EXP = "dp";
    public static final String PARAM_SECOND_FACTOR_CRT_EXP = "dq";
    public static final String PARAM_FIRST_CRT_COEFF = "qi";
    public static final String PARAM_OTHER_PRIMES = "oth";
    private static final Map<String, String> ALG_MAP = new HashMap();

    /* loaded from: input_file:io/helidon/security/jwt/jwk/JwkRSA$Builder.class */
    public static final class Builder extends JwkPki.Builder<Builder> implements io.helidon.common.Builder<JwkRSA> {
        private PrivateKey privateKey;
        private PublicKey publicKey;

        private Builder() {
        }

        private static PublicKey toPublicKey(KeyFactory keyFactory, BigInteger bigInteger, BigInteger bigInteger2) {
            try {
                return keyFactory.generatePublic(new RSAPublicKeySpec(bigInteger, bigInteger2));
            } catch (InvalidKeySpecException e) {
                throw new JwtException("Failed to generate RSA public key", e);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static PrivateKey toPrivateKey(KeyFactory keyFactory, BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3, JsonObject jsonObject) {
            return (PrivateKey) JwtUtil.getBigInteger(jsonObject, JwkRSA.PARAM_FIRST_PRIME_FACTOR, "RSA first prime factor").map(bigInteger4 -> {
                JwtUtil.getBigInteger(jsonObject, JwkRSA.PARAM_OTHER_PRIMES, "RSA other primes info").ifPresent(bigInteger4 -> {
                    throw new JwtException("Other primes info for RSA private key is not (yet) supported");
                });
                try {
                    return keyFactory.generatePrivate(new RSAPrivateCrtKeySpec(bigInteger, bigInteger2, bigInteger3, bigInteger4, JwtUtil.asBigInteger(jsonObject, JwkRSA.PARAM_SECOND_PRIME_FACTOR, "RSA second prime factor"), JwtUtil.asBigInteger(jsonObject, JwkRSA.PARAM_FIRST_FACTOR_CRT_EXP, "RSA first factor CRT exponent"), JwtUtil.asBigInteger(jsonObject, JwkRSA.PARAM_SECOND_FACTOR_CRT_EXP, "RSA second factor CRT exponent"), JwtUtil.asBigInteger(jsonObject, JwkRSA.PARAM_FIRST_CRT_COEFF, "RSA first CRT coefficient")));
                } catch (Exception e) {
                    throw new JwtException("Failed to generate private key", e);
                }
            }).orElseGet(() -> {
                try {
                    return keyFactory.generatePrivate(new RSAPrivateKeySpec(bigInteger, bigInteger3));
                } catch (InvalidKeySpecException e) {
                    throw new JwtException("Failed to generate private key based on modulus and private exponent");
                }
            });
        }

        public Builder privateKey(RSAPrivateKey rSAPrivateKey) {
            this.privateKey = rSAPrivateKey;
            return this;
        }

        public Builder publicKey(RSAPublicKey rSAPublicKey) {
            this.publicKey = rSAPublicKey;
            return this;
        }

        @Override // io.helidon.security.jwt.jwk.JwkPki.Builder, io.helidon.security.jwt.jwk.Jwk.Builder
        public Builder fromJson(JsonObject jsonObject) {
            super.fromJson(jsonObject);
            BigInteger asBigInteger = JwtUtil.asBigInteger(jsonObject, JwkRSA.PARAM_PUB_MODULUS, "RSA modulus");
            BigInteger asBigInteger2 = JwtUtil.asBigInteger(jsonObject, JwkRSA.PARAM_PUB_EXP, "RSA exponent");
            KeyFactory keyFactory = JwtUtil.getKeyFactory("RSA");
            this.privateKey = (PrivateKey) JwtUtil.getBigInteger(jsonObject, "d", "RSA private exponent").map(bigInteger -> {
                return toPrivateKey(keyFactory, asBigInteger, asBigInteger2, bigInteger, jsonObject);
            }).orElse(null);
            this.publicKey = toPublicKey(keyFactory, asBigInteger, asBigInteger2);
            return this;
        }

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public JwkRSA m23build() {
            return new JwkRSA(this);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.jwt.jwk.JwkPki$Builder, io.helidon.security.jwt.jwk.JwkRSA$Builder] */
        @Override // io.helidon.security.jwt.jwk.JwkPki.Builder
        public /* bridge */ /* synthetic */ Builder sha256Thumbprint(byte[] bArr) {
            return super.sha256Thumbprint(bArr);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.jwt.jwk.JwkPki$Builder, io.helidon.security.jwt.jwk.JwkRSA$Builder] */
        @Override // io.helidon.security.jwt.jwk.JwkPki.Builder
        public /* bridge */ /* synthetic */ Builder sha1Thumbprint(byte[] bArr) {
            return super.sha1Thumbprint(bArr);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.jwt.jwk.JwkPki$Builder, io.helidon.security.jwt.jwk.JwkRSA$Builder] */
        @Override // io.helidon.security.jwt.jwk.JwkPki.Builder
        public /* bridge */ /* synthetic */ Builder addCertificateChain(X509Certificate x509Certificate) {
            return super.addCertificateChain(x509Certificate);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.jwt.jwk.JwkPki$Builder, io.helidon.security.jwt.jwk.JwkRSA$Builder] */
        @Override // io.helidon.security.jwt.jwk.JwkPki.Builder
        public /* bridge */ /* synthetic */ Builder certificateChain(List list) {
            return super.certificateChain(list);
        }

        @Override // io.helidon.security.jwt.jwk.Jwk.Builder
        public /* bridge */ /* synthetic */ Jwk.Builder addOperation(String str) {
            return super.addOperation(str);
        }

        @Override // io.helidon.security.jwt.jwk.Jwk.Builder
        public /* bridge */ /* synthetic */ Jwk.Builder operations(List list) {
            return super.operations(list);
        }

        @Override // io.helidon.security.jwt.jwk.Jwk.Builder
        public /* bridge */ /* synthetic */ Jwk.Builder usage(String str) {
            return super.usage(str);
        }

        @Override // io.helidon.security.jwt.jwk.Jwk.Builder
        public /* bridge */ /* synthetic */ Jwk.Builder algorithm(String str) {
            return super.algorithm(str);
        }

        @Override // io.helidon.security.jwt.jwk.Jwk.Builder
        public /* bridge */ /* synthetic */ Jwk.Builder keyId(String str) {
            return super.keyId(str);
        }

        @Override // io.helidon.security.jwt.jwk.Jwk.Builder
        public /* bridge */ /* synthetic */ Jwk.Builder keyType(String str) {
            return super.keyType(str);
        }
    }

    private JwkRSA(Builder builder) {
        super(builder, builder.privateKey, builder.publicKey, ALG_RS256);
    }

    public static Builder builder() {
        return new Builder();
    }

    public static JwkRSA create(JsonObject jsonObject) {
        return builder().fromJson(jsonObject).m23build();
    }

    @Override // io.helidon.security.jwt.jwk.JwkPki
    String signatureAlgorithm() {
        String algorithm = algorithm();
        String str = ALG_MAP.get(algorithm);
        if (null == str) {
            throw new JwtException("Unsupported algorithm for RSA: " + algorithm);
        }
        return str;
    }

    @Override // io.helidon.security.jwt.jwk.JwkPki, io.helidon.security.jwt.jwk.Jwk
    public /* bridge */ /* synthetic */ byte[] doSign(byte[] bArr) {
        return super.doSign(bArr);
    }

    @Override // io.helidon.security.jwt.jwk.JwkPki, io.helidon.security.jwt.jwk.Jwk
    public /* bridge */ /* synthetic */ boolean doVerify(byte[] bArr, byte[] bArr2) {
        return super.doVerify(bArr, bArr2);
    }

    @Override // io.helidon.security.jwt.jwk.JwkPki
    public /* bridge */ /* synthetic */ Optional sha256Thumbprint() {
        return super.sha256Thumbprint();
    }

    @Override // io.helidon.security.jwt.jwk.JwkPki
    public /* bridge */ /* synthetic */ Optional sha1Thumbprint() {
        return super.sha1Thumbprint();
    }

    @Override // io.helidon.security.jwt.jwk.JwkPki
    public /* bridge */ /* synthetic */ Optional certificateChain() {
        return super.certificateChain();
    }

    @Override // io.helidon.security.jwt.jwk.JwkPki
    public /* bridge */ /* synthetic */ PublicKey publicKey() {
        return super.publicKey();
    }

    @Override // io.helidon.security.jwt.jwk.JwkPki
    public /* bridge */ /* synthetic */ Optional privateKey() {
        return super.privateKey();
    }

    static {
        ALG_MAP.put(ALG_RS256, "SHA256withRSA");
        ALG_MAP.put(ALG_RS384, "SHA384withRSA");
        ALG_MAP.put(ALG_RS512, "SHA512withRSA");
        ALG_MAP.put(Jwk.ALG_NONE, Jwk.ALG_NONE);
    }
}
