package io.helidon.security.jwt.jwk;

import io.helidon.security.jwt.JwtException;
import io.helidon.security.jwt.JwtUtil;
import java.util.LinkedList;
import java.util.List;
import java.util.Optional;
import javax.json.JsonObject;

/* loaded from: input_file:io/helidon/security/jwt/jwk/Jwk.class */
public abstract class Jwk {
    public static final String ALG_NONE = "none";
    public static final String KEY_TYPE_EC = "EC";
    public static final String KEY_TYPE_RSA = "RSA";
    public static final String KEY_TYPE_OCT = "oct";
    public static final String USE_ENCRYPTION = "enc";
    public static final String USE_SIGNATURE = "sig";
    public static final String OPERATION_SIGN = "sign";
    public static final String OPERATION_VERIFY = "verify";
    public static final String OPERATION_ENCRYPT = "encrypt";
    public static final String OPERATION_DECRYPT = "decrypt";
    public static final String OPERATION_WRAP_KEY = "wrapKey";
    public static final String OPERATION_UNWRAP_KEY = "unwrapKey";
    public static final String OPERATION_DERIVE_KEY = "deriveKey";
    public static final String OPERATION_DERIVE_BITS = "deriveBits";
    public static final String PARAM_KEY_TYPE = "kty";
    public static final String PARAM_KEY_ID = "kid";
    public static final String PARAM_ALGORITHM = "alg";
    public static final String PARAM_USE = "use";
    public static final String PARAM_OPERATIONS = "key_ops";
    public static final Jwk NONE_JWK = new NoneJwk();
    static final byte[] EMPTY_BYTES = new byte[0];
    private final String keyType;
    private final String keyId;
    private final String algorithm;
    private final Optional<String> usage;
    private final Optional<List<String>> operations;

    /* loaded from: input_file:io/helidon/security/jwt/jwk/Jwk$Builder.class */
    static abstract class Builder<T extends Builder<T>> {
        private final T myInstance = this;
        private String keyType;
        private String keyId;
        private String algorithm;
        private String usage;
        private List<String> operations;

        public T keyType(String str) {
            this.keyType = str;
            return this.myInstance;
        }

        public T keyId(String str) {
            this.keyId = str;
            return this.myInstance;
        }

        public T algorithm(String str) {
            this.algorithm = str;
            return this.myInstance;
        }

        public T usage(String str) {
            this.usage = str;
            return this.myInstance;
        }

        public T operations(List<String> list) {
            if (null == this.operations) {
                this.operations = new LinkedList();
            } else {
                this.operations.clear();
            }
            this.operations.addAll(list);
            return this.myInstance;
        }

        public T addOperation(String str) {
            if (null == this.operations) {
                this.operations = new LinkedList();
            }
            this.operations.add(str);
            return this.myInstance;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public T fromJson(JsonObject jsonObject) {
            keyType(JwtUtil.asString(jsonObject, Jwk.PARAM_KEY_TYPE, "JWK Key type"));
            keyId(JwtUtil.asString(jsonObject, Jwk.PARAM_KEY_ID, "JWK Key id"));
            JwtUtil.getString(jsonObject, Jwk.PARAM_ALGORITHM).ifPresent(this::algorithm);
            JwtUtil.getString(jsonObject, Jwk.PARAM_USE).ifPresent(this::usage);
            JwtUtil.getStrings(jsonObject, Jwk.PARAM_OPERATIONS).ifPresent(this::operations);
            return this.myInstance;
        }
    }

    /* loaded from: input_file:io/helidon/security/jwt/jwk/Jwk$NoneJwk.class */
    private static class NoneJwk extends Jwk {

        /* loaded from: input_file:io/helidon/security/jwt/jwk/Jwk$NoneJwk$Builder.class */
        private static class Builder extends Builder<Builder> {
            private Builder() {
            }
        }

        NoneJwk() {
            super(new Builder().algorithm(Jwk.ALG_NONE), Jwk.ALG_NONE);
        }

        @Override // io.helidon.security.jwt.jwk.Jwk
        public boolean doVerify(byte[] bArr, byte[] bArr2) {
            return bArr2.length == 0;
        }

        @Override // io.helidon.security.jwt.jwk.Jwk
        public byte[] doSign(byte[] bArr) {
            return EMPTY_BYTES;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Jwk(Builder<?> builder, String str) {
        this.keyId = ((Builder) builder).keyId;
        this.algorithm = (String) Optional.ofNullable(((Builder) builder).algorithm).orElse(str);
        this.keyType = ((Builder) builder).keyType;
        this.usage = Optional.ofNullable(((Builder) builder).usage);
        this.operations = Optional.ofNullable(((Builder) builder).operations);
    }

    public static Jwk create(JsonObject jsonObject) {
        String asString = JwtUtil.asString(jsonObject, PARAM_KEY_TYPE, "JWK Key type");
        boolean z = -1;
        switch (asString.hashCode()) {
            case 2206:
                if (asString.equals("EC")) {
                    z = false;
                    break;
                }
                break;
            case 81440:
                if (asString.equals("RSA")) {
                    z = true;
                    break;
                }
                break;
            case 109856:
                if (asString.equals(KEY_TYPE_OCT)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return JwkEC.create(jsonObject);
            case true:
                return JwkRSA.create(jsonObject);
            case true:
                return JwkOctet.create(jsonObject);
            default:
                throw new JwtException("Unknown JWK type: " + asString);
        }
    }

    public String keyType() {
        return this.keyType;
    }

    public String keyId() {
        return this.keyId;
    }

    public String algorithm() {
        return this.algorithm;
    }

    public Optional<String> usage() {
        return this.usage;
    }

    public Optional<List<String>> operations() {
        return this.operations;
    }

    public final boolean verifySignature(byte[] bArr, byte[] bArr2) {
        if (supports(USE_SIGNATURE, OPERATION_VERIFY)) {
            return doVerify(bArr, bArr2);
        }
        throw new JwtException("This key (" + this + ") does not support verification of requests");
    }

    abstract boolean doVerify(byte[] bArr, byte[] bArr2);

    public final byte[] sign(byte[] bArr) {
        if (supports(USE_SIGNATURE, OPERATION_SIGN)) {
            return doSign(bArr);
        }
        throw new JwtException("This key (" + this + ") does not support signing of requests");
    }

    abstract byte[] doSign(byte[] bArr);

    boolean supports(String str, String str2) {
        Boolean bool = (Boolean) this.operations.map(list -> {
            return Boolean.valueOf(list.contains(str2));
        }).or(() -> {
            return this.usage.map(str3 -> {
                return Boolean.valueOf(str3.equals(str));
            });
        }).orElse(true);
        return (bool.booleanValue() || !OPERATION_VERIFY.equals(str2)) ? bool.booleanValue() : supports(str, OPERATION_SIGN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean verifyNoneAlg(byte[] bArr) {
        return bArr.length == 0 && ALG_NONE.equals(this.algorithm);
    }

    public String toString() {
        return this.keyId + "(" + this.algorithm + ")";
    }
}
