package com.nimbusds.jose.e0;

import com.nimbusds.jose.JOSEException;
import java.math.BigInteger;
import java.net.URI;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;

/* compiled from: ECKey.java */
/* loaded from: classes4.dex */
public final class d extends f implements com.nimbusds.jose.e0.a, c {
    public static final Set<b> SUPPORTED_CURVES = Collections.unmodifiableSet(new HashSet(Arrays.asList(b.P_256, b.P_256K, b.P_384, b.P_521)));
    private static final long serialVersionUID = 1;
    private final b crv;
    private final com.nimbusds.jose.util.d d;
    private final PrivateKey privateKey;
    private final com.nimbusds.jose.util.d x;
    private final com.nimbusds.jose.util.d y;

    /* compiled from: ECKey.java */
    /* loaded from: classes4.dex */
    public static class a {
        private final b a;
        private final com.nimbusds.jose.util.d b;
        private final com.nimbusds.jose.util.d c;
        private com.nimbusds.jose.util.d d;

        /* renamed from: e, reason: collision with root package name */
        private PrivateKey f3008e;

        /* renamed from: f, reason: collision with root package name */
        private j f3009f;

        /* renamed from: g, reason: collision with root package name */
        private Set<h> f3010g;

        /* renamed from: h, reason: collision with root package name */
        private com.nimbusds.jose.a f3011h;

        /* renamed from: i, reason: collision with root package name */
        private String f3012i;

        /* renamed from: j, reason: collision with root package name */
        private URI f3013j;

        /* renamed from: k, reason: collision with root package name */
        @Deprecated
        private com.nimbusds.jose.util.d f3014k;

        /* renamed from: l, reason: collision with root package name */
        private com.nimbusds.jose.util.d f3015l;

        /* renamed from: m, reason: collision with root package name */
        private List<com.nimbusds.jose.util.b> f3016m;

        /* renamed from: n, reason: collision with root package name */
        private KeyStore f3017n;

        public a(b bVar, com.nimbusds.jose.util.d dVar, com.nimbusds.jose.util.d dVar2) {
            if (bVar == null) {
                throw new IllegalArgumentException("The curve must not be null");
            }
            this.a = bVar;
            if (dVar == null) {
                throw new IllegalArgumentException("The 'x' coordinate must not be null");
            }
            this.b = dVar;
            if (dVar2 == null) {
                throw new IllegalArgumentException("The 'y' coordinate must not be null");
            }
            this.c = dVar2;
        }

        public a(b bVar, ECPublicKey eCPublicKey) {
            this(bVar, d.encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), d.encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()));
        }

        public a(d dVar) {
            this.a = dVar.crv;
            this.b = dVar.x;
            this.c = dVar.y;
            this.d = dVar.d;
            this.f3008e = dVar.privateKey;
            this.f3009f = dVar.getKeyUse();
            this.f3010g = dVar.getKeyOperations();
            this.f3011h = dVar.getAlgorithm();
            this.f3012i = dVar.getKeyID();
            this.f3013j = dVar.getX509CertURL();
            this.f3014k = dVar.getX509CertThumbprint();
            this.f3015l = dVar.getX509CertSHA256Thumbprint();
            this.f3016m = dVar.getX509CertChain();
            this.f3017n = dVar.getKeyStore();
        }

        public a algorithm(com.nimbusds.jose.a aVar) {
            this.f3011h = aVar;
            return this;
        }

        public d build() {
            try {
                return (this.d == null && this.f3008e == null) ? new d(this.a, this.b, this.c, this.f3009f, this.f3010g, this.f3011h, this.f3012i, this.f3013j, this.f3014k, this.f3015l, this.f3016m, this.f3017n) : this.f3008e != null ? new d(this.a, this.b, this.c, this.f3008e, this.f3009f, this.f3010g, this.f3011h, this.f3012i, this.f3013j, this.f3014k, this.f3015l, this.f3016m, this.f3017n) : new d(this.a, this.b, this.c, this.d, this.f3009f, this.f3010g, this.f3011h, this.f3012i, this.f3013j, this.f3014k, this.f3015l, this.f3016m, this.f3017n);
            } catch (IllegalArgumentException e2) {
                throw new IllegalStateException(e2.getMessage(), e2);
            }
        }

        public a d(com.nimbusds.jose.util.d dVar) {
            this.d = dVar;
            return this;
        }

        public a keyID(String str) {
            this.f3012i = str;
            return this;
        }

        public a keyIDFromThumbprint() throws JOSEException {
            return keyIDFromThumbprint("SHA-256");
        }

        public a keyIDFromThumbprint(String str) throws JOSEException {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("crv", this.a.toString());
            linkedHashMap.put("kty", i.EC.getValue());
            linkedHashMap.put("x", this.b.toString());
            linkedHashMap.put("y", this.c.toString());
            this.f3012i = q.compute(str, (LinkedHashMap<String, ?>) linkedHashMap).toString();
            return this;
        }

        public a keyOperations(Set<h> set) {
            this.f3010g = set;
            return this;
        }

        public a keyStore(KeyStore keyStore) {
            this.f3017n = keyStore;
            return this;
        }

        public a keyUse(j jVar) {
            this.f3009f = jVar;
            return this;
        }

        public a privateKey(PrivateKey privateKey) {
            if (privateKey instanceof ECPrivateKey) {
                return privateKey((ECPrivateKey) privateKey);
            }
            if (!"EC".equalsIgnoreCase(privateKey.getAlgorithm())) {
                throw new IllegalArgumentException("The private key algorithm must be EC");
            }
            this.f3008e = privateKey;
            return this;
        }

        public a privateKey(ECPrivateKey eCPrivateKey) {
            if (eCPrivateKey != null) {
                this.d = d.encodeCoordinate(eCPrivateKey.getParams().getCurve().getField().getFieldSize(), eCPrivateKey.getS());
            }
            return this;
        }

        public a x509CertChain(List<com.nimbusds.jose.util.b> list) {
            this.f3016m = list;
            return this;
        }

        public a x509CertSHA256Thumbprint(com.nimbusds.jose.util.d dVar) {
            this.f3015l = dVar;
            return this;
        }

        @Deprecated
        public a x509CertThumbprint(com.nimbusds.jose.util.d dVar) {
            this.f3014k = dVar;
            return this;
        }

        public a x509CertURL(URI uri) {
            this.f3013j = uri;
            return this;
        }
    }

    public d(b bVar, com.nimbusds.jose.util.d dVar, com.nimbusds.jose.util.d dVar2, j jVar, Set<h> set, com.nimbusds.jose.a aVar, String str, URI uri, com.nimbusds.jose.util.d dVar3, com.nimbusds.jose.util.d dVar4, List<com.nimbusds.jose.util.b> list, KeyStore keyStore) {
        super(i.EC, jVar, set, aVar, str, uri, dVar3, dVar4, list, keyStore);
        if (bVar == null) {
            throw new IllegalArgumentException("The curve must not be null");
        }
        this.crv = bVar;
        if (dVar == null) {
            throw new IllegalArgumentException("The 'x' coordinate must not be null");
        }
        this.x = dVar;
        if (dVar2 == null) {
            throw new IllegalArgumentException("The 'y' coordinate must not be null");
        }
        this.y = dVar2;
        ensurePublicCoordinatesOnCurve(bVar, dVar, dVar2);
        ensureMatches(getParsedX509CertChain());
        this.d = null;
        this.privateKey = null;
    }

    public d(b bVar, com.nimbusds.jose.util.d dVar, com.nimbusds.jose.util.d dVar2, com.nimbusds.jose.util.d dVar3, j jVar, Set<h> set, com.nimbusds.jose.a aVar, String str, URI uri, com.nimbusds.jose.util.d dVar4, com.nimbusds.jose.util.d dVar5, List<com.nimbusds.jose.util.b> list, KeyStore keyStore) {
        super(i.EC, jVar, set, aVar, str, uri, dVar4, dVar5, list, keyStore);
        if (bVar == null) {
            throw new IllegalArgumentException("The curve must not be null");
        }
        this.crv = bVar;
        if (dVar == null) {
            throw new IllegalArgumentException("The 'x' coordinate must not be null");
        }
        this.x = dVar;
        if (dVar2 == null) {
            throw new IllegalArgumentException("The 'y' coordinate must not be null");
        }
        this.y = dVar2;
        ensurePublicCoordinatesOnCurve(bVar, dVar, dVar2);
        ensureMatches(getParsedX509CertChain());
        if (dVar3 == null) {
            throw new IllegalArgumentException("The 'd' coordinate must not be null");
        }
        this.d = dVar3;
        this.privateKey = null;
    }

    public d(b bVar, com.nimbusds.jose.util.d dVar, com.nimbusds.jose.util.d dVar2, PrivateKey privateKey, j jVar, Set<h> set, com.nimbusds.jose.a aVar, String str, URI uri, com.nimbusds.jose.util.d dVar3, com.nimbusds.jose.util.d dVar4, List<com.nimbusds.jose.util.b> list, KeyStore keyStore) {
        super(i.EC, jVar, set, aVar, str, uri, dVar3, dVar4, list, keyStore);
        if (bVar == null) {
            throw new IllegalArgumentException("The curve must not be null");
        }
        this.crv = bVar;
        if (dVar == null) {
            throw new IllegalArgumentException("The 'x' coordinate must not be null");
        }
        this.x = dVar;
        if (dVar2 == null) {
            throw new IllegalArgumentException("The 'y' coordinate must not be null");
        }
        this.y = dVar2;
        ensurePublicCoordinatesOnCurve(bVar, dVar, dVar2);
        ensureMatches(getParsedX509CertChain());
        this.d = null;
        this.privateKey = privateKey;
    }

    public d(b bVar, ECPublicKey eCPublicKey, j jVar, Set<h> set, com.nimbusds.jose.a aVar, String str, URI uri, com.nimbusds.jose.util.d dVar, com.nimbusds.jose.util.d dVar2, List<com.nimbusds.jose.util.b> list, KeyStore keyStore) {
        this(bVar, encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()), jVar, set, aVar, str, uri, dVar, dVar2, list, keyStore);
    }

    public d(b bVar, ECPublicKey eCPublicKey, PrivateKey privateKey, j jVar, Set<h> set, com.nimbusds.jose.a aVar, String str, URI uri, com.nimbusds.jose.util.d dVar, com.nimbusds.jose.util.d dVar2, List<com.nimbusds.jose.util.b> list, KeyStore keyStore) {
        this(bVar, encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()), privateKey, jVar, set, aVar, str, uri, dVar, dVar2, list, keyStore);
    }

    public d(b bVar, ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, j jVar, Set<h> set, com.nimbusds.jose.a aVar, String str, URI uri, com.nimbusds.jose.util.d dVar, com.nimbusds.jose.util.d dVar2, List<com.nimbusds.jose.util.b> list, KeyStore keyStore) {
        this(bVar, encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()), encodeCoordinate(eCPrivateKey.getParams().getCurve().getField().getFieldSize(), eCPrivateKey.getS()), jVar, set, aVar, str, uri, dVar, dVar2, list, keyStore);
    }

    public static com.nimbusds.jose.util.d encodeCoordinate(int i2, BigInteger bigInteger) {
        byte[] bytesUnsigned = com.nimbusds.jose.util.e.toBytesUnsigned(bigInteger);
        int i3 = (i2 + 7) / 8;
        if (bytesUnsigned.length >= i3) {
            return com.nimbusds.jose.util.d.encode(bytesUnsigned);
        }
        byte[] bArr = new byte[i3];
        System.arraycopy(bytesUnsigned, 0, bArr, i3 - bytesUnsigned.length, bytesUnsigned.length);
        return com.nimbusds.jose.util.d.encode(bArr);
    }

    private void ensureMatches(List<X509Certificate> list) {
        if (list != null && !matches(list.get(0))) {
            throw new IllegalArgumentException("The public subject key info of the first X.509 certificate in the chain must match the JWK type and public parameters");
        }
    }

    private static void ensurePublicCoordinatesOnCurve(b bVar, com.nimbusds.jose.util.d dVar, com.nimbusds.jose.util.d dVar2) {
        if (!SUPPORTED_CURVES.contains(bVar)) {
            throw new IllegalArgumentException("Unknown / unsupported curve: " + bVar);
        }
        if (com.nimbusds.jose.c0.j.b.isPointOnCurve(dVar.decodeToBigInteger(), dVar2.decodeToBigInteger(), bVar.toECParameterSpec())) {
            return;
        }
        throw new IllegalArgumentException("Invalid EC JWK: The 'x' and 'y' public coordinates are not on the " + bVar + " curve");
    }

    public static d load(KeyStore keyStore, String str, char[] cArr) throws KeyStoreException, JOSEException {
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate == null || !(certificate instanceof X509Certificate)) {
            return null;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!(x509Certificate.getPublicKey() instanceof ECPublicKey)) {
            throw new JOSEException("Couldn't load EC JWK: The key algorithm is not EC");
        }
        d build = new a(parse(x509Certificate)).keyID(str).keyStore(keyStore).build();
        try {
            Key key = keyStore.getKey(str, cArr);
            return key instanceof ECPrivateKey ? new a(build).privateKey((ECPrivateKey) key).build() : ((key instanceof PrivateKey) && "EC".equalsIgnoreCase(key.getAlgorithm())) ? new a(build).privateKey((PrivateKey) key).build() : build;
        } catch (NoSuchAlgorithmException | UnrecoverableKeyException e2) {
            throw new JOSEException("Couldn't retrieve private EC key (bad pin?): " + e2.getMessage(), e2);
        }
    }

    public static d parse(String str) throws ParseException {
        return parse(com.nimbusds.jose.util.k.parse(str));
    }

    public static d parse(X509Certificate x509Certificate) throws JOSEException {
        if (!(x509Certificate.getPublicKey() instanceof ECPublicKey)) {
            throw new JOSEException("The public key of the X.509 certificate is not EC");
        }
        ECPublicKey eCPublicKey = (ECPublicKey) x509Certificate.getPublicKey();
        try {
            String obj = new JcaX509CertificateHolder(x509Certificate).getSubjectPublicKeyInfo().getAlgorithm().getParameters().toString();
            b forOID = b.forOID(obj);
            if (forOID != null) {
                return new a(forOID, eCPublicKey).keyUse(j.from(x509Certificate)).keyID(x509Certificate.getSerialNumber().toString(10)).x509CertChain(Collections.singletonList(com.nimbusds.jose.util.b.encode(x509Certificate.getEncoded()))).x509CertSHA256Thumbprint(com.nimbusds.jose.util.d.encode(MessageDigest.getInstance("SHA-256").digest(x509Certificate.getEncoded()))).build();
            }
            throw new JOSEException("Couldn't determine EC JWK curve for OID " + obj);
        } catch (NoSuchAlgorithmException e2) {
            throw new JOSEException("Couldn't encode x5t parameter: " + e2.getMessage(), e2);
        } catch (CertificateEncodingException e3) {
            throw new JOSEException("Couldn't encode x5c parameter: " + e3.getMessage(), e3);
        }
    }

    public static d parse(m.a.a.d dVar) throws ParseException {
        b parse = b.parse(com.nimbusds.jose.util.k.getString(dVar, "crv"));
        com.nimbusds.jose.util.d dVar2 = new com.nimbusds.jose.util.d(com.nimbusds.jose.util.k.getString(dVar, "x"));
        com.nimbusds.jose.util.d dVar3 = new com.nimbusds.jose.util.d(com.nimbusds.jose.util.k.getString(dVar, "y"));
        if (g.d(dVar) != i.EC) {
            throw new ParseException("The key type \"kty\" must be EC", 0);
        }
        com.nimbusds.jose.util.d dVar4 = dVar.get(g.h.a.b.d.TAG) != null ? new com.nimbusds.jose.util.d(com.nimbusds.jose.util.k.getString(dVar, g.h.a.b.d.TAG)) : null;
        try {
            return dVar4 == null ? new d(parse, dVar2, dVar3, g.e(dVar), g.c(dVar), g.a(dVar), g.b(dVar), g.i(dVar), g.h(dVar), g.g(dVar), g.f(dVar), (KeyStore) null) : new d(parse, dVar2, dVar3, dVar4, g.e(dVar), g.c(dVar), g.a(dVar), g.b(dVar), g.i(dVar), g.h(dVar), g.g(dVar), g.f(dVar), (KeyStore) null);
        } catch (IllegalArgumentException e2) {
            throw new ParseException(e2.getMessage(), 0);
        }
    }

    @Override // com.nimbusds.jose.e0.f
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof d) || !super.equals(obj)) {
            return false;
        }
        d dVar = (d) obj;
        return Objects.equals(this.crv, dVar.crv) && Objects.equals(this.x, dVar.x) && Objects.equals(this.y, dVar.y) && Objects.equals(this.d, dVar.d) && Objects.equals(this.privateKey, dVar.privateKey);
    }

    @Override // com.nimbusds.jose.e0.c
    public b getCurve() {
        return this.crv;
    }

    public com.nimbusds.jose.util.d getD() {
        return this.d;
    }

    @Override // com.nimbusds.jose.e0.f
    public LinkedHashMap<String, ?> getRequiredParams() {
        LinkedHashMap<String, ?> linkedHashMap = new LinkedHashMap<>();
        linkedHashMap.put("crv", this.crv.toString());
        linkedHashMap.put("kty", getKeyType().getValue());
        linkedHashMap.put("x", this.x.toString());
        linkedHashMap.put("y", this.y.toString());
        return linkedHashMap;
    }

    public com.nimbusds.jose.util.d getX() {
        return this.x;
    }

    public com.nimbusds.jose.util.d getY() {
        return this.y;
    }

    @Override // com.nimbusds.jose.e0.f
    public int hashCode() {
        return Objects.hash(Integer.valueOf(super.hashCode()), this.crv, this.x, this.y, this.d, this.privateKey);
    }

    @Override // com.nimbusds.jose.e0.f
    public boolean isPrivate() {
        return (this.d == null && this.privateKey == null) ? false : true;
    }

    @Override // com.nimbusds.jose.e0.a
    public boolean matches(X509Certificate x509Certificate) {
        try {
            ECPublicKey eCPublicKey = (ECPublicKey) getParsedX509CertChain().get(0).getPublicKey();
            return getX().decodeToBigInteger().equals(eCPublicKey.getW().getAffineX()) && getY().decodeToBigInteger().equals(eCPublicKey.getW().getAffineY());
        } catch (ClassCastException unused) {
            return false;
        }
    }

    @Override // com.nimbusds.jose.e0.f
    public int size() {
        ECParameterSpec eCParameterSpec = this.crv.toECParameterSpec();
        if (eCParameterSpec != null) {
            return eCParameterSpec.getCurve().getField().getFieldSize();
        }
        throw new UnsupportedOperationException("Couldn't determine field size for curve " + this.crv.getName());
    }

    public ECPrivateKey toECPrivateKey() throws JOSEException {
        return toECPrivateKey(null);
    }

    public ECPrivateKey toECPrivateKey(Provider provider) throws JOSEException {
        if (this.d == null) {
            return null;
        }
        ECParameterSpec eCParameterSpec = this.crv.toECParameterSpec();
        if (eCParameterSpec != null) {
            try {
                return (ECPrivateKey) (provider == null ? KeyFactory.getInstance("EC") : KeyFactory.getInstance("EC", provider)).generatePrivate(new ECPrivateKeySpec(this.d.decodeToBigInteger(), eCParameterSpec));
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
                throw new JOSEException(e2.getMessage(), e2);
            }
        }
        throw new JOSEException("Couldn't get EC parameter spec for curve " + this.crv);
    }

    public ECPublicKey toECPublicKey() throws JOSEException {
        return toECPublicKey(null);
    }

    public ECPublicKey toECPublicKey(Provider provider) throws JOSEException {
        ECParameterSpec eCParameterSpec = this.crv.toECParameterSpec();
        if (eCParameterSpec != null) {
            try {
                return (ECPublicKey) (provider == null ? KeyFactory.getInstance("EC") : KeyFactory.getInstance("EC", provider)).generatePublic(new ECPublicKeySpec(new ECPoint(this.x.decodeToBigInteger(), this.y.decodeToBigInteger()), eCParameterSpec));
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
                throw new JOSEException(e2.getMessage(), e2);
            }
        }
        throw new JOSEException("Couldn't get EC parameter spec for curve " + this.crv);
    }

    @Override // com.nimbusds.jose.e0.f
    public m.a.a.d toJSONObject() {
        m.a.a.d jSONObject = super.toJSONObject();
        jSONObject.put("crv", this.crv.toString());
        jSONObject.put("x", this.x.toString());
        jSONObject.put("y", this.y.toString());
        com.nimbusds.jose.util.d dVar = this.d;
        if (dVar != null) {
            jSONObject.put(g.h.a.b.d.TAG, dVar.toString());
        }
        return jSONObject;
    }

    @Override // com.nimbusds.jose.e0.a
    public KeyPair toKeyPair() throws JOSEException {
        return toKeyPair(null);
    }

    public KeyPair toKeyPair(Provider provider) throws JOSEException {
        return this.privateKey != null ? new KeyPair(toECPublicKey(provider), this.privateKey) : new KeyPair(toECPublicKey(provider), toECPrivateKey(provider));
    }

    @Override // com.nimbusds.jose.e0.a
    public PrivateKey toPrivateKey() throws JOSEException {
        ECPrivateKey eCPrivateKey = toECPrivateKey();
        return eCPrivateKey != null ? eCPrivateKey : this.privateKey;
    }

    @Override // com.nimbusds.jose.e0.f
    public d toPublicJWK() {
        return new d(getCurve(), getX(), getY(), getKeyUse(), getKeyOperations(), getAlgorithm(), getKeyID(), getX509CertURL(), getX509CertThumbprint(), getX509CertSHA256Thumbprint(), getX509CertChain(), getKeyStore());
    }

    @Override // com.nimbusds.jose.e0.a
    public PublicKey toPublicKey() throws JOSEException {
        return toECPublicKey();
    }
}
