package com.nimbusds.jose.jwk;

import androidx.compose.foundation.text.s0;
import com.google.android.play.core.assetpacks.m0;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import j7.j;
import j9.b;
import j9.d;
import j9.e;
import j9.f;
import java.math.BigInteger;
import java.net.URI;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import lib.android.paypal.com.magnessdk.i;
import net.jcip.annotations.Immutable;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;

@Immutable
/* loaded from: classes2.dex */
public final class ECKey extends d implements j9.a, b {
    public static final Set<Curve> SUPPORTED_CURVES = Collections.unmodifiableSet(new HashSet(Arrays.asList(Curve.P_256, Curve.SECP256K1, Curve.P_384, Curve.P_521)));
    private static final long serialVersionUID = 1;
    private final Curve crv;

    /* renamed from: d, reason: collision with root package name */
    private final Base64URL f14075d;
    private final PrivateKey privateKey;

    /* renamed from: x, reason: collision with root package name */
    private final Base64URL f14076x;
    private final Base64URL y;

    public ECKey(Curve curve, Base64URL base64URL, Base64URL base64URL2, Base64URL base64URL3, f fVar, Set<e> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL4, Base64URL base64URL5, List<Base64> list, KeyStore keyStore) {
        super(KeyType.EC, fVar, set, algorithm, str, uri, base64URL4, base64URL5, list, keyStore);
        if (curve == null) {
            throw new IllegalArgumentException("The curve must not be null");
        }
        this.crv = curve;
        if (base64URL == null) {
            throw new IllegalArgumentException("The 'x' coordinate must not be null");
        }
        this.f14076x = base64URL;
        if (base64URL2 == null) {
            throw new IllegalArgumentException("The 'y' coordinate must not be null");
        }
        this.y = base64URL2;
        ensurePublicCoordinatesOnCurve(curve, base64URL, base64URL2);
        ensureMatches(getParsedX509CertChain());
        if (base64URL3 == null) {
            throw new IllegalArgumentException("The 'd' coordinate must not be null");
        }
        this.f14075d = base64URL3;
        this.privateKey = null;
    }

    public ECKey(Curve curve, Base64URL base64URL, Base64URL base64URL2, f fVar, Set<e> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL3, Base64URL base64URL4, List<Base64> list, KeyStore keyStore) {
        super(KeyType.EC, fVar, set, algorithm, str, uri, base64URL3, base64URL4, list, keyStore);
        if (curve == null) {
            throw new IllegalArgumentException("The curve must not be null");
        }
        this.crv = curve;
        if (base64URL == null) {
            throw new IllegalArgumentException("The 'x' coordinate must not be null");
        }
        this.f14076x = base64URL;
        if (base64URL2 == null) {
            throw new IllegalArgumentException("The 'y' coordinate must not be null");
        }
        this.y = base64URL2;
        ensurePublicCoordinatesOnCurve(curve, base64URL, base64URL2);
        ensureMatches(getParsedX509CertChain());
        this.f14075d = null;
        this.privateKey = null;
    }

    public ECKey(Curve curve, Base64URL base64URL, Base64URL base64URL2, PrivateKey privateKey, f fVar, Set<e> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL3, Base64URL base64URL4, List<Base64> list, KeyStore keyStore) {
        super(KeyType.EC, fVar, set, algorithm, str, uri, base64URL3, base64URL4, list, keyStore);
        if (curve == null) {
            throw new IllegalArgumentException("The curve must not be null");
        }
        this.crv = curve;
        if (base64URL == null) {
            throw new IllegalArgumentException("The 'x' coordinate must not be null");
        }
        this.f14076x = base64URL;
        if (base64URL2 == null) {
            throw new IllegalArgumentException("The 'y' coordinate must not be null");
        }
        this.y = base64URL2;
        ensurePublicCoordinatesOnCurve(curve, base64URL, base64URL2);
        ensureMatches(getParsedX509CertChain());
        this.f14075d = null;
        this.privateKey = privateKey;
    }

    public ECKey(Curve curve, ECPublicKey eCPublicKey, f fVar, Set<e> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL, Base64URL base64URL2, List<Base64> list, KeyStore keyStore) {
        this(curve, encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()), fVar, set, algorithm, str, uri, base64URL, base64URL2, list, keyStore);
    }

    public ECKey(Curve curve, ECPublicKey eCPublicKey, PrivateKey privateKey, f fVar, Set<e> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL, Base64URL base64URL2, List<Base64> list, KeyStore keyStore) {
        this(curve, encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()), privateKey, fVar, set, algorithm, str, uri, base64URL, base64URL2, list, keyStore);
    }

    public ECKey(Curve curve, ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, f fVar, Set<e> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL, Base64URL base64URL2, List<Base64> list, KeyStore keyStore) {
        this(curve, encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), encodeCoordinate(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()), encodeCoordinate(eCPrivateKey.getParams().getCurve().getField().getFieldSize(), eCPrivateKey.getS()), fVar, set, algorithm, str, uri, base64URL, base64URL2, list, keyStore);
    }

    public static Base64URL encodeCoordinate(int i10, BigInteger bigInteger) {
        byte[] A = s0.A(bigInteger);
        int i11 = (i10 + 7) / 8;
        if (A.length >= i11) {
            return Base64URL.encode(A);
        }
        byte[] bArr = new byte[i11];
        System.arraycopy(A, 0, bArr, i11 - A.length, A.length);
        return Base64URL.encode(bArr);
    }

    private void ensureMatches(List<X509Certificate> list) {
        if (list != null && !matches(list.get(0))) {
            throw new IllegalArgumentException("The public subject key info of the first X.509 certificate in the chain must match the JWK type and public parameters");
        }
    }

    private static void ensurePublicCoordinatesOnCurve(Curve curve, Base64URL base64URL, Base64URL base64URL2) {
        if (!SUPPORTED_CURVES.contains(curve)) {
            throw new IllegalArgumentException("Unknown / unsupported curve: " + curve);
        }
        if (j8.e.l(base64URL.decodeToBigInteger(), base64URL2.decodeToBigInteger(), curve.toECParameterSpec())) {
            return;
        }
        throw new IllegalArgumentException("Invalid EC JWK: The 'x' and 'y' public coordinates are not on the " + curve + " curve");
    }

    public static ECKey load(KeyStore keyStore, String str, char[] cArr) throws KeyStoreException, JOSEException {
        Certificate certificate = keyStore.getCertificate(str);
        if (!(certificate instanceof X509Certificate)) {
            return null;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!(x509Certificate.getPublicKey() instanceof ECPublicKey)) {
            throw new JOSEException("Couldn't load EC JWK: The key algorithm is not EC");
        }
        j jVar = new j(parse(x509Certificate));
        jVar.f18135a = str;
        jVar.f18147n = keyStore;
        ECKey a2 = jVar.a();
        try {
            Key key = keyStore.getKey(str, cArr);
            if (key instanceof ECPrivateKey) {
                j jVar2 = new j(a2);
                jVar2.k((ECPrivateKey) key);
                return jVar2.a();
            }
            if (!(key instanceof PrivateKey) || !"EC".equalsIgnoreCase(key.getAlgorithm())) {
                return a2;
            }
            j jVar3 = new j(a2);
            PrivateKey privateKey = (PrivateKey) key;
            if (privateKey instanceof ECPrivateKey) {
                jVar3.k((ECPrivateKey) privateKey);
            } else {
                if (!"EC".equalsIgnoreCase(privateKey.getAlgorithm())) {
                    throw new IllegalArgumentException("The private key algorithm must be EC");
                }
                jVar3.f18140f = privateKey;
            }
            return jVar3.a();
        } catch (NoSuchAlgorithmException | UnrecoverableKeyException e10) {
            throw new JOSEException("Couldn't retrieve private EC key (bad pin?): " + e10.getMessage(), e10);
        }
    }

    public static ECKey parse(String str) throws ParseException {
        return parse((Map<String, Object>) m0.E(-1, str));
    }

    public static ECKey parse(X509Certificate x509Certificate) throws JOSEException {
        if (!(x509Certificate.getPublicKey() instanceof ECPublicKey)) {
            throw new JOSEException("The public key of the X.509 certificate is not EC");
        }
        ECPublicKey eCPublicKey = (ECPublicKey) x509Certificate.getPublicKey();
        try {
            String obj = new JcaX509CertificateHolder(x509Certificate).getSubjectPublicKeyInfo().j().k().toString();
            Curve forOID = Curve.forOID(obj);
            if (forOID == null) {
                throw new JOSEException("Couldn't determine EC JWK curve for OID " + obj);
            }
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            j jVar = new j(forOID, eCPublicKey);
            jVar.c(f.a(x509Certificate));
            jVar.b(x509Certificate.getSerialNumber().toString(10));
            jVar.l(Collections.singletonList(Base64.encode(x509Certificate.getEncoded())));
            jVar.m(Base64URL.encode(messageDigest.digest(x509Certificate.getEncoded())));
            return jVar.a();
        } catch (NoSuchAlgorithmException e10) {
            throw new JOSEException("Couldn't encode x5t parameter: " + e10.getMessage(), e10);
        } catch (CertificateEncodingException e11) {
            throw new JOSEException("Couldn't encode x5c parameter: " + e11.getMessage(), e11);
        }
    }

    public static ECKey parse(Map<String, Object> map) throws ParseException {
        if (!KeyType.EC.equals(i.F(map))) {
            throw new ParseException("The key type \"kty\" must be EC", 0);
        }
        try {
            Curve parse = Curve.parse((String) m0.v(map, "crv", String.class));
            Base64URL t9 = m0.t("x", map);
            Base64URL t10 = m0.t("y", map);
            Base64URL t11 = m0.t("d", map);
            try {
                return t11 == null ? new ECKey(parse, t9, t10, i.G(map), i.E(map), i.C(map), i.D(map), m0.y("x5u", map), m0.t("x5t", map), m0.t("x5t#S256", map), i.H(map), (KeyStore) null) : new ECKey(parse, t9, t10, t11, i.G(map), i.E(map), i.C(map), i.D(map), m0.y("x5u", map), m0.t("x5t", map), m0.t("x5t#S256", map), i.H(map), (KeyStore) null);
            } catch (IllegalArgumentException e10) {
                throw new ParseException(e10.getMessage(), 0);
            }
        } catch (IllegalArgumentException e11) {
            throw new ParseException(e11.getMessage(), 0);
        }
    }

    @Override // j9.d
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof ECKey) || !super.equals(obj)) {
            return false;
        }
        ECKey eCKey = (ECKey) obj;
        return Objects.equals(this.crv, eCKey.crv) && Objects.equals(this.f14076x, eCKey.f14076x) && Objects.equals(this.y, eCKey.y) && Objects.equals(this.f14075d, eCKey.f14075d) && Objects.equals(this.privateKey, eCKey.privateKey);
    }

    @Override // j9.b
    public Curve getCurve() {
        return this.crv;
    }

    public Base64URL getD() {
        return this.f14075d;
    }

    @Override // j9.d
    public LinkedHashMap<String, ?> getRequiredParams() {
        LinkedHashMap<String, ?> linkedHashMap = new LinkedHashMap<>();
        linkedHashMap.put("crv", this.crv.toString());
        linkedHashMap.put("kty", getKeyType().getValue());
        linkedHashMap.put("x", this.f14076x.toString());
        linkedHashMap.put("y", this.y.toString());
        return linkedHashMap;
    }

    public Base64URL getX() {
        return this.f14076x;
    }

    public Base64URL getY() {
        return this.y;
    }

    @Override // j9.d
    public int hashCode() {
        return Objects.hash(Integer.valueOf(super.hashCode()), this.crv, this.f14076x, this.y, this.f14075d, this.privateKey);
    }

    @Override // j9.d
    public boolean isPrivate() {
        return (this.f14075d == null && this.privateKey == null) ? false : true;
    }

    public boolean matches(X509Certificate x509Certificate) {
        try {
            ECPublicKey eCPublicKey = (ECPublicKey) getParsedX509CertChain().get(0).getPublicKey();
            if (getX().decodeToBigInteger().equals(eCPublicKey.getW().getAffineX())) {
                return getY().decodeToBigInteger().equals(eCPublicKey.getW().getAffineY());
            }
            return false;
        } catch (ClassCastException unused) {
            return false;
        }
    }

    @Override // j9.d
    public int size() {
        ECParameterSpec eCParameterSpec = this.crv.toECParameterSpec();
        if (eCParameterSpec != null) {
            return eCParameterSpec.getCurve().getField().getFieldSize();
        }
        throw new UnsupportedOperationException("Couldn't determine field size for curve " + this.crv.getName());
    }

    public ECPrivateKey toECPrivateKey() throws JOSEException {
        return toECPrivateKey(null);
    }

    public ECPrivateKey toECPrivateKey(Provider provider) throws JOSEException {
        if (this.f14075d == null) {
            return null;
        }
        ECParameterSpec eCParameterSpec = this.crv.toECParameterSpec();
        if (eCParameterSpec == null) {
            throw new JOSEException("Couldn't get EC parameter spec for curve " + this.crv);
        }
        try {
            return (ECPrivateKey) (provider == null ? KeyFactory.getInstance("EC") : KeyFactory.getInstance("EC", provider)).generatePrivate(new ECPrivateKeySpec(this.f14075d.decodeToBigInteger(), eCParameterSpec));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e10) {
            throw new JOSEException(e10.getMessage(), e10);
        }
    }

    public ECPublicKey toECPublicKey() throws JOSEException {
        return toECPublicKey(null);
    }

    public ECPublicKey toECPublicKey(Provider provider) throws JOSEException {
        ECParameterSpec eCParameterSpec = this.crv.toECParameterSpec();
        if (eCParameterSpec == null) {
            throw new JOSEException("Couldn't get EC parameter spec for curve " + this.crv);
        }
        try {
            return (ECPublicKey) (provider == null ? KeyFactory.getInstance("EC") : KeyFactory.getInstance("EC", provider)).generatePublic(new ECPublicKeySpec(new ECPoint(this.f14076x.decodeToBigInteger(), this.y.decodeToBigInteger()), eCParameterSpec));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e10) {
            throw new JOSEException(e10.getMessage(), e10);
        }
    }

    @Override // j9.d
    public Map<String, Object> toJSONObject() {
        Map<String, Object> jSONObject = super.toJSONObject();
        HashMap hashMap = (HashMap) jSONObject;
        hashMap.put("crv", this.crv.toString());
        hashMap.put("x", this.f14076x.toString());
        hashMap.put("y", this.y.toString());
        Base64URL base64URL = this.f14075d;
        if (base64URL != null) {
            hashMap.put("d", base64URL.toString());
        }
        return jSONObject;
    }

    @Override // j9.a
    public KeyPair toKeyPair() throws JOSEException {
        return toKeyPair(null);
    }

    public KeyPair toKeyPair(Provider provider) throws JOSEException {
        return this.privateKey != null ? new KeyPair(toECPublicKey(provider), this.privateKey) : new KeyPair(toECPublicKey(provider), toECPrivateKey(provider));
    }

    public PrivateKey toPrivateKey() throws JOSEException {
        ECPrivateKey eCPrivateKey = toECPrivateKey();
        return eCPrivateKey != null ? eCPrivateKey : this.privateKey;
    }

    @Override // j9.d
    public ECKey toPublicJWK() {
        return new ECKey(getCurve(), getX(), getY(), getKeyUse(), getKeyOperations(), getAlgorithm(), getKeyID(), getX509CertURL(), getX509CertThumbprint(), getX509CertSHA256Thumbprint(), getX509CertChain(), getKeyStore());
    }

    public PublicKey toPublicKey() throws JOSEException {
        return toECPublicKey();
    }
}
