package org.apache.cxf.rs.security.jose.jwk;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.crypto.SecretKey;
import org.apache.cxf.Bus;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apache.cxf.rs.security.jose.common.JoseException;
import org.apache.cxf.rs.security.jose.common.JoseHeaders;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.common.KeyManagementUtils;
import org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption;
import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyDecryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.apache.cxf.rt.security.crypto.MessageDigestUtils;

/* loaded from: input_file:lib/cxf-rt-rs-security-jose-3.1.18.jar:org/apache/cxf/rs/security/jose/jwk/JwkUtils.class */
public final class JwkUtils {
    private static final Map<KeyType, List<String>> JWK_REQUIRED_FIELDS_MAP = new HashMap();

    private JwkUtils() {
    }

    public static String getThumbprint(String str) {
        return getThumbprint(readJwkKey(str));
    }

    public static String getThumbprint(JsonWebKey jsonWebKey) {
        List<String> requiredFields = getRequiredFields(jsonWebKey.getKeyType());
        JsonWebKey jsonWebKey2 = new JsonWebKey();
        for (String str : requiredFields) {
            jsonWebKey2.setProperty(str, jsonWebKey.getProperty(str));
        }
        return Base64UrlUtility.encode(MessageDigestUtils.createDigest(new JsonMapObjectReaderWriter().toJson(jsonWebKey2), "SHA-256"));
    }

    public static List<String> getRequiredFields(KeyType keyType) {
        return JWK_REQUIRED_FIELDS_MAP.get(keyType);
    }

    public static JsonWebKey readJwkKey(URI uri) throws IOException {
        return readJwkKey(uri.toURL().openStream());
    }

    public static JsonWebKeys readJwkSet(URI uri) throws IOException {
        return readJwkSet(uri.toURL().openStream());
    }

    public static JsonWebKey readJwkKey(InputStream inputStream) throws IOException {
        return readJwkKey(IOUtils.readStringFromStream(inputStream));
    }

    public static JsonWebKeys readJwkSet(InputStream inputStream) throws IOException {
        return readJwkSet(IOUtils.readStringFromStream(inputStream));
    }

    public static JsonWebKey readJwkKey(String str) {
        return new JwkReaderWriter().jsonToJwk(str);
    }

    public static JsonWebKeys readJwkSet(String str) {
        return new JwkReaderWriter().jsonToJwkSet(str);
    }

    public static String jwkKeyToJson(JsonWebKey jsonWebKey) {
        return new JwkReaderWriter().jwkToJson(jsonWebKey);
    }

    public static void jwkKeyToJson(JsonWebKey jsonWebKey, OutputStream outputStream) throws IOException {
        IOUtils.copy(new ByteArrayInputStream(StringUtils.toBytesUTF8(jwkKeyToJson(jsonWebKey))), outputStream);
    }

    public static String jwkSetToJson(JsonWebKeys jsonWebKeys) {
        return new JwkReaderWriter().jwkSetToJson(jsonWebKeys);
    }

    public static void jwkSetToJson(JsonWebKeys jsonWebKeys, OutputStream outputStream) throws IOException {
        IOUtils.copy(new ByteArrayInputStream(StringUtils.toBytesUTF8(jwkSetToJson(jsonWebKeys))), outputStream);
    }

    public static String encodeJwkKey(JsonWebKey jsonWebKey) {
        return Base64UrlUtility.encode(jwkKeyToJson(jsonWebKey));
    }

    public static String encodeJwkSet(JsonWebKeys jsonWebKeys) {
        return Base64UrlUtility.encode(jwkSetToJson(jsonWebKeys));
    }

    public static JsonWebKey decodeJwkKey(String str) {
        return readJwkKey(JoseUtils.decodeToString(str));
    }

    public static JsonWebKeys decodeJwkSet(String str) {
        return readJwkSet(JoseUtils.decodeToString(str));
    }

    public static String encryptJwkSet(JsonWebKeys jsonWebKeys, char[] cArr) {
        return encryptJwkSet(jsonWebKeys, createDefaultEncryption(cArr));
    }

    public static String encryptJwkSet(JsonWebKeys jsonWebKeys, JweEncryptionProvider jweEncryptionProvider) {
        return jweEncryptionProvider.encrypt(StringUtils.toBytesUTF8(new JwkReaderWriter().jwkSetToJson(jsonWebKeys)), toJweHeaders("jwk-set+json"));
    }

    public static String encryptJwkSet(JsonWebKeys jsonWebKeys, PublicKey publicKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm) {
        return JweUtils.encrypt(publicKey, keyAlgorithm, contentAlgorithm, StringUtils.toBytesUTF8(jwkSetToJson(jsonWebKeys)), "jwk-set+json");
    }

    public static String signJwkSet(JsonWebKeys jsonWebKeys, PrivateKey privateKey, SignatureAlgorithm signatureAlgorithm) {
        return JwsUtils.sign(privateKey, signatureAlgorithm, jwkSetToJson(jsonWebKeys), "jwk-set+json");
    }

    public static String encryptJwkSet(JsonWebKeys jsonWebKeys, SecretKey secretKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm) {
        return JweUtils.encrypt(secretKey, keyAlgorithm, contentAlgorithm, StringUtils.toBytesUTF8(jwkSetToJson(jsonWebKeys)), "jwk-set+json");
    }

    public static JsonWebKeys decryptJwkSet(String str, char[] cArr) {
        return decryptJwkSet(str, createDefaultDecryption(cArr));
    }

    public static JsonWebKeys decryptJwkSet(String str, JweDecryptionProvider jweDecryptionProvider) {
        return new JwkReaderWriter().jsonToJwkSet(jweDecryptionProvider.decrypt(str).getContentText());
    }

    public static JsonWebKeys decryptJwkSet(PrivateKey privateKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm, String str) {
        return readJwkSet(toString(JweUtils.decrypt(privateKey, keyAlgorithm, contentAlgorithm, str)));
    }

    public static JsonWebKeys verifyJwkSet(PublicKey publicKey, SignatureAlgorithm signatureAlgorithm, String str) {
        return readJwkSet(JwsUtils.verify(publicKey, signatureAlgorithm, str));
    }

    public static JsonWebKeys decryptJwkSet(SecretKey secretKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm, String str) {
        return readJwkSet(toString(JweUtils.decrypt(secretKey, keyAlgorithm, contentAlgorithm, str)));
    }

    public static JsonWebKeys decryptJwkSet(InputStream inputStream, char[] cArr) throws IOException {
        return decryptJwkSet(inputStream, createDefaultDecryption(cArr));
    }

    public static JsonWebKeys decryptJwkSet(InputStream inputStream, JweDecryptionProvider jweDecryptionProvider) throws IOException {
        return new JwkReaderWriter().jsonToJwkSet(jweDecryptionProvider.decrypt(IOUtils.readStringFromStream(inputStream)).getContentText());
    }

    public static String encryptJwkKey(JsonWebKey jsonWebKey, char[] cArr) {
        return encryptJwkKey(jsonWebKey, createDefaultEncryption(cArr));
    }

    public static String encryptJwkKey(JsonWebKey jsonWebKey, JweEncryptionProvider jweEncryptionProvider) {
        return jweEncryptionProvider.encrypt(StringUtils.toBytesUTF8(new JwkReaderWriter().jwkToJson(jsonWebKey)), toJweHeaders("jwk+json"));
    }

    public static String encryptJwkKey(JsonWebKey jsonWebKey, PublicKey publicKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm) {
        return JweUtils.encrypt(publicKey, keyAlgorithm, contentAlgorithm, StringUtils.toBytesUTF8(jwkKeyToJson(jsonWebKey)), "jwk+json");
    }

    public static String encryptJwkKey(JsonWebKey jsonWebKey, SecretKey secretKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm) {
        return JweUtils.encrypt(secretKey, keyAlgorithm, contentAlgorithm, StringUtils.toBytesUTF8(jwkKeyToJson(jsonWebKey)), "jwk+json");
    }

    public static String signJwkKey(JsonWebKey jsonWebKey, PrivateKey privateKey, SignatureAlgorithm signatureAlgorithm) {
        return JwsUtils.sign(privateKey, signatureAlgorithm, jwkKeyToJson(jsonWebKey), "jwk+json");
    }

    public static JsonWebKey decryptJwkKey(String str, char[] cArr) {
        return decryptJwkKey(str, createDefaultDecryption(cArr));
    }

    public static JsonWebKey decryptJwkKey(PrivateKey privateKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm, String str) {
        return readJwkKey(toString(JweUtils.decrypt(privateKey, keyAlgorithm, contentAlgorithm, str)));
    }

    public static JsonWebKey verifyJwkKey(PublicKey publicKey, SignatureAlgorithm signatureAlgorithm, String str) {
        return readJwkKey(JwsUtils.verify(publicKey, signatureAlgorithm, str));
    }

    public static JsonWebKey decryptJwkKey(SecretKey secretKey, KeyAlgorithm keyAlgorithm, ContentAlgorithm contentAlgorithm, String str) {
        return readJwkKey(toString(JweUtils.decrypt(secretKey, keyAlgorithm, contentAlgorithm, str)));
    }

    public static JsonWebKey decryptJwkKey(String str, JweDecryptionProvider jweDecryptionProvider) {
        return new JwkReaderWriter().jsonToJwk(jweDecryptionProvider.decrypt(str).getContentText());
    }

    public static JsonWebKey decryptJwkKey(InputStream inputStream, char[] cArr) throws IOException {
        return decryptJwkKey(inputStream, createDefaultDecryption(cArr));
    }

    public static JsonWebKey decryptJwkKey(InputStream inputStream, JweDecryptionProvider jweDecryptionProvider) throws IOException {
        return new JwkReaderWriter().jsonToJwk(jweDecryptionProvider.decrypt(IOUtils.readStringFromStream(inputStream)).getContentText());
    }

    public static JsonWebKeys loadPublicJwkSet(Message message, Properties properties) {
        return loadJwkSet(message, properties, (PrivateKeyPasswordProvider) null);
    }

    public static JsonWebKeys loadJwkSet(Message message, Properties properties, PrivateKeyPasswordProvider privateKeyPasswordProvider) {
        String str = (String) properties.get(JoseConstants.RSSEC_KEY_STORE_FILE);
        JsonWebKeys jsonWebKeys = null;
        if (str != null && message != null) {
            Object obj = message.getExchange().get(str);
            if (obj != null && !(obj instanceof JsonWebKeys)) {
                throw new JwkException("Unexpected key store class: " + obj.getClass().getName());
            }
            jsonWebKeys = (JsonWebKeys) obj;
        }
        if (jsonWebKeys == null) {
            jsonWebKeys = loadJwkSet(properties, message != null ? message.getExchange().getBus() : null, privateKeyPasswordProvider);
            if (str != null && message != null) {
                message.getExchange().put(str, jsonWebKeys);
            }
        }
        return jsonWebKeys;
    }

    public static JsonWebKeys loadJwkSet(Properties properties, Bus bus, PrivateKeyPasswordProvider privateKeyPasswordProvider) {
        return loadJwkSet(properties, bus, privateKeyPasswordProvider != null ? new AesCbcHmacJweDecryption(new PbesHmacAesWrapKeyDecryptionAlgorithm(privateKeyPasswordProvider.getPassword(properties))) : null);
    }

    public static JsonWebKeys loadJwkSet(Properties properties, Bus bus, JweDecryptionProvider jweDecryptionProvider) {
        String readStringFromStream;
        String property = properties.getProperty(JoseConstants.RSSEC_KEY_STORE_FILE);
        if (property != null) {
            try {
                InputStream resourceStream = JoseUtils.getResourceStream(property, bus);
                if (resourceStream == null) {
                    throw new JwkException("Error in loading keystore location: " + property);
                }
                Throwable th = null;
                try {
                    try {
                        readStringFromStream = IOUtils.readStringFromStream(resourceStream);
                        if (resourceStream != null) {
                            if (0 != 0) {
                                try {
                                    resourceStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                resourceStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Exception e) {
                throw new JwkException(e);
            }
        } else {
            readStringFromStream = properties.getProperty(JoseConstants.RSSEC_KEY_STORE_JWKSET);
            if (readStringFromStream == null) {
                readStringFromStream = properties.getProperty(JoseConstants.RSSEC_KEY_STORE_JWKKEY);
            }
        }
        if (jweDecryptionProvider != null) {
            readStringFromStream = jweDecryptionProvider.decrypt(readStringFromStream).getContentText();
        }
        JwkReaderWriter jwkReaderWriter = new JwkReaderWriter();
        return properties.getProperty(JoseConstants.RSSEC_KEY_STORE_JWKKEY) == null ? jwkReaderWriter.jsonToJwkSet(readStringFromStream) : new JsonWebKeys(jwkReaderWriter.jsonToJwk(readStringFromStream));
    }

    public static JsonWebKey loadJsonWebKey(Message message, Properties properties, KeyOperation keyOperation) {
        return loadJsonWebKey(message, properties, keyOperation, null);
    }

    public static JsonWebKey loadJsonWebKey(Message message, Properties properties, KeyOperation keyOperation, String str) {
        List<JsonWebKey> list;
        JsonWebKeys loadJwkSet = loadJwkSet(message, properties, KeyManagementUtils.loadPasswordProvider(message, properties, keyOperation));
        String keyId = (str == null || !MessageUtils.getContextualBoolean(message, JoseConstants.RSSEC_ACCEPT_PUBLIC_KEY, false)) ? KeyManagementUtils.getKeyId(message, properties, JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOperation) : str;
        if (keyId != null) {
            return loadJwkSet.getKey(keyId);
        }
        if (keyOperation == null || (list = loadJwkSet.getKeyOperationMap().get(keyOperation)) == null || list.size() != 1) {
            return null;
        }
        return list.get(0);
    }

    public static List<JsonWebKey> loadJsonWebKeys(Message message, Properties properties, KeyOperation keyOperation) {
        List<JsonWebKey> list;
        JsonWebKeys loadJwkSet = loadJwkSet(message, properties, KeyManagementUtils.loadPasswordProvider(message, properties, keyOperation));
        String keyId = KeyManagementUtils.getKeyId(message, properties, JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOperation);
        if (keyId != null) {
            return Collections.singletonList(loadJwkSet.getKey(keyId));
        }
        String keyId2 = KeyManagementUtils.getKeyId(message, properties, JoseConstants.RSSEC_KEY_STORE_ALIASES, keyOperation);
        if (keyId2 == null) {
            if (keyOperation == null || (list = loadJwkSet.getKeyOperationMap().get(keyOperation)) == null || list.size() != 1) {
                return null;
            }
            return Collections.singletonList(list.get(0));
        }
        String[] split = keyId2.split(",");
        ArrayList arrayList = new ArrayList(split.length);
        for (String str : split) {
            arrayList.add(loadJwkSet.getKey(str));
        }
        return arrayList;
    }

    public static RSAPublicKey toRSAPublicKey(JsonWebKey jsonWebKey) {
        return toRSAPublicKey(jsonWebKey, false);
    }

    public static RSAPublicKey toRSAPublicKey(JsonWebKey jsonWebKey, boolean z) {
        String str = (String) jsonWebKey.getProperty(JsonWebKey.RSA_MODULUS);
        String str2 = (String) jsonWebKey.getProperty(JsonWebKey.RSA_PUBLIC_EXP);
        if (str != null) {
            return CryptoUtils.getRSAPublicKey(str, str2);
        }
        if (z) {
            return (RSAPublicKey) toX509CertificateChain(jsonWebKey).get(0).getPublicKey();
        }
        return null;
    }

    public static List<X509Certificate> toX509CertificateChain(JsonWebKey jsonWebKey) {
        return KeyManagementUtils.toX509CertificateChain(jsonWebKey.getX509Chain());
    }

    public static JsonWebKey fromECPublicKey(ECPublicKey eCPublicKey, String str) {
        return fromECPublicKey(eCPublicKey, str, null);
    }

    public static JsonWebKey fromECPublicKey(ECPublicKey eCPublicKey, String str, String str2) {
        JsonWebKey prepareECJwk = prepareECJwk(str, str2);
        prepareECJwk.setProperty(JsonWebKey.EC_X_COORDINATE, Base64UrlUtility.encode(eCPublicKey.getW().getAffineX().toByteArray()));
        prepareECJwk.setProperty(JsonWebKey.EC_Y_COORDINATE, Base64UrlUtility.encode(eCPublicKey.getW().getAffineY().toByteArray()));
        return prepareECJwk;
    }

    public static JsonWebKey fromECPrivateKey(ECPrivateKey eCPrivateKey, String str) {
        return fromECPrivateKey(eCPrivateKey, str, null);
    }

    public static JsonWebKey fromECPrivateKey(ECPrivateKey eCPrivateKey, String str, String str2) {
        JsonWebKey prepareECJwk = prepareECJwk(str, str2);
        prepareECJwk.setProperty("d", Base64UrlUtility.encode(eCPrivateKey.getS().toByteArray()));
        return prepareECJwk;
    }

    public static JsonWebKey fromRSAPublicKey(RSAPublicKey rSAPublicKey, String str) {
        return fromRSAPublicKey(rSAPublicKey, str, null);
    }

    public static JsonWebKey fromRSAPublicKey(RSAPublicKey rSAPublicKey, String str, String str2) {
        JsonWebKey prepareRSAJwk = prepareRSAJwk(rSAPublicKey.getModulus(), str, str2);
        prepareRSAJwk.setProperty(JsonWebKey.RSA_PUBLIC_EXP, Base64UrlUtility.encode(rSAPublicKey.getPublicExponent().toByteArray()));
        return prepareRSAJwk;
    }

    public static JsonWebKey fromPublicKey(PublicKey publicKey, Properties properties, String str) {
        JsonWebKey fromECPublicKey;
        if (publicKey instanceof RSAPublicKey) {
            fromECPublicKey = fromRSAPublicKey((RSAPublicKey) publicKey, properties.getProperty(str));
        } else {
            fromECPublicKey = fromECPublicKey((ECPublicKey) publicKey, properties.getProperty(JoseConstants.RSSEC_EC_CURVE));
        }
        String property = properties.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS);
        if (property != null) {
            fromECPublicKey.setKeyId(property);
        }
        return fromECPublicKey;
    }

    public static JsonWebKey fromX509CertificateChain(List<X509Certificate> list, String str) {
        JsonWebKey jsonWebKey = new JsonWebKey();
        jsonWebKey.setAlgorithm(str);
        jsonWebKey.setX509Chain(KeyManagementUtils.encodeX509CertificateChain(list));
        return jsonWebKey;
    }

    public static RSAPrivateKey toRSAPrivateKey(JsonWebKey jsonWebKey) {
        String str = (String) jsonWebKey.getProperty(JsonWebKey.RSA_MODULUS);
        String str2 = (String) jsonWebKey.getProperty("d");
        String str3 = (String) jsonWebKey.getProperty(JsonWebKey.RSA_FIRST_PRIME_FACTOR);
        if (str3 == null) {
            return CryptoUtils.getRSAPrivateKey(str, str2);
        }
        String str4 = (String) jsonWebKey.getProperty(JsonWebKey.RSA_PUBLIC_EXP);
        if (str4 == null) {
            throw new JoseException("JWK without the public exponent can not be converted to RSAPrivateKey");
        }
        return CryptoUtils.getRSAPrivateKey(str, str4, str2, str3, (String) jsonWebKey.getProperty("q"), (String) jsonWebKey.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT), (String) jsonWebKey.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT), (String) jsonWebKey.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT));
    }

    public static JsonWebKey fromRSAPrivateKey(RSAPrivateKey rSAPrivateKey, String str) {
        return fromRSAPrivateKey(rSAPrivateKey, str, null);
    }

    public static JsonWebKey fromRSAPrivateKey(RSAPrivateKey rSAPrivateKey, String str, String str2) {
        JsonWebKey prepareRSAJwk = prepareRSAJwk(rSAPrivateKey.getModulus(), str, str2);
        prepareRSAJwk.setProperty("d", Base64UrlUtility.encode(rSAPrivateKey.getPrivateExponent().toByteArray()));
        if (rSAPrivateKey instanceof RSAPrivateCrtKey) {
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) rSAPrivateKey;
            prepareRSAJwk.setProperty(JsonWebKey.RSA_PUBLIC_EXP, Base64UrlUtility.encode(rSAPrivateCrtKey.getPublicExponent().toByteArray()));
            prepareRSAJwk.setProperty(JsonWebKey.RSA_FIRST_PRIME_FACTOR, Base64UrlUtility.encode(rSAPrivateCrtKey.getPrimeP().toByteArray()));
            prepareRSAJwk.setProperty("q", Base64UrlUtility.encode(rSAPrivateCrtKey.getPrimeQ().toByteArray()));
            prepareRSAJwk.setProperty(JsonWebKey.RSA_FIRST_PRIME_CRT, Base64UrlUtility.encode(rSAPrivateCrtKey.getPrimeExponentP().toByteArray()));
            prepareRSAJwk.setProperty(JsonWebKey.RSA_SECOND_PRIME_CRT, Base64UrlUtility.encode(rSAPrivateCrtKey.getPrimeExponentQ().toByteArray()));
            prepareRSAJwk.setProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT, Base64UrlUtility.encode(rSAPrivateCrtKey.getCrtCoefficient().toByteArray()));
        }
        return prepareRSAJwk;
    }

    public static ECPublicKey toECPublicKey(JsonWebKey jsonWebKey) {
        return CryptoUtils.getECPublicKey((String) jsonWebKey.getProperty(JsonWebKey.EC_CURVE), (String) jsonWebKey.getProperty(JsonWebKey.EC_X_COORDINATE), (String) jsonWebKey.getProperty(JsonWebKey.EC_Y_COORDINATE));
    }

    public static ECPrivateKey toECPrivateKey(JsonWebKey jsonWebKey) {
        return CryptoUtils.getECPrivateKey((String) jsonWebKey.getProperty(JsonWebKey.EC_CURVE), (String) jsonWebKey.getProperty("d"));
    }

    public static SecretKey toSecretKey(JsonWebKey jsonWebKey) {
        return CryptoUtils.createSecretKeySpec((String) jsonWebKey.getProperty(JsonWebKey.OCTET_KEY_VALUE), AlgorithmUtils.toJavaName(jsonWebKey.getAlgorithm()));
    }

    public static JsonWebKey fromSecretKey(SecretKey secretKey, String str) {
        return fromSecretKey(secretKey, str, null);
    }

    public static JsonWebKey fromSecretKey(SecretKey secretKey, String str, String str2) {
        if (!AlgorithmUtils.isOctet(str)) {
            throw new JwkException("Invalid algorithm");
        }
        JsonWebKey jsonWebKey = new JsonWebKey();
        jsonWebKey.setKeyType(KeyType.OCTET);
        if (str2 != null) {
            jsonWebKey.setKeyId(str2);
        }
        jsonWebKey.setAlgorithm(str);
        jsonWebKey.setProperty(JsonWebKey.OCTET_KEY_VALUE, Base64UrlUtility.encode(secretKey.getEncoded()));
        return jsonWebKey;
    }

    private static JweEncryptionProvider createDefaultEncryption(char[] cArr) {
        return new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256, new PbesHmacAesWrapKeyEncryptionAlgorithm(cArr, KeyAlgorithm.PBES2_HS256_A128KW));
    }

    private static JweDecryptionProvider createDefaultDecryption(char[] cArr) {
        return new AesCbcHmacJweDecryption(new PbesHmacAesWrapKeyDecryptionAlgorithm(cArr));
    }

    private static JsonWebKey prepareRSAJwk(BigInteger bigInteger, String str, String str2) {
        JsonWebKey jsonWebKey = new JsonWebKey();
        jsonWebKey.setKeyType(KeyType.RSA);
        if (str != null) {
            if (!AlgorithmUtils.isRsa(str)) {
                throw new JwkException("Invalid algorithm");
            }
            jsonWebKey.setAlgorithm(str);
        }
        if (str2 != null) {
            jsonWebKey.setKeyId(str2);
        }
        byte[] byteArray = bigInteger.toByteArray();
        int length = byteArray.length - (bigInteger.bitLength() / 8);
        if (length > 0) {
            byteArray = Arrays.copyOfRange(byteArray, length, byteArray.length);
        }
        jsonWebKey.setProperty(JsonWebKey.RSA_MODULUS, Base64UrlUtility.encode(byteArray));
        return jsonWebKey;
    }

    private static JsonWebKey prepareECJwk(String str, String str2) {
        JsonWebKey jsonWebKey = new JsonWebKey();
        jsonWebKey.setKeyType(KeyType.EC);
        if (str2 != null) {
            jsonWebKey.setKeyId(str2);
        }
        jsonWebKey.setProperty(JsonWebKey.EC_CURVE, str);
        return jsonWebKey;
    }

    private static String toString(byte[] bArr) {
        try {
            return new String(bArr, StandardCharsets.UTF_8);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static JweHeaders toJweHeaders(String str) {
        return new JweHeaders((Map<String, Object>) Collections.singletonMap(JoseConstants.HEADER_CONTENT_TYPE, str));
    }

    public static void includeCertChain(JsonWebKey jsonWebKey, JoseHeaders joseHeaders, String str) {
        List<String> cast;
        if (!KeyType.RSA.equals(jsonWebKey.getKeyType()) || (cast = CastUtils.cast((List<?>) jsonWebKey.getProperty("x5c"))) == null) {
            return;
        }
        joseHeaders.setX509Chain(cast);
    }

    public static void includePublicKey(JsonWebKey jsonWebKey, JoseHeaders joseHeaders, String str) {
        if (KeyType.RSA.equals(jsonWebKey.getKeyType())) {
            JsonWebKey fromRSAPublicKey = fromRSAPublicKey(toRSAPublicKey(jsonWebKey), str);
            if (jsonWebKey.getKeyId() != null) {
                fromRSAPublicKey.setKeyId(jsonWebKey.getKeyId());
            }
            joseHeaders.setJsonWebKey(fromRSAPublicKey);
        }
    }

    static {
        JWK_REQUIRED_FIELDS_MAP.put(KeyType.RSA, Arrays.asList(JsonWebKey.RSA_PUBLIC_EXP, JsonWebKey.KEY_TYPE, JsonWebKey.RSA_MODULUS));
        JWK_REQUIRED_FIELDS_MAP.put(KeyType.EC, Arrays.asList(JsonWebKey.EC_CURVE, JsonWebKey.KEY_TYPE, JsonWebKey.EC_X_COORDINATE, JsonWebKey.EC_Y_COORDINATE));
        JWK_REQUIRED_FIELDS_MAP.put(KeyType.OCTET, Arrays.asList(JsonWebKey.OCTET_KEY_VALUE, JsonWebKey.KEY_TYPE));
    }
}
