package com.nimbusds.jose.jwk;

import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.e;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import hb.b;
import java.math.BigInteger;
import java.net.URI;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import m3.d;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import y2.c;
import y2.f;
import y2.n;

@b
/* loaded from: classes4.dex */
public final class ECKey extends JWK implements y2.a, y2.b {

    /* renamed from: f, reason: collision with root package name */
    public static final Set<Curve> f14340f = Collections.unmodifiableSet(new HashSet(Arrays.asList(Curve.f14331c, Curve.f14332d, Curve.f14334f, Curve.f14335g)));
    private static final long serialVersionUID = 1;
    private final Curve crv;

    /* renamed from: d, reason: collision with root package name */
    private final Base64URL f14341d;
    private final PrivateKey privateKey;

    /* renamed from: x, reason: collision with root package name */
    private final Base64URL f14342x;

    /* renamed from: y, reason: collision with root package name */
    private final Base64URL f14343y;

    /* loaded from: classes4.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public final Curve f14344a;

        /* renamed from: b, reason: collision with root package name */
        public final Base64URL f14345b;

        /* renamed from: c, reason: collision with root package name */
        public final Base64URL f14346c;

        /* renamed from: d, reason: collision with root package name */
        public Base64URL f14347d;

        /* renamed from: e, reason: collision with root package name */
        public PrivateKey f14348e;

        /* renamed from: f, reason: collision with root package name */
        public KeyUse f14349f;

        /* renamed from: g, reason: collision with root package name */
        public Set<KeyOperation> f14350g;

        /* renamed from: h, reason: collision with root package name */
        public Algorithm f14351h;

        /* renamed from: i, reason: collision with root package name */
        public String f14352i;

        /* renamed from: j, reason: collision with root package name */
        public URI f14353j;

        /* renamed from: k, reason: collision with root package name */
        @Deprecated
        public Base64URL f14354k;

        /* renamed from: l, reason: collision with root package name */
        public Base64URL f14355l;

        /* renamed from: m, reason: collision with root package name */
        public List<Base64> f14356m;

        /* renamed from: n, reason: collision with root package name */
        public KeyStore f14357n;

        public a(Curve curve, Base64URL base64URL, Base64URL base64URL2) {
            if (curve == null) {
                throw new IllegalArgumentException("The curve must not be null");
            }
            this.f14344a = curve;
            if (base64URL == null) {
                throw new IllegalArgumentException("The 'x' coordinate must not be null");
            }
            this.f14345b = base64URL;
            if (base64URL2 == null) {
                throw new IllegalArgumentException("The 'y' coordinate must not be null");
            }
            this.f14346c = base64URL2;
        }

        public a(Curve curve, ECPublicKey eCPublicKey) {
            this(curve, ECKey.X(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), ECKey.X(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()));
        }

        public a(ECKey eCKey) {
            this.f14344a = eCKey.crv;
            this.f14345b = eCKey.f14342x;
            this.f14346c = eCKey.f14343y;
            this.f14347d = eCKey.f14341d;
            this.f14348e = eCKey.privateKey;
            this.f14349f = eCKey.r();
            this.f14350g = eCKey.o();
            this.f14351h = eCKey.m();
            this.f14352i = eCKey.n();
            this.f14353j = eCKey.y();
            this.f14354k = eCKey.x();
            this.f14355l = eCKey.w();
            this.f14356m = eCKey.v();
            this.f14357n = eCKey.p();
        }

        public a a(Algorithm algorithm) {
            this.f14351h = algorithm;
            return this;
        }

        public ECKey b() {
            try {
                return (this.f14347d == null && this.f14348e == null) ? new ECKey(this.f14344a, this.f14345b, this.f14346c, this.f14349f, this.f14350g, this.f14351h, this.f14352i, this.f14353j, this.f14354k, this.f14355l, this.f14356m, this.f14357n) : this.f14348e != null ? new ECKey(this.f14344a, this.f14345b, this.f14346c, this.f14348e, this.f14349f, this.f14350g, this.f14351h, this.f14352i, this.f14353j, this.f14354k, this.f14355l, this.f14356m, this.f14357n) : new ECKey(this.f14344a, this.f14345b, this.f14346c, this.f14347d, this.f14349f, this.f14350g, this.f14351h, this.f14352i, this.f14353j, this.f14354k, this.f14355l, this.f14356m, this.f14357n);
            } catch (IllegalArgumentException e10) {
                throw new IllegalStateException(e10.getMessage(), e10);
            }
        }

        public a c(Base64URL base64URL) {
            this.f14347d = base64URL;
            return this;
        }

        public a d(String str) {
            this.f14352i = str;
            return this;
        }

        public a e() throws JOSEException {
            return f("SHA-256");
        }

        public a f(String str) throws JOSEException {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("crv", this.f14344a.toString());
            linkedHashMap.put(f.f40945a, KeyType.f14360c.e());
            linkedHashMap.put("x", this.f14345b.toString());
            linkedHashMap.put("y", this.f14346c.toString());
            this.f14352i = n.c(str, linkedHashMap).toString();
            return this;
        }

        public a g(Set<KeyOperation> set) {
            this.f14350g = set;
            return this;
        }

        public a h(KeyStore keyStore) {
            this.f14357n = keyStore;
            return this;
        }

        public a i(KeyUse keyUse) {
            this.f14349f = keyUse;
            return this;
        }

        public a j(PrivateKey privateKey) {
            if (privateKey instanceof ECPrivateKey) {
                return k((ECPrivateKey) privateKey);
            }
            if (!"EC".equalsIgnoreCase(privateKey.getAlgorithm())) {
                throw new IllegalArgumentException("The private key algorithm must be EC");
            }
            this.f14348e = privateKey;
            return this;
        }

        public a k(ECPrivateKey eCPrivateKey) {
            if (eCPrivateKey != null) {
                this.f14347d = ECKey.X(eCPrivateKey.getParams().getCurve().getField().getFieldSize(), eCPrivateKey.getS());
            }
            return this;
        }

        public a l(List<Base64> list) {
            this.f14356m = list;
            return this;
        }

        public a m(Base64URL base64URL) {
            this.f14355l = base64URL;
            return this;
        }

        @Deprecated
        public a n(Base64URL base64URL) {
            this.f14354k = base64URL;
            return this;
        }

        public a o(URI uri) {
            this.f14353j = uri;
            return this;
        }
    }

    public ECKey(Curve curve, Base64URL base64URL, Base64URL base64URL2, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL3, Base64URL base64URL4, List<Base64> list, KeyStore keyStore) {
        super(KeyType.f14360c, keyUse, set, algorithm, str, uri, base64URL3, base64URL4, list, keyStore);
        if (curve == null) {
            throw new IllegalArgumentException("The curve must not be null");
        }
        this.crv = curve;
        if (base64URL == null) {
            throw new IllegalArgumentException("The 'x' coordinate must not be null");
        }
        this.f14342x = base64URL;
        if (base64URL2 == null) {
            throw new IllegalArgumentException("The 'y' coordinate must not be null");
        }
        this.f14343y = base64URL2;
        Z(curve, base64URL, base64URL2);
        Y(s());
        this.f14341d = null;
        this.privateKey = null;
    }

    public ECKey(Curve curve, Base64URL base64URL, Base64URL base64URL2, Base64URL base64URL3, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL4, Base64URL base64URL5, List<Base64> list, KeyStore keyStore) {
        super(KeyType.f14360c, keyUse, set, algorithm, str, uri, base64URL4, base64URL5, list, keyStore);
        if (curve == null) {
            throw new IllegalArgumentException("The curve must not be null");
        }
        this.crv = curve;
        if (base64URL == null) {
            throw new IllegalArgumentException("The 'x' coordinate must not be null");
        }
        this.f14342x = base64URL;
        if (base64URL2 == null) {
            throw new IllegalArgumentException("The 'y' coordinate must not be null");
        }
        this.f14343y = base64URL2;
        Z(curve, base64URL, base64URL2);
        Y(s());
        if (base64URL3 == null) {
            throw new IllegalArgumentException("The 'd' coordinate must not be null");
        }
        this.f14341d = base64URL3;
        this.privateKey = null;
    }

    public ECKey(Curve curve, Base64URL base64URL, Base64URL base64URL2, PrivateKey privateKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL3, Base64URL base64URL4, List<Base64> list, KeyStore keyStore) {
        super(KeyType.f14360c, keyUse, set, algorithm, str, uri, base64URL3, base64URL4, list, keyStore);
        if (curve == null) {
            throw new IllegalArgumentException("The curve must not be null");
        }
        this.crv = curve;
        if (base64URL == null) {
            throw new IllegalArgumentException("The 'x' coordinate must not be null");
        }
        this.f14342x = base64URL;
        if (base64URL2 == null) {
            throw new IllegalArgumentException("The 'y' coordinate must not be null");
        }
        this.f14343y = base64URL2;
        Z(curve, base64URL, base64URL2);
        Y(s());
        this.f14341d = null;
        this.privateKey = privateKey;
    }

    public ECKey(Curve curve, ECPublicKey eCPublicKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL, Base64URL base64URL2, List<Base64> list, KeyStore keyStore) {
        this(curve, X(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), X(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()), keyUse, set, algorithm, str, uri, base64URL, base64URL2, list, keyStore);
    }

    public ECKey(Curve curve, ECPublicKey eCPublicKey, PrivateKey privateKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL, Base64URL base64URL2, List<Base64> list, KeyStore keyStore) {
        this(curve, X(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), X(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()), privateKey, keyUse, set, algorithm, str, uri, base64URL, base64URL2, list, keyStore);
    }

    public ECKey(Curve curve, ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, KeyUse keyUse, Set<KeyOperation> set, Algorithm algorithm, String str, URI uri, Base64URL base64URL, Base64URL base64URL2, List<Base64> list, KeyStore keyStore) {
        this(curve, X(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineX()), X(eCPublicKey.getParams().getCurve().getField().getFieldSize(), eCPublicKey.getW().getAffineY()), X(eCPrivateKey.getParams().getCurve().getField().getFieldSize(), eCPrivateKey.getS()), keyUse, set, algorithm, str, uri, base64URL, base64URL2, list, keyStore);
    }

    public static Base64URL X(int i10, BigInteger bigInteger) {
        byte[] a10 = d.a(bigInteger);
        int i11 = (i10 + 7) / 8;
        if (a10.length >= i11) {
            return Base64URL.n(a10);
        }
        byte[] bArr = new byte[i11];
        System.arraycopy(a10, 0, bArr, i11 - a10.length, a10.length);
        return Base64URL.n(bArr);
    }

    public static void Z(Curve curve, Base64URL base64URL, Base64URL base64URL2) {
        if (!f14340f.contains(curve)) {
            throw new IllegalArgumentException("Unknown / unsupported curve: " + curve);
        }
        BigInteger c10 = base64URL.c();
        BigInteger c11 = base64URL2.c();
        curve.getClass();
        if (w2.b.a(c10, c11, c.b(curve))) {
            return;
        }
        throw new IllegalArgumentException("Invalid EC JWK: The 'x' and 'y' public coordinates are not on the " + curve + " curve");
    }

    public static ECKey e0(KeyStore keyStore, String str, char[] cArr) throws KeyStoreException, JOSEException {
        Certificate certificate = keyStore.getCertificate(str);
        if (!(certificate instanceof X509Certificate)) {
            return null;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!(x509Certificate.getPublicKey() instanceof ECPublicKey)) {
            throw new JOSEException("Couldn't load EC JWK: The key algorithm is not EC");
        }
        a aVar = new a(g0(x509Certificate));
        aVar.f14352i = str;
        aVar.f14357n = keyStore;
        ECKey b10 = aVar.b();
        try {
            Key key = keyStore.getKey(str, cArr);
            return key instanceof ECPrivateKey ? new a(b10).k((ECPrivateKey) key).b() : ((key instanceof PrivateKey) && "EC".equalsIgnoreCase(key.getAlgorithm())) ? new a(b10).j((PrivateKey) key).b() : b10;
        } catch (NoSuchAlgorithmException | UnrecoverableKeyException e10) {
            throw new JOSEException(e.a(e10, new StringBuilder("Couldn't retrieve private EC key (bad pin?): ")), e10);
        }
    }

    public static ECKey f0(String str) throws ParseException {
        return i0(m3.n.q(str, -1));
    }

    public static ECKey g0(X509Certificate x509Certificate) throws JOSEException {
        if (!(x509Certificate.getPublicKey() instanceof ECPublicKey)) {
            throw new JOSEException("The public key of the X.509 certificate is not EC");
        }
        ECPublicKey eCPublicKey = (ECPublicKey) x509Certificate.getPublicKey();
        try {
            String obj = new JcaX509CertificateHolder(x509Certificate).f33963c.D().u().x().toString();
            Curve e10 = Curve.e(obj);
            if (e10 == null) {
                throw new JOSEException("Couldn't determine EC JWK curve for OID " + obj);
            }
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            a aVar = new a(e10, eCPublicKey);
            aVar.f14349f = KeyUse.b(x509Certificate);
            aVar.f14352i = x509Certificate.getSerialNumber().toString(10);
            aVar.f14356m = Collections.singletonList(Base64.i(x509Certificate.getEncoded()));
            aVar.f14355l = Base64URL.n(messageDigest.digest(x509Certificate.getEncoded()));
            return aVar.b();
        } catch (NoSuchAlgorithmException e11) {
            throw new JOSEException("Couldn't encode x5t parameter: " + e11.getMessage(), e11);
        } catch (CertificateEncodingException e12) {
            throw new JOSEException("Couldn't encode x5c parameter: " + e12.getMessage(), e12);
        }
    }

    public static ECKey i0(Map<String, Object> map) throws ParseException {
        if (!KeyType.f14360c.equals(y2.e.d(map))) {
            throw new ParseException("The key type \"kty\" must be EC", 0);
        }
        try {
            Curve j10 = Curve.j(m3.n.k(map, "crv"));
            Base64URL a10 = m3.n.a(map, "x");
            Base64URL a11 = m3.n.a(map, "y");
            Base64URL a12 = m3.n.a(map, "d");
            try {
                return a12 == null ? new ECKey(j10, a10, a11, y2.e.e(map), y2.e.c(map), y2.e.a(map), m3.n.k(map, "kid"), m3.n.n(map, "x5u"), m3.n.a(map, "x5t"), m3.n.a(map, "x5t#S256"), y2.e.f(map), (KeyStore) null) : new ECKey(j10, a10, a11, a12, y2.e.e(map), y2.e.c(map), y2.e.a(map), m3.n.k(map, "kid"), m3.n.n(map, "x5u"), m3.n.a(map, "x5t"), m3.n.a(map, "x5t#S256"), y2.e.f(map), (KeyStore) null);
            } catch (IllegalArgumentException e10) {
                throw new ParseException(e10.getMessage(), 0);
            }
        } catch (IllegalArgumentException e11) {
            throw new ParseException(e11.getMessage(), 0);
        }
    }

    @Override // com.nimbusds.jose.jwk.JWK
    public int I() {
        Curve curve = this.crv;
        curve.getClass();
        ECParameterSpec b10 = c.b(curve);
        if (b10 != null) {
            return b10.getCurve().getField().getFieldSize();
        }
        throw new UnsupportedOperationException("Couldn't determine field size for curve " + this.crv.getName());
    }

    @Override // com.nimbusds.jose.jwk.JWK
    public Map<String, Object> K() {
        Map<String, Object> K = super.K();
        K.put("crv", this.crv.toString());
        K.put("x", this.f14342x.toString());
        K.put("y", this.f14343y.toString());
        Base64URL base64URL = this.f14341d;
        if (base64URL != null) {
            K.put("d", base64URL.toString());
        }
        return K;
    }

    public final void Y(List<X509Certificate> list) {
        if (list != null && !h(list.get(0))) {
            throw new IllegalArgumentException("The public subject key info of the first X.509 certificate in the chain must match the JWK type and public parameters");
        }
    }

    public Base64URL a0() {
        return this.f14341d;
    }

    @Override // y2.a
    public KeyPair b() throws JOSEException {
        return o0(null);
    }

    public Base64URL b0() {
        return this.f14342x;
    }

    @Override // y2.b
    public Curve c() {
        return this.crv;
    }

    public Base64URL d0() {
        return this.f14343y;
    }

    @Override // com.nimbusds.jose.jwk.JWK
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof ECKey) || !super.equals(obj)) {
            return false;
        }
        ECKey eCKey = (ECKey) obj;
        return Objects.equals(this.crv, eCKey.crv) && Objects.equals(this.f14342x, eCKey.f14342x) && Objects.equals(this.f14343y, eCKey.f14343y) && Objects.equals(this.f14341d, eCKey.f14341d) && Objects.equals(this.privateKey, eCKey.privateKey);
    }

    @Override // y2.a
    public PublicKey f() throws JOSEException {
        return n0(null);
    }

    @Override // y2.a
    public boolean h(X509Certificate x509Certificate) {
        try {
            ECPublicKey eCPublicKey = (ECPublicKey) s().get(0).getPublicKey();
            if (this.f14342x.c().equals(eCPublicKey.getW().getAffineX())) {
                return this.f14343y.c().equals(eCPublicKey.getW().getAffineY());
            }
            return false;
        } catch (ClassCastException unused) {
            return false;
        }
    }

    @Override // com.nimbusds.jose.jwk.JWK
    public int hashCode() {
        return Objects.hash(Integer.valueOf(super.hashCode()), this.crv, this.f14342x, this.f14343y, this.f14341d, this.privateKey);
    }

    @Override // y2.a
    public PrivateKey i() throws JOSEException {
        ECPrivateKey l02 = l0(null);
        return l02 != null ? l02 : this.privateKey;
    }

    public ECPrivateKey j0() throws JOSEException {
        return l0(null);
    }

    public ECPrivateKey l0(Provider provider) throws JOSEException {
        if (this.f14341d == null) {
            return null;
        }
        Curve curve = this.crv;
        curve.getClass();
        ECParameterSpec b10 = c.b(curve);
        if (b10 == null) {
            throw new JOSEException("Couldn't get EC parameter spec for curve " + this.crv);
        }
        try {
            return (ECPrivateKey) (provider == null ? KeyFactory.getInstance("EC") : KeyFactory.getInstance("EC", provider)).generatePrivate(new ECPrivateKeySpec(this.f14341d.c(), b10));
        } catch (NoSuchAlgorithmException e10) {
            e = e10;
            throw new JOSEException(e.getMessage(), e);
        } catch (InvalidKeySpecException e11) {
            e = e11;
            throw new JOSEException(e.getMessage(), e);
        }
    }

    public ECPublicKey m0() throws JOSEException {
        return n0(null);
    }

    public ECPublicKey n0(Provider provider) throws JOSEException {
        Curve curve = this.crv;
        curve.getClass();
        ECParameterSpec b10 = c.b(curve);
        if (b10 == null) {
            throw new JOSEException("Couldn't get EC parameter spec for curve " + this.crv);
        }
        try {
            return (ECPublicKey) (provider == null ? KeyFactory.getInstance("EC") : KeyFactory.getInstance("EC", provider)).generatePublic(new ECPublicKeySpec(new ECPoint(this.f14342x.c(), this.f14343y.c()), b10));
        } catch (NoSuchAlgorithmException e10) {
            e = e10;
            throw new JOSEException(e.getMessage(), e);
        } catch (InvalidKeySpecException e11) {
            e = e11;
            throw new JOSEException(e.getMessage(), e);
        }
    }

    public KeyPair o0(Provider provider) throws JOSEException {
        return this.privateKey != null ? new KeyPair(n0(provider), this.privateKey) : new KeyPair(n0(provider), l0(provider));
    }

    @Override // com.nimbusds.jose.jwk.JWK
    /* renamed from: p0, reason: merged with bridge method [inline-methods] */
    public ECKey O() {
        return new ECKey(this.crv, this.f14342x, this.f14343y, r(), o(), m(), n(), y(), x(), w(), v(), p());
    }

    @Override // com.nimbusds.jose.jwk.JWK
    public LinkedHashMap<String, ?> u() {
        LinkedHashMap<String, ?> linkedHashMap = new LinkedHashMap<>();
        linkedHashMap.put("crv", this.crv.toString());
        linkedHashMap.put(f.f40945a, q().e());
        linkedHashMap.put("x", this.f14342x.toString());
        linkedHashMap.put("y", this.f14343y.toString());
        return linkedHashMap;
    }

    @Override // com.nimbusds.jose.jwk.JWK
    public boolean z() {
        return (this.f14341d == null && this.privateKey == null) ? false : true;
    }
}
