package org.eclipse.hono.service.auth;

import com.google.common.hash.Hashing;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.SecurityException;
import io.vertx.core.Vertx;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.crypto.SecretKey;
import org.eclipse.hono.config.KeyLoader;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/eclipse/hono/service/auth/JwtSupport.class */
public abstract class JwtSupport {
    protected final Vertx vertx;
    private final Map<String, KeySpec> signingKeys = new HashMap(5);
    private final Map<String, KeySpec> validatingKeys = new HashMap(5);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/eclipse/hono/service/auth/JwtSupport$KeySpec.class */
    public static class KeySpec {
        final SignatureAlgorithm algorithm;
        final Key key;

        KeySpec(Key key) {
            this(key, (SignatureAlgorithm) null);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public KeySpec(Key key, String str) {
            this(key, (SignatureAlgorithm) Optional.ofNullable(str).map(SignatureAlgorithm::forName).orElse(null));
        }

        KeySpec(Key key, SignatureAlgorithm signatureAlgorithm) {
            this.key = (Key) Objects.requireNonNull(key);
            this.algorithm = signatureAlgorithm;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean supportsSignatureAlgorithm(String str) {
            Objects.requireNonNull(str);
            if (this.algorithm != null) {
                return this.algorithm.getValue().equals(str);
            }
            try {
                SignatureAlgorithm.forName(str).assertValidVerificationKey(this.key);
                return true;
            } catch (SecurityException e) {
                return false;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JwtSupport(Vertx vertx) {
        this.vertx = vertx;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final byte[] getBytes(String str) {
        return str.getBytes(StandardCharsets.UTF_8);
    }

    private String createKeyId(byte[] bArr) {
        return Hashing.sha256().hashBytes(bArr).toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String addSecretKey(SecretKey secretKey) {
        Objects.requireNonNull(secretKey);
        String createKeyId = createKeyId(secretKey.getEncoded());
        KeySpec keySpec = new KeySpec(secretKey, SignatureAlgorithm.forSigningKey(secretKey));
        this.signingKeys.put(createKeyId, keySpec);
        this.validatingKeys.put(createKeyId, keySpec);
        return createKeyId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String addPrivateKey(String str, String str2) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        KeyLoader fromFiles = KeyLoader.fromFiles(this.vertx, str, str2);
        return addPrivateKey(fromFiles.getPrivateKey(), fromFiles.getPublicKey());
    }

    protected final String addPrivateKey(PrivateKey privateKey, PublicKey publicKey) {
        Objects.requireNonNull(privateKey);
        Objects.requireNonNull(publicKey);
        String createKeyId = createKeyId(publicKey.getEncoded());
        addPrivateKey(createKeyId, privateKey, publicKey);
        return createKeyId;
    }

    protected final void addPrivateKey(String str, PrivateKey privateKey, PublicKey publicKey) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(privateKey);
        Objects.requireNonNull(publicKey);
        SignatureAlgorithm forSigningKey = SignatureAlgorithm.forSigningKey(privateKey);
        this.signingKeys.put(str, new KeySpec(privateKey, forSigningKey));
        this.validatingKeys.put(str, new KeySpec(publicKey, forSigningKey));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setPublicKey(String str) {
        Objects.requireNonNull(str);
        PublicKey publicKey = KeyLoader.fromFiles(this.vertx, (String) null, str).getPublicKey();
        if (publicKey == null) {
            throw new IllegalArgumentException("cannot load public key: " + str);
        }
        setValidatingKeys(Map.of(createKeyId(publicKey.getEncoded()), new KeySpec(publicKey)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setValidatingKeys(Map<String, KeySpec> map) {
        Objects.requireNonNull(map);
        this.validatingKeys.clear();
        this.validatingKeys.putAll(map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final KeySpec getValidatingKey() {
        if (this.validatingKeys.size() != 1) {
            throw new IllegalStateException("more than one validating key is registered");
        }
        return this.validatingKeys.values().iterator().next();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final KeySpec getValidatingKey(String str) {
        Objects.requireNonNull(str);
        return this.validatingKeys.get(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Set<Map.Entry<String, KeySpec>> getValidatingKeys() {
        return Collections.unmodifiableSet(this.validatingKeys.entrySet());
    }

    public final boolean hasValidatingKey() {
        return !this.validatingKeys.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final KeySpec getSigningKey(String str) {
        Objects.requireNonNull(str);
        return this.signingKeys.get(str);
    }
}
