package org.keycloak.jose.jwk;

import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.EdECPublicKey;
import java.security.spec.EdECPoint;
import java.security.spec.EdECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.NamedParameterSpec;
import java.util.Optional;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.crypto.KeyUse;

/* loaded from: input_file:org/keycloak/jose/jwk/EdECUtilsImpl.class */
class EdECUtilsImpl implements EdECUtils {
    @Override // org.keycloak.jose.jwk.EdECUtils
    public boolean isEdECSupported() {
        return true;
    }

    @Override // org.keycloak.jose.jwk.EdECUtils
    public JWK okp(String str, String str2, Key key, KeyUse keyUse) {
        EdECPublicKey edECPublicKey = (EdECPublicKey) key;
        OKPPublicJWK oKPPublicJWK = new OKPPublicJWK();
        oKPPublicJWK.setKeyId(str != null ? str : KeyUtils.createKeyId(key));
        oKPPublicJWK.setKeyType("OKP");
        oKPPublicJWK.setAlgorithm(str2);
        oKPPublicJWK.setPublicKeyUse(keyUse == null ? JWKBuilder.DEFAULT_PUBLIC_KEY_USE.getSpecName() : keyUse.getSpecName());
        oKPPublicJWK.setCrv(edECPublicKey.getParams().getName());
        oKPPublicJWK.setX(edPublicKeyInJwkRepresentation(edECPublicKey).orElse(""));
        return oKPPublicJWK;
    }

    @Override // org.keycloak.jose.jwk.EdECUtils
    public PublicKey createOKPPublicKey(JWK jwk) {
        int i;
        String str = (String) jwk.getOtherClaims().get("x");
        String str2 = (String) jwk.getOtherClaims().get("crv");
        if ("Ed25519".equals(str2)) {
            i = 32;
        } else {
            if (!"Ed448".equals(str2)) {
                throw new RuntimeException("Invalid JWK representation of OKP type algorithm");
            }
            i = 57;
        }
        byte[] decode = Base64Url.decode(str);
        if (decode.length != i) {
            throw new RuntimeException("Invalid JWK representation of OKP type public key");
        }
        boolean z = false;
        if ((decode[decode.length - 1] & Byte.MIN_VALUE) != 0) {
            z = true;
        }
        int length = decode.length - 1;
        decode[length] = (byte) (decode[length] & Byte.MAX_VALUE);
        try {
            return KeyFactory.getInstance(str2).generatePublic(new EdECPublicKeySpec(new NamedParameterSpec(str2), new EdECPoint(z, new BigInteger(1, reverseBytes(decode)))));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    private static Optional<String> edPublicKeyInJwkRepresentation(EdECPublicKey edECPublicKey) {
        int i;
        EdECPoint point = edECPublicKey.getPoint();
        BigInteger y = point.getY();
        if ("Ed25519".equals(edECPublicKey.getParams().getName())) {
            i = 32;
        } else {
            if (!"Ed448".equals(edECPublicKey.getParams().getName())) {
                return Optional.ofNullable(null);
            }
            i = 57;
        }
        byte[] bArr = new byte[i];
        byte[] reverseBytes = reverseBytes(y.toByteArray());
        System.arraycopy(reverseBytes, 0, bArr, 0, reverseBytes.length);
        if (point.isXOdd()) {
            int length = bArr.length - 1;
            bArr[length] = (byte) (bArr[length] | Byte.MIN_VALUE);
        }
        return Optional.ofNullable(Base64Url.encode(bArr));
    }

    private static byte[] reverseBytes(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        int length = bArr.length;
        byte[] bArr2 = new byte[length];
        for (int i = 0; i < length; i++) {
            bArr2[(length - 1) - i] = bArr[i];
        }
        return bArr2;
    }
}
