package org.cloudfoundry.identity.uaa.oauth;

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.ssl.PKCS8Key;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
import org.cloudfoundry.identity.uaa.oauth.jwk.JsonWebKey;
import org.cloudfoundry.identity.uaa.oauth.jwt.JwtAlgorithms;
import org.springframework.security.jwt.codec.Codecs;
import org.springframework.security.jwt.crypto.sign.RsaSigner;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;
import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
import org.springframework.security.jwt.crypto.sign.Signer;

/* compiled from: KeyInfo.java */
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.30.0.jar:org/cloudfoundry/identity/uaa/oauth/RsaKeyInfo.class */
class RsaKeyInfo extends KeyInfo {
    private static Pattern PEM_DATA = Pattern.compile("-----BEGIN (.*)-----(.*)-----END (.*)-----", 32);
    private static final Base64.Encoder base64encoder = Base64.getMimeEncoder(64, "\n".getBytes());
    private final String keyId;
    private final String keyUrl;
    private Signer signer;
    private SignatureVerifier verifier;
    private String verifierKey;

    public RsaKeyInfo(String str, String str2, String str3) {
        this.keyUrl = validateAndConstructTokenKeyUrl(str3);
        String pemEncodePublicKey = pemEncodePublicKey((RSAPublicKey) parseKeyPair(str2).getPublic());
        this.signer = new RsaSigner(str2);
        this.verifier = new RsaVerifier(pemEncodePublicKey);
        this.keyId = str;
        this.verifierKey = pemEncodePublicKey;
    }

    private KeyPair parseKeyPair(String str) {
        PublicKey generatePublic;
        Matcher matcher = PEM_DATA.matcher(str.trim());
        if (!matcher.matches()) {
            throw new IllegalArgumentException("String is not PEM encoded data");
        }
        String group = matcher.group(1);
        byte[] b64Decode = Codecs.b64Decode(Codecs.utf8Encode(matcher.group(2)));
        PrivateKey privateKey = null;
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            if (group.equals(PKCS8Key.OPENSSL_RSA)) {
                ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(b64Decode);
                if (aSN1Sequence.size() != 9) {
                    throw new IllegalArgumentException("Invalid RSA Private Key ASN1 sequence.");
                }
                RSAPrivateKey rSAPrivateKey = RSAPrivateKey.getInstance(aSN1Sequence);
                RSAPublicKeySpec rSAPublicKeySpec = new RSAPublicKeySpec(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent());
                RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec = new RSAPrivateCrtKeySpec(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent(), rSAPrivateKey.getPrivateExponent(), rSAPrivateKey.getPrime1(), rSAPrivateKey.getPrime2(), rSAPrivateKey.getExponent1(), rSAPrivateKey.getExponent2(), rSAPrivateKey.getCoefficient());
                generatePublic = keyFactory.generatePublic(rSAPublicKeySpec);
                privateKey = keyFactory.generatePrivate(rSAPrivateCrtKeySpec);
            } else if (group.equals("PUBLIC KEY")) {
                generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(b64Decode));
            } else {
                if (!group.equals("RSA PUBLIC KEY")) {
                    throw new IllegalArgumentException(group + " is not a supported format");
                }
                org.bouncycastle.asn1.pkcs.RSAPublicKey rSAPublicKey = org.bouncycastle.asn1.pkcs.RSAPublicKey.getInstance(ASN1Sequence.getInstance(b64Decode));
                generatePublic = keyFactory.generatePublic(new RSAPublicKeySpec(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
            }
            return new KeyPair(generatePublic, privateKey);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        } catch (InvalidKeySpecException e2) {
            throw new RuntimeException(e2);
        }
    }

    private String pemEncodePublicKey(PublicKey publicKey) {
        return "-----BEGIN PUBLIC KEY-----\n" + new String(base64encoder.encode(publicKey.getEncoded())) + "\n-----END PUBLIC KEY-----";
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.KeyInfo
    public void verify() {
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.KeyInfo
    public SignatureVerifier getVerifier() {
        return this.verifier;
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.KeyInfo
    public Signer getSigner() {
        return this.signer;
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.KeyInfo
    public String keyId() {
        return this.keyId;
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.KeyInfo
    public String keyURL() {
        return this.keyUrl;
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.KeyInfo
    public String type() {
        return JsonWebKey.KeyType.RSA.name();
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.KeyInfo
    public String verifierKey() {
        return this.verifierKey;
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.KeyInfo
    public Map<String, Object> getJwkMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("alg", algorithm());
        hashMap.put("value", this.verifierKey);
        hashMap.put("use", JsonWebKey.KeyUse.sig.name());
        hashMap.put("kid", this.keyId);
        hashMap.put("kty", JsonWebKey.KeyType.RSA.name());
        RSAPublicKey rSAPublicKey = (RSAPublicKey) parseKeyPair(this.verifierKey).getPublic();
        if (rSAPublicKey != null) {
            Base64.Encoder withoutPadding = Base64.getUrlEncoder().withoutPadding();
            String encodeToString = withoutPadding.encodeToString(rSAPublicKey.getModulus().toByteArray());
            String encodeToString2 = withoutPadding.encodeToString(rSAPublicKey.getPublicExponent().toByteArray());
            hashMap.put("n", encodeToString);
            hashMap.put("e", encodeToString2);
        }
        return hashMap;
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.KeyInfo
    public String algorithm() {
        return JwtAlgorithms.sigAlg(this.verifier.algorithm());
    }
}
