package io.jsonwebtoken;
import b.d;
import io.jsonwebtoken.security.InvalidKeyException;
import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SignatureException;
import io.jsonwebtoken.security.WeakKeyException;
import j2.b;
import java.security.Key;
import java.security.PrivateKey;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.crypto.SecretKey;
import ln.r0;
import ln.u0;
import org.apache.cordova.networkinformation.NetworkManager;
import z1.a;
public enum SignatureAlgorithm {
NONE(NetworkManager.TYPE_NONE, "No digital signature or MAC performed", "None", null, false, 0, 0),
HS256("HS256", "HMAC using SHA-256", "HMAC", "HmacSHA256", true, 256, 256),
HS384("HS384", "HMAC using SHA-384", "HMAC", "HmacSHA384", true, 384, 384),
HS512("HS512", "HMAC using SHA-512", "HMAC", "HmacSHA512", true, 512, 512),
RS256("RS256", "RSASSA-PKCS-v1_5 using SHA-256", "RSA", "SHA256withRSA", true, 256, 2048),
RS384("RS384", "RSASSA-PKCS-v1_5 using SHA-384", "RSA", "SHA384withRSA", true, 384, 2048),
RS512("RS512", "RSASSA-PKCS-v1_5 using SHA-512", "RSA", "SHA512withRSA", true, 512, 2048),
ES256("ES256", "ECDSA using P-256 and SHA-256", "ECDSA", "SHA256withECDSA", true, 256, 256),
ES384("ES384", "ECDSA using P-384 and SHA-384", "ECDSA", "SHA384withECDSA", true, 384, 384),
ES512("ES512", "ECDSA using P-521 and SHA-512", "ECDSA", "SHA512withECDSA", true, 512, 521),
PS256("PS256", "RSASSA-PSS using SHA-256 and MGF1 with SHA-256", "RSA", "SHA256withRSAandMGF1", false, 256, 2048),
PS384("PS384", "RSASSA-PSS using SHA-384 and MGF1 with SHA-384", "RSA", "SHA384withRSAandMGF1", false, 384, 2048),
PS512("PS512", "RSASSA-PSS using SHA-512 and MGF1 with SHA-512", "RSA", "SHA512withRSAandMGF1", false, 512, 2048);
private static final List<SignatureAlgorithm> PREFERRED_EC_ALGS;
private static final List<SignatureAlgorithm> PREFERRED_HMAC_ALGS;
private final String description;
private final int digestLength;
private final String familyName;
private final String jcaName;
private final boolean jdkStandard;
private final int minKeyLength;
private final String value;
/* access modifiers changed from: public */
static {
SignatureAlgorithm signatureAlgorithm;
SignatureAlgorithm signatureAlgorithm2;
SignatureAlgorithm signatureAlgorithm3;
SignatureAlgorithm signatureAlgorithm4;
SignatureAlgorithm signatureAlgorithm5;
SignatureAlgorithm signatureAlgorithm6;
PREFERRED_HMAC_ALGS = Collections.unmodifiableList(Arrays.asList(signatureAlgorithm3, signatureAlgorithm2, signatureAlgorithm));
PREFERRED_EC_ALGS = Collections.unmodifiableList(Arrays.asList(signatureAlgorithm6, signatureAlgorithm5, signatureAlgorithm4));
}
private SignatureAlgorithm(String str, String str2, String str3, String str4, boolean z14, int i14, int i15) {
this.value = str;
this.description = str2;
this.familyName = str3;
this.jcaName = str4;
this.jdkStandard = z14;
this.digestLength = i14;
this.minKeyLength = i15;
}
private void assertValid(Key key, boolean z14) throws InvalidKeyException {
if (this == NONE) {
throw new InvalidKeyException("The 'NONE' signature algorithm does not support cryptographic keys.");
} else if (isHmac()) {
if (key instanceof SecretKey) {
SecretKey secretKey = (SecretKey) key;
byte[] encoded = secretKey.getEncoded();
if (encoded != null) {
String algorithm = secretKey.getAlgorithm();
if (algorithm == null) {
throw new InvalidKeyException(r0.a(d.a("The "), keyType(z14), " key's algorithm cannot be null."));
} else if (HS256.jcaName.equalsIgnoreCase(algorithm) || HS384.jcaName.equalsIgnoreCase(algorithm) || HS512.jcaName.equalsIgnoreCase(algorithm)) {
int length = encoded.length * 8;
if (length < this.minKeyLength) {
StringBuilder a14 = d.a("The ");
u0.a(a14, keyType(z14), " key's size is ", length, " bits which ");
a14.append("is not secure enough for the ");
a14.append(name());
a14.append(" algorithm. The JWT ");
a14.append("JWA Specification (RFC 7518, Section 3.2) states that keys used with ");
a14.append(name());
a14.append(" MUST have a ");
a14.append("size >= ");
a14.append(this.minKeyLength);
a14.append(" bits (the key size must be greater than or equal to the hash ");
a14.append("output size). Consider using the ");
a14.append(Keys.class.getName());
a14.append(" class's ");
a14.append("'secretKeyFor(SignatureAlgorithm.");
a14.append(name());
a14.append(")' method to create a key guaranteed to be ");
a14.append("secure enough for ");
a14.append(name());
a14.append(". See ");
a14.append("https://tools.ietf.org/html/rfc7518#section-3.2 for more information.");
throw new WeakKeyException(a14.toString());
}
} else {
StringBuilder a15 = d.a("The ");
a.a(a15, keyType(z14), " key's algorithm '", algorithm, "' does not equal a valid HmacSHA* algorithm name and cannot be used with ");
a15.append(name());
a15.append(".");
throw new InvalidKeyException(a15.toString());
}
} else {
throw new InvalidKeyException(r0.a(d.a("The "), keyType(z14), " key's encoded bytes cannot be null."));
}
} else {
StringBuilder sb4 = new StringBuilder();
sb4.append(this.familyName);
sb4.append(" ");
throw new InvalidKeyException(r0.a(sb4, keyType(z14), " keys must be SecretKey instances."));
}
} else if (z14 && !(key instanceof PrivateKey)) {
throw new InvalidKeyException(r0.a(new StringBuilder(), this.familyName, " signing keys must be PrivateKey instances."));
} else if (isEllipticCurve()) {
if (key instanceof ECKey) {
int bitLength = ((ECKey) key).getParams().getOrder().bitLength();
if (bitLength < this.minKeyLength) {
StringBuilder a16 = d.a("The ");
u0.a(a16, keyType(z14), " key's size (ECParameterSpec order) is ", bitLength, " bits which is not secure enough for the ");
a16.append(name());
a16.append(" algorithm. The JWT ");
a16.append("JWA Specification (RFC 7518, Section 3.4) states that keys used with ");
a16.append(name());
a16.append(" MUST have a size >= ");
a16.append(this.minKeyLength);
a16.append(" bits. Consider using the ");
a16.append(Keys.class.getName());
a16.append(" class's ");
a16.append("'keyPairFor(SignatureAlgorithm.");
a16.append(name());
a16.append(")' method to create a key pair guaranteed ");
a16.append("to be secure enough for ");
a16.append(name());
throw new WeakKeyException(r0.a(a16, ". See ", "https://tools.ietf.org/html/rfc7518#section-3.4 for more information."));
}
return;
}
StringBuilder sb5 = new StringBuilder();
sb5.append(this.familyName);
sb5.append(" ");
throw new InvalidKeyException(r0.a(sb5, keyType(z14), " keys must be ECKey instances."));
} else if (key instanceof RSAKey) {
int bitLength2 = ((RSAKey) key).getModulus().bitLength();
if (bitLength2 < this.minKeyLength) {
String str = name().startsWith("P") ? "3.5" : "3.3";
StringBuilder a17 = d.a("The ");
u0.a(a17, keyType(z14), " key's size is ", bitLength2, " bits which is not secure ");
a17.append("enough for the ");
a17.append(name());
a17.append(" algorithm. The JWT JWA Specification (RFC 7518, Section ");
a17.append(str);
a17.append(") states that keys used with ");
a17.append(name());
a17.append(" MUST have a size >= ");
a17.append(this.minKeyLength);
a17.append(" bits. Consider using the ");
a17.append(Keys.class.getName());
a17.append(" class's ");
a17.append("'keyPairFor(SignatureAlgorithm.");
a17.append(name());
a17.append(")' method to create a key pair guaranteed ");
a17.append("to be secure enough for ");
a17.append(name());
throw new WeakKeyException(b.a(a17, ". See ", "https://tools.ietf.org/html/rfc7518#section-", str, " for more information."));
}
} else {
StringBuilder sb6 = new StringBuilder();
sb6.append(this.familyName);
sb6.append(" ");
throw new InvalidKeyException(r0.a(sb6, keyType(z14), " keys must be RSAKey instances."));
}
}
public static SignatureAlgorithm forName(String str) throws SignatureException {
SignatureAlgorithm[] values = values();
for (SignatureAlgorithm signatureAlgorithm : values) {
if (signatureAlgorithm.getValue().equalsIgnoreCase(str)) {
return signatureAlgorithm;
}
}
throw new SignatureException(id2.d.c("Unsupported signature algorithm '", str, "'"));
}
public static SignatureAlgorithm forSigningKey(Key key) throws InvalidKeyException {
if (key != null) {
boolean z14 = key instanceof SecretKey;
if (!z14 && (!(key instanceof PrivateKey) || (!(key instanceof ECKey) && !(key instanceof RSAKey)))) {
StringBuilder a14 = d.a("JWT standard signing algorithms require either 1) a SecretKey for HMAC-SHA algorithms or 2) a private RSAKey for RSA algorithms or 3) a private ECKey for Elliptic Curve algorithms. The specified key is of type ");
a14.append(key.getClass().getName());
throw new InvalidKeyException(a14.toString());
} else if (z14) {
int length = io.jsonwebtoken.lang.Arrays.length(((SecretKey) key).getEncoded()) * 8;
for (SignatureAlgorithm signatureAlgorithm : PREFERRED_HMAC_ALGS) {
if (length >= signatureAlgorithm.minKeyLength) {
return signatureAlgorithm;
}
}
throw new WeakKeyException("The specified SecretKey is not strong enough to be used with JWT HMAC signature algorithms. The JWT specification requires HMAC keys to be >= 256 bits long. The specified key is " + length + " bits. See https://tools.ietf.org/html/rfc7518#section-3.2 for more " + "information.");
} else if (key instanceof RSAKey) {
int bitLength = ((RSAKey) key).getModulus().bitLength();
if (bitLength >= 4096) {
SignatureAlgorithm signatureAlgorithm2 = RS512;
signatureAlgorithm2.assertValidSigningKey(key);
return signatureAlgorithm2;
} else if (bitLength >= 3072) {
SignatureAlgorithm signatureAlgorithm3 = RS384;
signatureAlgorithm3.assertValidSigningKey(key);
return signatureAlgorithm3;
} else {
SignatureAlgorithm signatureAlgorithm4 = RS256;
if (bitLength >= signatureAlgorithm4.minKeyLength) {
signatureAlgorithm4.assertValidSigningKey(key);
return signatureAlgorithm4;
}
throw new WeakKeyException("The specified RSA signing key is not strong enough to be used with JWT RSA signature algorithms. The JWT specification requires RSA keys to be >= 2048 bits long. The specified RSA key is " + bitLength + " bits. See https://tools.ietf.org/html/rfc7518#section-3.3 for more " + "information.");
}
} else {
int bitLength2 = ((ECKey) key).getParams().getOrder().bitLength();
for (SignatureAlgorithm signatureAlgorithm5 : PREFERRED_EC_ALGS) {
if (bitLength2 >= signatureAlgorithm5.minKeyLength) {
signatureAlgorithm5.assertValidSigningKey(key);
return signatureAlgorithm5;
}
}
throw new WeakKeyException("The specified Elliptic Curve signing key is not strong enough to be used with JWT ECDSA signature algorithms. The JWT specification requires ECDSA keys to be >= 256 bits long. The specified ECDSA key is " + bitLength2 + " bits. See " + "https://tools.ietf.org/html/rfc7518#section-3.4 for more information.");
}
} else {
throw new InvalidKeyException("Key argument cannot be null.");
}
}
private static String keyType(boolean z14) {
return z14 ? "signing" : "verification";
}
public void assertValidSigningKey(Key key) throws InvalidKeyException {
assertValid(key, true);
}
public void assertValidVerificationKey(Key key) throws InvalidKeyException {
assertValid(key, false);
}
public String getDescription() {
return this.description;
}
public String getFamilyName() {
return this.familyName;
}
public String getJcaName() {
return this.jcaName;
}
public int getMinKeyLength() {
return this.minKeyLength;
}
public String getValue() {
return this.value;
}
public boolean isEllipticCurve() {
return this.familyName.equals("ECDSA");
}
public boolean isHmac() {
return this.familyName.equals("HMAC");
}
public boolean isJdkStandard() {
return this.jdkStandard;
}
public boolean isRsa() {
return this.familyName.equals("RSA");
}
}