package io.jsonwebtoken.security;
import b.d;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.lang.Assert;
import io.jsonwebtoken.lang.Classes;
import java.security.KeyPair;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import ln.r0;
public final class Keys {
private static final String EC = "io.jsonwebtoken.impl.crypto.EllipticCurveProvider";
private static final String MAC = "io.jsonwebtoken.impl.crypto.MacProvider";
private static final List<SignatureAlgorithm> PREFERRED_HMAC_ALGS = Collections.unmodifiableList(Arrays.asList(SignatureAlgorithm.HS512, SignatureAlgorithm.HS384, SignatureAlgorithm.HS256));
private static final String RSA = "io.jsonwebtoken.impl.crypto.RsaProvider";
private static final Class[] SIG_ARG_TYPES = {SignatureAlgorithm.class};
/* renamed from: io.jsonwebtoken.security.Keys$1 reason: invalid class name */
public static /* synthetic */ class AnonymousClass1 {
public static final /* synthetic */ int[] $SwitchMap$io$jsonwebtoken$SignatureAlgorithm;
/* JADX WARNING: Can't wrap try/catch for region: R(26:0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|26) */
/* JADX WARNING: Code restructure failed: missing block: B:27:?, code lost:
return;
*/
/* JADX WARNING: Failed to process nested try/catch */
/* JADX WARNING: Missing exception handler attribute for start block: B:11:0x003e */
/* JADX WARNING: Missing exception handler attribute for start block: B:13:0x0049 */
/* JADX WARNING: Missing exception handler attribute for start block: B:15:0x0054 */
/* JADX WARNING: Missing exception handler attribute for start block: B:17:0x0060 */
/* JADX WARNING: Missing exception handler attribute for start block: B:19:0x006c */
/* JADX WARNING: Missing exception handler attribute for start block: B:21:0x0078 */
/* JADX WARNING: Missing exception handler attribute for start block: B:23:0x0084 */
/* JADX WARNING: Missing exception handler attribute for start block: B:3:0x0012 */
/* JADX WARNING: Missing exception handler attribute for start block: B:5:0x001d */
/* JADX WARNING: Missing exception handler attribute for start block: B:7:0x0028 */
/* JADX WARNING: Missing exception handler attribute for start block: B:9:0x0033 */
static {
int[] iArr = new int[SignatureAlgorithm.values().length];
$SwitchMap$io$jsonwebtoken$SignatureAlgorithm = iArr;
iArr[SignatureAlgorithm.HS256.ordinal()] = 1;
$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.HS384.ordinal()] = 2;
$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.HS512.ordinal()] = 3;
$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.RS256.ordinal()] = 4;
$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.PS256.ordinal()] = 5;
$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.RS384.ordinal()] = 6;
$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.PS384.ordinal()] = 7;
$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.RS512.ordinal()] = 8;
$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.PS512.ordinal()] = 9;
$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.ES256.ordinal()] = 10;
$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.ES384.ordinal()] = 11;
$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.ES512.ordinal()] = 12;
}
}
private Keys() {
}
public static SecretKey hmacShaKeyFor(byte[] bArr) throws WeakKeyException {
if (bArr != null) {
int length = bArr.length * 8;
for (SignatureAlgorithm signatureAlgorithm : PREFERRED_HMAC_ALGS) {
if (length >= signatureAlgorithm.getMinKeyLength()) {
return new SecretKeySpec(bArr, signatureAlgorithm.getJcaName());
}
}
StringBuilder sb4 = new StringBuilder();
sb4.append("The specified key byte array is ");
sb4.append(length);
sb4.append(" bits which ");
sb4.append("is not secure enough for any JWT HMAC-SHA algorithm. The JWT ");
sb4.append("JWA Specification (RFC 7518, Section 3.2) states that keys used with HMAC-SHA algorithms MUST have a ");
sb4.append("size >= 256 bits (the key size must be greater than or equal to the hash ");
sb4.append("output size). Consider using the ");
sb4.append(Keys.class.getName());
sb4.append("#secretKeyFor(SignatureAlgorithm) method ");
throw new WeakKeyException(r0.a(sb4, "to create a key guaranteed to be secure enough for your preferred HMAC-SHA algorithm. See ", "https://tools.ietf.org/html/rfc7518#section-3.2 for more information."));
}
throw new InvalidKeyException("SecretKey byte array cannot be null.");
}
public static KeyPair keyPairFor(SignatureAlgorithm signatureAlgorithm) throws IllegalArgumentException {
Assert.notNull(signatureAlgorithm, "SignatureAlgorithm cannot be null.");
switch (AnonymousClass1.$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[signatureAlgorithm.ordinal()]) {
case 4:
case 5:
case 6:
case 7:
case 8:
case 9:
return (KeyPair) Classes.invokeStatic(RSA, "generateKeyPair", SIG_ARG_TYPES, signatureAlgorithm);
case 10:
case 11:
case 12:
return (KeyPair) Classes.invokeStatic(EC, "generateKeyPair", SIG_ARG_TYPES, signatureAlgorithm);
default:
StringBuilder a14 = d.a("The ");
a14.append(signatureAlgorithm.name());
a14.append(" algorithm does not support Key Pairs.");
throw new IllegalArgumentException(a14.toString());
}
}
public static SecretKey secretKeyFor(SignatureAlgorithm signatureAlgorithm) throws IllegalArgumentException {
Assert.notNull(signatureAlgorithm, "SignatureAlgorithm cannot be null.");
int i14 = AnonymousClass1.$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[signatureAlgorithm.ordinal()];
if (i14 == 1 || i14 == 2 || i14 == 3) {
return (SecretKey) Classes.invokeStatic(MAC, "generateKey", SIG_ARG_TYPES, signatureAlgorithm);
}
StringBuilder a14 = d.a("The ");
a14.append(signatureAlgorithm.name());
a14.append(" algorithm does not support shared secret keys.");
throw new IllegalArgumentException(a14.toString());
}
}