package io.jsonwebtoken.security; import b.d; import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.lang.Assert; import io.jsonwebtoken.lang.Classes; import java.security.KeyPair; import java.util.Arrays; import java.util.Collections; import java.util.List; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import ln.r0; public final class Keys { private static final String EC = "io.jsonwebtoken.impl.crypto.EllipticCurveProvider"; private static final String MAC = "io.jsonwebtoken.impl.crypto.MacProvider"; private static final List<SignatureAlgorithm> PREFERRED_HMAC_ALGS = Collections.unmodifiableList(Arrays.asList(SignatureAlgorithm.HS512, SignatureAlgorithm.HS384, SignatureAlgorithm.HS256)); private static final String RSA = "io.jsonwebtoken.impl.crypto.RsaProvider"; private static final Class[] SIG_ARG_TYPES = {SignatureAlgorithm.class}; /* renamed from: io.jsonwebtoken.security.Keys$1 reason: invalid class name */ public static /* synthetic */ class AnonymousClass1 { public static final /* synthetic */ int[] $SwitchMap$io$jsonwebtoken$SignatureAlgorithm; /* JADX WARNING: Can't wrap try/catch for region: R(26:0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|26) */ /* JADX WARNING: Code restructure failed: missing block: B:27:?, code lost: return; */ /* JADX WARNING: Failed to process nested try/catch */ /* JADX WARNING: Missing exception handler attribute for start block: B:11:0x003e */ /* JADX WARNING: Missing exception handler attribute for start block: B:13:0x0049 */ /* JADX WARNING: Missing exception handler attribute for start block: B:15:0x0054 */ /* JADX WARNING: Missing exception handler attribute for start block: B:17:0x0060 */ /* JADX WARNING: Missing exception handler attribute for start block: B:19:0x006c */ /* JADX WARNING: Missing exception handler attribute for start block: B:21:0x0078 */ /* JADX WARNING: Missing exception handler attribute for start block: B:23:0x0084 */ /* JADX WARNING: Missing exception handler attribute for start block: B:3:0x0012 */ /* JADX WARNING: Missing exception handler attribute for start block: B:5:0x001d */ /* JADX WARNING: Missing exception handler attribute for start block: B:7:0x0028 */ /* JADX WARNING: Missing exception handler attribute for start block: B:9:0x0033 */ static { int[] iArr = new int[SignatureAlgorithm.values().length]; $SwitchMap$io$jsonwebtoken$SignatureAlgorithm = iArr; iArr[SignatureAlgorithm.HS256.ordinal()] = 1; $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.HS384.ordinal()] = 2; $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.HS512.ordinal()] = 3; $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.RS256.ordinal()] = 4; $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.PS256.ordinal()] = 5; $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.RS384.ordinal()] = 6; $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.PS384.ordinal()] = 7; $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.RS512.ordinal()] = 8; $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.PS512.ordinal()] = 9; $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.ES256.ordinal()] = 10; $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.ES384.ordinal()] = 11; $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.ES512.ordinal()] = 12; } } private Keys() { } public static SecretKey hmacShaKeyFor(byte[] bArr) throws WeakKeyException { if (bArr != null) { int length = bArr.length * 8; for (SignatureAlgorithm signatureAlgorithm : PREFERRED_HMAC_ALGS) { if (length >= signatureAlgorithm.getMinKeyLength()) { return new SecretKeySpec(bArr, signatureAlgorithm.getJcaName()); } } StringBuilder sb4 = new StringBuilder(); sb4.append("The specified key byte array is "); sb4.append(length); sb4.append(" bits which "); sb4.append("is not secure enough for any JWT HMAC-SHA algorithm. The JWT "); sb4.append("JWA Specification (RFC 7518, Section 3.2) states that keys used with HMAC-SHA algorithms MUST have a "); sb4.append("size >= 256 bits (the key size must be greater than or equal to the hash "); sb4.append("output size). Consider using the "); sb4.append(Keys.class.getName()); sb4.append("#secretKeyFor(SignatureAlgorithm) method "); throw new WeakKeyException(r0.a(sb4, "to create a key guaranteed to be secure enough for your preferred HMAC-SHA algorithm. See ", "https://tools.ietf.org/html/rfc7518#section-3.2 for more information.")); } throw new InvalidKeyException("SecretKey byte array cannot be null."); } public static KeyPair keyPairFor(SignatureAlgorithm signatureAlgorithm) throws IllegalArgumentException { Assert.notNull(signatureAlgorithm, "SignatureAlgorithm cannot be null."); switch (AnonymousClass1.$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[signatureAlgorithm.ordinal()]) { case 4: case 5: case 6: case 7: case 8: case 9: return (KeyPair) Classes.invokeStatic(RSA, "generateKeyPair", SIG_ARG_TYPES, signatureAlgorithm); case 10: case 11: case 12: return (KeyPair) Classes.invokeStatic(EC, "generateKeyPair", SIG_ARG_TYPES, signatureAlgorithm); default: StringBuilder a14 = d.a("The "); a14.append(signatureAlgorithm.name()); a14.append(" algorithm does not support Key Pairs."); throw new IllegalArgumentException(a14.toString()); } } public static SecretKey secretKeyFor(SignatureAlgorithm signatureAlgorithm) throws IllegalArgumentException { Assert.notNull(signatureAlgorithm, "SignatureAlgorithm cannot be null."); int i14 = AnonymousClass1.$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[signatureAlgorithm.ordinal()]; if (i14 == 1 || i14 == 2 || i14 == 3) { return (SecretKey) Classes.invokeStatic(MAC, "generateKey", SIG_ARG_TYPES, signatureAlgorithm); } StringBuilder a14 = d.a("The "); a14.append(signatureAlgorithm.name()); a14.append(" algorithm does not support shared secret keys."); throw new IllegalArgumentException(a14.toString()); } }