package org.xdi.oxauth.model.token;

import java.security.SignatureException;
import java.util.List;
import org.python.jline.internal.Preconditions;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.model.crypto.signature.ECDSAPrivateKey;
import org.xdi.oxauth.model.crypto.signature.RSAPrivateKey;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.exception.InvalidJwtException;
import org.xdi.oxauth.model.jwk.JSONWebKey;
import org.xdi.oxauth.model.jwk.JSONWebKeySet;
import org.xdi.oxauth.model.jws.ECDSASigner;
import org.xdi.oxauth.model.jws.HMACSigner;
import org.xdi.oxauth.model.jws.RSASigner;
import org.xdi.oxauth.model.jwt.Jwt;
import org.xdi.oxauth.model.jwt.JwtType;
import org.xdi.oxauth.model.registration.Client;
import org.xdi.oxauth.service.fido.u2f.RawRegistrationService;
import org.xdi.util.security.StringEncrypter;

/* loaded from: input_file:org/xdi/oxauth/model/token/JwtSigner.class */
public class JwtSigner {
    private final JSONWebKeySet jwks = ConfigurationFactory.instance().getWebKeys();
    private SignatureAlgorithm signatureAlgorithm;
    private String audience;
    private String hmacSharedSecret;
    private Jwt jwt;

    /* renamed from: org.xdi.oxauth.model.token.JwtSigner$1, reason: invalid class name */
    /* loaded from: input_file:org/xdi/oxauth/model/token/JwtSigner$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm = new int[SignatureAlgorithm.values().length];

        static {
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.HS256.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.HS384.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.HS512.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.RS256.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.RS384.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.RS512.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.ES256.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.ES384.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.ES512.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.NONE.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
        }
    }

    public JwtSigner(SignatureAlgorithm signatureAlgorithm, String str, String str2) {
        this.signatureAlgorithm = signatureAlgorithm;
        this.audience = str;
        this.hmacSharedSecret = str2;
    }

    public static JwtSigner newJwtSigner(Client client) throws StringEncrypter.EncryptionException {
        Preconditions.checkNotNull(client);
        SignatureAlgorithm fromName = SignatureAlgorithm.fromName(ConfigurationFactory.instance().getConfiguration().getDefaultSignatureAlgorithm());
        if (client.getIdTokenSignedResponseAlg() != null) {
            fromName = SignatureAlgorithm.fromName(client.getIdTokenSignedResponseAlg());
        }
        return new JwtSigner(fromName, client.getClientId(), client.getClientSecret());
    }

    public Jwt newJwt() {
        this.jwt = new Jwt();
        this.jwt.getHeader().setType(JwtType.JWT);
        this.jwt.getHeader().setAlgorithm(this.signatureAlgorithm);
        List keys = this.jwks.getKeys(this.signatureAlgorithm);
        if (keys.size() > 0) {
            this.jwt.getHeader().setKeyId(((JSONWebKey) keys.get(0)).getKid());
        }
        this.jwt.getClaims().setIssuer(ConfigurationFactory.instance().getConfiguration().getIssuer());
        this.jwt.getClaims().setAudience(this.audience);
        return this.jwt;
    }

    public Jwt sign() throws SignatureException, InvalidJwtException, StringEncrypter.EncryptionException {
        switch (AnonymousClass1.$SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[this.signatureAlgorithm.ordinal()]) {
            case 1:
            case 2:
            case 3:
                this.jwt = new HMACSigner(this.signatureAlgorithm, this.hmacSharedSecret).sign(this.jwt);
                break;
            case 4:
            case RawRegistrationService.REGISTRATION_RESERVED_BYTE_VALUE /* 5 */:
            case 6:
                JSONWebKey key = this.jwks.getKey(this.jwt.getHeader().getClaimAsString("kid"));
                this.jwt = new RSASigner(this.signatureAlgorithm, new RSAPrivateKey(key.getPrivateKey().getN(), key.getPrivateKey().getE())).sign(this.jwt);
                break;
            case 7:
            case 8:
            case 9:
                this.jwt = new ECDSASigner(this.signatureAlgorithm, new ECDSAPrivateKey(this.jwks.getKey(this.jwt.getHeader().getClaimAsString("kid")).getPrivateKey().getD())).sign(this.jwt);
                break;
        }
        return this.jwt;
    }

    public JSONWebKeySet getJwks() {
        return this.jwks;
    }

    public Jwt getJwt() {
        return this.jwt;
    }

    public SignatureAlgorithm getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }
}
