package org.springframework.security.oauth2.provider.token.store.jwk;

import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonToken;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import org.apache.batik.util.SVGConstants;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.oauth2.provider.token.store.jwk.JwkDefinition;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/spring-security-oauth2-2.5.2.RELEASE.jar:org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.class */
class JwkSetConverter implements Converter<InputStream, Set<JwkDefinition>> {
    private final JsonFactory factory = new JsonFactory();

    @Override // org.springframework.core.convert.converter.Converter
    public Set<JwkDefinition> convert(InputStream inputStream) {
        AutoCloseable autoCloseable = null;
        try {
            try {
                JsonParser createParser = this.factory.createParser(inputStream);
                if (createParser.nextToken() != JsonToken.START_OBJECT) {
                    throw new JwkException("Invalid JWK Set Object.");
                }
                if (createParser.nextToken() != JsonToken.FIELD_NAME) {
                    throw new JwkException("Invalid JWK Set Object.");
                }
                if (!createParser.getCurrentName().equals("keys")) {
                    throw new JwkException("Invalid JWK Set Object. The JWK Set MUST have a keys attribute.");
                }
                if (createParser.nextToken() != JsonToken.START_ARRAY) {
                    throw new JwkException("Invalid JWK Set Object. The JWK Set MUST have an array of JWK(s).");
                }
                LinkedHashSet linkedHashSet = new LinkedHashSet();
                HashMap hashMap = new HashMap();
                while (createParser.nextToken() == JsonToken.START_OBJECT) {
                    hashMap.clear();
                    while (createParser.nextToken() == JsonToken.FIELD_NAME) {
                        String currentName = createParser.getCurrentName();
                        if (createParser.nextToken() == JsonToken.START_ARRAY) {
                            do {
                            } while (createParser.nextToken() != JsonToken.END_ARRAY);
                        } else {
                            hashMap.put(currentName, createParser.getValueAsString());
                        }
                    }
                    if (JwkDefinition.PublicKeyUse.SIG.equals(JwkDefinition.PublicKeyUse.fromValue(hashMap.get(SVGConstants.SVG_USE_TAG)))) {
                        JwkDefinition jwkDefinition = null;
                        JwkDefinition.KeyType fromValue = JwkDefinition.KeyType.fromValue(hashMap.get("kty"));
                        if (JwkDefinition.KeyType.RSA.equals(fromValue)) {
                            jwkDefinition = createRsaJwkDefinition(hashMap);
                        } else if (JwkDefinition.KeyType.EC.equals(fromValue)) {
                            jwkDefinition = createEllipticCurveJwkDefinition(hashMap);
                        }
                        if (jwkDefinition != null && !linkedHashSet.add(jwkDefinition)) {
                            throw new JwkException("Duplicate JWK found in Set: " + jwkDefinition.getKeyId() + " (kid)");
                        }
                    }
                }
                if (createParser != null) {
                    try {
                        createParser.close();
                    } catch (IOException e) {
                    }
                }
                return linkedHashSet;
            } catch (IOException e2) {
                throw new JwkException("An I/O error occurred while reading the JWK Set: " + e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    autoCloseable.close();
                } catch (IOException e3) {
                    throw th;
                }
            }
            throw th;
        }
    }

    private JwkDefinition createRsaJwkDefinition(Map<String, String> map) {
        String str = map.get("kid");
        if (!StringUtils.hasText(str)) {
            throw new JwkException("kid is a required attribute for a JWK.");
        }
        String str2 = map.get("x5t");
        JwkDefinition.PublicKeyUse fromValue = JwkDefinition.PublicKeyUse.fromValue(map.get(SVGConstants.SVG_USE_TAG));
        if (!JwkDefinition.PublicKeyUse.SIG.equals(fromValue)) {
            return null;
        }
        JwkDefinition.CryptoAlgorithm fromHeaderParamValue = JwkDefinition.CryptoAlgorithm.fromHeaderParamValue(map.get("alg"));
        if (fromHeaderParamValue != null && !JwkDefinition.CryptoAlgorithm.RS256.equals(fromHeaderParamValue) && !JwkDefinition.CryptoAlgorithm.RS384.equals(fromHeaderParamValue) && !JwkDefinition.CryptoAlgorithm.RS512.equals(fromHeaderParamValue)) {
            throw new JwkException(fromHeaderParamValue.standardName() + " (alg) is currently not supported.");
        }
        String str3 = map.get("n");
        if (!StringUtils.hasText(str3)) {
            throw new JwkException("n is a required attribute for a RSA JWK.");
        }
        String str4 = map.get("e");
        if (StringUtils.hasText(str4)) {
            return new RsaJwkDefinition(str, str2, fromValue, fromHeaderParamValue, str3, str4);
        }
        throw new JwkException("e is a required attribute for a RSA JWK.");
    }

    private JwkDefinition createEllipticCurveJwkDefinition(Map<String, String> map) {
        String str = map.get("kid");
        if (!StringUtils.hasText(str)) {
            throw new JwkException("kid is a required attribute for an EC JWK.");
        }
        String str2 = map.get("x5t");
        JwkDefinition.PublicKeyUse fromValue = JwkDefinition.PublicKeyUse.fromValue(map.get(SVGConstants.SVG_USE_TAG));
        if (!JwkDefinition.PublicKeyUse.SIG.equals(fromValue)) {
            return null;
        }
        JwkDefinition.CryptoAlgorithm fromHeaderParamValue = JwkDefinition.CryptoAlgorithm.fromHeaderParamValue(map.get("alg"));
        if (fromHeaderParamValue != null && !JwkDefinition.CryptoAlgorithm.ES256.equals(fromHeaderParamValue) && !JwkDefinition.CryptoAlgorithm.ES384.equals(fromHeaderParamValue) && !JwkDefinition.CryptoAlgorithm.ES512.equals(fromHeaderParamValue)) {
            throw new JwkException(fromHeaderParamValue.standardName() + " (alg) is currently not supported.");
        }
        String str3 = map.get("x");
        if (!StringUtils.hasText(str3)) {
            throw new JwkException("x is a required attribute for an EC JWK.");
        }
        String str4 = map.get("y");
        if (!StringUtils.hasText(str4)) {
            throw new JwkException("y is a required attribute for an EC JWK.");
        }
        String str5 = map.get("crv");
        if (StringUtils.hasText(str5)) {
            return new EllipticCurveJwkDefinition(str, str2, fromValue, fromHeaderParamValue, str3, str4, str5);
        }
        throw new JwkException("crv is a required attribute for an EC JWK.");
    }
}
