package io.jsonwebtoken.impl.security;

import androidx.fragment.app.Fragment$$ExternalSyntheticOutline0;
import androidx.work.NetworkType$EnumUnboxingLocalUtility;
import io.jsonwebtoken.impl.lang.Bytes;
import io.jsonwebtoken.impl.lang.CheckedFunction;
import io.jsonwebtoken.lang.Assert;
import io.jsonwebtoken.lang.Collections;
import io.jsonwebtoken.lang.Strings;
import io.jsonwebtoken.security.InvalidKeyException;
import io.jsonwebtoken.security.MacAlgorithm;
import io.jsonwebtoken.security.Password;
import io.jsonwebtoken.security.SecretKeyBuilder;
import io.jsonwebtoken.security.SecureRequest;
import io.jsonwebtoken.security.VerifySecureDigestRequest;
import io.jsonwebtoken.security.WeakKeyException;
import java.io.InputStream;
import java.security.Key;
import java.security.MessageDigest;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.crypto.Mac;
import javax.crypto.SecretKey;

/* loaded from: classes2.dex */
final class DefaultMacAlgorithm extends AbstractSecureDigestAlgorithm<SecretKey, SecretKey> implements MacAlgorithm {
    static final DefaultMacAlgorithm HS256;
    private static final String HS256_OID = "1.2.840.113549.2.9";
    static final DefaultMacAlgorithm HS384;
    private static final String HS384_OID = "1.2.840.113549.2.10";
    static final DefaultMacAlgorithm HS512;
    private static final String HS512_OID = "1.2.840.113549.2.11";
    private static final Map<String, DefaultMacAlgorithm> JCA_NAME_MAP;
    private static final Set<String> JWA_STANDARD_IDS = new LinkedHashSet(Collections.of("HS256", "HS384", "HS512"));
    private final int minKeyBitLength;

    static {
        DefaultMacAlgorithm defaultMacAlgorithm = new DefaultMacAlgorithm(256);
        HS256 = defaultMacAlgorithm;
        DefaultMacAlgorithm defaultMacAlgorithm2 = new DefaultMacAlgorithm(384);
        HS384 = defaultMacAlgorithm2;
        DefaultMacAlgorithm defaultMacAlgorithm3 = new DefaultMacAlgorithm(512);
        HS512 = defaultMacAlgorithm3;
        LinkedHashMap linkedHashMap = new LinkedHashMap(6);
        JCA_NAME_MAP = linkedHashMap;
        String jcaName = defaultMacAlgorithm.getJcaName();
        Locale locale = Locale.ENGLISH;
        linkedHashMap.put(jcaName.toUpperCase(locale), defaultMacAlgorithm);
        linkedHashMap.put(HS256_OID, defaultMacAlgorithm);
        linkedHashMap.put(defaultMacAlgorithm2.getJcaName().toUpperCase(locale), defaultMacAlgorithm2);
        linkedHashMap.put(HS384_OID, defaultMacAlgorithm2);
        linkedHashMap.put(defaultMacAlgorithm3.getJcaName().toUpperCase(locale), defaultMacAlgorithm3);
        linkedHashMap.put(HS512_OID, defaultMacAlgorithm3);
    }

    private DefaultMacAlgorithm(int i) {
        this(Fragment$$ExternalSyntheticOutline0.m(i, "HS"), Fragment$$ExternalSyntheticOutline0.m(i, "HmacSHA"), i);
    }

    public DefaultMacAlgorithm(String str, String str2, int i) {
        super(str, str2);
        Assert.isTrue(i > 0, "minKeyLength must be greater than zero.");
        this.minKeyBitLength = i;
    }

    private void assertAlgorithmName(SecretKey secretKey, boolean z) {
        String algorithm = secretKey.getAlgorithm();
        if (!Strings.hasText(algorithm)) {
            throw new InvalidKeyException(Fragment$$ExternalSyntheticOutline0.m(new StringBuilder("The "), AbstractSecureDigestAlgorithm.keyType(z), " key's algorithm cannot be null or empty."));
        }
        if (KeysBridge.isSunPkcs11GenericSecret(secretKey) || !isJwaStandard() || isJwaStandardJcaName(algorithm)) {
            return;
        }
        StringBuilder sb = new StringBuilder("The ");
        NetworkType$EnumUnboxingLocalUtility.m51m(sb, AbstractSecureDigestAlgorithm.keyType(z), " key's algorithm '", algorithm, "' does not equal a valid HmacSHA* algorithm name or PKCS12 OID and cannot be used with ");
        throw new InvalidKeyException(Fragment$$ExternalSyntheticOutline0.m(sb, getId(), "."));
    }

    public static DefaultMacAlgorithm findByKey(Key key) {
        String findAlgorithm = KeysBridge.findAlgorithm(key);
        if (!Strings.hasText(findAlgorithm)) {
            return null;
        }
        DefaultMacAlgorithm defaultMacAlgorithm = JCA_NAME_MAP.get(findAlgorithm.toUpperCase(Locale.ENGLISH));
        if (defaultMacAlgorithm != null && Bytes.bitLength(KeysBridge.findEncoded(key)) >= defaultMacAlgorithm.getKeyBitLength()) {
            return defaultMacAlgorithm;
        }
        return null;
    }

    private boolean isJwaStandard() {
        return JWA_STANDARD_IDS.contains(getId());
    }

    private static boolean isJwaStandardJcaName(String str) {
        return JCA_NAME_MAP.containsKey(str.toUpperCase(Locale.ENGLISH));
    }

    @Override // io.jsonwebtoken.impl.security.AbstractSecureDigestAlgorithm
    public byte[] doDigest(final SecureRequest<InputStream, SecretKey> secureRequest) {
        return (byte[]) jca(secureRequest).withMac(new CheckedFunction<Mac, byte[]>() { // from class: io.jsonwebtoken.impl.security.DefaultMacAlgorithm.1
            /* JADX WARN: Multi-variable type inference failed */
            @Override // io.jsonwebtoken.impl.lang.CheckedFunction
            public byte[] apply(Mac mac) throws Exception {
                mac.init(secureRequest.getKey());
                InputStream inputStream = (InputStream) secureRequest.getPayload();
                byte[] bArr = new byte[1024];
                int i = 0;
                while (i != -1) {
                    i = inputStream.read(bArr);
                    if (i > 0) {
                        mac.update(bArr, 0, i);
                    }
                }
                return mac.doFinal();
            }
        });
    }

    @Override // io.jsonwebtoken.impl.security.AbstractSecureDigestAlgorithm
    public boolean doVerify(VerifySecureDigestRequest<SecretKey> verifySecureDigestRequest) {
        byte[] digest = verifySecureDigestRequest.getDigest();
        Assert.notEmpty(digest, "Request signature byte array cannot be null or empty.");
        return MessageDigest.isEqual(digest, digest((SecureRequest) verifySecureDigestRequest));
    }

    @Override // io.jsonwebtoken.security.KeyLengthSupplier
    public int getKeyBitLength() {
        return this.minKeyBitLength;
    }

    @Override // io.jsonwebtoken.security.KeyBuilderSupplier
    public SecretKeyBuilder key() {
        return new DefaultSecretKeyBuilder(getJcaName(), getKeyBitLength());
    }

    @Override // io.jsonwebtoken.impl.security.AbstractSecureDigestAlgorithm
    public void validateKey(Key key, boolean z) {
        String m;
        String keyType = AbstractSecureDigestAlgorithm.keyType(z);
        if (key == null) {
            throw new IllegalArgumentException(Fragment$$ExternalSyntheticOutline0.m("MAC ", keyType, " key cannot be null."));
        }
        if (!(key instanceof SecretKey)) {
            StringBuilder m26m = Fragment$$ExternalSyntheticOutline0.m26m("MAC ", keyType, " keys must be SecretKey instances.  Specified key is of type ");
            m26m.append(key.getClass().getName());
            throw new InvalidKeyException(m26m.toString());
        }
        if (key instanceof Password) {
            throw new InvalidKeyException("Passwords are intended for use with key derivation algorithms only.");
        }
        SecretKey secretKey = (SecretKey) key;
        String id = getId();
        assertAlgorithmName(secretKey, z);
        int findBitLength = KeysBridge.findBitLength(secretKey);
        if (findBitLength >= 0 && findBitLength < this.minKeyBitLength) {
            StringBuilder sb = new StringBuilder("The ");
            sb.append(keyType);
            sb.append(" key's size is ");
            sb.append(findBitLength);
            sb.append(" bits which is not secure enough for the ");
            String m2 = Fragment$$ExternalSyntheticOutline0.m(sb, id, " algorithm.");
            if (isJwaStandard() && isJwaStandardJcaName(getJcaName())) {
                StringBuilder sb2 = new StringBuilder();
                sb2.append(m2);
                sb2.append(" The JWT JWA Specification (RFC 7518, Section 3.2) states that keys used with ");
                sb2.append(id);
                sb2.append(" MUST have a size >= ");
                sb2.append(this.minKeyBitLength);
                sb2.append(" bits (the key size must be greater than or equal to the hash output size). Consider using the Jwts.SIG.");
                sb2.append(id);
                sb2.append(".key() builder to create a key guaranteed to be secure enough for ");
                m = Fragment$$ExternalSyntheticOutline0.m(sb2, id, ".  See https://tools.ietf.org/html/rfc7518#section-3.2 for more information.");
            } else {
                StringBuilder sb3 = new StringBuilder();
                sb3.append(m2);
                sb3.append(" The ");
                sb3.append(id);
                sb3.append(" algorithm requires keys to have a size >= ");
                m = Fragment$$ExternalSyntheticOutline0.m(sb3, this.minKeyBitLength, " bits.");
            }
            throw new WeakKeyException(m);
        }
    }
}
