package io.jsonwebtoken.impl.security;

import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.impl.lang.Bytes;
import io.jsonwebtoken.impl.lang.RequiredParameterReader;
import io.jsonwebtoken.io.Encoders;
import io.jsonwebtoken.lang.Assert;
import io.jsonwebtoken.lang.Strings;
import io.jsonwebtoken.security.InvalidKeyException;
import io.jsonwebtoken.security.MacAlgorithm;
import io.jsonwebtoken.security.MalformedKeyException;
import io.jsonwebtoken.security.SecretJwk;
import io.jsonwebtoken.security.SecureDigestAlgorithm;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/jsonwebtoken/impl/security/SecretJwkFactory.class */
public class SecretJwkFactory extends AbstractFamilyJwkFactory<SecretKey, SecretJwk> {
    /* JADX INFO: Access modifiers changed from: package-private */
    public SecretJwkFactory() {
        super("oct", SecretKey.class, DefaultSecretJwk.PARAMS);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.jsonwebtoken.impl.security.AbstractFamilyJwkFactory
    /* renamed from: createJwkFromKey, reason: avoid collision after fix types in other method and merged with bridge method [inline-methods] */
    public SecretJwk mo128createJwkFromKey(JwkContext<SecretKey> jwkContext) {
        try {
            String str = (String) Encoders.BASE64URL.encode(KeysBridge.getEncoded((SecretKey) Assert.notNull(jwkContext.getKey(), "JwkContext key cannot be null.")));
            Assert.hasText(str, "k value cannot be null or empty.");
            jwkContext.put(DefaultSecretJwk.K.getId(), str);
            return new DefaultSecretJwk(jwkContext);
        } catch (Throwable th) {
            throw new InvalidKeyException("Unable to encode SecretKey to JWK: " + th.getMessage(), th);
        }
    }

    private static void assertKeyBitLength(byte[] bArr, MacAlgorithm macAlgorithm) {
        long bitLength = Bytes.bitLength(bArr);
        long keyBitLength = macAlgorithm.getKeyBitLength();
        if (bitLength != keyBitLength) {
            throw new MalformedKeyException("Secret JWK " + AbstractJwk.ALG + " value is '" + macAlgorithm.getId() + "', but the " + DefaultSecretJwk.K + " length does not equal the '" + macAlgorithm.getId() + "' length requirement of " + Bytes.bitsMsg(keyBitLength) + ". This discrepancy could be the result of an algorithm substitution attack or simply an erroneously constructed JWK. In either case, it is likely to result in unexpected or undesired security consequences.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.jsonwebtoken.impl.security.AbstractFamilyJwkFactory
    /* renamed from: createJwkFromValues, reason: avoid collision after fix types in other method and merged with bridge method [inline-methods] */
    public SecretJwk mo127createJwkFromValues(JwkContext<SecretKey> jwkContext) {
        byte[] bArr = (byte[]) new RequiredParameterReader(jwkContext).get(DefaultSecretJwk.K);
        String str = null;
        String algorithm = jwkContext.getAlgorithm();
        if (Strings.hasText(algorithm)) {
            MacAlgorithm macAlgorithm = (SecureDigestAlgorithm) Jwts.SIG.get().get(algorithm);
            if (macAlgorithm instanceof MacAlgorithm) {
                str = ((CryptoAlgorithm) macAlgorithm).getJcaName();
                Assert.hasText(str, "Algorithm jcaName cannot be null or empty.");
                assertKeyBitLength(bArr, macAlgorithm);
            }
        }
        if (!Strings.hasText(str)) {
            str = jwkContext.isSigUse() ? "HmacSHA" + Bytes.bitLength(bArr) : "AES";
        }
        Assert.stateNotNull(str, "jcaName cannot be null (invariant)");
        jwkContext.setKey(new SecretKeySpec(bArr, str));
        return new DefaultSecretJwk(jwkContext);
    }
}
