package com.nimbusds.oauth2.sdk.assertions.jwt;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.auth.Secret;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:oxygen-ai-positron-enterprise-addon-2.1.0/lib/oauth2-oidc-sdk-11.9.1.jar:com/nimbusds/oauth2/sdk/assertions/jwt/JWTAssertionFactory.class */
public class JWTAssertionFactory {
    public static Set<JWSAlgorithm> supportedJWAs() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(JWSAlgorithm.Family.HMAC_SHA);
        hashSet.addAll(JWSAlgorithm.Family.RSA);
        hashSet.addAll(JWSAlgorithm.Family.EC);
        return Collections.unmodifiableSet(hashSet);
    }

    public static SignedJWT create(JWTAssertionDetails jWTAssertionDetails, JWSAlgorithm jWSAlgorithm, Secret secret) throws JOSEException {
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(jWSAlgorithm), jWTAssertionDetails.toJWTClaimsSet());
        signedJWT.sign(new MACSigner(secret.getValueBytes()));
        return signedJWT;
    }

    public static SignedJWT create(JWTAssertionDetails jWTAssertionDetails, JWSAlgorithm jWSAlgorithm, PrivateKey privateKey, String str, List<Base64> list, Base64URL base64URL, Provider provider) throws JOSEException {
        JWSSigner eCDSASigner;
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(jWSAlgorithm).keyID(str).x509CertChain(list).x509CertSHA256Thumbprint(base64URL).build(), jWTAssertionDetails.toJWTClaimsSet());
        if (RSASSASigner.SUPPORTED_ALGORITHMS.contains(jWSAlgorithm)) {
            eCDSASigner = new RSASSASigner(privateKey);
        } else {
            if (!ECDSASigner.SUPPORTED_ALGORITHMS.contains(jWSAlgorithm)) {
                throw new JOSEException("Unsupported JWS algorithm: " + jWSAlgorithm);
            }
            Set<Curve> forJWSAlgorithm = Curve.forJWSAlgorithm(jWSAlgorithm);
            if (forJWSAlgorithm.size() != 1) {
                throw new JOSEException("Couldn't determine curve for JWS algorithm: " + jWSAlgorithm);
            }
            eCDSASigner = new ECDSASigner(privateKey, forJWSAlgorithm.iterator().next());
        }
        if (provider != null) {
            eCDSASigner.getJCAContext().setProvider(provider);
        }
        signedJWT.sign(eCDSASigner);
        return signedJWT;
    }

    @Deprecated
    public static SignedJWT create(JWTAssertionDetails jWTAssertionDetails, JWSAlgorithm jWSAlgorithm, RSAPrivateKey rSAPrivateKey, String str, Provider provider) throws JOSEException {
        return create(jWTAssertionDetails, jWSAlgorithm, rSAPrivateKey, str, null, null, provider);
    }

    @Deprecated
    public static SignedJWT create(JWTAssertionDetails jWTAssertionDetails, JWSAlgorithm jWSAlgorithm, ECPrivateKey eCPrivateKey, String str, Provider provider) throws JOSEException {
        return create(jWTAssertionDetails, jWSAlgorithm, eCPrivateKey, str, null, null, provider);
    }

    private JWTAssertionFactory() {
    }
}
