package net.shibboleth.oidc.security.impl;

import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Iterator;
import javax.annotation.Nonnull;
import net.shibboleth.oidc.security.credential.JWKCredential;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.UsageType;

/* loaded from: input_file:net/shibboleth/oidc/security/impl/CredentialConversionUtil.class */
public final class CredentialConversionUtil {
    private CredentialConversionUtil() {
    }

    public static String resolveKid(@Nonnull Credential credential) {
        if (credential.getKeyNames() != null) {
            Iterator it = credential.getKeyNames().iterator();
            if (it.hasNext()) {
                return (String) it.next();
            }
        }
        if (credential instanceof JWKCredential) {
            return ((JWKCredential) credential).getKid();
        }
        return null;
    }

    public static KeyUse resolveKeyUse(Credential credential) {
        if (credential == null || credential.getUsageType() == null) {
            return null;
        }
        if (credential.getUsageType().equals(UsageType.SIGNING)) {
            return KeyUse.SIGNATURE;
        }
        if (credential.getUsageType().equals(UsageType.ENCRYPTION)) {
            return KeyUse.ENCRYPTION;
        }
        return null;
    }

    public static JWK credentialToKey(Credential credential) {
        if (credential == null || credential.getPublicKey() == null) {
            return null;
        }
        String algorithm = credential.getPublicKey().getAlgorithm();
        if ("RSA".equals(algorithm)) {
            return new RSAKey.Builder((RSAPublicKey) credential.getPublicKey()).keyUse(resolveKeyUse(credential)).keyID(resolveKid(credential)).build();
        }
        if ("EC".equals(algorithm)) {
            return new ECKey.Builder(Curve.forECParameterSpec(((ECPublicKey) credential.getPublicKey()).getParams()), (ECPublicKey) credential.getPublicKey()).keyUse(resolveKeyUse(credential)).keyID(resolveKid(credential)).build();
        }
        return null;
    }

    public static UsageType getUsageType(@Nonnull JWK jwk) {
        return KeyUse.ENCRYPTION.equals(jwk.getKeyUse()) ? UsageType.ENCRYPTION : KeyUse.SIGNATURE.equals(jwk.getKeyUse()) ? UsageType.SIGNING : UsageType.UNSPECIFIED;
    }
}
