package com.nimbusds.oauth2.sdk.dpop.verifiers;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.KeySourceException;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.oauth2.sdk.util.CollectionUtils;
import java.security.Key;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:META-INF/lib/oauth2-oidc-sdk-10.7.1.jar:com/nimbusds/oauth2/sdk/dpop/verifiers/DPoPKeySelector.class */
class DPoPKeySelector implements JWSKeySelector<DPoPProofContext> {
    private final Set<JWSAlgorithm> acceptedJWSAlgs;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DPoPKeySelector(Set<JWSAlgorithm> set) {
        if (CollectionUtils.isEmpty(set)) {
            throw new IllegalArgumentException();
        }
        this.acceptedJWSAlgs = set;
    }

    @Override // com.nimbusds.jose.proc.JWSKeySelector
    public List<Key> selectJWSKeys(JWSHeader jWSHeader, DPoPProofContext dPoPProofContext) throws KeySourceException {
        JWSAlgorithm algorithm = jWSHeader.getAlgorithm();
        if (!this.acceptedJWSAlgs.contains(algorithm)) {
            throw new KeySourceException("JWS header algorithm not accepted: " + algorithm);
        }
        JWK jwk = jWSHeader.getJWK();
        if (jwk == null) {
            throw new KeySourceException("Missing JWS jwk header parameter");
        }
        LinkedList linkedList = new LinkedList();
        if (JWSAlgorithm.Family.RSA.contains(algorithm) && (jwk instanceof RSAKey)) {
            try {
                linkedList.add(((RSAKey) jwk).toRSAPublicKey());
            } catch (JOSEException e) {
                throw new KeySourceException("Invalid RSA JWK: " + e.getMessage(), e);
            }
        } else {
            if (!JWSAlgorithm.Family.EC.contains(algorithm) || !(jwk instanceof ECKey)) {
                throw new KeySourceException("JWS header alg / jwk mismatch: alg=" + algorithm + " jwk.kty=" + jwk.getKeyType());
            }
            try {
                linkedList.add(((ECKey) jwk).toECPublicKey());
            } catch (JOSEException e2) {
                throw new KeySourceException("Invalid EC JWK: " + e2.getMessage(), e2);
            }
        }
        return linkedList;
    }
}
