// // Decompiled by Procyon v0.6.0 // package com.google.crypto.tink.jwt; import com.google.crypto.tink.subtle.Base64; import java.security.GeneralSecurityException; import java.nio.ByteBuffer; import com.google.errorprone.annotations.CanIgnoreReturnValue; import com.google.crypto.tink.Parameters; import com.google.crypto.tink.Key; import javax.annotation.Nullable; import com.google.crypto.tink.AccessesPartialKey; import com.google.errorprone.annotations.RestrictedApi; import java.util.Optional; import com.google.crypto.tink.util.SecretBytes; public final class JwtHmacKey extends JwtMacKey { private final JwtHmacParameters parameters; private final SecretBytes key; private final Optional idRequirement; private final Optional kid; @RestrictedApi(explanation = "Accessing parts of keys can produce unexpected incompatibilities, annotate the function with @AccessesPartialKey", link = "https://developers.google.com/tink/design/access_control#accessing_partial_keys", allowedOnPath = ".*Test\\.java", allowlistAnnotations = { AccessesPartialKey.class }) public static Builder builder() { return new Builder(); } private JwtHmacKey(final JwtHmacParameters parameters, final SecretBytes key, final Optional idRequirement, final Optional kid) { this.parameters = parameters; this.key = key; this.idRequirement = idRequirement; this.kid = kid; } @RestrictedApi(explanation = "Accessing parts of keys can produce unexpected incompatibilities, annotate the function with @AccessesPartialKey", link = "https://developers.google.com/tink/design/access_control#accessing_partial_keys", allowedOnPath = ".*Test\\.java", allowlistAnnotations = { AccessesPartialKey.class }) public SecretBytes getKeyBytes() { return this.key; } @Override public Optional getKid() { return this.kid; } @Nullable @Override public Integer getIdRequirementOrNull() { return this.idRequirement.orElse(null); } @Override public JwtHmacParameters getParameters() { return this.parameters; } @Override public boolean equalsKey(final Key o) { if (!(o instanceof JwtHmacKey)) { return false; } final JwtHmacKey that = (JwtHmacKey)o; return that.parameters.equals(this.parameters) && that.key.equalsSecretBytes(this.key) && that.kid.equals(this.kid) && that.idRequirement.equals(this.idRequirement); } public static class Builder { private Optional parameters; private Optional keyBytes; private Optional idRequirement; private Optional customKid; private Builder() { this.parameters = Optional.empty(); this.keyBytes = Optional.empty(); this.idRequirement = Optional.empty(); this.customKid = Optional.empty(); } @CanIgnoreReturnValue public Builder setParameters(final JwtHmacParameters parameters) { this.parameters = Optional.of(parameters); return this; } @CanIgnoreReturnValue public Builder setKeyBytes(final SecretBytes keyBytes) { this.keyBytes = Optional.of(keyBytes); return this; } @CanIgnoreReturnValue public Builder setIdRequirement(final int idRequirement) { this.idRequirement = Optional.of(idRequirement); return this; } @CanIgnoreReturnValue public Builder setCustomKid(final String customKid) { this.customKid = Optional.of(customKid); return this; } private Optional computeKid() throws GeneralSecurityException { if (this.parameters.get().getKidStrategy().equals(JwtHmacParameters.KidStrategy.BASE64_ENCODED_KEY_ID)) { final byte[] bigEndianKeyId = ByteBuffer.allocate(4).putInt(this.idRequirement.get()).array(); if (this.customKid.isPresent()) { throw new GeneralSecurityException("customKid must not be set for KidStrategy BASE64_ENCODED_KEY_ID"); } return Optional.of(Base64.urlSafeEncode(bigEndianKeyId)); } else if (this.parameters.get().getKidStrategy().equals(JwtHmacParameters.KidStrategy.CUSTOM)) { if (!this.customKid.isPresent()) { throw new GeneralSecurityException("customKid needs to be set for KidStrategy CUSTOM"); } return this.customKid; } else { if (!this.parameters.get().getKidStrategy().equals(JwtHmacParameters.KidStrategy.IGNORED)) { throw new IllegalStateException("Unknown kid strategy"); } if (this.customKid.isPresent()) { throw new GeneralSecurityException("customKid must not be set for KidStrategy IGNORED"); } return Optional.empty(); } } public JwtHmacKey build() throws GeneralSecurityException { if (!this.parameters.isPresent()) { throw new GeneralSecurityException("Parameters are required"); } if (!this.keyBytes.isPresent()) { throw new GeneralSecurityException("KeyBytes are required"); } if (this.parameters.get().getKeySizeBytes() != this.keyBytes.get().size()) { throw new GeneralSecurityException("Key size mismatch"); } if (this.parameters.get().hasIdRequirement() && !this.idRequirement.isPresent()) { throw new GeneralSecurityException("Cannot create key without ID requirement with parameters with ID requirement"); } if (!this.parameters.get().hasIdRequirement() && this.idRequirement.isPresent()) { throw new GeneralSecurityException("Cannot create key with ID requirement with parameters without ID requirement"); } return new JwtHmacKey(this.parameters.get(), this.keyBytes.get(), this.idRequirement, this.computeKid(), null); } } }