package io.jans.as.model.jws;

import io.jans.as.model.crypto.Certificate;
import io.jans.as.model.crypto.signature.AlgorithmFamily;
import io.jans.as.model.crypto.signature.EDDSAPrivateKey;
import io.jans.as.model.crypto.signature.EDDSAPublicKey;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.util.Base64Util;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPublicKey;

/* loaded from: input_file:io/jans/as/model/jws/EDDSASigner.class */
public class EDDSASigner extends AbstractJwsSigner {
    private EDDSAPrivateKey eddsaPrivateKey;
    private EDDSAPublicKey eddsaPublicKey;

    public EDDSASigner(SignatureAlgorithm signatureAlgorithm, EDDSAPrivateKey eDDSAPrivateKey) {
        super(signatureAlgorithm);
        this.eddsaPrivateKey = eDDSAPrivateKey;
    }

    public EDDSASigner(SignatureAlgorithm signatureAlgorithm, EDDSAPublicKey eDDSAPublicKey) {
        super(signatureAlgorithm);
        this.eddsaPublicKey = eDDSAPublicKey;
    }

    public EDDSASigner(SignatureAlgorithm signatureAlgorithm, Certificate certificate) {
        super(signatureAlgorithm);
        this.eddsaPublicKey = certificate.getEddsaPublicKey();
    }

    @Override // io.jans.as.model.jws.AbstractJwsSigner
    public String generateSignature(String str) throws SignatureException {
        SignatureAlgorithm signatureAlgorithm = getSignatureAlgorithm();
        if (signatureAlgorithm == null) {
            throw new SignatureException("The signature algorithm is null");
        }
        if (!signatureAlgorithm.getFamily().equals(AlgorithmFamily.ED)) {
            throw new SignatureException(String.format("Wrong value of the signature algorithm: %s", signatureAlgorithm.getFamily().toString()));
        }
        if (this.eddsaPrivateKey == null) {
            throw new SignatureException("The EDDSA private key is null");
        }
        if (str == null) {
            throw new SignatureException("The signing input is null");
        }
        try {
            PrivateKey privateKey = (BCEdDSAPrivateKey) KeyFactory.getInstance(signatureAlgorithm.getName()).generatePrivate(this.eddsaPrivateKey.getPrivateKeySpec());
            Signature signature = Signature.getInstance(signatureAlgorithm.getName(), "BC");
            signature.initSign(privateKey);
            signature.update(str.getBytes());
            return Base64Util.base64urlencode(signature.sign());
        } catch (IllegalArgumentException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            throw new SignatureException(e);
        }
    }

    @Override // io.jans.as.model.jws.AbstractJwsSigner
    public boolean validateSignature(String str, String str2) throws SignatureException {
        SignatureAlgorithm signatureAlgorithm = getSignatureAlgorithm();
        if (signatureAlgorithm == null) {
            throw new SignatureException("The signature algorithm is null");
        }
        if (!signatureAlgorithm.getFamily().equals(AlgorithmFamily.ED)) {
            throw new SignatureException(String.format("Wrong value of the signature algorithm: %s", signatureAlgorithm.getFamily().toString()));
        }
        if (this.eddsaPublicKey == null) {
            throw new SignatureException("The EDDSA public key is null");
        }
        if (str == null) {
            throw new SignatureException("The signing input is null");
        }
        try {
            PublicKey publicKey = (BCEdDSAPublicKey) KeyFactory.getInstance(signatureAlgorithm.getName()).generatePublic(this.eddsaPublicKey.getPublicKeySpec());
            Signature signature = Signature.getInstance(signatureAlgorithm.getName(), "BC");
            signature.initVerify(publicKey);
            signature.update(str.getBytes());
            return signature.verify(Base64Util.base64urldecode(str2));
        } catch (IllegalArgumentException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            throw new SignatureException(e);
        }
    }
}
