package io.jans.as.model.jws;

import io.jans.as.model.crypto.Certificate;
import io.jans.as.model.crypto.signature.RSAPrivateKey;
import io.jans.as.model.crypto.signature.RSAPublicKey;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.util.Base64Util;
import io.jans.util.security.SecurityProviderUtility;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;

/* loaded from: input_file:io/jans/as/model/jws/RSASigner.class */
public class RSASigner extends AbstractJwsSigner {
    private RSAPrivateKey rsaPrivateKey;
    private RSAPublicKey rsaPublicKey;

    public RSASigner(SignatureAlgorithm signatureAlgorithm, RSAPrivateKey rSAPrivateKey) {
        super(signatureAlgorithm);
        this.rsaPrivateKey = rSAPrivateKey;
    }

    public RSASigner(SignatureAlgorithm signatureAlgorithm, RSAPublicKey rSAPublicKey) {
        super(signatureAlgorithm);
        this.rsaPublicKey = rSAPublicKey;
    }

    public RSASigner(SignatureAlgorithm signatureAlgorithm, Certificate certificate) {
        super(signatureAlgorithm);
        this.rsaPublicKey = certificate.getRsaPublicKey();
    }

    @Override // io.jans.as.model.jws.AbstractJwsSigner
    public String generateSignature(String str) throws SignatureException {
        if (getSignatureAlgorithm() == null) {
            throw new SignatureException("The signature algorithm is null");
        }
        if (this.rsaPrivateKey == null) {
            throw new SignatureException("The RSA private key is null");
        }
        if (str == null) {
            throw new SignatureException("The signing input is null");
        }
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance("RSA", SecurityProviderUtility.getBCProvider()).generatePrivate(new RSAPrivateKeySpec(this.rsaPrivateKey.getModulus(), this.rsaPrivateKey.getPrivateExponent()));
            Signature signature = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), SecurityProviderUtility.getBCProvider());
            signature.initSign(generatePrivate);
            signature.update(str.getBytes(StandardCharsets.UTF_8));
            return Base64Util.base64urlencode(signature.sign());
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }

    @Override // io.jans.as.model.jws.AbstractJwsSigner
    public boolean validateSignature(String str, String str2) throws SignatureException {
        if (getSignatureAlgorithm() == null) {
            throw new SignatureException("The signature algorithm is null");
        }
        if (this.rsaPublicKey == null) {
            throw new SignatureException("The RSA public key is null");
        }
        if (str == null) {
            throw new SignatureException("The signing input is null");
        }
        try {
            byte[] base64urldecode = Base64Util.base64urldecode(str2);
            byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
            PublicKey generatePublic = KeyFactory.getInstance("RSA", SecurityProviderUtility.getBCProvider()).generatePublic(new RSAPublicKeySpec(this.rsaPublicKey.getModulus(), this.rsaPublicKey.getPublicExponent()));
            Signature signature = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), SecurityProviderUtility.getBCProvider());
            signature.initVerify(generatePublic);
            signature.update(bytes);
            return signature.verify(base64urldecode);
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }
}
