package io.jans.as.model.jws;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.crypto.impl.ECDSA;
import io.jans.as.model.crypto.Certificate;
import io.jans.as.model.crypto.signature.AlgorithmFamily;
import io.jans.as.model.crypto.signature.ECDSAPrivateKey;
import io.jans.as.model.crypto.signature.ECDSAPublicKey;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.util.Base64Util;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;

/* loaded from: input_file:io/jans/as/model/jws/ECDSASigner.class */
public class ECDSASigner extends AbstractJwsSigner {
    private ECDSAPrivateKey ecdsaPrivateKey;
    private ECDSAPublicKey ecdsaPublicKey;

    public ECDSASigner(SignatureAlgorithm signatureAlgorithm, ECDSAPrivateKey eCDSAPrivateKey) {
        super(signatureAlgorithm);
        this.ecdsaPrivateKey = eCDSAPrivateKey;
    }

    public ECDSASigner(SignatureAlgorithm signatureAlgorithm, ECDSAPublicKey eCDSAPublicKey) {
        super(signatureAlgorithm);
        this.ecdsaPublicKey = eCDSAPublicKey;
    }

    public ECDSASigner(SignatureAlgorithm signatureAlgorithm, Certificate certificate) {
        super(signatureAlgorithm);
        this.ecdsaPublicKey = certificate.getEcdsaPublicKey();
    }

    @Override // io.jans.as.model.jws.AbstractJwsSigner
    public String generateSignature(String str) throws SignatureException {
        if (getSignatureAlgorithm() == null) {
            throw new SignatureException("The signature algorithm is null");
        }
        if (this.ecdsaPrivateKey == null) {
            throw new SignatureException("The ECDSA private key is null");
        }
        if (str == null) {
            throw new SignatureException("The signing input is null");
        }
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance("ECDSA", "BC").generatePrivate(new ECPrivateKeySpec(this.ecdsaPrivateKey.getD(), ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName())));
            Signature signature = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
            signature.initSign(generatePrivate);
            signature.update(str.getBytes("UTF-8"));
            byte[] sign = signature.sign();
            if (AlgorithmFamily.EC.equals(getSignatureAlgorithm().getFamily())) {
                sign = ECDSA.transcodeSignatureToConcat(sign, ECDSA.getSignatureByteArrayLength(JWSAlgorithm.parse(getSignatureAlgorithm().getName())));
            }
            return Base64Util.base64urlencode(sign);
        } catch (UnsupportedEncodingException e) {
            throw new SignatureException(e);
        } catch (InvalidKeyException e2) {
            throw new SignatureException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new SignatureException(e3);
        } catch (NoSuchProviderException e4) {
            throw new SignatureException(e4);
        } catch (InvalidKeySpecException e5) {
            throw new SignatureException(e5);
        } catch (Exception e6) {
            throw new SignatureException(e6);
        }
    }

    @Override // io.jans.as.model.jws.AbstractJwsSigner
    public boolean validateSignature(String str, String str2) throws SignatureException {
        String str3;
        String str4;
        if (getSignatureAlgorithm() == null) {
            throw new SignatureException("The signature algorithm is null");
        }
        if (this.ecdsaPublicKey == null) {
            throw new SignatureException("The ECDSA public key is null");
        }
        if (str == null) {
            throw new SignatureException("The signing input is null");
        }
        switch (getSignatureAlgorithm()) {
            case ES256:
                str3 = "SHA256WITHECDSA";
                str4 = "P-256";
                break;
            case ES384:
                str3 = "SHA384WITHECDSA";
                str4 = "P-384";
                break;
            case ES512:
                str3 = "SHA512WITHECDSA";
                str4 = "P-521";
                break;
            default:
                throw new SignatureException("Unsupported signature algorithm");
        }
        try {
            byte[] base64urldecode = Base64Util.base64urldecode(str2);
            if (AlgorithmFamily.EC.equals(getSignatureAlgorithm().getFamily())) {
                base64urldecode = ECDSA.transcodeSignatureToDER(base64urldecode);
            }
            byte[] bytes = str.getBytes("UTF-8");
            ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(str4);
            PublicKey generatePublic = KeyFactory.getInstance("ECDSA", "BC").generatePublic(new ECPublicKeySpec(parameterSpec.getCurve().createPoint(this.ecdsaPublicKey.getX(), this.ecdsaPublicKey.getY()), parameterSpec));
            Signature signature = Signature.getInstance(str3, "BC");
            signature.initVerify(generatePublic);
            signature.update(bytes);
            return signature.verify(base64urldecode);
        } catch (UnsupportedEncodingException e) {
            throw new SignatureException(e);
        } catch (InvalidKeyException e2) {
            throw new SignatureException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new SignatureException(e3);
        } catch (NoSuchProviderException e4) {
            throw new SignatureException(e4);
        } catch (InvalidKeySpecException e5) {
            throw new SignatureException(e5);
        } catch (Exception e6) {
            throw new SignatureException(e6);
        }
    }
}
