package org.keycloak.saml.processing.core.saml.v2.util;

import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import javax.xml.bind.JAXBException;
import org.keycloak.dom.xmlsec.w3.xmldsig.DSAKeyValueType;
import org.keycloak.dom.xmlsec.w3.xmldsig.KeyValueType;
import org.keycloak.dom.xmlsec.w3.xmldsig.RSAKeyValueType;
import org.keycloak.dom.xmlsec.w3.xmldsig.SignatureType;
import org.keycloak.saml.common.PicketLinkLogger;
import org.keycloak.saml.common.PicketLinkLoggerFactory;
import org.keycloak.saml.common.constants.GeneralConstants;
import org.keycloak.saml.common.constants.JBossSAMLConstants;
import org.keycloak.saml.common.util.Base64;
import org.keycloak.saml.processing.core.constants.PicketLinkFederationConstants;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/keycloak/saml/processing/core/saml/v2/util/SignatureUtil.class */
public class SignatureUtil {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();

    public static void marshall(SignatureType signatureType, OutputStream outputStream) throws JAXBException, SAXException {
        throw logger.notImplementedYet("NYI");
    }

    public static String getXMLSignatureAlgorithmURI(String str) {
        String str2 = null;
        if ("DSA".equalsIgnoreCase(str)) {
            str2 = JBossSAMLConstants.SIGNATURE_SHA1_WITH_DSA.get();
        } else if ("RSA".equalsIgnoreCase(str)) {
            str2 = JBossSAMLConstants.SIGNATURE_SHA1_WITH_RSA.get();
        }
        return str2;
    }

    public static byte[] sign(String str, PrivateKey privateKey) throws GeneralSecurityException {
        if (str == null) {
            throw logger.nullArgumentError("stringToBeSigned");
        }
        if (privateKey == null) {
            throw logger.nullArgumentError("signingKey");
        }
        Signature signature = getSignature(privateKey.getAlgorithm());
        signature.initSign(privateKey);
        signature.update(str.getBytes(GeneralConstants.SAML_CHARSET));
        return signature.sign();
    }

    public static boolean validate(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws GeneralSecurityException {
        if (bArr == null) {
            throw logger.nullArgumentError("signedContent");
        }
        if (bArr2 == null) {
            throw logger.nullArgumentError("signatureValue");
        }
        if (publicKey == null) {
            throw logger.nullArgumentError("validatingKey");
        }
        Signature signature = getSignature(publicKey.getAlgorithm());
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static boolean validate(byte[] bArr, byte[] bArr2, String str, X509Certificate x509Certificate) throws GeneralSecurityException {
        if (bArr == null) {
            throw logger.nullArgumentError("signedContent");
        }
        if (bArr2 == null) {
            throw logger.nullArgumentError("signatureValue");
        }
        if (str == null) {
            throw logger.nullArgumentError("signatureAlgorithm");
        }
        if (x509Certificate == null) {
            throw logger.nullArgumentError("validatingCert");
        }
        Signature signature = getSignature(str);
        signature.initVerify(x509Certificate);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static KeyValueType createKeyValue(PublicKey publicKey) {
        if (publicKey instanceof RSAPublicKey) {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            byte[] byteArray = rSAPublicKey.getModulus().toByteArray();
            byte[] byteArray2 = rSAPublicKey.getPublicExponent().toByteArray();
            RSAKeyValueType rSAKeyValueType = new RSAKeyValueType();
            rSAKeyValueType.setModulus(Base64.encodeBytes(byteArray).getBytes(GeneralConstants.SAML_CHARSET));
            rSAKeyValueType.setExponent(Base64.encodeBytes(byteArray2).getBytes(GeneralConstants.SAML_CHARSET));
            return rSAKeyValueType;
        }
        if (!(publicKey instanceof DSAPublicKey)) {
            throw logger.unsupportedType(publicKey.toString());
        }
        DSAPublicKey dSAPublicKey = (DSAPublicKey) publicKey;
        byte[] byteArray3 = dSAPublicKey.getParams().getP().toByteArray();
        byte[] byteArray4 = dSAPublicKey.getParams().getQ().toByteArray();
        byte[] byteArray5 = dSAPublicKey.getParams().getG().toByteArray();
        byte[] byteArray6 = dSAPublicKey.getY().toByteArray();
        DSAKeyValueType dSAKeyValueType = new DSAKeyValueType();
        dSAKeyValueType.setP(Base64.encodeBytes(byteArray3).getBytes(GeneralConstants.SAML_CHARSET));
        dSAKeyValueType.setQ(Base64.encodeBytes(byteArray4).getBytes(GeneralConstants.SAML_CHARSET));
        dSAKeyValueType.setG(Base64.encodeBytes(byteArray5).getBytes(GeneralConstants.SAML_CHARSET));
        dSAKeyValueType.setY(Base64.encodeBytes(byteArray6).getBytes(GeneralConstants.SAML_CHARSET));
        return dSAKeyValueType;
    }

    private static Signature getSignature(String str) throws GeneralSecurityException {
        Signature signature;
        if ("DSA".equalsIgnoreCase(str)) {
            signature = Signature.getInstance(PicketLinkFederationConstants.DSA_SIGNATURE_ALGORITHM);
        } else {
            if (!"RSA".equalsIgnoreCase(str)) {
                throw logger.signatureUnknownAlgo(str);
            }
            signature = Signature.getInstance(PicketLinkFederationConstants.RSA_SIGNATURE_ALGORITHM);
        }
        return signature;
    }
}
