package net.shibboleth.oidc.security.impl;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.impl.AlgorithmSupportMessage;
import com.nimbusds.jose.crypto.impl.HMAC;
import com.nimbusds.jose.crypto.impl.MACProvider;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.nio.charset.StandardCharsets;
import java.security.Provider;
import java.text.ParseException;
import javax.annotation.Nonnull;
import net.shibboleth.utilities.java.support.codec.EncodingException;
import net.shibboleth.utilities.java.support.logic.Constraint;

/* loaded from: input_file:net/shibboleth/oidc/security/impl/JWSAssemblyUtils.class */
public final class JWSAssemblyUtils {
    private JWSAssemblyUtils() {
    }

    @Nonnull
    public static String assembleMacJwsAsString(@Nonnull JWSAlgorithm jWSAlgorithm, @Nonnull JWTClaimsSet jWTClaimsSet, @Nonnull byte[] bArr) throws EncodingException, JOSEException, ParseException {
        return assembleMacJws(jWSAlgorithm, jWTClaimsSet, bArr).serialize();
    }

    @Nonnull
    public static SignedJWT assembleMacJws(@Nonnull JWSAlgorithm jWSAlgorithm, @Nonnull JWTClaimsSet jWTClaimsSet, @Nonnull byte[] bArr) throws EncodingException, JOSEException, ParseException {
        Constraint.isNotNull(jWSAlgorithm, "Algorithm can not be null");
        Constraint.isNotNull(jWTClaimsSet, "JWT claims can not be null");
        Constraint.isNotNull(bArr, "Secret can not be null");
        JWSHeader build = new JWSHeader.Builder(jWSAlgorithm).type(JOSEObjectType.JWT).build();
        Payload payload = new Payload(jWTClaimsSet.toJSONObject());
        return new SignedJWT(build.toBase64URL(), payload.toBase64URL(), Base64URL.encode(HMAC.compute(getJCAAlgorithmName(jWSAlgorithm), bArr, composeSigningInput(build, payload).getBytes(StandardCharsets.UTF_8), (Provider) null)));
    }

    @Nonnull
    public static byte[] getSecretBytes(@Nonnull String str) {
        return str.getBytes(StandardCharsets.UTF_8);
    }

    @Nonnull
    private static String composeSigningInput(@Nonnull JWSHeader jWSHeader, @Nonnull Payload payload) throws EncodingException {
        Constraint.isNotNull(jWSHeader, "JWS Header can not be null");
        Constraint.isNotNull(payload, "JWT payload can not be null");
        return jWSHeader.toBase64URL().toString() + "." + payload.toBase64URL().toString();
    }

    @Nonnull
    private static String getJCAAlgorithmName(@Nonnull JWSAlgorithm jWSAlgorithm) throws JOSEException {
        Constraint.isNotNull(jWSAlgorithm, "Algorithm can not be null");
        if (jWSAlgorithm.equals(JWSAlgorithm.HS256)) {
            return "HMACSHA256";
        }
        if (jWSAlgorithm.equals(JWSAlgorithm.HS384)) {
            return "HMACSHA384";
        }
        if (jWSAlgorithm.equals(JWSAlgorithm.HS512)) {
            return "HMACSHA512";
        }
        throw new JOSEException(AlgorithmSupportMessage.unsupportedJWSAlgorithm(jWSAlgorithm, MACProvider.SUPPORTED_ALGORITHMS));
    }
}
