package org.picketlink.identity.federation.core.saml.v2.util;

import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import org.picketlink.identity.federation.PicketLinkLogger;
import org.picketlink.identity.federation.PicketLinkLoggerFactory;
import org.picketlink.identity.federation.core.constants.PicketLinkFederationConstants;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;

/* loaded from: input_file:WEB-INF/lib/picketlink-core-2.1.6.Final.jar:org/picketlink/identity/federation/core/saml/v2/util/SignatureUtil.class */
public class SignatureUtil {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();

    public static String getXMLSignatureAlgorithmURI(String str) {
        String str2 = null;
        if ("DSA".equalsIgnoreCase(str)) {
            str2 = JBossSAMLConstants.SIGNATURE_SHA1_WITH_DSA.get();
        } else if ("RSA".equalsIgnoreCase(str)) {
            str2 = JBossSAMLConstants.SIGNATURE_SHA1_WITH_RSA.get();
        }
        return str2;
    }

    public static byte[] sign(String str, PrivateKey privateKey) throws GeneralSecurityException {
        if (str == null) {
            throw logger.nullArgumentError("stringToBeSigned");
        }
        if (privateKey == null) {
            throw logger.nullArgumentError("signingKey");
        }
        Signature signature = getSignature(privateKey.getAlgorithm());
        signature.initSign(privateKey);
        signature.update(str.getBytes());
        return signature.sign();
    }

    public static boolean validate(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws GeneralSecurityException {
        if (bArr == null) {
            throw logger.nullArgumentError("signedContent");
        }
        if (bArr2 == null) {
            throw logger.nullArgumentError("signatureValue");
        }
        if (publicKey == null) {
            throw logger.nullArgumentError("validatingKey");
        }
        Signature signature = getSignature(publicKey.getAlgorithm());
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static boolean validate(byte[] bArr, byte[] bArr2, String str, X509Certificate x509Certificate) throws GeneralSecurityException {
        if (bArr == null) {
            throw logger.nullArgumentError("signedContent");
        }
        if (bArr2 == null) {
            throw logger.nullArgumentError("signatureValue");
        }
        if (str == null) {
            throw logger.nullArgumentError("signatureAlgorithm");
        }
        if (x509Certificate == null) {
            throw logger.nullArgumentError("validatingCert");
        }
        Signature signature = getSignature(str);
        signature.initVerify(x509Certificate);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    private static Signature getSignature(String str) throws GeneralSecurityException {
        Signature signature;
        if ("DSA".equalsIgnoreCase(str)) {
            signature = Signature.getInstance(PicketLinkFederationConstants.DSA_SIGNATURE_ALGORITHM);
        } else {
            if (!"RSA".equalsIgnoreCase(str)) {
                throw logger.signatureUnknownAlgo(str);
            }
            signature = Signature.getInstance(PicketLinkFederationConstants.RSA_SIGNATURE_ALGORITHM);
        }
        return signature;
    }
}
