package org.apache.cxf.rs.security.jose.jws;

import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashMap;
import java.util.Map;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jws.JwsException;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-309.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-rs-security-jose-3.1.5.redhat-630309.jar:org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.class */
public class EcDsaJwsSignatureVerifier extends PublicKeyJwsSignatureVerifier {
    static final Map<String, Integer> SIGNATURE_LENGTH_MAP = new HashMap();

    public EcDsaJwsSignatureVerifier(PublicKey publicKey, SignatureAlgorithm signatureAlgorithm) {
        this(publicKey, (AlgorithmParameterSpec) null, signatureAlgorithm);
    }

    public EcDsaJwsSignatureVerifier(PublicKey publicKey, AlgorithmParameterSpec algorithmParameterSpec, SignatureAlgorithm signatureAlgorithm) {
        super(publicKey, algorithmParameterSpec, signatureAlgorithm);
    }

    public EcDsaJwsSignatureVerifier(X509Certificate x509Certificate, SignatureAlgorithm signatureAlgorithm) {
        this(x509Certificate, (AlgorithmParameterSpec) null, signatureAlgorithm);
    }

    public EcDsaJwsSignatureVerifier(X509Certificate x509Certificate, AlgorithmParameterSpec algorithmParameterSpec, SignatureAlgorithm signatureAlgorithm) {
        super(x509Certificate, algorithmParameterSpec, signatureAlgorithm);
    }

    @Override // org.apache.cxf.rs.security.jose.jws.PublicKeyJwsSignatureVerifier, org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier
    public boolean verify(JwsHeaders jwsHeaders, String str, byte[] bArr) {
        String jwaName = super.getAlgorithm().getJwaName();
        if (SIGNATURE_LENGTH_MAP.get(jwaName).intValue() == bArr.length) {
            return super.verify(jwsHeaders, str, signatureToDer(bArr));
        }
        LOG.warning("Algorithm " + jwaName + " signature length is " + SIGNATURE_LENGTH_MAP.get(jwaName) + ", actual length is " + bArr.length);
        throw new JwsException(JwsException.Error.INVALID_SIGNATURE);
    }

    @Override // org.apache.cxf.rs.security.jose.jws.PublicKeyJwsSignatureVerifier
    protected boolean isValidAlgorithmFamily(String str) {
        return AlgorithmUtils.isEcDsaSign(str);
    }

    private static byte[] signatureToDer(byte[] bArr) {
        int length = bArr.length / 2;
        int i = bArr[0] < 0 ? 1 : 0;
        int i2 = bArr[length] < 0 ? 1 : 0;
        int i3 = length + i;
        int i4 = length + i2;
        int i5 = bArr.length > 127 ? 2 : 1;
        int i6 = 1 + i5 + 2;
        byte[] bArr2 = new byte[i6 + 2 + i3 + i4];
        bArr2[0] = 48;
        if (i5 == 2) {
            bArr2[1] = -127;
        }
        bArr2[i5] = (byte) (bArr2.length - (1 + i5));
        bArr2[i5 + 1] = 2;
        bArr2[i5 + 2] = (byte) i3;
        int i7 = i6 + i3;
        bArr2[i7] = 2;
        bArr2[i7 + 1] = (byte) i4;
        System.arraycopy(bArr, 0, bArr2, i6 + i, length);
        System.arraycopy(bArr, length, bArr2, i7 + 2 + i2, length);
        return bArr2;
    }

    static {
        SIGNATURE_LENGTH_MAP.put(SignatureAlgorithm.ES256.getJwaName(), 64);
        SIGNATURE_LENGTH_MAP.put(SignatureAlgorithm.ES384.getJwaName(), 96);
        SIGNATURE_LENGTH_MAP.put(SignatureAlgorithm.ES512.getJwaName(), 132);
    }
}
