package org.opensaml.security.crypto;

import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.util.Arrays;
import javax.annotation.Nonnull;
import javax.crypto.Mac;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.apache.commons.codec.binary.Hex;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-310-01.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-security-api-3.1.1.jar:org/opensaml/security/crypto/SigningUtil.class */
public final class SigningUtil {
    private SigningUtil() {
    }

    @Nonnull
    public static byte[] sign(@Nonnull Credential credential, @Nonnull String str, boolean z, @Nonnull byte[] bArr) throws SecurityException {
        Logger logger = getLogger();
        Key extractSigningKey = CredentialSupport.extractSigningKey(credential);
        if (extractSigningKey == null) {
            logger.error("No signing key supplied in signing credential for signature computation");
            throw new SecurityException("No signing key supplied in signing credential");
        }
        if (z) {
            return signMAC(extractSigningKey, str, bArr);
        }
        if (extractSigningKey instanceof PrivateKey) {
            return sign((PrivateKey) extractSigningKey, str, bArr);
        }
        logger.error("No PrivateKey present in signing credential for signature computation");
        throw new SecurityException("No PrivateKey supplied for signing");
    }

    @Nonnull
    public static byte[] sign(@Nonnull PrivateKey privateKey, @Nonnull String str, @Nonnull byte[] bArr) throws SecurityException {
        Constraint.isNotNull(privateKey, "Private key cannot be null");
        Constraint.isNotNull(str, "JCA algorithm ID cannot be null");
        Constraint.isNotNull(bArr, "Input data to sign cannot be null");
        Logger logger = getLogger();
        logger.debug("Computing signature over input using private key of type {} and JCA algorithm ID {}", privateKey.getAlgorithm(), str);
        try {
            Signature signature = Signature.getInstance(str);
            signature.initSign(privateKey);
            signature.update(bArr);
            byte[] sign = signature.sign();
            logger.debug("Computed signature: {}", Hex.encodeHex(sign));
            return sign;
        } catch (GeneralSecurityException e) {
            logger.error("Error during signature generation", e);
            throw new SecurityException("Error during signature generation", e);
        }
    }

    @Nonnull
    public static byte[] signMAC(@Nonnull Key key, @Nonnull String str, @Nonnull byte[] bArr) throws SecurityException {
        Constraint.isNotNull(key, "Secret key cannot be null");
        Constraint.isNotNull(str, "JCA algorithm ID cannot be null");
        Constraint.isNotNull(bArr, "Input data to sign cannot be null");
        Logger logger = getLogger();
        logger.debug("Computing MAC over input using key of type {} and JCA algorithm ID {}", key.getAlgorithm(), str);
        try {
            Mac mac = Mac.getInstance(str);
            mac.init(key);
            mac.update(bArr);
            byte[] doFinal = mac.doFinal();
            logger.debug("Computed MAC: {}", Hex.encodeHexString(doFinal));
            return doFinal;
        } catch (GeneralSecurityException e) {
            logger.error("Error during MAC generation", e);
            throw new SecurityException("Error during MAC generation", e);
        }
    }

    public static boolean verify(@Nonnull Credential credential, @Nonnull String str, boolean z, @Nonnull byte[] bArr, @Nonnull byte[] bArr2) throws SecurityException {
        Logger logger = getLogger();
        Key extractVerificationKey = CredentialSupport.extractVerificationKey(credential);
        if (extractVerificationKey == null) {
            logger.error("No verification key supplied in verification credential for signature verification");
            throw new SecurityException("No verification key supplied in verification credential");
        }
        if (z) {
            return verifyMAC(extractVerificationKey, str, bArr, bArr2);
        }
        if (extractVerificationKey instanceof PublicKey) {
            return verify((PublicKey) extractVerificationKey, str, bArr, bArr2);
        }
        logger.error("No PublicKey present in verification credential for signature verification");
        throw new SecurityException("No PublicKey supplied for signature verification");
    }

    public static boolean verify(@Nonnull PublicKey publicKey, @Nonnull String str, @Nonnull byte[] bArr, @Nonnull byte[] bArr2) throws SecurityException {
        Constraint.isNotNull(publicKey, "Public key cannot be null");
        Constraint.isNotNull(str, "JCA algorithm ID cannot be null");
        Constraint.isNotNull(bArr, "Signature data to verify cannot be null");
        Constraint.isNotNull(bArr2, "Input data to verify cannot be null");
        Logger logger = getLogger();
        logger.debug("Verifying signature over input using public key of type {} and JCA algorithm ID {}", publicKey.getAlgorithm(), str);
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(publicKey);
            signature.update(bArr2);
            return signature.verify(bArr);
        } catch (GeneralSecurityException e) {
            logger.error("Error during signature verification", e);
            throw new SecurityException("Error during signature verification", e);
        }
    }

    public static boolean verifyMAC(@Nonnull Key key, @Nonnull String str, @Nonnull byte[] bArr, @Nonnull byte[] bArr2) throws SecurityException {
        Constraint.isNotNull(key, "Secret key cannot be null");
        Constraint.isNotNull(str, "JCA algorithm ID cannot be null");
        Constraint.isNotNull(bArr, "Signature data to verify cannot be null");
        Constraint.isNotNull(bArr2, "Input data to verify cannot be null");
        getLogger().debug("Verifying MAC over input using key of type {} and JCA algorithm ID {}", key.getAlgorithm(), str);
        return Arrays.equals(signMAC(key, str, bArr2), bArr);
    }

    @Nonnull
    private static Logger getLogger() {
        return LoggerFactory.getLogger(SigningUtil.class);
    }
}
