package org.apache.cxf.rs.security.jose.jws;

import java.security.MessageDigest;
import java.security.spec.AlgorithmParameterSpec;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jws.JwsException;
import org.apache.cxf.rt.security.crypto.HmacUtils;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-416-04.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-rs-security-jose-3.1.5.redhat-630416-04.jar:org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.class */
public class HmacJwsSignatureVerifier implements JwsSignatureVerifier {
    protected static final Logger LOG = LogUtils.getL7dLogger(HmacJwsSignatureVerifier.class);
    private byte[] key;
    private AlgorithmParameterSpec hmacSpec;
    private SignatureAlgorithm supportedAlgo;

    public HmacJwsSignatureVerifier(String str) {
        this(JoseUtils.decode(str), SignatureAlgorithm.HS256);
    }

    public HmacJwsSignatureVerifier(String str, SignatureAlgorithm signatureAlgorithm) {
        this(JoseUtils.decode(str), signatureAlgorithm);
    }

    public HmacJwsSignatureVerifier(byte[] bArr, SignatureAlgorithm signatureAlgorithm) {
        this(bArr, null, signatureAlgorithm);
    }

    public HmacJwsSignatureVerifier(byte[] bArr, AlgorithmParameterSpec algorithmParameterSpec, SignatureAlgorithm signatureAlgorithm) {
        this.key = bArr;
        this.hmacSpec = algorithmParameterSpec;
        this.supportedAlgo = signatureAlgorithm;
    }

    @Override // org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier
    public boolean verify(JwsHeaders jwsHeaders, String str, byte[] bArr) {
        return MessageDigest.isEqual(computeMac(jwsHeaders, str), bArr);
    }

    private byte[] computeMac(JwsHeaders jwsHeaders, String str) {
        return HmacUtils.computeHmac(this.key, AlgorithmUtils.toJavaName(checkAlgorithm(jwsHeaders.getSignatureAlgorithm())), this.hmacSpec, str);
    }

    protected String checkAlgorithm(SignatureAlgorithm signatureAlgorithm) {
        if (signatureAlgorithm == null) {
            LOG.warning("Signature algorithm is not set");
            throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
        }
        String jwaName = signatureAlgorithm.getJwaName();
        if (AlgorithmUtils.isHmacSign(jwaName) && jwaName.equals(this.supportedAlgo.getJwaName())) {
            return jwaName;
        }
        LOG.warning("Invalid signature algorithm: " + jwaName);
        throw new JwsException(JwsException.Error.INVALID_ALGORITHM);
    }

    @Override // org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier
    public SignatureAlgorithm getAlgorithm() {
        return this.supportedAlgo;
    }
}
