package org.keycloak.jose.jws.crypto;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.keycloak.common.util.Base64Url;
import org.keycloak.jose.jws.Algorithm;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.representations.docker.DockerAccess;

/* loaded from: input_file:org/keycloak/jose/jws/crypto/HMACProvider.class */
public class HMACProvider implements SignatureProvider {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.keycloak.jose.jws.crypto.HMACProvider$1, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/jose/jws/crypto/HMACProvider$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$jose$jws$Algorithm = new int[Algorithm.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$jose$jws$Algorithm[Algorithm.HS256.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$jose$jws$Algorithm[Algorithm.HS384.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$keycloak$jose$jws$Algorithm[Algorithm.HS512.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    private static String getJavaAlgorithm(Algorithm algorithm) {
        switch (AnonymousClass1.$SwitchMap$org$keycloak$jose$jws$Algorithm[algorithm.ordinal()]) {
            case DockerAccess.REPOSITORY_NAME /* 1 */:
                return "HMACSHA256";
            case DockerAccess.PERMISSIONS /* 2 */:
                return "HMACSHA384";
            case 3:
                return "HMACSHA512";
            default:
                throw new IllegalArgumentException("Not a MAC Algorithm");
        }
    }

    private static Mac getMAC(Algorithm algorithm) {
        try {
            return Mac.getInstance(getJavaAlgorithm(algorithm));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Unsupported HMAC algorithm: " + e.getMessage(), e);
        }
    }

    public static byte[] sign(byte[] bArr, Algorithm algorithm, byte[] bArr2) {
        try {
            Mac mac = getMAC(algorithm);
            mac.init(new SecretKeySpec(bArr2, mac.getAlgorithm()));
            mac.update(bArr);
            return mac.doFinal();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] sign(byte[] bArr, Algorithm algorithm, SecretKey secretKey) {
        try {
            Mac mac = getMAC(algorithm);
            mac.init(secretKey);
            mac.update(bArr);
            return mac.doFinal();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static boolean verify(JWSInput jWSInput, SecretKey secretKey) {
        try {
            return MessageDigest.isEqual(sign(jWSInput.getEncodedSignatureInput().getBytes(DockerAccess.DECODE_ENCODING), jWSInput.getHeader().getAlgorithm(), secretKey), Base64Url.decode(jWSInput.getEncodedSignature()));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static boolean verify(JWSInput jWSInput, byte[] bArr) {
        try {
            return MessageDigest.isEqual(sign(jWSInput.getEncodedSignatureInput().getBytes(DockerAccess.DECODE_ENCODING), jWSInput.getHeader().getAlgorithm(), bArr), Base64Url.decode(jWSInput.getEncodedSignature()));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.keycloak.jose.jws.crypto.SignatureProvider
    public boolean verify(JWSInput jWSInput, String str) {
        return false;
    }
}
