package org.opensaml.xml.security;

import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.util.Arrays;
import javax.crypto.Mac;
import org.bouncycastle.util.encoders.Hex;
import org.opensaml.xml.security.credential.Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:wlp/lib/com.ibm.ws.org.opensaml.xmltooling.1.3.4_1.0.13.jar:org/opensaml/xml/security/SigningUtil.class */
public final class SigningUtil {
    private SigningUtil() {
    }

    public static byte[] signWithURI(Credential credential, String str, byte[] bArr) throws SecurityException {
        String algorithmIDFromURI = SecurityHelper.getAlgorithmIDFromURI(str);
        if (algorithmIDFromURI == null) {
            throw new SecurityException("Could not derive JCA algorithm identifier from algorithm URI");
        }
        return sign(credential, algorithmIDFromURI, SecurityHelper.isHMAC(str), bArr);
    }

    public static byte[] sign(Credential credential, String str, boolean z, byte[] bArr) throws SecurityException {
        Logger logger = getLogger();
        Key extractSigningKey = SecurityHelper.extractSigningKey(credential);
        if (extractSigningKey == null) {
            logger.error("No signing key supplied in signing credential for signature computation");
            throw new SecurityException("No signing key supplied in signing credential");
        }
        if (z) {
            return signMAC(extractSigningKey, str, bArr);
        }
        if (extractSigningKey instanceof PrivateKey) {
            return sign((PrivateKey) extractSigningKey, str, bArr);
        }
        logger.error("No PrivateKey present in signing credential for signature computation");
        throw new SecurityException("No PrivateKey supplied for signing");
    }

    public static byte[] sign(PrivateKey privateKey, String str, byte[] bArr) throws SecurityException {
        Logger logger = getLogger();
        logger.debug("Computing signature over input using private key of type {} and JCA algorithm ID {}", privateKey.getAlgorithm(), str);
        try {
            Signature signature = Signature.getInstance(str);
            signature.initSign(privateKey);
            signature.update(bArr);
            byte[] sign = signature.sign();
            logger.debug("Computed signature: {}", new String(Hex.encode(sign)));
            return sign;
        } catch (GeneralSecurityException e) {
            logger.error("Error during signature generation", e);
            throw new SecurityException("Error during signature generation", e);
        }
    }

    public static byte[] signMAC(Key key, String str, byte[] bArr) throws SecurityException {
        Logger logger = getLogger();
        logger.debug("Computing MAC over input using key of type {} and JCA algorithm ID {}", key.getAlgorithm(), str);
        try {
            Mac mac = Mac.getInstance(str);
            mac.init(key);
            mac.update(bArr);
            byte[] doFinal = mac.doFinal();
            logger.debug("Computed MAC: {}", new String(Hex.encode(doFinal)));
            return doFinal;
        } catch (GeneralSecurityException e) {
            logger.error("Error during MAC generation", e);
            throw new SecurityException("Error during MAC generation", e);
        }
    }

    public static boolean verifyWithURI(Credential credential, String str, byte[] bArr, byte[] bArr2) throws SecurityException {
        String algorithmIDFromURI = SecurityHelper.getAlgorithmIDFromURI(str);
        if (algorithmIDFromURI == null) {
            throw new SecurityException("Could not derive JCA algorithm identifier from algorithm URI");
        }
        return verify(credential, algorithmIDFromURI, SecurityHelper.isHMAC(str), bArr, bArr2);
    }

    public static boolean verify(Credential credential, String str, boolean z, byte[] bArr, byte[] bArr2) throws SecurityException {
        Logger logger = getLogger();
        Key extractVerificationKey = SecurityHelper.extractVerificationKey(credential);
        if (extractVerificationKey == null) {
            logger.error("No verification key supplied in verification credential for signature verification");
            throw new SecurityException("No verification key supplied in verification credential");
        }
        if (z) {
            return verifyMAC(extractVerificationKey, str, bArr, bArr2);
        }
        if (extractVerificationKey instanceof PublicKey) {
            return verify((PublicKey) extractVerificationKey, str, bArr, bArr2);
        }
        logger.error("No PublicKey present in verification credential for signature verification");
        throw new SecurityException("No PublicKey supplied for signature verification");
    }

    public static boolean verify(PublicKey publicKey, String str, byte[] bArr, byte[] bArr2) throws SecurityException {
        Logger logger = getLogger();
        logger.debug("Verifying signature over input using public key of type {} and JCA algorithm ID {}", publicKey.getAlgorithm(), str);
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(publicKey);
            signature.update(bArr2);
            return signature.verify(bArr);
        } catch (GeneralSecurityException e) {
            logger.error("Error during signature verification", e);
            throw new SecurityException("Error during signature verification", e);
        }
    }

    public static boolean verifyMAC(Key key, String str, byte[] bArr, byte[] bArr2) throws SecurityException {
        getLogger().debug("Verifying MAC over input using key of type {} and JCA algorithm ID {}", key.getAlgorithm(), str);
        return Arrays.equals(signMAC(key, str, bArr2), bArr);
    }

    private static Logger getLogger() {
        return LoggerFactory.getLogger(SigningUtil.class);
    }
}
