package com.netflexity.software.qflex.mule.policies.jwt;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/netflexity/software/qflex/mule/policies/jwt/RsaSignatureProvider.class */
public class RsaSignatureProvider extends SignatureProvider {
    private static final Map<SignatureAlgorithm, PSSParameterSpec> PSS_PARAMETER_SPECS = createPssParameterSpecs();

    private static Map<SignatureAlgorithm, PSSParameterSpec> createPssParameterSpecs() {
        HashMap hashMap = new HashMap();
        MGF1ParameterSpec mGF1ParameterSpec = MGF1ParameterSpec.SHA256;
        hashMap.put(SignatureAlgorithm.PS256, new PSSParameterSpec(mGF1ParameterSpec.getDigestAlgorithm(), "MGF1", mGF1ParameterSpec, 32, 1));
        MGF1ParameterSpec mGF1ParameterSpec2 = MGF1ParameterSpec.SHA384;
        hashMap.put(SignatureAlgorithm.PS384, new PSSParameterSpec(mGF1ParameterSpec2.getDigestAlgorithm(), "MGF1", mGF1ParameterSpec2, 48, 1));
        MGF1ParameterSpec mGF1ParameterSpec3 = MGF1ParameterSpec.SHA512;
        hashMap.put(SignatureAlgorithm.PS512, new PSSParameterSpec(mGF1ParameterSpec3.getDigestAlgorithm(), "MGF1", mGF1ParameterSpec3, 64, 1));
        return hashMap;
    }

    public RsaSignatureProvider(SignatureAlgorithm signatureAlgorithm, Key key) {
        super(signatureAlgorithm, key);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netflexity.software.qflex.mule.policies.jwt.SignatureProvider
    public Signature createSignatureInstance() {
        Signature createSignatureInstance = super.createSignatureInstance();
        PSSParameterSpec pSSParameterSpec = PSS_PARAMETER_SPECS.get(this.algorithm);
        if (pSSParameterSpec != null) {
            try {
                createSignatureInstance.setParameter(pSSParameterSpec);
            } catch (InvalidAlgorithmParameterException e) {
                throw new JwtException("Unsupported RSASSA-PSS parameter '" + pSSParameterSpec + "': " + e.getMessage(), e);
            }
        }
        return createSignatureInstance;
    }

    @Override // com.netflexity.software.qflex.mule.policies.jwt.SignatureProvider
    public byte[] sign(byte[] bArr) {
        try {
            PrivateKey privateKey = (PrivateKey) this.key;
            Signature createSignatureInstance = createSignatureInstance();
            createSignatureInstance.initSign(privateKey);
            createSignatureInstance.update(bArr);
            return createSignatureInstance.sign();
        } catch (InvalidKeyException e) {
            throw new JwtException("Invalid RSA PrivateKey. " + e.getMessage(), e);
        } catch (SignatureException e2) {
            throw new JwtException("Unable to calculate signature using RSA PrivateKey. " + e2.getMessage(), e2);
        }
    }

    @Override // com.netflexity.software.qflex.mule.policies.jwt.SignatureProvider
    public boolean isValid(byte[] bArr, byte[] bArr2) {
        if (!(this.key instanceof PublicKey)) {
            return MessageDigest.isEqual(sign(bArr), bArr2);
        }
        Signature createSignatureInstance = createSignatureInstance();
        try {
            createSignatureInstance.initVerify((PublicKey) this.key);
            createSignatureInstance.update(bArr);
            return createSignatureInstance.verify(bArr2);
        } catch (Exception e) {
            throw new JwtException("Unable to verify RSA signature using configured PublicKey. " + e.getMessage(), e);
        }
    }
}
