package be.atbash.ee.security.octopus.nimbus.jose.crypto;

import be.atbash.ee.security.octopus.config.JCASupportConfiguration;
import be.atbash.ee.security.octopus.keys.AtbashKey;
import be.atbash.ee.security.octopus.keys.selector.AsymmetricPart;
import be.atbash.ee.security.octopus.nimbus.jose.JOSEException;
import be.atbash.ee.security.octopus.nimbus.jose.KeyTypeException;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AlgorithmSupportMessage;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.ECDSA;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.ECDSAProvider;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.utils.ECUtils;
import be.atbash.ee.security.octopus.nimbus.jwk.KeyType;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSAlgorithm;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSHeader;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSSigner;
import be.atbash.ee.security.octopus.nimbus.util.Base64URLValue;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPrivateKey;

/* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jose/crypto/ECDSASigner.class */
public class ECDSASigner extends ECDSAProvider implements JWSSigner {
    private final PrivateKey privateKey;

    public ECDSASigner(ECPrivateKey eCPrivateKey) {
        super(ECUtils.resolveAlgorithm(eCPrivateKey));
        this.privateKey = eCPrivateKey;
    }

    public ECDSASigner(AtbashKey atbashKey) {
        this(getPrivateKey(atbashKey));
    }

    private static ECPrivateKey getPrivateKey(AtbashKey atbashKey) {
        if (atbashKey.getSecretKeyType().getKeyType() != KeyType.EC) {
            throw new KeyTypeException(ECPrivateKey.class);
        }
        if (atbashKey.getSecretKeyType().getAsymmetricPart() != AsymmetricPart.PRIVATE) {
            throw new KeyTypeException(ECPrivateKey.class);
        }
        return (ECPrivateKey) atbashKey.getKey();
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSSigner
    public Base64URLValue sign(JWSHeader jWSHeader, byte[] bArr) {
        JWSAlgorithm algorithm = jWSHeader.getAlgorithm();
        if (!supportedJWSAlgorithms().contains(algorithm)) {
            throw new JOSEException(AlgorithmSupportMessage.unsupportedJWSAlgorithm(algorithm, supportedJWSAlgorithms()));
        }
        try {
            Signature signerAndVerifier = ECDSA.getSignerAndVerifier(algorithm);
            signerAndVerifier.initSign(this.privateKey, JCASupportConfiguration.getInstance().getSecureRandom());
            signerAndVerifier.update(bArr);
            return Base64URLValue.encode(ECDSA.transcodeSignatureToConcat(signerAndVerifier.sign(), ECDSA.getSignatureByteArrayLength(jWSHeader.getAlgorithm())));
        } catch (InvalidKeyException | SignatureException e) {
            throw new JOSEException(e.getMessage(), e);
        }
    }
}
