package be.atbash.ee.security.octopus.nimbus.jose.crypto;

import be.atbash.ee.security.octopus.keys.AtbashKey;
import be.atbash.ee.security.octopus.keys.selector.AsymmetricPart;
import be.atbash.ee.security.octopus.nimbus.jose.JOSEException;
import be.atbash.ee.security.octopus.nimbus.jose.KeyTypeException;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.RSAKeyUtils;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.RSASSA;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.RSASSAProvider;
import be.atbash.ee.security.octopus.nimbus.jwk.JWKIdentifiers;
import be.atbash.ee.security.octopus.nimbus.jwk.KeyType;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSHeader;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSSigner;
import be.atbash.ee.security.octopus.nimbus.util.Base64URLValue;
import java.security.InvalidKeyException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;

/* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jose/crypto/RSASSASigner.class */
public class RSASSASigner extends RSASSAProvider implements JWSSigner {
    public static final int MIN_KEY_SIZE_BITS = 2048;
    private final RSAPrivateKey privateKey;

    public RSASSASigner(RSAPrivateKey rSAPrivateKey) {
        this(rSAPrivateKey, false);
    }

    public RSASSASigner(AtbashKey atbashKey) {
        this(getPrivateKey(atbashKey));
    }

    private static RSAPrivateKey getPrivateKey(AtbashKey atbashKey) {
        if (atbashKey.getSecretKeyType().getKeyType() != KeyType.RSA) {
            throw new KeyTypeException(ECPrivateKey.class);
        }
        if (atbashKey.getSecretKeyType().getAsymmetricPart() != AsymmetricPart.PRIVATE) {
            throw new KeyTypeException(ECPrivateKey.class);
        }
        return (RSAPrivateKey) atbashKey.getKey();
    }

    public RSASSASigner(RSAPrivateKey rSAPrivateKey, boolean z) {
        int keyBitLength;
        if (!JWKIdentifiers.RSA_KEY_TYPE.equalsIgnoreCase(rSAPrivateKey.getAlgorithm())) {
            throw new IllegalArgumentException("The private key algorithm must be RSA");
        }
        if (!z && (keyBitLength = RSAKeyUtils.keyBitLength(rSAPrivateKey)) > 0 && keyBitLength < 2048) {
            throw new IllegalArgumentException("The RSA key size must be at least 2048 bits");
        }
        this.privateKey = rSAPrivateKey;
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSSigner
    public Base64URLValue sign(JWSHeader jWSHeader, byte[] bArr) {
        Signature signerAndVerifier = RSASSA.getSignerAndVerifier(jWSHeader.getAlgorithm());
        try {
            signerAndVerifier.initSign(this.privateKey);
            signerAndVerifier.update(bArr);
            return Base64URLValue.encode(signerAndVerifier.sign());
        } catch (InvalidKeyException e) {
            throw new JOSEException("Invalid private RSA key: " + e.getMessage(), e);
        } catch (SignatureException e2) {
            throw new JOSEException("RSA signature exception: " + e2.getMessage(), e2);
        }
    }
}
