package be.atbash.ee.security.octopus.nimbus.jose.crypto;

import be.atbash.ee.security.octopus.keys.AtbashKey;
import be.atbash.ee.security.octopus.keys.selector.AsymmetricPart;
import be.atbash.ee.security.octopus.nimbus.jose.JOSEException;
import be.atbash.ee.security.octopus.nimbus.jose.KeyTypeException;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.EdDSAProvider;
import be.atbash.ee.security.octopus.nimbus.jwk.Curve;
import be.atbash.ee.security.octopus.nimbus.jwk.KeyType;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSAlgorithm;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSHeader;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSSigner;
import be.atbash.ee.security.octopus.nimbus.util.Base64URLValue;
import be.atbash.util.exception.AtbashUnexpectedException;
import java.io.IOException;
import java.security.interfaces.ECPrivateKey;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
import org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPrivateKey;

/* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jose/crypto/Ed25519Signer.class */
public class Ed25519Signer extends EdDSAProvider implements JWSSigner {
    private final org.bouncycastle.crypto.signers.Ed25519Signer signer;

    public Ed25519Signer(BCEdDSAPrivateKey bCEdDSAPrivateKey) {
        if (!Curve.Ed25519.getName().equals(bCEdDSAPrivateKey.getAlgorithm())) {
            throw new JOSEException("Ed25519Signer only supports OctetKeyPairs with crv=Ed25519");
        }
        this.signer = new org.bouncycastle.crypto.signers.Ed25519Signer();
        this.signer.init(true, new Ed25519PrivateKeyParameters(getD(bCEdDSAPrivateKey), 0));
    }

    public Ed25519Signer(AtbashKey atbashKey) {
        this(getPrivateKey(atbashKey));
    }

    private static BCEdDSAPrivateKey getPrivateKey(AtbashKey atbashKey) {
        if (atbashKey.getSecretKeyType().getKeyType() != KeyType.OKP) {
            throw new KeyTypeException(ECPrivateKey.class);
        }
        if (atbashKey.getSecretKeyType().getAsymmetricPart() != AsymmetricPart.PRIVATE) {
            throw new KeyTypeException(ECPrivateKey.class);
        }
        return atbashKey.getKey();
    }

    private byte[] getD(BCEdDSAPrivateKey bCEdDSAPrivateKey) {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(bCEdDSAPrivateKey.getEncoded());
            Throwable th = null;
            try {
                try {
                    try {
                        DLSequence readObject = aSN1InputStream.readObject();
                        if (aSN1InputStream != null) {
                            if (0 != 0) {
                                try {
                                    aSN1InputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                aSN1InputStream.close();
                            }
                        }
                        DEROctetString objectAt = readObject.getObjectAt(2);
                        byte[] bArr = new byte[32];
                        System.arraycopy(objectAt.getOctets(), 2, bArr, 0, 32);
                        return bArr;
                    } catch (IOException e) {
                        throw new AtbashUnexpectedException(e);
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e2) {
            throw new AtbashUnexpectedException(e2);
        }
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSSigner
    public Base64URLValue sign(JWSHeader jWSHeader, byte[] bArr) {
        if (!JWSAlgorithm.EdDSA.equals(jWSHeader.getAlgorithm())) {
            throw new JOSEException("Ed25519Signer requires alg=EdDSA in JWSHeader");
        }
        this.signer.update(bArr, 0, bArr.length);
        byte[] generateSignature = this.signer.generateSignature();
        this.signer.reset();
        return Base64URLValue.encode(generateSignature);
    }
}
