package io.bspk.httpsig;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.factories.DefaultJWSSignerFactory;
import com.nimbusds.jose.crypto.impl.ECDSA;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyType;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import org.bouncycastle.jcajce.provider.digest.SHA256;
import org.bouncycastle.jcajce.provider.digest.SHA512;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/bspk/httpsig/HttpSign.class */
public class HttpSign {
    private static final Logger log = LoggerFactory.getLogger(HttpSign.class);
    private HttpSigAlgorithm alg;
    private JWK signingKey;

    public HttpSign(HttpSigAlgorithm httpSigAlgorithm, JWK jwk) {
        this.alg = httpSigAlgorithm;
        this.signingKey = jwk;
    }

    public byte[] sign(byte[] bArr) {
        try {
            if (this.alg.equals(HttpSigAlgorithm.RSAPSS)) {
                if (!this.signingKey.getKeyType().equals(KeyType.RSA)) {
                    return null;
                }
                PrivateKey privateKey = this.signingKey.toRSAKey().toPrivateKey();
                Signature signature = Signature.getInstance("RSASSA-PSS");
                signature.setParameter(new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 64, 1));
                byte[] digest = new SHA512.Digest().digest(bArr);
                signature.initSign(privateKey);
                signature.update(digest);
                return signature.sign();
            }
            if (this.alg.equals(HttpSigAlgorithm.RSA15)) {
                if (!this.signingKey.getKeyType().equals(KeyType.RSA)) {
                    return null;
                }
                PrivateKey privateKey2 = this.signingKey.toRSAKey().toPrivateKey();
                Signature signature2 = Signature.getInstance("SHA256withRSA");
                byte[] digest2 = new SHA256.Digest().digest(bArr);
                signature2.initSign(privateKey2);
                signature2.update(digest2);
                return signature2.sign();
            }
            if (this.alg.equals(HttpSigAlgorithm.HMAC)) {
                if (!this.signingKey.getKeyType().equals(KeyType.OCT)) {
                    return null;
                }
                SecretKey secretKey = this.signingKey.toOctetSequenceKey().toSecretKey();
                Mac mac = Mac.getInstance("HmacSHA256");
                mac.init(secretKey);
                mac.update(bArr);
                return mac.doFinal();
            }
            if (!this.alg.equals(HttpSigAlgorithm.ECDSA)) {
                if (this.alg.equals(HttpSigAlgorithm.JOSE)) {
                    return new DefaultJWSSignerFactory().createJWSSigner(this.signingKey).sign(new JWSHeader.Builder(new JWSAlgorithm(this.signingKey.getAlgorithm().getName())).build(), bArr).decode();
                }
                return null;
            }
            if (!this.signingKey.getKeyType().equals(KeyType.EC)) {
                return null;
            }
            PrivateKey privateKey3 = this.signingKey.toECKey().toPrivateKey();
            Signature signature3 = Signature.getInstance("SHA256withECDSA");
            byte[] digest3 = new SHA256.Digest().digest(bArr);
            signature3.initSign(privateKey3);
            signature3.update(digest3);
            return ECDSA.transcodeSignatureToConcat(signature3.sign(), 64);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | JOSEException e) {
            log.warn("Could not sign input", e);
            return null;
        }
    }
}
