package org.eclipse.edc.security.signature.jws2020;

import com.apicatalog.ld.signature.KeyGenError;
import com.apicatalog.ld.signature.SigningError;
import com.apicatalog.ld.signature.VerificationError;
import com.apicatalog.ld.signature.algorithm.SignatureAlgorithm;
import com.apicatalog.ld.signature.key.KeyPair;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.OctetKeyPair;
import com.nimbusds.jose.jwk.RSAKey;
import java.text.ParseException;
import java.util.Collections;
import org.eclipse.edc.security.token.jwt.CryptoConverter;
import org.eclipse.edc.spi.EdcException;

/* loaded from: input_file:org/eclipse/edc/security/signature/jws2020/Jws2020SignatureProvider.class */
class Jws2020SignatureProvider implements SignatureAlgorithm {
    public void verify(byte[] bArr, byte[] bArr2, byte[] bArr3) throws VerificationError {
        try {
            JWK deserialize = deserialize(bArr);
            if (deserialize == null) {
                throw new UnsupportedOperationException("Cannot deserialize public key, expected JWK format");
            }
            if (!JWSObject.parse(new String(bArr2), new Payload(bArr3)).verify(CryptoConverter.createVerifier(deserialize))) {
                throw new VerificationError(VerificationError.Code.InvalidSignature);
            }
        } catch (JOSEException | ParseException e) {
            throw new VerificationError(VerificationError.Code.InvalidSignature, e);
        }
    }

    public byte[] sign(byte[] bArr, byte[] bArr2) throws SigningError {
        try {
            JWK deserialize = deserialize(bArr);
            if (deserialize == null) {
                throw new UnsupportedOperationException("Cannot deserialize key pair, expected JWK format");
            }
            JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(from(deserialize)).base64URLEncodePayload(false).criticalParams(Collections.singleton("b64")).build(), new Payload(bArr2));
            jWSObject.sign(CryptoConverter.createSigner(deserialize));
            return jWSObject.serialize(true).getBytes();
        } catch (JOSEException e) {
            throw new SigningError(SigningError.Code.UnsupportedCryptoSuite, e);
        }
    }

    public KeyPair keygen(int i) throws KeyGenError {
        return null;
    }

    private JWSAlgorithm from(JWK jwk) {
        if (jwk instanceof ECKey) {
            ECKey eCKey = (ECKey) jwk;
            return (JWSAlgorithm) JWSAlgorithm.Family.EC.stream().filter(jWSAlgorithm -> {
                return Curve.forJWSAlgorithm(jWSAlgorithm).contains(eCKey.getCurve());
            }).findFirst().orElseThrow(() -> {
                return new EdcException("Could not determine JWSAlgorithm for Curve " + eCKey.getCurve());
            });
        }
        if (jwk instanceof OctetKeyPair) {
            OctetKeyPair octetKeyPair = (OctetKeyPair) jwk;
            return (JWSAlgorithm) JWSAlgorithm.Family.ED.stream().filter(jWSAlgorithm2 -> {
                return Curve.forJWSAlgorithm(jWSAlgorithm2).contains(octetKeyPair.getCurve());
            }).findFirst().orElseThrow(() -> {
                return new EdcException("Could not determine JWSAlgorithm for Curve " + octetKeyPair.getCurve());
            });
        }
        if (jwk instanceof RSAKey) {
            return JWSAlgorithm.RS512;
        }
        return null;
    }

    private JWK deserialize(byte[] bArr) {
        try {
            return JWK.parse(new String(bArr));
        } catch (ParseException e) {
            throw new RuntimeException(e);
        }
    }
}
