package at.gv.egovernment.moa.id.protocols.oauth20.json;

import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.logging.Logger;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import org.apache.commons.lang.StringUtils;
import org.opensaml.xml.security.x509.BasicX509Credential;

/* loaded from: input_file:at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.class */
public final class OAuth20SignatureUtil {
    private OAuth20SignatureUtil() {
        throw new InstantiationError();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OAuthSignatureAlgorithm findSignature(PrivateKey privateKey) {
        Logger.debug("OAuth - Looking for signature for key " + privateKey.getClass());
        if (privateKey instanceof RSAPrivateKey) {
            Logger.debug("OAuth - going to uses SHA256withRSA signature");
            return OAuthSignatureAlgorithm.RS256;
        }
        if (privateKey instanceof ECPrivateKey) {
            Logger.debug("OAuth - going to uses SHA256withECDSA signature");
            return OAuthSignatureAlgorithm.ECDSA256;
        }
        if (!(privateKey instanceof iaik.security.ec.common.ECPrivateKey)) {
            throw new IllegalStateException("Cannot find an alorithm for the given private key");
        }
        Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik");
        return OAuthSignatureAlgorithm.ECDSA256_IAKIK;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OAuthSignatureAlgorithm findSignature(PublicKey publicKey) {
        if (publicKey instanceof RSAPublicKey) {
            Logger.debug("OAuth - going to uses SHA256withRSA signature");
            return OAuthSignatureAlgorithm.RS256;
        }
        if (publicKey instanceof ECPublicKey) {
            Logger.debug("OAuth - going to uses SHA256withECDSA signature");
            return OAuthSignatureAlgorithm.ECDSA256;
        }
        if (!(publicKey instanceof iaik.security.ec.common.ECPublicKey)) {
            throw new IllegalStateException("Cannot find an alorithm for the given private key");
        }
        Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik");
        return OAuthSignatureAlgorithm.ECDSA256_IAKIK;
    }

    public static OAuthSigner loadSigner(String str) throws OAuth20Exception {
        OAuth20Configuration oAuth20Configuration = OAuth20Configuration.getInstance();
        if (StringUtils.isEmpty(oAuth20Configuration.getJWTKeyStore())) {
            throw new OAuth20CertificateErrorException("keystore");
        }
        if (StringUtils.isEmpty(oAuth20Configuration.getJWTKeyName())) {
            throw new OAuth20CertificateErrorException("key name");
        }
        try {
            KeyStore loadKeyStore = KeyStoreUtils.loadKeyStore(oAuth20Configuration.getJWTKeyStore(), oAuth20Configuration.getJWTKeyStorePassword());
            X509Certificate x509Certificate = (X509Certificate) loadKeyStore.getCertificate(oAuth20Configuration.getJWTKeyName());
            PrivateKey privateKey = (PrivateKey) loadKeyStore.getKey(oAuth20Configuration.getJWTKeyName(), oAuth20Configuration.getJWTKeyPassword().toCharArray());
            BasicX509Credential basicX509Credential = new BasicX509Credential();
            basicX509Credential.setEntityCertificate(x509Certificate);
            basicX509Credential.setPrivateKey(privateKey);
            return new OAuth20SHA256Signer(str, oAuth20Configuration.getJWTKeyName(), basicX509Credential.getPrivateKey());
        } catch (Exception e) {
            Logger.error(e.getMessage(), e);
            throw new OAuth20CertificateErrorException("keystore");
        }
    }
}
