package de.bos_bremen.gov.autent.common;

import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import org.opensaml.security.crypto.JCAConstants;

/* loaded from: input_file:BOOT-INF/lib/autent-common-3.72.0.jar:de/bos_bremen/gov/autent/common/ParameterSignature.class */
public class ParameterSignature {
    public static final String SIGALG_ECDSA_SHA1 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
    public static final String SIGALG_ECDSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
    public static final String SIGALG_ECDSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384";
    public static final String SIGALG_ECDSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
    public static final String SIGALG_RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";

    @Deprecated
    public static final String SIGALG_RSA_SHA256_OLD_WRONG = "http://www.w3.org/2001/04/xmldsig-more/rsa-sha256";
    public static final String SIGALG_RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    private final Signature sig;
    private boolean dataSet;

    private ParameterSignature(X509Certificate x509Certificate, String str, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException {
        this.dataSet = false;
        if (!"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".equals(str) && !"http://www.w3.org/2001/04/xmldsig-more/rsa-sha256".equals(str) && !"http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(str) && !"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1".equals(str) && !"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256".equals(str) && !"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384".equals(str) && !"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512".equals(str)) {
            throw new NoSuchAlgorithmException("unsupported algorithm Uri " + str);
        }
        int i = 0;
        if (privateKey != null && privateKey.getAlgorithm().startsWith(JCAConstants.KEY_ALGO_EC)) {
            i = ((ECPrivateKey) privateKey).getParams().getCurve().getField().getFieldSize();
        } else if (x509Certificate != null && x509Certificate.getPublicKey().getAlgorithm().startsWith(JCAConstants.KEY_ALGO_EC)) {
            i = ((ECPublicKey) x509Certificate.getPublicKey()).getParams().getCurve().getField().getFieldSize();
        }
        if (i == 0) {
            if (!"http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(str) && !"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".equals(str) && !"http://www.w3.org/2001/04/xmldsig-more/rsa-sha256".equals(str)) {
                throw new InvalidKeyException("given key not supported with given algorithm Uri " + str);
            }
            this.sig = Signature.getInstance(("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".equals(str) || "http://www.w3.org/2001/04/xmldsig-more/rsa-sha256".equals(str)) ? "SHA256WithRSA" : "SHA1WithRSA");
        } else if (i == 160 && "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1".equals(str)) {
            this.sig = Signature.getInstance("SHA1WithECDSA");
        } else if (i == 256 && "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256".equals(str)) {
            this.sig = Signature.getInstance("SHA256WithECDSA");
        } else if (i == 384 && "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384".equals(str)) {
            this.sig = Signature.getInstance("SHA384WithECDSA");
        } else {
            if (i != 512 || !"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512".equals(str)) {
                throw new InvalidKeyException("given key not supported with given algorithm Uri " + str);
            }
            this.sig = Signature.getInstance("SHA512WithECDSA");
        }
        if (x509Certificate == null) {
            this.sig.initSign(privateKey);
        } else {
            this.sig.initVerify(x509Certificate.getPublicKey());
        }
    }

    public ParameterSignature(X509Certificate x509Certificate, String str) throws NoSuchAlgorithmException, InvalidKeyException {
        this(x509Certificate, str, null);
    }

    public ParameterSignature(PrivateKey privateKey, String str) throws NoSuchAlgorithmException, InvalidKeyException {
        this(null, str, privateKey);
    }

    public void setData(byte[] bArr, String str, String str2, String str3, String... strArr) throws SignatureException {
        if (this.dataSet) {
            throw new IllegalStateException("setDate may be called only once");
        }
        this.sig.update(bArr);
        try {
            this.sig.update(str.getBytes(Utils.ENCODING));
            this.sig.update(str2.getBytes(Utils.ENCODING));
            this.sig.update(str3.getBytes(Utils.ENCODING));
            for (String str4 : strArr) {
                this.sig.update(str4.getBytes(Utils.ENCODING));
            }
            this.dataSet = true;
        } catch (UnsupportedEncodingException e) {
            throw new SignatureException(e);
        }
    }

    public boolean verify(byte[] bArr) throws SignatureException {
        return this.sig.verify(bArr);
    }

    public byte[] sign() throws SignatureException {
        return this.sig.sign();
    }
}
