package io.fusionauth.jwt.ec;

import com.fasterxml.jackson.annotation.JsonProperty;
import io.fusionauth.jwt.InvalidKeyTypeException;
import io.fusionauth.jwt.JWTSigningException;
import io.fusionauth.jwt.MissingPrivateKeyException;
import io.fusionauth.jwt.Signer;
import io.fusionauth.jwt.domain.Algorithm;
import io.fusionauth.pem.domain.PEM;
import io.fusionauth.security.CryptoProvider;
import io.fusionauth.security.DefaultCryptoProvider;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPrivateKey;
import java.util.Objects;

/* loaded from: input_file:io/fusionauth/jwt/ec/ECSigner.class */
public class ECSigner implements Signer {
    private final Algorithm algorithm;
    private final String kid;
    private final ECPrivateKey privateKey;
    private final CryptoProvider cryptoProvider;

    private ECSigner(Algorithm algorithm, String str, String str2, CryptoProvider cryptoProvider) {
        Objects.requireNonNull(algorithm);
        Objects.requireNonNull(cryptoProvider);
        Objects.requireNonNull(str);
        this.algorithm = algorithm;
        this.cryptoProvider = cryptoProvider;
        this.kid = str2;
        PEM decode = PEM.decode(str);
        if (decode.privateKey == null) {
            throw new MissingPrivateKeyException("The provided PEM encoded string did not contain a private key.");
        }
        if (!(decode.privateKey instanceof ECPrivateKey)) {
            throw new InvalidKeyTypeException("Expecting an EC private key, but found " + decode.privateKey.getAlgorithm() + " / " + decode.privateKey.getFormat() + JsonProperty.USE_DEFAULT_NAME);
        }
        this.privateKey = (ECPrivateKey) decode.getPrivateKey();
    }

    public static ECSigner newSHA256Signer(String str, String str2) {
        return newSHA256Signer(str, str2, new DefaultCryptoProvider());
    }

    public static ECSigner newSHA256Signer(String str, String str2, CryptoProvider cryptoProvider) {
        return new ECSigner(Algorithm.ES256, str, str2, cryptoProvider);
    }

    public static ECSigner newSHA256Signer(String str) {
        return newSHA256Signer(str, new DefaultCryptoProvider());
    }

    public static ECSigner newSHA256Signer(String str, CryptoProvider cryptoProvider) {
        return newSHA256Signer(str, null, cryptoProvider);
    }

    public static ECSigner newSHA384Signer(String str, String str2) {
        return newSHA384Signer(str, str2, new DefaultCryptoProvider());
    }

    public static ECSigner newSHA384Signer(String str) {
        return newSHA384Signer(str, new DefaultCryptoProvider());
    }

    public static ECSigner newSHA384Signer(String str, String str2, CryptoProvider cryptoProvider) {
        return new ECSigner(Algorithm.ES384, str, str2, cryptoProvider);
    }

    public static ECSigner newSHA384Signer(String str, CryptoProvider cryptoProvider) {
        return newSHA384Signer(str, null, cryptoProvider);
    }

    public static ECSigner newSHA512Signer(String str, String str2) {
        return newSHA512Signer(str, str2, new DefaultCryptoProvider());
    }

    public static ECSigner newSHA512Signer(String str) {
        return newSHA512Signer(str, new DefaultCryptoProvider());
    }

    public static ECSigner newSHA512Signer(String str, String str2, CryptoProvider cryptoProvider) {
        return new ECSigner(Algorithm.ES512, str, str2, cryptoProvider);
    }

    public static ECSigner newSHA512Signer(String str, CryptoProvider cryptoProvider) {
        return newSHA512Signer(str, null, cryptoProvider);
    }

    @Override // io.fusionauth.jwt.Signer
    public Algorithm getAlgorithm() {
        return this.algorithm;
    }

    @Override // io.fusionauth.jwt.Signer
    public String getKid() {
        return this.kid;
    }

    @Override // io.fusionauth.jwt.Signer
    public byte[] sign(String str) {
        Objects.requireNonNull(str);
        try {
            Signature signatureInstance = this.cryptoProvider.getSignatureInstance(this.algorithm.getName());
            signatureInstance.initSign(this.privateKey);
            signatureInstance.update(str.getBytes(StandardCharsets.UTF_8));
            return new ECDSASignature(signatureInstance.sign()).derDecode(this.algorithm);
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new JWTSigningException("An unexpected exception occurred when attempting to sign the JWT", e);
        }
    }
}
