package com.adobe.granite.oauth.jwt.impl;

import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.crypto.CryptoSupport;
import com.adobe.granite.oauth.jwt.JwtConstants;
import org.apache.commons.codec.binary.Base64;
import org.apache.oltu.commons.encodedtoken.TokenDecoder;
import org.apache.oltu.jose.jws.signature.SignatureMethod;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/oauth/jwt/impl/RSASignatureMethodImpl.class */
public class RSASignatureMethodImpl implements SignatureMethod<PrivateKey, PublicKey> {
    private final Logger logger = LoggerFactory.getLogger(RSASignatureMethodImpl.class);
    private CryptoSupport cryptoSupport;
    private String algorithm;

    public RSASignatureMethodImpl(CryptoSupport cryptoSupport, String str) {
        this.cryptoSupport = cryptoSupport;
        this.algorithm = str;
    }

    public String calculate(String str, String str2, PrivateKey privateKey) {
        this.logger.debug("calculate signature for header {} and payload {}", str, str2);
        StringBuilder sb = new StringBuilder();
        sb.append(str).append(".").append(str2);
        try {
            return TokenDecoder.base64Encode(this.cryptoSupport.sign(sb.toString().getBytes(), privateKey.getPrivateKey(), getAlgorithmInternal()));
        } catch (CryptoException e) {
            throw new RuntimeException("failed while calculating the signature", e);
        }
    }

    public boolean verify(String str, String str2, String str3, PublicKey publicKey) {
        this.logger.debug("verify signature for header {} and payload {}", str2, str3);
        try {
            return this.cryptoSupport.verify((str2 + "." + str3).getBytes(), decode(str), publicKey.getPublicKey(), getAlgorithmInternal());
        } catch (CryptoException e) {
            this.logger.warn("verify: failed while validating the signature", e);
            return false;
        }
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    private String getAlgorithmInternal() {
        String str = null;
        if (JwtConstants.RS256.equals(this.algorithm)) {
            str = "SHA256withRSA";
        } else if (JwtConstants.RS384.equals(this.algorithm)) {
            str = "SHA384withRSA";
        } else if (JwtConstants.RS512.equals(this.algorithm)) {
            str = "SHA512withRSA";
        }
        return str;
    }

    private static byte[] decode(String str) throws CryptoException {
        String replace = str.replace('-', '+').replace('_', '/');
        switch (replace.length() % 4) {
            case 0:
                break;
            case 1:
            default:
                throw new CryptoException("Illegal base64url string!");
            case 2:
                replace = replace + "==";
                break;
            case 3:
                replace = replace + "=";
                break;
        }
        return new Base64(-1, new byte[0], true).decode(replace);
    }
}
