package org.keycloak.saml.processing.core.util;

import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Iterator;
import org.jboss.logging.Logger;
import org.keycloak.common.VerificationException;
import org.keycloak.rotation.KeyLocator;
import org.keycloak.saml.SignatureAlgorithm;

/* loaded from: input_file:org/keycloak/saml/processing/core/util/RedirectBindingSignatureUtil.class */
public class RedirectBindingSignatureUtil {
    private static final Logger log = Logger.getLogger(RedirectBindingSignatureUtil.class);

    private RedirectBindingSignatureUtil() {
    }

    public static boolean validateRedirectBindingSignature(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, KeyLocator keyLocator, String str) throws KeyManagementException, VerificationException {
        Key key;
        try {
            key = keyLocator.getKey(str);
        } catch (KeyManagementException e) {
        } catch (SignatureException e2) {
            log.debug("Verification failed for key %s: %s", str, e2);
            log.trace(e2);
        }
        if (key != null) {
            return validateRedirectBindingSignatureForKey(signatureAlgorithm, bArr, bArr2, key);
        }
        log.trace("Trying hard to validate XML signature using all available keys.");
        Iterator<Key> it = keyLocator.iterator();
        while (it.hasNext()) {
            try {
            } catch (SignatureException e3) {
                log.debug("Verification failed: %s", e3);
            }
            if (validateRedirectBindingSignatureForKey(signatureAlgorithm, bArr, bArr2, it.next())) {
                return true;
            }
        }
        return false;
    }

    public static boolean validateRedirectBindingSignatureForKey(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Key key) throws SignatureException {
        if (key == null) {
            return false;
        }
        if (!(key instanceof PublicKey)) {
            log.warnf("Unusable key for signature validation: %s", key);
            return false;
        }
        Signature createSignature = signatureAlgorithm.createSignature();
        try {
            createSignature.initVerify((PublicKey) key);
            createSignature.update(bArr);
            return createSignature.verify(bArr2);
        } catch (InvalidKeyException e) {
            log.warnf(e, "Unusable key for signature validation: %s", key);
            return false;
        }
    }
}
