package org.apache.syncope.core.spring.security.jws;

import java.security.KeyFactory;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsVerificationSignature;
import org.apache.cxf.rs.security.jose.jws.PublicKeyJwsSignatureVerifier;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.crypto.codec.Base64;

/* loaded from: input_file:org/apache/syncope/core/spring/security/jws/AccessTokenJwsSignatureVerifier.class */
public class AccessTokenJwsSignatureVerifier implements JwsSignatureVerifier, InitializingBean {
    private SignatureAlgorithm jwsAlgorithm;
    private String jwsKey;
    private JwsSignatureVerifier delegate;

    public void setJwsAlgorithm(SignatureAlgorithm signatureAlgorithm) {
        this.jwsAlgorithm = signatureAlgorithm;
    }

    public void setJwsKey(String str) {
        this.jwsKey = str;
    }

    public void afterPropertiesSet() throws Exception {
        if (this.jwsAlgorithm == null) {
            throw new IllegalArgumentException("An instance of " + SignatureAlgorithm.class + " is required");
        }
        if (!SignatureAlgorithm.isPublicKeyAlgorithm(this.jwsAlgorithm)) {
            if (this.jwsKey == null) {
                throw new IllegalArgumentException("A shared key is required");
            }
            this.delegate = new HmacJwsSignatureVerifier(this.jwsKey.getBytes(), this.jwsAlgorithm);
        } else {
            if (!this.jwsAlgorithm.getJwaName().startsWith("RS")) {
                throw new IllegalArgumentException(this.jwsAlgorithm.getJavaName() + " not supported.");
            }
            if (this.jwsKey == null || this.jwsKey.indexOf(58) == -1) {
                throw new IllegalArgumentException("A key pair is required, in the 'private:public' format");
            }
            this.delegate = new PublicKeyJwsSignatureVerifier(KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(StringUtils.substringAfter(this.jwsKey, ":").getBytes()))), this.jwsAlgorithm);
        }
    }

    public SignatureAlgorithm getAlgorithm() {
        return this.delegate.getAlgorithm();
    }

    public boolean verify(JwsHeaders jwsHeaders, String str, byte[] bArr) {
        return this.delegate.verify(jwsHeaders, str, bArr);
    }

    public JwsVerificationSignature createJwsVerificationSignature(JwsHeaders jwsHeaders) {
        return this.delegate.createJwsVerificationSignature(jwsHeaders);
    }
}
