package org.pac4j.jwt.config.signature;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.security.KeyPair;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.util.CommonHelper;

/* loaded from: input_file:BOOT-INF/lib/pac4j-jwt-3.0.0-RC2.jar:org/pac4j/jwt/config/signature/RSASignatureConfiguration.class */
public class RSASignatureConfiguration extends AbstractSignatureConfiguration {
    private RSAPublicKey publicKey;
    private RSAPrivateKey privateKey;

    public RSASignatureConfiguration() {
        this.algorithm = JWSAlgorithm.RS256;
    }

    public RSASignatureConfiguration(KeyPair keyPair) {
        this();
        setKeyPair(keyPair);
    }

    public RSASignatureConfiguration(KeyPair keyPair, JWSAlgorithm jWSAlgorithm) {
        setKeyPair(keyPair);
        this.algorithm = jWSAlgorithm;
    }

    @Override // org.pac4j.core.util.InitializableObject
    protected void internalInit() {
        CommonHelper.assertNotNull("algorithm", this.algorithm);
        if (!supports(this.algorithm)) {
            throw new TechnicalException("Only the RS256, RS384, RS512, PS256, PS384 and PS512 algorithms are supported for RSA signature");
        }
    }

    @Override // org.pac4j.jwt.config.signature.SignatureConfiguration
    public boolean supports(JWSAlgorithm jWSAlgorithm) {
        return jWSAlgorithm != null && RSASSAVerifier.SUPPORTED_ALGORITHMS.contains(jWSAlgorithm);
    }

    @Override // org.pac4j.jwt.config.signature.SignatureConfiguration
    public SignedJWT sign(JWTClaimsSet jWTClaimsSet) {
        init();
        CommonHelper.assertNotNull("privateKey", this.privateKey);
        try {
            RSASSASigner rSASSASigner = new RSASSASigner(this.privateKey);
            SignedJWT signedJWT = new SignedJWT(new JWSHeader(this.algorithm), jWTClaimsSet);
            signedJWT.sign(rSASSASigner);
            return signedJWT;
        } catch (JOSEException e) {
            throw new TechnicalException(e);
        }
    }

    @Override // org.pac4j.jwt.config.signature.SignatureConfiguration
    public boolean verify(SignedJWT signedJWT) throws JOSEException {
        init();
        CommonHelper.assertNotNull("publicKey", this.publicKey);
        return signedJWT.verify(new RSASSAVerifier(this.publicKey));
    }

    public void setKeyPair(KeyPair keyPair) {
        CommonHelper.assertNotNull("keyPair", keyPair);
        this.privateKey = (RSAPrivateKey) keyPair.getPrivate();
        this.publicKey = (RSAPublicKey) keyPair.getPublic();
    }

    public RSAPublicKey getPublicKey() {
        return this.publicKey;
    }

    public void setPublicKey(RSAPublicKey rSAPublicKey) {
        this.publicKey = rSAPublicKey;
    }

    public RSAPrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public void setPrivateKey(RSAPrivateKey rSAPrivateKey) {
        this.privateKey = rSAPrivateKey;
    }

    public String toString() {
        return CommonHelper.toNiceString(getClass(), "keys", "[protected]", "algorithm", this.algorithm);
    }
}
