package org.keycloak.jose.jws.crypto;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.keycloak.common.util.Base64Url;
import org.keycloak.crypto.JavaAlgorithm;
import org.keycloak.jose.jws.Algorithm;
import org.keycloak.jose.jws.JWSInput;

/* loaded from: input_file:WEB-INF/lib/keycloak-client-common-synced-26.0.4.jar:org/keycloak/jose/jws/crypto/HMACProvider.class */
public class HMACProvider implements SignatureProvider {
    private static String getJavaAlgorithm(Algorithm algorithm) {
        switch (algorithm) {
            case HS256:
                return JavaAlgorithm.HS256;
            case HS384:
                return JavaAlgorithm.HS384;
            case HS512:
                return JavaAlgorithm.HS512;
            default:
                throw new IllegalArgumentException("Not a MAC Algorithm");
        }
    }

    private static Mac getMAC(Algorithm algorithm) {
        try {
            return Mac.getInstance(getJavaAlgorithm(algorithm));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Unsupported HMAC algorithm: " + e.getMessage(), e);
        }
    }

    public static byte[] sign(byte[] bArr, Algorithm algorithm, byte[] bArr2) {
        try {
            Mac mac = getMAC(algorithm);
            mac.init(new SecretKeySpec(bArr2, mac.getAlgorithm()));
            mac.update(bArr);
            return mac.doFinal();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] sign(byte[] bArr, Algorithm algorithm, SecretKey secretKey) {
        try {
            Mac mac = getMAC(algorithm);
            mac.init(secretKey);
            mac.update(bArr);
            return mac.doFinal();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static boolean verify(JWSInput jWSInput, SecretKey secretKey) {
        try {
            return MessageDigest.isEqual(sign(jWSInput.getEncodedSignatureInput().getBytes(StandardCharsets.UTF_8), jWSInput.getHeader().getAlgorithm(), secretKey), Base64Url.decode(jWSInput.getEncodedSignature()));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static boolean verify(JWSInput jWSInput, byte[] bArr) {
        try {
            return MessageDigest.isEqual(sign(jWSInput.getEncodedSignatureInput().getBytes(StandardCharsets.UTF_8), jWSInput.getHeader().getAlgorithm(), bArr), Base64Url.decode(jWSInput.getEncodedSignature()));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.keycloak.jose.jws.crypto.SignatureProvider
    public boolean verify(JWSInput jWSInput, String str) {
        return false;
    }
}
