package io.micronaut.security.token.jwt.signature.rsa;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import io.micronaut.context.exceptions.ConfigurationException;
import io.micronaut.security.token.jwt.signature.AbstractSignatureConfiguration;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import javax.validation.constraints.NotNull;

/* loaded from: input_file:io/micronaut/security/token/jwt/signature/rsa/RSASignature.class */
public class RSASignature extends AbstractSignatureConfiguration {
    private RSAPublicKey publicKey;
    private RSAPrivateKey privateKey;

    public RSASignature(RSASignatureConfiguration rSASignatureConfiguration) {
        if (!supports(rSASignatureConfiguration.getJwsAlgorithm())) {
            throw new ConfigurationException(supportedAlgorithmsMessage());
        }
        this.algorithm = rSASignatureConfiguration.getJwsAlgorithm();
        this.publicKey = rSASignatureConfiguration.getPublicKey();
        this.privateKey = rSASignatureConfiguration.getPrivateKey();
    }

    @Override // io.micronaut.security.token.jwt.signature.SignatureConfiguration
    public String supportedAlgorithmsMessage() {
        return "Only the RS256, RS384, RS512, PS256, PS384 and PS512 algorithms are supported for RSA signature";
    }

    @Override // io.micronaut.security.token.jwt.signature.SignatureConfiguration
    public boolean supports(JWSAlgorithm jWSAlgorithm) {
        return jWSAlgorithm != null && RSASSAVerifier.SUPPORTED_ALGORITHMS.contains(jWSAlgorithm);
    }

    @Override // io.micronaut.security.token.jwt.signature.SignatureConfiguration
    public SignedJWT sign(JWTClaimsSet jWTClaimsSet) throws JOSEException {
        return signWithPrivateKey(jWTClaimsSet, this.privateKey);
    }

    private SignedJWT signWithPrivateKey(JWTClaimsSet jWTClaimsSet, @NotNull RSAPrivateKey rSAPrivateKey) throws JOSEException {
        RSASSASigner rSASSASigner = new RSASSASigner(rSAPrivateKey);
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(this.algorithm), jWTClaimsSet);
        signedJWT.sign(rSASSASigner);
        return signedJWT;
    }

    @Override // io.micronaut.security.token.jwt.signature.SignatureConfiguration
    public boolean verify(SignedJWT signedJWT) throws JOSEException {
        return verifyWithPublicKey(signedJWT, this.publicKey);
    }

    private boolean verifyWithPublicKey(SignedJWT signedJWT, @NotNull RSAPublicKey rSAPublicKey) throws JOSEException {
        return signedJWT.verify(new RSASSAVerifier(rSAPublicKey));
    }
}
