package org.apache.cxf.rs.security.httpsignature;

import java.security.Key;
import java.security.Provider;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.rs.security.httpsignature.exception.DifferentAlgorithmsException;
import org.apache.cxf.rs.security.httpsignature.exception.InvalidDataToVerifySignatureException;
import org.apache.cxf.rs.security.httpsignature.exception.InvalidSignatureException;
import org.apache.cxf.rs.security.httpsignature.exception.InvalidSignatureHeaderException;
import org.apache.cxf.rs.security.httpsignature.provider.AlgorithmProvider;
import org.apache.cxf.rs.security.httpsignature.provider.PublicKeyProvider;
import org.apache.cxf.rs.security.httpsignature.provider.SecurityProvider;
import org.apache.cxf.rs.security.httpsignature.utils.SignatureHeaderUtils;
import org.tomitribe.auth.signatures.Signature;
import org.tomitribe.auth.signatures.Verifier;

/* loaded from: input_file:org/apache/cxf/rs/security/httpsignature/TomitribeSignatureValidator.class */
public class TomitribeSignatureValidator implements SignatureValidator {
    private static final Logger LOG = LogUtils.getL7dLogger(TomitribeSignatureValidator.class);

    @Override // org.apache.cxf.rs.security.httpsignature.SignatureValidator
    public void validate(Map<String, List<String>> map, AlgorithmProvider algorithmProvider, PublicKeyProvider publicKeyProvider, SecurityProvider securityProvider, String str, String str2) {
        Signature extractSignatureFromHeader = extractSignatureFromHeader(map.get("Signature").get(0));
        if (!algorithmProvider.getAlgorithmName(extractSignatureFromHeader.getKeyId()).equals(extractSignatureFromHeader.getAlgorithm().toString())) {
            throw new DifferentAlgorithmsException("signature algorithm from header and provided are different");
        }
        runVerifier(map, publicKeyProvider.getKey(extractSignatureFromHeader.getKeyId()), extractSignatureFromHeader, securityProvider.getProvider(extractSignatureFromHeader.getKeyId()), str, str2);
    }

    private static Signature extractSignatureFromHeader(String str) {
        try {
            return Signature.fromString(str);
        } catch (Exception e) {
            throw new InvalidSignatureHeaderException("failed to parse signature from header", e);
        }
    }

    private void runVerifier(Map<String, List<String>> map, Key key, Signature signature, Provider provider, String str, String str2) {
        Verifier verifier = new Verifier(key, signature, provider);
        LOG.fine("Starting signature validation");
        try {
            if (!verifier.verify(str, str2, SignatureHeaderUtils.mapHeaders(map))) {
                throw new InvalidSignatureException("signature is not valid");
            }
            LOG.fine("Finished signature validation");
        } catch (Exception e) {
            throw new InvalidDataToVerifySignatureException(e.getMessage(), e);
        }
    }
}
