package org.apache.cxf.rs.security.jose.jws;

import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.crypto.HmacUtils;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;

/* loaded from: input_file:org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.class */
public class HmacJwsSignatureVerifier implements JwsSignatureVerifier {
    private byte[] key;
    private AlgorithmParameterSpec hmacSpec;
    private String supportedAlgo;

    public HmacJwsSignatureVerifier(byte[] bArr) {
        this(bArr, (AlgorithmParameterSpec) null);
    }

    public HmacJwsSignatureVerifier(byte[] bArr, AlgorithmParameterSpec algorithmParameterSpec) {
        this(bArr, algorithmParameterSpec, null);
    }

    public HmacJwsSignatureVerifier(byte[] bArr, AlgorithmParameterSpec algorithmParameterSpec, String str) {
        this.key = bArr;
        this.hmacSpec = algorithmParameterSpec;
        this.supportedAlgo = str;
    }

    public HmacJwsSignatureVerifier(String str) {
        this(str, (String) null);
    }

    public HmacJwsSignatureVerifier(String str, String str2) {
        try {
            this.key = Base64UrlUtility.decode(str);
            this.supportedAlgo = str2;
        } catch (Base64Exception e) {
            throw new SecurityException();
        }
    }

    @Override // org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier
    public boolean verify(JwtHeaders jwtHeaders, String str, byte[] bArr) {
        return Arrays.equals(computeMac(jwtHeaders, str), bArr);
    }

    private byte[] computeMac(JwtHeaders jwtHeaders, String str) {
        return HmacUtils.computeHmac(this.key, Algorithm.toJavaName(checkAlgorithm(jwtHeaders.getAlgorithm())), this.hmacSpec, str);
    }

    protected String checkAlgorithm(String str) {
        if (str != null && Algorithm.isHmacSign(str) && (this.supportedAlgo == null || this.supportedAlgo.equals(str))) {
            return str;
        }
        throw new SecurityException();
    }
}
