package org.pac4j.jwt.config.signature;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.security.KeyPair;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.util.CommonHelper;

/* loaded from: input_file:WEB-INF/lib/pac4j-jwt-2.1.0.jar:org/pac4j/jwt/config/signature/ECSignatureConfiguration.class */
public class ECSignatureConfiguration extends AbstractSignatureConfiguration {
    private ECPublicKey publicKey;
    private ECPrivateKey privateKey;

    public ECSignatureConfiguration() {
        this.algorithm = JWSAlgorithm.ES256;
    }

    public ECSignatureConfiguration(KeyPair keyPair) {
        this();
        setKeyPair(keyPair);
    }

    public ECSignatureConfiguration(KeyPair keyPair, JWSAlgorithm jWSAlgorithm) {
        setKeyPair(keyPair);
        this.algorithm = jWSAlgorithm;
    }

    @Override // org.pac4j.core.util.InitializableObject
    protected void internalInit() {
        CommonHelper.assertNotNull("algorithm", this.algorithm);
        if (!supports(this.algorithm)) {
            throw new TechnicalException("Only the ES256, ES384 and ES512 algorithms are supported for elliptic curve signature");
        }
    }

    @Override // org.pac4j.jwt.config.signature.SignatureConfiguration
    public boolean supports(JWSAlgorithm jWSAlgorithm) {
        return jWSAlgorithm != null && ECDSAVerifier.SUPPORTED_ALGORITHMS.contains(jWSAlgorithm);
    }

    @Override // org.pac4j.jwt.config.signature.SignatureConfiguration
    public SignedJWT sign(JWTClaimsSet jWTClaimsSet) {
        init();
        CommonHelper.assertNotNull("privateKey", this.privateKey);
        try {
            ECDSASigner eCDSASigner = new ECDSASigner(this.privateKey);
            SignedJWT signedJWT = new SignedJWT(new JWSHeader(this.algorithm), jWTClaimsSet);
            signedJWT.sign(eCDSASigner);
            return signedJWT;
        } catch (JOSEException e) {
            throw new TechnicalException(e);
        }
    }

    @Override // org.pac4j.jwt.config.signature.SignatureConfiguration
    public boolean verify(SignedJWT signedJWT) throws JOSEException {
        init();
        CommonHelper.assertNotNull("publicKey", this.publicKey);
        return signedJWT.verify(new ECDSAVerifier(this.publicKey));
    }

    public void setKeyPair(KeyPair keyPair) {
        CommonHelper.assertNotNull("keyPair", keyPair);
        this.privateKey = (ECPrivateKey) keyPair.getPrivate();
        this.publicKey = (ECPublicKey) keyPair.getPublic();
    }

    public ECPublicKey getPublicKey() {
        return this.publicKey;
    }

    public void setPublicKey(ECPublicKey eCPublicKey) {
        this.publicKey = eCPublicKey;
    }

    public ECPrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public void setPrivateKey(ECPrivateKey eCPrivateKey) {
        this.privateKey = eCPrivateKey;
    }

    public String toString() {
        return CommonHelper.toString(getClass(), JsonWebKeySet.JWK_SET_MEMBER_NAME, "[protected]", "algorithm", this.algorithm);
    }
}
