package org.forgerock.json.jose.jws.handlers;

import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.forgerock.json.jose.exceptions.JwsSigningException;
import org.forgerock.json.jose.jws.JwsAlgorithm;
import org.forgerock.json.jose.utils.Utils;
import org.forgerock.util.Reject;

/* loaded from: input_file:org/forgerock/json/jose/jws/handlers/HmacSigningHandler.class */
public class HmacSigningHandler implements SigningHandler {
    private final byte[] sharedSecret;

    public HmacSigningHandler(byte[] bArr) {
        Reject.ifNull(bArr, "Shared secret cannot be null.");
        this.sharedSecret = (byte[]) bArr.clone();
    }

    @Override // org.forgerock.json.jose.jws.handlers.SigningHandler
    public byte[] sign(JwsAlgorithm jwsAlgorithm, String str) {
        return signWithHMAC(jwsAlgorithm.getAlgorithm(), this.sharedSecret, str.getBytes(Utils.CHARSET));
    }

    @Override // org.forgerock.json.jose.jws.handlers.SigningHandler
    public byte[] sign(JwsAlgorithm jwsAlgorithm, byte[] bArr) {
        return signWithHMAC(jwsAlgorithm.getAlgorithm(), this.sharedSecret, bArr);
    }

    private byte[] signWithHMAC(String str, byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance(str);
            mac.init(new SecretKeySpec(bArr, str.toUpperCase()));
            return mac.doFinal(bArr2);
        } catch (InvalidKeyException e) {
            throw new JwsSigningException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new JwsSigningException("Unsupported Signing Algorithm, " + str, e2);
        }
    }

    @Override // org.forgerock.json.jose.jws.handlers.SigningHandler
    public boolean verify(JwsAlgorithm jwsAlgorithm, byte[] bArr, byte[] bArr2) {
        return MessageDigest.isEqual(signWithHMAC(jwsAlgorithm.getAlgorithm(), this.sharedSecret, bArr), bArr2);
    }
}
