package net.weta.components.communication.security;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import org.apache.log4j.Logger;

/* loaded from: input_file:ingrid-iplug-csw-dsc-5.8.9/lib/ingrid-communication-3.6.2.jar:net/weta/components/communication/security/SecurityUtil.class */
public class SecurityUtil {
    private static final Logger LOG = Logger.getLogger((Class<?>) SecurityUtil.class);
    public static final String SHA256_RSA = "SHA256WithRSAEncryption";
    private final JavaKeystore _javaKeystore;

    public SecurityUtil(JavaKeystore javaKeystore) {
        this._javaKeystore = javaKeystore;
    }

    public byte[] computeSignature(String str, byte[] bArr) throws SecurityException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("try to load private with alias: [" + str + "]");
        }
        PrivateKey privateKey = this._javaKeystore.getPrivateKey(str);
        if (privateKey == null) {
            throw new SecurityException("private key for alias [" + str + "] not found.", null);
        }
        return computeSignature(privateKey, bArr);
    }

    public boolean verifySignature(String str, byte[] bArr, byte[] bArr2) throws SecurityException {
        return verifySignature(this._javaKeystore.getX509Certificate(str), bArr, bArr2);
    }

    private byte[] computeSignature(PrivateKey privateKey, byte[] bArr) throws SecurityException {
        try {
            Signature signature = Signature.getInstance(SHA256_RSA);
            signature.initSign(privateKey);
            signature.update(bArr, 0, bArr.length);
            return signature.sign();
        } catch (InvalidKeyException e) {
            throw new SecurityException("invalid key", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SecurityException("no such algorithm", e2);
        } catch (SignatureException e3) {
            throw new SecurityException("signature fails", e3);
        }
    }

    private boolean verifySignature(X509Certificate x509Certificate, byte[] bArr, byte[] bArr2) throws SecurityException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        try {
            Signature signature = Signature.getInstance(SHA256_RSA);
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidKeyException e) {
            throw new SecurityException("invalid key", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SecurityException("no such algorithm", e2);
        } catch (SignatureException e3) {
            throw new SecurityException("signatur fails", e3);
        }
    }
}
