package io.fusionauth.jwt.hmac;

import io.fusionauth.jwt.InvalidJWTSignatureException;
import io.fusionauth.jwt.JWTVerifierException;
import io.fusionauth.jwt.Verifier;
import io.fusionauth.jwt.domain.Algorithm;
import io.fusionauth.security.CryptoProvider;
import io.fusionauth.security.DefaultCryptoProvider;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Objects;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:BOOT-INF/lib/fusionauth-jwt-5.0.0.jar:io/fusionauth/jwt/hmac/HMACVerifier.class */
public class HMACVerifier implements Verifier {
    private final byte[] secret;
    private final CryptoProvider cryptoProvider;

    private HMACVerifier(String str, CryptoProvider cryptoProvider) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(cryptoProvider);
        this.cryptoProvider = cryptoProvider;
        this.secret = str.getBytes(StandardCharsets.UTF_8);
    }

    private HMACVerifier(byte[] bArr, CryptoProvider cryptoProvider) {
        Objects.requireNonNull(bArr);
        Objects.requireNonNull(cryptoProvider);
        this.cryptoProvider = cryptoProvider;
        this.secret = bArr;
    }

    public static HMACVerifier newVerifier(String str) {
        return newVerifier(str, new DefaultCryptoProvider());
    }

    public static HMACVerifier newVerifier(Path path) {
        return newVerifier(path, new DefaultCryptoProvider());
    }

    public static HMACVerifier newVerifier(byte[] bArr) {
        return newVerifier(bArr, new DefaultCryptoProvider());
    }

    public static HMACVerifier newVerifier(String str, CryptoProvider cryptoProvider) {
        Objects.requireNonNull(str);
        return new HMACVerifier(str, cryptoProvider);
    }

    public static HMACVerifier newVerifier(Path path, CryptoProvider cryptoProvider) {
        Objects.requireNonNull(path);
        try {
            return new HMACVerifier(Files.readAllBytes(path), cryptoProvider);
        } catch (IOException e) {
            throw new JWTVerifierException("Unable to read the file from path [" + path.toAbsolutePath().toString() + "]", e);
        }
    }

    public static HMACVerifier newVerifier(byte[] bArr, CryptoProvider cryptoProvider) {
        Objects.requireNonNull(bArr);
        return new HMACVerifier(bArr, cryptoProvider);
    }

    @Override // io.fusionauth.jwt.Verifier
    public boolean canVerify(Algorithm algorithm) {
        switch (algorithm) {
            case HS256:
            case HS384:
            case HS512:
                return true;
            default:
                return false;
        }
    }

    @Override // io.fusionauth.jwt.Verifier
    public void verify(Algorithm algorithm, byte[] bArr, byte[] bArr2) {
        Objects.requireNonNull(algorithm);
        Objects.requireNonNull(bArr);
        Objects.requireNonNull(bArr2);
        try {
            Mac macInstance = this.cryptoProvider.getMacInstance(algorithm.getName());
            macInstance.init(new SecretKeySpec(this.secret, algorithm.getName()));
            if (MessageDigest.isEqual(bArr2, macInstance.doFinal(bArr))) {
            } else {
                throw new InvalidJWTSignatureException();
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new JWTVerifierException("An unexpected exception occurred when attempting to verify the JWT", e);
        }
    }
}
