package com.predic8.membrane.core.interceptor.oauth2client.rf.token;

import com.predic8.membrane.core.transport.ssl.PEMSupport;
import java.io.IOException;
import java.security.Key;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.5.6.jar:com/predic8/membrane/core/interceptor/oauth2client/rf/token/JWSSigner.class */
public class JWSSigner {
    private final Key key;
    private final X509Certificate certificate;

    public JWSSigner(Object obj, String str) throws IOException {
        this.key = convertKey(obj);
        this.certificate = PEMSupport.getInstance().parseCertificate(str);
    }

    private Key convertKey(Object obj) {
        if (obj instanceof Key) {
            return (Key) obj;
        }
        if (obj instanceof KeyPair) {
            return ((KeyPair) obj).getPrivate();
        }
        throw new IllegalArgumentException("Unsupported PEM type " + obj.getClass());
    }

    public String generateSignedJWS(JwtClaims jwtClaims) throws JoseException {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jwtClaims.toJson());
        jsonWebSignature.setKey(this.key);
        jsonWebSignature.setX509CertSha1ThumbprintHeaderValue(this.certificate);
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        jsonWebSignature.setHeader("typ", "JWT");
        return jsonWebSignature.getCompactSerialization();
    }

    public String signToCompactSerialization(String str) throws JoseException {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(str);
        jsonWebSignature.setKey(this.key);
        jsonWebSignature.setX509CertSha1ThumbprintHeaderValue(this.certificate);
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        jsonWebSignature.setHeader("typ", "JWT");
        return jsonWebSignature.getCompactSerialization();
    }
}
