package io.fusionauth.jwt.rsa;

import io.fusionauth.jwt.InvalidKeyLengthException;
import io.fusionauth.jwt.JWTSigningException;
import io.fusionauth.jwt.MissingPrivateKeyException;
import io.fusionauth.jwt.Signer;
import io.fusionauth.jwt.domain.Algorithm;
import io.fusionauth.pem.domain.PEM;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
import java.util.Objects;

/* loaded from: input_file:io/fusionauth/jwt/rsa/RSASigner.class */
public class RSASigner implements Signer {
    private final Algorithm algorithm;
    private RSAPrivateKey privateKey;

    private RSASigner(Algorithm algorithm, String str) {
        Objects.requireNonNull(algorithm);
        Objects.requireNonNull(str);
        this.algorithm = algorithm;
        PEM decode = PEM.decode(str);
        if (decode.privateKey == null) {
            throw new MissingPrivateKeyException("The provided PEM encoded string did not contain a private key.");
        }
        this.privateKey = (RSAPrivateKey) decode.getPrivateKey();
        int bitLength = this.privateKey.getModulus().bitLength();
        if (bitLength < 2048) {
            throw new InvalidKeyLengthException("Key length of [" + bitLength + "] is less than the required key length of 2048 bits.");
        }
    }

    public static RSASigner newSHA256Signer(String str) {
        return new RSASigner(Algorithm.RS256, str);
    }

    public static RSASigner newSHA384Signer(String str) {
        return new RSASigner(Algorithm.RS384, str);
    }

    public static RSASigner newSHA512Signer(String str) {
        return new RSASigner(Algorithm.RS512, str);
    }

    @Override // io.fusionauth.jwt.Signer
    public Algorithm getAlgorithm() {
        return this.algorithm;
    }

    @Override // io.fusionauth.jwt.Signer
    public byte[] sign(String str) {
        Objects.requireNonNull(str);
        try {
            Signature signature = Signature.getInstance(this.algorithm.getName());
            signature.initSign(this.privateKey);
            signature.update(str.getBytes(StandardCharsets.UTF_8));
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new JWTSigningException("An unexpected exception occurred when attempting to sign the JWT", e);
        }
    }
}
