package org.eclipse.milo.opcua.stack.core.util;

import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.milo.opcua.stack.core.StatusCodes;
import org.eclipse.milo.opcua.stack.core.UaException;
import org.eclipse.milo.opcua.stack.core.security.SecurityAlgorithm;

/* loaded from: input_file:org/eclipse/milo/opcua/stack/core/util/SignatureUtil.class */
public class SignatureUtil {
    private static final ThreadLocal<Map<String, Mac>> MAC_INSTANCES = new ThreadLocal<>();

    public static byte[] sign(SecurityAlgorithm securityAlgorithm, PrivateKey privateKey, ByteBuffer... byteBufferArr) throws UaException {
        try {
            Signature signature = Signature.getInstance(securityAlgorithm.getTransformation());
            signature.initSign(privateKey);
            for (ByteBuffer byteBuffer : byteBufferArr) {
                signature.update(byteBuffer);
            }
            return signature.sign();
        } catch (GeneralSecurityException e) {
            throw new UaException(StatusCodes.Bad_InternalError, e);
        }
    }

    public static void verify(SecurityAlgorithm securityAlgorithm, X509Certificate x509Certificate, byte[] bArr, byte[] bArr2) throws UaException {
        try {
            Signature signature = Signature.getInstance(securityAlgorithm.getTransformation());
            signature.initVerify(x509Certificate);
            signature.update(bArr);
            if (signature.verify(bArr2)) {
            } else {
                throw new UaException(StatusCodes.Bad_SecurityChecksFailed, "could not verify signature");
            }
        } catch (InvalidKeyException e) {
            throw new UaException(StatusCodes.Bad_SecurityChecksFailed, e);
        } catch (NoSuchAlgorithmException | SignatureException e2) {
            throw new UaException(StatusCodes.Bad_InternalError, e2);
        }
    }

    public static byte[] hmac(SecurityAlgorithm securityAlgorithm, byte[] bArr, ByteBuffer... byteBufferArr) throws UaException {
        String transformation = securityAlgorithm.getTransformation();
        try {
            Mac macInstance = getMacInstance(transformation);
            macInstance.init(new SecretKeySpec(bArr, transformation));
            for (ByteBuffer byteBuffer : byteBufferArr) {
                macInstance.update(byteBuffer);
            }
            return macInstance.doFinal();
        } catch (NoSuchAlgorithmException e) {
            throw new UaException(StatusCodes.Bad_InternalError, e);
        } catch (GeneralSecurityException e2) {
            throw new UaException(StatusCodes.Bad_SecurityChecksFailed, e2);
        }
    }

    private static Mac getMacInstance(String str) throws NoSuchAlgorithmException {
        Map<String, Mac> map = MAC_INSTANCES.get();
        if (map == null) {
            map = new HashMap();
            MAC_INSTANCES.set(map);
        }
        Mac mac = map.get(str);
        if (mac == null) {
            mac = Mac.getInstance(str);
            map.put(str, mac);
        }
        return mac;
    }
}
