package com.gu.identity.signing;

import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import scala.MatchError;
import scala.Option;
import scala.Option$;
import scala.Tuple2;
import scala.reflect.ScalaSignature;

/* compiled from: DsaService.scala */
@ScalaSignature(bytes = "\u0006\u0001U4Q!\u0001\u0002\u0001\t)\u0011!\u0002R:b'\u0016\u0014h/[2f\u0015\t\u0019A!A\u0004tS\u001et\u0017N\\4\u000b\u0005\u00151\u0011\u0001C5eK:$\u0018\u000e^=\u000b\u0005\u001dA\u0011AA4v\u0015\u0005I\u0011aA2p[N\u0019\u0001aC\t\u0011\u00051yQ\"A\u0007\u000b\u00039\tQa]2bY\u0006L!\u0001E\u0007\u0003\r\u0005s\u0017PU3g!\t\u00112#D\u0001\u0003\u0013\t!\"A\u0001\tTS\u001et\u0017\r^;sK\"\u000bg\u000e\u001a7fe\"Aa\u0003\u0001B\u0001B\u0003%\u0001$\u0001\bqk\nd\u0017nY&fsZ\u000bG.^3\u0004\u0001A\u0019A\"G\u000e\n\u0005ii!AB(qi&|g\u000e\u0005\u0002\u001dG9\u0011Q$\t\t\u0003=5i\u0011a\b\u0006\u0003A]\ta\u0001\u0010:p_Rt\u0014B\u0001\u0012\u000e\u0003\u0019\u0001&/\u001a3fM&\u0011A%\n\u0002\u0007'R\u0014\u0018N\\4\u000b\u0005\tj\u0001\u0002C\u0014\u0001\u0005\u0003\u0005\u000b\u0011\u0002\r\u0002\u001fA\u0014\u0018N^1uK.+\u0017PV1mk\u0016DQ!\u000b\u0001\u0005\u0002)\na\u0001P5oSRtDcA\u0016-[A\u0011!\u0003\u0001\u0005\u0006-!\u0002\r\u0001\u0007\u0005\u0006O!\u0002\r\u0001\u0007\u0005\u0006S\u0001!\ta\f\u000b\u0004WA\n\u0004\"\u0002\f/\u0001\u0004Y\u0002\"B\u0014/\u0001\u0004Y\u0002bB\u001a\u0001\u0005\u0004%\t\u0001N\u0001\u0013g&<g.\u0019;ve\u0016\fEnZ8sSRDW.F\u0001\u001c\u0011\u00191\u0004\u0001)A\u00057\u0005\u00192/[4oCR,(/Z!mO>\u0014\u0018\u000e\u001e5nA!Q\u0001\b\u0001I\u0001\u0002\u0007\u0005\u000b\u0011B\u001d\u0002\u0007a$\u0013\u0007\u0005\u0003\ruq*\u0015BA\u001e\u000e\u0005\u0019!V\u000f\u001d7feA\u0019A\"G\u001f\u0011\u0005y\u001aU\"A \u000b\u0005\u0001\u000b\u0015\u0001C:fGV\u0014\u0018\u000e^=\u000b\u0003\t\u000bAA[1wC&\u0011Ai\u0010\u0002\n!V\u0014G.[2LKf\u00042\u0001D\rG!\tqt)\u0003\u0002I\u007f\tQ\u0001K]5wCR,7*Z=\t\u000f)\u0003!\u0019!C\u0005\u0017\u0006I\u0001/\u001e2mS\u000e\\U-_\u000b\u0002y!1Q\n\u0001Q\u0001\nq\n!\u0002];cY&\u001c7*Z=!\u0011\u001dy\u0005A1A\u0005\nA\u000b!\u0002\u001d:jm\u0006$XmS3z+\u0005)\u0005B\u0002*\u0001A\u0003%Q)A\u0006qe&4\u0018\r^3LKf\u0004\u0003\"\u0002+\u0001\t\u0003*\u0016\u0001D4fiNKwM\\1ukJ,GC\u0001,]!\raq+W\u0005\u000316\u0011Q!\u0011:sCf\u0004\"\u0001\u0004.\n\u0005mk!\u0001\u0002\"zi\u0016DQ!X*A\u0002Y\u000bA\u0001Z1uC\")q\f\u0001C!A\u0006ya/\u001a:jMf\u001c\u0016n\u001a8biV\u0014X\rF\u0002bI\u0016\u0004\"\u0001\u00042\n\u0005\rl!a\u0002\"p_2,\u0017M\u001c\u0005\u0006;z\u0003\rA\u0016\u0005\u0006Mz\u0003\rAV\u0001\ng&<g.\u0019;ve\u0016DQ\u0001\u001b\u0001\u0005\u0002%\fqeZ3oKJ\fG/Z+sYN\u000bg-\u001a\"bg\u00164DgU5h]\u0006$XO]3G_J\u001cFO]5oOR\u0011!n\u001c\t\u0003W:l\u0011\u0001\u001c\u0006\u0003[\u0006\u000bA\u0001\\1oO&\u0011A\u0005\u001c\u0005\u0006;\u001e\u0004\ra\u0007\u0005\u0006c\u0002!\tA]\u0001 m\u0016\u0014\u0018NZ=TiJLgnZ,ji\"\u0014\u0015m]37iMKwM\\1ukJ,GcA1ti\")Q\f\u001da\u00017!)a\r\u001da\u00017\u0001")
/* loaded from: input_file:com/gu/identity/signing/DsaService.class */
public class DsaService implements SignatureHandler {
    private final String signatureAlgorithm;
    private final /* synthetic */ Tuple2 x$1;
    private final Option<PublicKey> publicKey;
    private final Option<PrivateKey> privateKey;

    public String signatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    private Option<PublicKey> publicKey() {
        return this.publicKey;
    }

    private Option<PrivateKey> privateKey() {
        return this.privateKey;
    }

    @Override // com.gu.identity.signing.SignatureHandler
    public byte[] getSignature(byte[] bArr) {
        Signature signature = Signature.getInstance(signatureAlgorithm(), "BC");
        signature.initSign((PrivateKey) privateKey().get());
        signature.update(bArr);
        return signature.sign();
    }

    @Override // com.gu.identity.signing.SignatureHandler
    public boolean verifySignature(byte[] bArr, byte[] bArr2) {
        Signature signature = Signature.getInstance(signatureAlgorithm(), "BC");
        signature.initVerify((PublicKey) publicKey().get());
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public String generateUrlSafeBase64SignatureForString(String str) {
        return Base64.encodeBase64URLSafeString(getSignature(str.getBytes("UTF-8")));
    }

    public boolean verifyStringWithBase64Signature(String str, String str2) {
        return verifySignature(str.getBytes("UTF-8"), Base64.decodeBase64(str2.getBytes()));
    }

    public DsaService(Option<String> option, Option<String> option2) {
        Security.addProvider(new BouncyCastleProvider());
        this.signatureAlgorithm = "SHA256withDSA";
        KeyFactory keyFactory = KeyFactory.getInstance("DSA");
        Tuple2 tuple2 = new Tuple2(option.map(str -> {
            return keyFactory.generatePublic(new X509EncodedKeySpec(Base64.decodeBase64(str)));
        }), option2.map(str2 -> {
            return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(str2)));
        }));
        if (tuple2 == null) {
            throw new MatchError(tuple2);
        }
        this.x$1 = new Tuple2((Option) tuple2._1(), (Option) tuple2._2());
        this.publicKey = (Option) this.x$1._1();
        this.privateKey = (Option) this.x$1._2();
    }

    public DsaService(String str, String str2) {
        this((Option<String>) Option$.MODULE$.apply(str), (Option<String>) Option$.MODULE$.apply(str2));
    }
}
