package org.forgerock.jaspi.modules.openid.resolvers;

import java.nio.charset.Charset;
import org.forgerock.caf.authentication.framework.AuthenticationFramework;
import org.forgerock.jaspi.modules.openid.exceptions.InvalidSignatureException;
import org.forgerock.jaspi.modules.openid.exceptions.OpenIdConnectVerificationException;
import org.forgerock.json.jose.jws.SignedJwt;
import org.forgerock.json.jose.jws.SigningManager;

/* loaded from: input_file:org/forgerock/jaspi/modules/openid/resolvers/SharedSecretOpenIdResolverImpl.class */
public class SharedSecretOpenIdResolverImpl extends BaseOpenIdResolver {
    private final SigningManager signingManager;
    private final String sharedSecret;

    public SharedSecretOpenIdResolverImpl(String str, String str2) {
        super(str);
        this.signingManager = new SigningManager();
        if (str2 == null) {
            throw new IllegalArgumentException("sharedSecret must not be null.");
        }
        this.sharedSecret = str2;
    }

    @Override // org.forgerock.jaspi.modules.openid.resolvers.BaseOpenIdResolver, org.forgerock.jaspi.modules.openid.resolvers.OpenIdResolver
    public void validateIdentity(SignedJwt signedJwt) throws OpenIdConnectVerificationException {
        super.validateIdentity(signedJwt);
        verifySignature(signedJwt);
    }

    public void verifySignature(SignedJwt signedJwt) throws InvalidSignatureException {
        if (signedJwt.verify(this.signingManager.newHmacSigningHandler(this.sharedSecret.getBytes(Charset.forName("UTF-8"))))) {
            return;
        }
        AuthenticationFramework.LOG.debug("JWS signature not signed with supplied key");
        throw new InvalidSignatureException("JWS signature not signed with supplied key");
    }
}
