package at.gv.egovernment.moa.id.protocols.oauth20.json;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;

import net.oauth.jsontoken.crypto.RsaSHA256Verifier;
import net.oauth.jsontoken.crypto.Verifier;

/**
 * A verifier that can verify signatures on byte arrays using a {@link PublicKey} and SHA-256. <br/>
 * This is something like a copy of the {@link RsaSHA256Verifier}.
 */
public class OAuth20SHA256Verifier implements Verifier {
	
	private final PublicKey verificationKey;
	private final Signature signer;
	
	/**
	 * Public Constructor.
	 * 
	 * @param verificationKey
	 *            the key used to verify the signature.
	 */
	public OAuth20SHA256Verifier(final PublicKey verificationKey) {
		this.verificationKey = verificationKey;
		
		try {
			this.signer = OAuth20SignatureUtil.findSignature(verificationKey).getSignatureInstance();
			this.signer.initVerify(verificationKey);
		}
		catch (InvalidKeyException e) {
			throw new IllegalStateException("key is invalid", e);
		}
		catch (NoSuchAlgorithmException e) {
			throw new IllegalStateException("Cannot get algorithm for the given private key", e);
		}
		catch (NoSuchProviderException e) {
			throw new IllegalStateException("Cannot get algorithm for the given private key", e);
		}
	}
	
	/*
	 * (non-Javadoc)
	 * @see net.oauth.jsontoken.crypto.Verifier#verifySignature(byte[], byte[])
	 */
	public void verifySignature(byte[] source, byte[] signature) throws SignatureException {
		try {
			signer.initVerify(verificationKey);
		}
		catch (InvalidKeyException e) {
			throw new RuntimeException("key someone become invalid since calling the constructor");
		}
		signer.update(source);
		if (!signer.verify(signature)) {
			throw new SignatureException("signature did not verify");
		}
	}
}