package io.bspk.httpsig;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory;
import com.nimbusds.jose.crypto.impl.ECDSA;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyType;
import com.nimbusds.jose.jwk.OctetSequenceKey;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.Base64URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import org.bouncycastle.jcajce.provider.digest.SHA256;
import org.bouncycastle.jcajce.provider.digest.SHA512;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/bspk/httpsig/HttpVerify.class */
public class HttpVerify {
    private static final Logger log = LoggerFactory.getLogger(HttpVerify.class);
    private HttpSigAlgorithm alg;
    private JWK verifyKey;

    public HttpVerify(HttpSigAlgorithm httpSigAlgorithm, JWK jwk) {
        this.alg = httpSigAlgorithm;
        this.verifyKey = jwk;
    }

    public boolean verify(byte[] bArr, byte[] bArr2) {
        Key publicKey;
        try {
            if (this.alg.equals(HttpSigAlgorithm.RSAPSS)) {
                if (!this.verifyKey.getKeyType().equals(KeyType.RSA)) {
                    return false;
                }
                PublicKey publicKey2 = this.verifyKey.toRSAKey().toPublicKey();
                Signature signature = Signature.getInstance("RSASSA-PSS");
                signature.setParameter(new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 64, 1));
                byte[] digest = new SHA512.Digest().digest(bArr);
                signature.initVerify(publicKey2);
                signature.update(digest);
                return signature.verify(bArr2);
            }
            if (this.alg.equals(HttpSigAlgorithm.RSA15)) {
                if (!this.verifyKey.getKeyType().equals(KeyType.RSA)) {
                    return false;
                }
                PublicKey publicKey3 = this.verifyKey.toRSAKey().toPublicKey();
                Signature signature2 = Signature.getInstance("SHA256withRSA");
                byte[] digest2 = new SHA256.Digest().digest(bArr);
                signature2.initVerify(publicKey3);
                signature2.update(digest2);
                return signature2.verify(bArr2);
            }
            if (this.alg.equals(HttpSigAlgorithm.HMAC)) {
                if (!this.verifyKey.getKeyType().equals(KeyType.OCT)) {
                    return false;
                }
                SecretKey secretKey = this.verifyKey.toOctetSequenceKey().toSecretKey();
                Mac mac = Mac.getInstance("HmacSHA256");
                mac.init(secretKey);
                mac.update(bArr);
                return Arrays.equals(mac.doFinal(), bArr2);
            }
            if (this.alg.equals(HttpSigAlgorithm.ECDSA)) {
                if (!this.verifyKey.getKeyType().equals(KeyType.EC)) {
                    return false;
                }
                PublicKey publicKey4 = this.verifyKey.toECKey().toPublicKey();
                Signature signature3 = Signature.getInstance("SHA256withECDSA");
                byte[] digest3 = new SHA256.Digest().digest(bArr);
                signature3.initVerify(publicKey4);
                signature3.update(digest3);
                return signature3.verify(ECDSA.transcodeSignatureToDER(bArr2));
            }
            if (!this.alg.equals(HttpSigAlgorithm.JOSE)) {
                return false;
            }
            JWSHeader build = new JWSHeader.Builder(new JWSAlgorithm(this.verifyKey.getAlgorithm().getName())).build();
            if (this.verifyKey instanceof OctetSequenceKey) {
                publicKey = this.verifyKey.toOctetSequenceKey().toSecretKey();
            } else if (this.verifyKey instanceof RSAKey) {
                publicKey = this.verifyKey.toRSAKey().toPublicKey();
            } else {
                if (!(this.verifyKey instanceof ECKey)) {
                    log.warn("Unknown key type: " + this.verifyKey);
                    return false;
                }
                publicKey = this.verifyKey.toECKey().toPublicKey();
            }
            return new DefaultJWSVerifierFactory().createJWSVerifier(build, publicKey).verify(build, bArr, Base64URL.encode(bArr2));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | JOSEException e) {
            log.warn("Could not sign input", e);
            return false;
        }
    }
}
