package be.atbash.ee.security.octopus.nimbus.jose.crypto;

import be.atbash.ee.security.octopus.jwt.JWTValidationConstant;
import be.atbash.ee.security.octopus.nimbus.jose.JOSEException;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.AlgorithmSupportMessage;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.CriticalHeaderParamsDeferral;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.ECDSA;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.ECDSAProvider;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.utils.ECUtils;
import be.atbash.ee.security.octopus.nimbus.jwk.Curve;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSAlgorithm;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSHeader;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSVerifier;
import be.atbash.ee.security.octopus.nimbus.util.Base64URLValue;
import java.security.InvalidKeyException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPublicKey;
import java.util.Iterator;
import java.util.Set;
import org.slf4j.MDC;

/* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jose/crypto/ECDSAVerifier.class */
public class ECDSAVerifier extends ECDSAProvider implements JWSVerifier {
    private final CriticalHeaderParamsDeferral critPolicy;
    private final ECPublicKey publicKey;

    public ECDSAVerifier(ECPublicKey eCPublicKey) {
        this(eCPublicKey, null);
    }

    public ECDSAVerifier(ECPublicKey eCPublicKey, Set<String> set) {
        super(ECUtils.resolveAlgorithm(eCPublicKey));
        this.critPolicy = new CriticalHeaderParamsDeferral();
        this.publicKey = eCPublicKey;
        boolean z = false;
        Iterator<Curve> it = Curve.forJWSAlgorithm(supportedECDSAAlgorithm()).iterator();
        while (it.hasNext()) {
            if (ECUtils.isPointOnCurve(eCPublicKey, it.next().toECParameterSpec())) {
                z = true;
            }
        }
        if (!z) {
            throw new JOSEException("Curve / public key parameters mismatch");
        }
        this.critPolicy.setDeferredCriticalHeaderParams(set);
    }

    @Override // be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSVerifier
    public boolean verify(JWSHeader jWSHeader, byte[] bArr, Base64URLValue base64URLValue) {
        JWSAlgorithm algorithm = jWSHeader.getAlgorithm();
        if (!supportedJWSAlgorithms().contains(algorithm)) {
            MDC.put(JWTValidationConstant.JWT_VERIFICATION_FAIL_REASON, String.format("Signature algorithm specified in Header %s is not supported.", algorithm.getName()));
            throw new JOSEException(AlgorithmSupportMessage.unsupportedJWSAlgorithm(algorithm, supportedJWSAlgorithms()));
        }
        if (!this.critPolicy.headerPasses(jWSHeader)) {
            MDC.put(JWTValidationConstant.JWT_VERIFICATION_FAIL_REASON, "Verification failed due to 'crit' header parameter deferral policy");
            return false;
        }
        byte[] decode = base64URLValue.decode();
        try {
            ECDSA.ensureLegalSignature(decode, algorithm);
            try {
                byte[] transcodeSignatureToDER = ECDSA.transcodeSignatureToDER(decode);
                Signature signerAndVerifier = ECDSA.getSignerAndVerifier(algorithm);
                try {
                    signerAndVerifier.initVerify(this.publicKey);
                    signerAndVerifier.update(bArr);
                    return signerAndVerifier.verify(transcodeSignatureToDER);
                } catch (InvalidKeyException e) {
                    MDC.put(JWTValidationConstant.JWT_VERIFICATION_FAIL_REASON, "Selected Public EC key is not valid");
                    throw new JOSEException("Invalid EC public key: " + e.getMessage(), e);
                } catch (SignatureException e2) {
                    MDC.put(JWTValidationConstant.JWT_VERIFICATION_FAIL_REASON, "Signature verification failed with provided Public EC key");
                    return false;
                }
            } catch (JOSEException e3) {
                return false;
            }
        } catch (JOSEException e4) {
            return false;
        }
    }
}
