package org.gluu.oxauth.fido2.service;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.gluu.oxauth.fido2.exception.Fido2RPRuntimeException;
import org.gluu.oxauth.model.util.SecurityProviderUtility;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/service/SignatureValidator.class */
public class SignatureValidator {

    @Inject
    private Logger log;

    public void verifySignature(byte[] bArr, byte[] bArr2, PublicKey publicKey, int i) {
        try {
            Signature signatureChecker = getSignatureChecker(i);
            signatureChecker.initVerify(publicKey);
            signatureChecker.update(bArr2);
            if (signatureChecker.verify(bArr)) {
            } else {
                throw new Fido2RPRuntimeException("Unable to verify signature");
            }
        } catch (IllegalArgumentException | InvalidKeyException | SignatureException e) {
            this.log.error("Can't verify the signature ", e);
            throw new Fido2RPRuntimeException("Can't verify the signature");
        }
    }

    public Signature getSignatureChecker(int i) {
        BouncyCastleProvider securityProviderUtility = SecurityProviderUtility.getInstance();
        try {
            switch (i) {
                case -65535:
                    return Signature.getInstance("SHA1withRSA", (Provider) securityProviderUtility);
                case -259:
                    return Signature.getInstance("SHA512withRSA", (Provider) securityProviderUtility);
                case -258:
                    return Signature.getInstance("SHA384withRSA", (Provider) securityProviderUtility);
                case -257:
                    return Signature.getInstance("SHA256withRSA");
                case -39:
                    Signature signature = Signature.getInstance("SHA512withRSA/PSS", (Provider) securityProviderUtility);
                    signature.setParameter(new PSSParameterSpec("SHA-512", "MGF1", new MGF1ParameterSpec("SHA-512"), 32, 1));
                    return signature;
                case -38:
                    Signature signature2 = Signature.getInstance("SHA384withRSA/PSS", (Provider) securityProviderUtility);
                    signature2.setParameter(new PSSParameterSpec("SHA-384", "MGF1", new MGF1ParameterSpec("SHA-384"), 32, 1));
                    return signature2;
                case -37:
                    Signature signature3 = Signature.getInstance("SHA256withRSA/PSS", (Provider) securityProviderUtility);
                    signature3.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
                    return signature3;
                case -36:
                    return Signature.getInstance("SHA512withECDSA", (Provider) securityProviderUtility);
                case -35:
                    return Signature.getInstance("SHA384withECDSA", (Provider) securityProviderUtility);
                case -7:
                    return Signature.getInstance("SHA256withECDSA", (Provider) securityProviderUtility);
                default:
                    throw new Fido2RPRuntimeException("Unknown mapping");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            throw new Fido2RPRuntimeException("Problem with crypto");
        }
    }

    public MessageDigest getDigest(int i) {
        switch (i) {
            case -65535:
                return DigestUtils.getSha1Digest();
            case -257:
                return DigestUtils.getSha256Digest();
            default:
                throw new Fido2RPRuntimeException("Unknown mapping");
        }
    }

    public void verifySignature(byte[] bArr, byte[] bArr2, Certificate certificate, int i) {
        verifySignature(bArr, bArr2, certificate.getPublicKey(), i);
    }
}
