package io.apigee.trireme.core.modules.crypto;

import io.apigee.trireme.core.ArgUtils;
import io.apigee.trireme.core.Utils;
import io.apigee.trireme.core.modules.Buffer;
import io.apigee.trireme.core.modules.Crypto;
import io.apigee.trireme.kernel.crypto.CryptoException;
import io.apigee.trireme.kernel.crypto.CryptoService;
import io.apigee.trireme.kernel.crypto.SignatureAlgorithms;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import org.mozilla.javascript.Context;
import org.mozilla.javascript.Function;
import org.mozilla.javascript.Scriptable;
import org.mozilla.javascript.ScriptableObject;
import org.mozilla.javascript.annotations.JSFunction;

/* loaded from: input_file:io/apigee/trireme/core/modules/crypto/VerifyImpl.class */
public class VerifyImpl extends ScriptableObject {
    private SignatureAlgorithms.Algorithm algorithm;
    private ArrayList<ByteBuffer> buffers = new ArrayList<>();

    public String getClassName() {
        return "Verify";
    }

    @JSFunction
    public static void init(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        Crypto.ensureCryptoService(context, scriptable);
        String stringArg = ArgUtils.stringArg(objArr, 0);
        VerifyImpl verifyImpl = (VerifyImpl) scriptable;
        verifyImpl.algorithm = SignatureAlgorithms.get().get(stringArg);
        if (verifyImpl.algorithm == null) {
            verifyImpl.algorithm = SignatureAlgorithms.get().getByJavaSigningName(stringArg);
        }
        if (verifyImpl.algorithm == null) {
            throw Utils.makeError(context, scriptable, "Invalid verify algorithm " + stringArg);
        }
    }

    @JSFunction
    public static void update(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        ArgUtils.ensureArg(objArr, 0);
        ((VerifyImpl) scriptable).buffers.add(Crypto.convertString(objArr[0], ArgUtils.stringArg(objArr, 1, null), context, scriptable));
    }

    @JSFunction
    public static boolean verify(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        Buffer.BufferImpl bufferImpl = (Buffer.BufferImpl) ArgUtils.objArg(objArr, 0, Buffer.BufferImpl.class, true);
        Buffer.BufferImpl bufferImpl2 = (Buffer.BufferImpl) ArgUtils.objArg(objArr, 1, Buffer.BufferImpl.class, true);
        VerifyImpl verifyImpl = (VerifyImpl) scriptable;
        X509Certificate x509Certificate = null;
        PublicKey publicKey = null;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bufferImpl.getArray(), bufferImpl.getArrayOffset(), bufferImpl.getLength());
        CryptoService cryptoService = Crypto.getCryptoService();
        try {
            try {
                try {
                    publicKey = cryptoService.readPublicKey(verifyImpl.algorithm.getKeyFormat(), byteArrayInputStream);
                } catch (CryptoException e) {
                }
                if (publicKey == null) {
                    byteArrayInputStream.reset();
                    try {
                        publicKey = cryptoService.readKeyPair(verifyImpl.algorithm.getKeyFormat(), byteArrayInputStream, (char[]) null).getPublic();
                    } catch (CryptoException e2) {
                    }
                }
                if (publicKey == null) {
                    byteArrayInputStream.reset();
                    x509Certificate = cryptoService.readCertificate(byteArrayInputStream);
                    if (x509Certificate == null) {
                        throw Utils.makeError(context, scriptable, "no certificates available");
                    }
                }
                try {
                    Signature signature = Signature.getInstance(verifyImpl.algorithm.getSigningName());
                    if (publicKey == null) {
                        signature.initVerify(x509Certificate);
                    } else {
                        signature.initVerify(publicKey);
                    }
                    Iterator<ByteBuffer> it = verifyImpl.buffers.iterator();
                    while (it.hasNext()) {
                        signature.update(it.next());
                    }
                    return signature.verify(bufferImpl2.getArray(), bufferImpl2.getArrayOffset(), bufferImpl2.getLength());
                } catch (GeneralSecurityException e3) {
                    throw Utils.makeError(context, scriptable, "error verifying: " + e3);
                }
            } catch (CryptoException e4) {
                throw Utils.makeError(context, scriptable, "invalid key: " + e4);
            } catch (IOException e5) {
                throw Utils.makeError(context, scriptable, "error reading key: " + e5);
            }
        } finally {
            try {
                byteArrayInputStream.close();
            } catch (IOException e6) {
            }
        }
    }
}
