package com.yubico.webauthn;

import com.yubico.webauthn.data.ByteArray;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.sec.SECNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* JADX WARN: Classes with same name are omitted:
  input_file:com/yubico/webauthn/BouncyCastleCrypto.class
 */
/* loaded from: input_file:webauthn-server-core-1.3.0.jar:com/yubico/webauthn/BouncyCastleCrypto.class */
public final class BouncyCastleCrypto {
    private static final Provider provider = new BouncyCastleProvider();

    public Provider getProvider() {
        return provider;
    }

    public boolean verifySignature(X509Certificate x509Certificate, ByteArray byteArray, ByteArray byteArray2) {
        return verifySignature(x509Certificate.getPublicKey(), byteArray, byteArray2);
    }

    public boolean verifySignature(PublicKey publicKey, ByteArray byteArray, ByteArray byteArray2) {
        String str;
        try {
            String algorithm = publicKey.getAlgorithm();
            boolean z = -1;
            switch (algorithm.hashCode()) {
                case 2206:
                    if (algorithm.equals("EC")) {
                        z = false;
                        break;
                    }
                    break;
                case 81440:
                    if (algorithm.equals("RSA")) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    str = "SHA256withECDSA";
                    break;
                case true:
                    str = "SHA256withRSA";
                    break;
                default:
                    throw new IllegalArgumentException("Unsupported public key algorithm: " + publicKey);
            }
            Signature signature = Signature.getInstance(str, provider);
            signature.initVerify(publicKey);
            signature.update(byteArray.getBytes());
            return signature.verify(byteArray2.getBytes());
        } catch (IllegalArgumentException | GeneralSecurityException e) {
            throw new RuntimeException(String.format("Failed to verify signature. This could be a problem with your JVM environment, or a bug in webauthn-server-core. Public key: %s, signed data: %s , signature: %s", publicKey, byteArray.getBase64Url(), byteArray2.getBase64Url()), e);
        }
    }

    public PublicKey decodePublicKey(ByteArray byteArray) {
        try {
            X9ECParameters byName = SECNamedCurves.getByName("secp256r1");
            try {
                return KeyFactory.getInstance("ECDSA", provider).generatePublic(new ECPublicKeySpec(byName.getCurve().decodePoint(byteArray.getBytes()), new ECParameterSpec(byName.getCurve(), byName.getG(), byName.getN(), byName.getH())));
            } catch (RuntimeException e) {
                throw new IllegalArgumentException("Could not parse user public key: " + byteArray.getBase64Url(), e);
            }
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException("Failed to decode public key: " + byteArray.getBase64Url(), e2);
        }
    }

    public ByteArray hash(ByteArray byteArray) {
        try {
            return new ByteArray(MessageDigest.getInstance("SHA-256", provider).digest(byteArray.getBytes()));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public ByteArray hash(String str) {
        return hash(new ByteArray(str.getBytes()));
    }
}
