package com.yubico.u2f.crypto;

import com.yubico.u2f.data.messages.key.util.U2fB64Encoding;
import com.yubico.u2f.exceptions.U2fBadInputException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.sec.SECNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;

/* loaded from: input_file:com/yubico/u2f/crypto/BouncyCastleCrypto.class */
public class BouncyCastleCrypto implements Crypto {
    private static final Provider provider = new BouncyCastleProvider();

    public Provider getProvider() {
        return provider;
    }

    @Override // com.yubico.u2f.crypto.Crypto
    public void checkSignature(X509Certificate x509Certificate, byte[] bArr, byte[] bArr2) throws U2fBadInputException {
        checkSignature(x509Certificate.getPublicKey(), bArr, bArr2);
    }

    @Override // com.yubico.u2f.crypto.Crypto
    public void checkSignature(PublicKey publicKey, byte[] bArr, byte[] bArr2) throws U2fBadInputException {
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA", provider);
            signature.initVerify(publicKey);
            signature.update(bArr);
            if (signature.verify(bArr2)) {
            } else {
                throw new U2fBadInputException(String.format("Signature is invalid. Public key: %s, signed data: %s , signature: %s", publicKey, U2fB64Encoding.encode(bArr), U2fB64Encoding.encode(bArr2)));
            }
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(String.format("Failed to verify signature. This could be a problem with your JVM environment, or a bug in u2flib-server-core. Public key: %s, signed data: %s , signature: %s", publicKey, U2fB64Encoding.encode(bArr), U2fB64Encoding.encode(bArr2)), e);
        }
    }

    @Override // com.yubico.u2f.crypto.Crypto
    public PublicKey decodePublicKey(byte[] bArr) throws U2fBadInputException {
        try {
            X9ECParameters byName = SECNamedCurves.getByName("secp256r1");
            try {
                return KeyFactory.getInstance("ECDSA", provider).generatePublic(new ECPublicKeySpec(byName.getCurve().decodePoint(bArr), new ECParameterSpec(byName.getCurve(), byName.getG(), byName.getN(), byName.getH())));
            } catch (RuntimeException e) {
                throw new U2fBadInputException("Could not parse user public key", e);
            }
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException("Failed to decode public key: " + U2fB64Encoding.encode(bArr), e2);
        }
    }

    @Override // com.yubico.u2f.crypto.Crypto
    public byte[] hash(byte[] bArr) {
        try {
            return MessageDigest.getInstance("SHA-256", provider).digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.yubico.u2f.crypto.Crypto
    public byte[] hash(String str) {
        return hash(str.getBytes());
    }
}
