package org.apache.nifi.web.security.jwt.key;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.impl.EdDSAProvider;
import com.nimbusds.jose.util.Base64URL;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.util.Objects;

/* loaded from: input_file:org/apache/nifi/web/security/jwt/key/Ed25519Verifier.class */
public class Ed25519Verifier extends EdDSAProvider implements JWSVerifier {
    private static final String SIGNING_ALGORITHM = "Ed25519";
    private final PublicKey publicKey;

    public Ed25519Verifier(PublicKey publicKey) {
        this.publicKey = (PublicKey) Objects.requireNonNull(publicKey, "Public Key required");
    }

    public boolean verify(JWSHeader jWSHeader, byte[] bArr, Base64URL base64URL) throws JOSEException {
        JWSAlgorithm algorithm = jWSHeader.getAlgorithm();
        if (!JWSAlgorithm.EdDSA.equals(algorithm)) {
            throw new JOSEException("JWS Algorithm EdDSA not found [%s]".formatted(algorithm));
        }
        byte[] decode = base64URL.decode();
        try {
            Signature initializedSignature = getInitializedSignature();
            initializedSignature.update(bArr);
            return initializedSignature.verify(decode);
        } catch (GeneralSecurityException e) {
            return false;
        }
    }

    private Signature getInitializedSignature() throws JOSEException {
        try {
            Signature signature = Signature.getInstance(SIGNING_ALGORITHM);
            signature.initVerify(this.publicKey);
            return signature;
        } catch (GeneralSecurityException e) {
            throw new JOSEException("Ed25519 signature initialization failed", e);
        }
    }
}
