package io.fusionauth.jwt.ec;

import io.fusionauth.jwt.InvalidJWTSignatureException;
import io.fusionauth.jwt.InvalidKeyTypeException;
import io.fusionauth.jwt.JWTVerifierException;
import io.fusionauth.jwt.MissingPublicKeyException;
import io.fusionauth.jwt.Verifier;
import io.fusionauth.jwt.domain.Algorithm;
import io.fusionauth.pem.domain.PEM;
import io.fusionauth.security.CryptoProvider;
import io.fusionauth.security.DefaultCryptoProvider;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPublicKey;
import java.util.Objects;

/* loaded from: classes8.dex */
public class ECVerifier implements Verifier {
    private final CryptoProvider cryptoProvider;
    private final ECPublicKey publicKey;

    /* renamed from: io.fusionauth.jwt.ec.ECVerifier$1, reason: invalid class name */
    /* loaded from: classes8.dex */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$fusionauth$jwt$domain$Algorithm;

        static {
            int[] iArr = new int[Algorithm.values().length];
            $SwitchMap$io$fusionauth$jwt$domain$Algorithm = iArr;
            try {
                iArr[Algorithm.ES256.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$io$fusionauth$jwt$domain$Algorithm[Algorithm.ES384.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$io$fusionauth$jwt$domain$Algorithm[Algorithm.ES512.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    private ECVerifier(String str, CryptoProvider cryptoProvider) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(cryptoProvider);
        this.cryptoProvider = cryptoProvider;
        PEM decode = PEM.decode(str);
        if (decode.publicKey == null) {
            throw new MissingPublicKeyException("The provided PEM encoded string did not contain a public key.");
        }
        if (!(decode.publicKey instanceof ECPublicKey)) {
            throw new InvalidKeyTypeException("Expecting a public key of type [ECPublicKey], but found [" + decode.publicKey.getClass().getSimpleName() + "].");
        }
        this.publicKey = (ECPublicKey) decode.getPublicKey();
    }

    private ECVerifier(PublicKey publicKey, CryptoProvider cryptoProvider) {
        Objects.requireNonNull(publicKey);
        Objects.requireNonNull(cryptoProvider);
        this.cryptoProvider = cryptoProvider;
        if (!(publicKey instanceof ECPublicKey)) {
            throw new InvalidKeyTypeException("Expecting a public key of type [ECPublicKey], but found [" + publicKey.getClass().getSimpleName() + "].");
        }
        this.publicKey = (ECPublicKey) publicKey;
    }

    private void checkFor_CVE_2022_21449(byte[] bArr) {
        int length = bArr.length / 2;
        int i = 0;
        boolean z = false;
        boolean z2 = false;
        while (i < bArr.length) {
            if (i < length) {
                z = bArr[i] != 0;
                if (z) {
                    i = length - 1;
                }
            } else {
                z2 = bArr[i] != 0;
                if (z2) {
                    break;
                }
            }
            i++;
        }
        if (!z || !z2) {
            throw new InvalidJWTSignatureException();
        }
    }

    public static ECVerifier newVerifier(String str) {
        return new ECVerifier(str, new DefaultCryptoProvider());
    }

    public static ECVerifier newVerifier(String str, CryptoProvider cryptoProvider) {
        return new ECVerifier(str, cryptoProvider);
    }

    public static ECVerifier newVerifier(Path path) {
        return newVerifier(path, new DefaultCryptoProvider());
    }

    public static ECVerifier newVerifier(Path path, CryptoProvider cryptoProvider) {
        Objects.requireNonNull(path);
        try {
            return new ECVerifier(new String(Files.readAllBytes(path)), cryptoProvider);
        } catch (IOException e) {
            throw new JWTVerifierException("Unable to read the file from path [" + path.toAbsolutePath().toString() + "]", e);
        }
    }

    public static ECVerifier newVerifier(PublicKey publicKey) {
        return new ECVerifier(publicKey, new DefaultCryptoProvider());
    }

    public static ECVerifier newVerifier(PublicKey publicKey, CryptoProvider cryptoProvider) {
        return new ECVerifier(publicKey, cryptoProvider);
    }

    public static ECVerifier newVerifier(byte[] bArr) {
        return newVerifier(bArr, new DefaultCryptoProvider());
    }

    public static ECVerifier newVerifier(byte[] bArr, CryptoProvider cryptoProvider) {
        Objects.requireNonNull(bArr);
        return new ECVerifier(new String(bArr), cryptoProvider);
    }

    @Override // io.fusionauth.jwt.Verifier
    public boolean canVerify(Algorithm algorithm) {
        int i = AnonymousClass1.$SwitchMap$io$fusionauth$jwt$domain$Algorithm[algorithm.ordinal()];
        return i == 1 || i == 2 || i == 3;
    }

    @Override // io.fusionauth.jwt.Verifier
    public void verify(Algorithm algorithm, byte[] bArr, byte[] bArr2) {
        Objects.requireNonNull(algorithm);
        Objects.requireNonNull(bArr);
        Objects.requireNonNull(bArr2);
        checkFor_CVE_2022_21449(bArr2);
        try {
            Signature signatureInstance = this.cryptoProvider.getSignatureInstance(algorithm.getName());
            signatureInstance.initVerify(this.publicKey);
            signatureInstance.update(bArr);
            if (signatureInstance.verify(new ECDSASignature(bArr2).derEncode())) {
            } else {
                throw new InvalidJWTSignatureException();
            }
        } catch (IOException | SecurityException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new JWTVerifierException("An unexpected exception occurred when attempting to verify the JWT", e);
        }
    }
}
