package com.atlassian.whisper.plugin.impl.signature;

import com.google.common.io.ByteStreams;
import com.google.gson.JsonParser;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Optional;
import javax.inject.Named;
import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:com/atlassian/whisper/plugin/impl/signature/SignatureVerifier.class */
public class SignatureVerifier {
    private static final Logger LOG = LoggerFactory.getLogger(SignatureVerifier.class);
    private final Optional<PublicKey> publicKey;

    public SignatureVerifier() {
        this("key.der");
    }

    protected SignatureVerifier(String str) {
        this.publicKey = getPublicKey(str);
    }

    private Optional<PublicKey> getPublicKey(String str) {
        try {
            return Optional.of(KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(ByteStreams.toByteArray(getClass().getClassLoader().getResourceAsStream(str)))));
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOG.error("Unable to get public key", e);
            return Optional.empty();
        }
    }

    public void verifyMessages(JSONArray jSONArray, JSONObject jSONObject) throws SignatureVerificationException {
        for (int i = 0; i < jSONArray.length(); i++) {
            try {
                JSONObject jSONObject2 = jSONArray.getJSONObject(i);
                String str = (String) jSONObject2.get("id");
                JSONArray jSONArray2 = jSONObject.getJSONArray(str);
                boolean z = false;
                for (int i2 = 0; i2 < jSONArray2.length() && !z; i2++) {
                    z = z || verifyMessage(jSONObject2, jSONArray2.getString(i2));
                }
                if (!z) {
                    LOG.debug("Failed to verify message id={} - none of the provided signatures is valid", str);
                    throw new SignatureVerificationException();
                }
            } catch (Exception e) {
                throw new SignatureVerificationException(e);
            }
        }
    }

    private boolean verifyMessage(JSONObject jSONObject, String str) throws UnsupportedEncodingException, InvalidKeyException, SignatureException, NoSuchAlgorithmException {
        byte[] bytes = new JsonParser().parse(jSONObject.toString()).toString().getBytes("UTF-8");
        byte[] decode = Base64.getDecoder().decode(str);
        Signature signature = Signature.getInstance("SHA512withRSA");
        signature.initVerify(this.publicKey.orElseThrow(() -> {
            return new NullPointerException("Public key is missing");
        }));
        signature.update(bytes);
        return signature.verify(decode);
    }
}
