package ch.threema.domain.onprem;

import ch.threema.base.ThreemaException;
import ch.threema.base.utils.Base64;
import ch.threema.base.utils.StringExtensionsKt;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.List;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt__StringsJVMKt;
import net.i2p.crypto.eddsa.EdDSAEngine;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* compiled from: OnPremConfigVerifier.kt */
/* loaded from: classes3.dex */
public final class OnPremConfigVerifier {
    public final List<byte[]> trustedPublicKeys;

    public OnPremConfigVerifier(String[] trustedPublicKeys) {
        Intrinsics.checkNotNullParameter(trustedPublicKeys, "trustedPublicKeys");
        ArrayList arrayList = new ArrayList(trustedPublicKeys.length);
        for (String str : trustedPublicKeys) {
            arrayList.add(Base64.decode(str));
        }
        this.trustedPublicKeys = arrayList;
    }

    public final EdDSAPublicKey findMatchingPublicKey(byte[] bArr, byte[] bArr2) {
        for (byte[] bArr3 : this.trustedPublicKeys) {
            EdDSANamedCurveSpec byName = EdDSANamedCurveTable.getByName("Ed25519");
            Intrinsics.checkNotNullExpressionValue(byName, "getByName(...)");
            EdDSAEngine edDSAEngine = new EdDSAEngine(MessageDigest.getInstance(byName.getHashAlgorithm()));
            EdDSAPublicKey edDSAPublicKey = new EdDSAPublicKey(new EdDSAPublicKeySpec(bArr3, byName));
            edDSAEngine.initVerify(edDSAPublicKey);
            edDSAEngine.setParameter(EdDSAEngine.ONE_SHOT_MODE);
            edDSAEngine.update(bArr);
            if (edDSAEngine.verify(bArr2)) {
                return edDSAPublicKey;
            }
        }
        return null;
    }

    public final JSONObject verify(String oppfData) throws ThreemaException {
        Intrinsics.checkNotNullParameter(oppfData, "oppfData");
        try {
            String withoutLastLine = StringExtensionsKt.withoutLastLine(oppfData);
            byte[] decode = Base64.decode(StringExtensionsKt.lastLine(oppfData));
            byte[] bytes = withoutLastLine.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
            Intrinsics.checkNotNull(decode);
            EdDSAPublicKey findMatchingPublicKey = findMatchingPublicKey(bytes, decode);
            if (findMatchingPublicKey == null) {
                throw new ThreemaException("Signature verification failed");
            }
            JSONObject jSONObject = new JSONObject(withoutLastLine);
            String string = jSONObject.getString("version");
            Intrinsics.checkNotNullExpressionValue(string, "getString(...)");
            if (!StringsKt__StringsJVMKt.startsWith$default(string, "1.", false, 2, null)) {
                throw new ThreemaException("Unsupported OPPF version");
            }
            if (MessageDigest.isEqual(Base64.decode(jSONObject.getString("signatureKey")), findMatchingPublicKey.getA().toByteArray())) {
                return jSONObject;
            }
            throw new ThreemaException("Signature key does not match supplied public key");
        } catch (IOException e) {
            throw new ThreemaException("Failed to verify OnPrem config", e);
        } catch (InvalidAlgorithmParameterException e2) {
            throw new ThreemaException("Failed to verify OnPrem config", e2);
        } catch (InvalidKeyException e3) {
            throw new ThreemaException("Failed to verify OnPrem config", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new ThreemaException("Failed to verify OnPrem config", e4);
        } catch (SignatureException e5) {
            throw new ThreemaException("Failed to verify OnPrem config", e5);
        } catch (JSONException e6) {
            throw new ThreemaException("Failed to verify OnPrem config", e6);
        }
    }
}
