package org.xwiki.crypto.x509.internal;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.mozilla.PublicKeyAndChallenge;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;

/* loaded from: input_file:WEB-INF/lib/xwiki-platform-legacy-crypto-script-7.0.1.jar:org/xwiki/crypto/x509/internal/SpkacRequest.class */
public class SpkacRequest {
    private PublicKeyAndChallenge pkac;
    private String algorithmIdentifier;
    private byte[] signature;

    public SpkacRequest(byte[] bArr) {
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject();
            if (aSN1Sequence.size() != 3) {
                throw new IllegalArgumentException("invalid SPKAC request size:" + aSN1Sequence.size());
            }
            this.pkac = PublicKeyAndChallenge.getInstance(aSN1Sequence.getObjectAt(0));
            this.algorithmIdentifier = AlgorithmIdentifier.getInstance(aSN1Sequence.getObjectAt(1)).getAlgorithm().getId();
            this.signature = ((DERBitString) aSN1Sequence.getObjectAt(2)).getBytes();
        } catch (IOException e) {
            throw new IllegalArgumentException("invalid SPKAC request format", e);
        }
    }

    public boolean verify(String str, Provider provider) throws InvalidKeySpecException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException {
        if (!this.pkac.getChallenge().getString().equals(str)) {
            return false;
        }
        Signature signature = Signature.getInstance(this.algorithmIdentifier, provider);
        signature.initVerify(getPublicKey(provider));
        signature.update(new DERBitString(this.pkac).getBytes());
        return signature.verify(this.signature);
    }

    public PublicKey getPublicKey(Provider provider) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
        SubjectPublicKeyInfo subjectPublicKeyInfo = this.pkac.getSubjectPublicKeyInfo();
        return KeyFactory.getInstance(subjectPublicKeyInfo.getAlgorithmId().getAlgorithm().getId(), provider).generatePublic(new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo).getBytes()));
    }
}
