package org.subshare.core.sign;

import co.codewizards.cloudstore.core.Uid;
import co.codewizards.cloudstore.core.auth.SignatureException;
import co.codewizards.cloudstore.core.io.ByteArrayInputStream;
import co.codewizards.cloudstore.core.util.IOUtil;
import co.codewizards.cloudstore.core.util.StringUtil;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.bouncycastle.crypto.Signer;
import org.subshare.core.user.UserRepoKey;
import org.subshare.core.user.UserRepoKeyPublicKeyLookup;
import org.subshare.crypto.CryptoRegistry;

/* loaded from: input_file:org/subshare/core/sign/SignableVerifier.class */
public class SignableVerifier {
    private static final int BUFFER_SIZE = 32768;
    private final UserRepoKeyPublicKeyLookup lookup;
    private final Map<SignerTransformation, Signer> signerTransformation2Signer = new HashMap(2);

    public SignableVerifier(UserRepoKeyPublicKeyLookup userRepoKeyPublicKeyLookup) {
        this.lookup = (UserRepoKeyPublicKeyLookup) Objects.requireNonNull(userRepoKeyPublicKeyLookup, "lookup");
    }

    public void verify(Signable signable) throws SignatureException {
        Signature signature = ((Signable) Objects.requireNonNull(signable, "signable")).getSignature();
        if (signature == null) {
            throw new SignatureException("There is no signature! signable.signature == null");
        }
        String signedDataType = signable.getSignedDataType();
        if (StringUtil.isEmpty(signedDataType)) {
            throw new IllegalArgumentException(String.format("Implementation error in class %s: signable.getSignedDataType() returned null! %s", signable.getClass().getName(), signable));
        }
        Date signatureCreated = signature.getSignatureCreated();
        if (signatureCreated == null) {
            throw new SignatureException("There is no signature! signable.signature.signatureCreated == null");
        }
        Uid signingUserRepoKeyId = signature.getSigningUserRepoKeyId();
        if (signingUserRepoKeyId == null) {
            throw new SignatureException("There is no signature! signable.signature.signingUserRepoKeyId == null");
        }
        byte[] signatureData = signature.getSignatureData();
        if (signatureData == null) {
            throw new SignatureException("There is no signature! signable.signature.signatureData == null");
        }
        if (signatureData.length < 3) {
            throw new SignatureException("There is no signature! signatureData.length < 3");
        }
        UserRepoKey.PublicKey userRepoKeyPublicKey = this.lookup.getUserRepoKeyPublicKey(signingUserRepoKeyId);
        if (userRepoKeyPublicKey == null) {
            throw new SignatureException(String.format("No public key found for signingUserRepoKeyId=%s!", signingUserRepoKeyId));
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(signatureData);
            int read = byteArrayInputStream.read();
            if (read != 1) {
                throw new SignatureException(String.format("signatureData has unsupported version=%s!", Integer.valueOf(read)));
            }
            int readOrFail = IOUtil.readOrFail(byteArrayInputStream) + (IOUtil.readOrFail(byteArrayInputStream) << 8);
            if (readOrFail > SignerTransformation.values().length) {
                throw new IOException(String.format("signerTransformationNumeric > SignerTransformation.values().length :: %s > %s", Integer.valueOf(readOrFail), Integer.valueOf(SignerTransformation.values().length)));
            }
            SignerTransformation signerTransformation = SignerTransformation.values()[readOrFail];
            int readOrFail2 = IOUtil.readOrFail(byteArrayInputStream) + (IOUtil.readOrFail(byteArrayInputStream) << 8);
            int readOrFail3 = IOUtil.readOrFail(byteArrayInputStream) + (IOUtil.readOrFail(byteArrayInputStream) << 8) + (IOUtil.readOrFail(byteArrayInputStream) << 16) + (IOUtil.readOrFail(byteArrayInputStream) << 24);
            byte[] bArr = new byte[readOrFail3];
            IOUtil.readOrFail(byteArrayInputStream, bArr, 0, readOrFail3);
            Signer signer = getSigner(signerTransformation);
            signer.init(false, userRepoKeyPublicKey.getPublicKey());
            byte[] bytes = signedDataType.getBytes(StandardCharsets.UTF_8);
            signer.update(bytes, 0, bytes.length);
            byte[] longToBytes = IOUtil.longToBytes(signatureCreated.getTime());
            signer.update(longToBytes, 0, longToBytes.length);
            byte[] bArr2 = new byte[32768];
            InputStream signedData = signable.getSignedData(readOrFail2);
            while (true) {
                try {
                    int read2 = signedData.read(bArr2);
                    if (read2 < 0) {
                        break;
                    } else if (read2 > 0) {
                        signer.update(bArr2, 0, read2);
                    }
                } finally {
                }
            }
            if (signedData != null) {
                signedData.close();
            }
            if (!signer.verifySignature(bArr)) {
                throw new SignatureException("Signature not valid: " + signable);
            }
        } catch (IOException e) {
            throw new SignatureException(e);
        }
    }

    private Signer getSigner(SignerTransformation signerTransformation) {
        Objects.requireNonNull(signerTransformation, SignerTransformation.CONFIG_KEY);
        Signer signer = this.signerTransformation2Signer.get(signerTransformation);
        if (signer == null) {
            try {
                signer = CryptoRegistry.getInstance().createSigner(signerTransformation.getTransformation());
                this.signerTransformation2Signer.put(signerTransformation, signer);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }
        return signer;
    }
}
