package ch.threema.domain.onprem;

import ch.threema.base.ThreemaException;
import ch.threema.base.utils.Base64;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.util.Arrays;
import net.i2p.crypto.eddsa.EdDSAEngine;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class OnPremConfigVerifier {
    public final byte[][] trustedPublicKeys;

    public OnPremConfigVerifier(String[] strArr) throws IOException {
        this.trustedPublicKeys = new byte[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            this.trustedPublicKeys[i] = Base64.decode(strArr[i]);
        }
    }

    public JSONObject verify(String str) throws IOException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, SignatureException, JSONException, ThreemaException {
        EdDSAPublicKey edDSAPublicKey;
        if (str == null) {
            throw new ThreemaException("OPPF string is empty");
        }
        int lastIndexOf = str.lastIndexOf(10);
        if (lastIndexOf == -1) {
            throw new ThreemaException("Bad input OPPF data");
        }
        boolean z = false;
        String substring = str.substring(0, lastIndexOf);
        byte[] decode = Base64.decode(str.substring(lastIndexOf + 1));
        byte[][] bArr = this.trustedPublicKeys;
        int length = bArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                edDSAPublicKey = null;
                break;
            }
            byte[] bArr2 = bArr[i];
            EdDSANamedCurveSpec byName = EdDSANamedCurveTable.getByName("Ed25519");
            EdDSAEngine edDSAEngine = new EdDSAEngine(MessageDigest.getInstance(byName.getHashAlgorithm()));
            edDSAPublicKey = new EdDSAPublicKey(new EdDSAPublicKeySpec(bArr2, byName));
            edDSAEngine.initVerify(edDSAPublicKey);
            edDSAEngine.setParameter(EdDSAEngine.ONE_SHOT_MODE);
            edDSAEngine.update(substring.getBytes(StandardCharsets.UTF_8));
            if (edDSAEngine.verify(decode)) {
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            throw new ThreemaException("Signature verification failed");
        }
        JSONObject jSONObject = new JSONObject(substring);
        if (!jSONObject.getString("version").startsWith("1.")) {
            throw new ThreemaException("Unsupported OPPF version");
        }
        if (Arrays.equals(Base64.decode(jSONObject.getString("signatureKey")), edDSAPublicKey.getA().toByteArray())) {
            return jSONObject;
        }
        throw new ThreemaException("Signature key does not match supplied public key");
    }
}
