// 
// Decompiled by Procyon v0.6.0
// 

package com.nimbusds.jose.crypto;

import java.security.Signature;
import java.security.SignatureException;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import com.nimbusds.jose.Header;
import com.nimbusds.jose.JWSAlgorithm;
import java.util.Collection;
import com.nimbusds.jose.crypto.impl.AlgorithmSupportMessage;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.utils.ECChecks;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.crypto.impl.ECDSA;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.JOSEException;
import java.util.Set;
import java.security.interfaces.ECPublicKey;
import com.nimbusds.jose.crypto.impl.CriticalHeaderParamsDeferral;
import com.nimbusds.jose.shaded.jcip.ThreadSafe;
import com.nimbusds.jose.CriticalHeaderParamsAware;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.impl.ECDSAProvider;

@ThreadSafe
public class ECDSAVerifier extends ECDSAProvider implements JWSVerifier, CriticalHeaderParamsAware
{
    private final CriticalHeaderParamsDeferral critPolicy;
    private final ECPublicKey publicKey;
    
    public ECDSAVerifier(final ECPublicKey publicKey) throws JOSEException {
        this(publicKey, null);
    }
    
    public ECDSAVerifier(final ECKey ecJWK) throws JOSEException {
        this(ecJWK.toECPublicKey());
    }
    
    public ECDSAVerifier(final ECPublicKey publicKey, final Set<String> defCritHeaders) throws JOSEException {
        super(ECDSA.resolveAlgorithm(publicKey));
        this.critPolicy = new CriticalHeaderParamsDeferral();
        this.publicKey = publicKey;
        if (!ECChecks.isPointOnCurve(publicKey, Curve.forJWSAlgorithm(this.supportedECDSAAlgorithm()).iterator().next().toECParameterSpec())) {
            throw new JOSEException("Curve / public key parameters mismatch");
        }
        this.critPolicy.setDeferredCriticalHeaderParams(defCritHeaders);
    }
    
    public ECPublicKey getPublicKey() {
        return this.publicKey;
    }
    
    @Override
    public Set<String> getProcessedCriticalHeaderParams() {
        return this.critPolicy.getProcessedCriticalHeaderParams();
    }
    
    @Override
    public Set<String> getDeferredCriticalHeaderParams() {
        return this.critPolicy.getProcessedCriticalHeaderParams();
    }
    
    @Override
    public boolean verify(final JWSHeader header, final byte[] signedContent, final Base64URL signature) throws JOSEException {
        final JWSAlgorithm alg = header.getAlgorithm();
        if (!this.supportedJWSAlgorithms().contains(alg)) {
            throw new JOSEException(AlgorithmSupportMessage.unsupportedJWSAlgorithm(alg, this.supportedJWSAlgorithms()));
        }
        if (!this.critPolicy.headerPasses(header)) {
            return false;
        }
        final byte[] jwsSignature = signature.decode();
        try {
            ECDSA.ensureLegalSignature(jwsSignature, alg);
        }
        catch (final JOSEException e) {
            return false;
        }
        byte[] derSignature;
        try {
            derSignature = ECDSA.transcodeSignatureToDER(jwsSignature);
        }
        catch (final JOSEException e2) {
            return false;
        }
        final Signature sig = ECDSA.getSignerAndVerifier(alg, this.getJCAContext().getProvider());
        try {
            sig.initVerify(this.publicKey);
            sig.update(signedContent);
            return sig.verify(derSignature);
        }
        catch (final InvalidKeyException e3) {
            throw new JOSEException("Invalid EC public key: " + e3.getMessage(), e3);
        }
        catch (final SignatureException e4) {
            return false;
        }
    }
}