// 
// Decompiled by Procyon v0.6.0
// 

package com.nimbusds.jose.crypto;

import java.security.GeneralSecurityException;
import com.nimbusds.jose.Header;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.JOSEException;
import java.util.Set;
import com.google.crypto.tink.subtle.Ed25519Verify;
import com.nimbusds.jose.jwk.OctetKeyPair;
import com.nimbusds.jose.crypto.impl.CriticalHeaderParamsDeferral;
import com.nimbusds.jose.shaded.jcip.ThreadSafe;
import com.nimbusds.jose.CriticalHeaderParamsAware;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.impl.EdDSAProvider;

@ThreadSafe
public class Ed25519Verifier extends EdDSAProvider implements JWSVerifier, CriticalHeaderParamsAware
{
    private final CriticalHeaderParamsDeferral critPolicy;
    private final OctetKeyPair publicKey;
    private final Ed25519Verify tinkVerifier;
    
    public Ed25519Verifier(final OctetKeyPair publicKey) throws JOSEException {
        this(publicKey, null);
    }
    
    public Ed25519Verifier(final OctetKeyPair publicKey, final Set<String> defCritHeaders) throws JOSEException {
        this.critPolicy = new CriticalHeaderParamsDeferral();
        if (!Curve.Ed25519.equals(publicKey.getCurve())) {
            throw new JOSEException("Ed25519Verifier only supports OctetKeyPairs with crv=Ed25519");
        }
        if (publicKey.isPrivate()) {
            throw new JOSEException("Ed25519Verifier requires a public key, use OctetKeyPair.toPublicJWK()");
        }
        this.publicKey = publicKey;
        this.tinkVerifier = new Ed25519Verify(publicKey.getDecodedX());
        this.critPolicy.setDeferredCriticalHeaderParams(defCritHeaders);
    }
    
    public OctetKeyPair getPublicKey() {
        return this.publicKey;
    }
    
    @Override
    public Set<String> getProcessedCriticalHeaderParams() {
        return this.critPolicy.getProcessedCriticalHeaderParams();
    }
    
    @Override
    public Set<String> getDeferredCriticalHeaderParams() {
        return this.critPolicy.getProcessedCriticalHeaderParams();
    }
    
    @Override
    public boolean verify(final JWSHeader header, final byte[] signedContent, final Base64URL signature) throws JOSEException {
        final JWSAlgorithm alg = header.getAlgorithm();
        if (!JWSAlgorithm.Ed25519.equals(alg) && !JWSAlgorithm.EdDSA.equals(alg)) {
            throw new JOSEException("Ed25519Verifier requires alg=Ed25519 or alg=EdDSA in JWSHeader");
        }
        if (!this.critPolicy.headerPasses(header)) {
            return false;
        }
        final byte[] jwsSignature = signature.decode();
        try {
            this.tinkVerifier.verify(jwsSignature, signedContent);
            return true;
        }
        catch (final GeneralSecurityException e) {
            return false;
        }
    }
}