package net.handle.apps.admintool.controller;

import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.HashMap;
import java.util.Map;
import net.handle.hdllib.AbstractRequest;
import net.handle.hdllib.AbstractResponse;
import net.handle.hdllib.AuthenticationInfo;
import net.handle.hdllib.ChallengeResponse;
import net.handle.hdllib.Common;
import net.handle.hdllib.Encoder;
import net.handle.hdllib.HandleException;
import net.handle.hdllib.HandleResolver;
import net.handle.hdllib.HandleValue;
import net.handle.hdllib.ResolutionRequest;
import net.handle.hdllib.ResolutionResponse;
import net.handle.hdllib.Util;
import net.handle.hdllib.VerifyAuthRequest;
import net.handle.hdllib.VerifyAuthResponse;

/* loaded from: input_file:net/handle/apps/admintool/controller/AuthenticationUtil.class */
public final class AuthenticationUtil {
    private final HandleResolver resolver;
    private Integer index;

    public AuthenticationUtil(HandleResolver handleResolver) {
        this.resolver = handleResolver;
    }

    public Integer getIndex() {
        return this.index;
    }

    public boolean checkAuthentication(AuthenticationInfo authenticationInfo) throws Exception {
        ResolutionRequest resolutionRequest = new ResolutionRequest(Common.BLANK_HANDLE, null, null, null);
        ChallengeResponse challengeResponse = new ChallengeResponse((AbstractRequest) resolutionRequest, true);
        byte[] authenticate = authenticationInfo.authenticate(challengeResponse, resolutionRequest);
        if (Util.equals(authenticationInfo.getAuthType(), Common.SECRET_KEY_TYPE)) {
            return verifySecretKeyAuth(authenticationInfo, challengeResponse, authenticate);
        }
        if (Util.equals(authenticationInfo.getAuthType(), Common.PUBLIC_KEY_TYPE)) {
            return verifyPubKeyAuth(authenticationInfo, challengeResponse, authenticate);
        }
        throw new HandleException(8, "Unknown authentication type: " + Util.decodeString(authenticationInfo.getAuthType()));
    }

    public boolean verifySecretKeyAuth(AuthenticationInfo authenticationInfo, ChallengeResponse challengeResponse, byte[] bArr) throws HandleException {
        VerifyAuthRequest verifyAuthRequest = new VerifyAuthRequest(authenticationInfo.getUserIdHandle(), challengeResponse.nonce, challengeResponse.requestDigest, challengeResponse.rdHashType, bArr, authenticationInfo.getUserIdIndex(), null);
        verifyAuthRequest.certify = true;
        AbstractResponse processRequest = this.resolver.processRequest(verifyAuthRequest);
        if (processRequest instanceof VerifyAuthResponse) {
            return ((VerifyAuthResponse) processRequest).isValid;
        }
        throw new HandleException(8, "Unable to verify authentication\n" + processRequest);
    }

    public boolean verifyPubKeyAuth(AuthenticationInfo authenticationInfo, ChallengeResponse challengeResponse, byte[] bArr) throws Exception {
        int userIdIndex = authenticationInfo.getUserIdIndex();
        ResolutionRequest resolutionRequest = new ResolutionRequest(authenticationInfo.getUserIdHandle(), userIdIndex > 0 ? null : Common.PUBLIC_KEY_TYPES, userIdIndex > 0 ? new int[]{userIdIndex} : null, null);
        resolutionRequest.certify = true;
        AbstractResponse processRequest = this.resolver.processRequest(resolutionRequest);
        if (!(processRequest instanceof ResolutionResponse)) {
            throw new HandleException(8, "Unable to verify authentication\n" + processRequest);
        }
        HashMap hashMap = new HashMap();
        HandleValue[] handleValues = ((ResolutionResponse) processRequest).getHandleValues();
        for (int i = 0; handleValues != null && i < handleValues.length; i++) {
            HandleValue handleValue = handleValues[i];
            if (handleValue != null && ((userIdIndex <= 0 || userIdIndex == handleValue.getIndex()) && handleValue.hasType(Common.STD_TYPE_HSPUBKEY))) {
                hashMap.put(Integer.valueOf(handleValue.getIndex()), Util.getPublicKeyFromBytes(handleValue.getData(), 0));
            }
        }
        if (hashMap.size() <= 0) {
            throw new HandleException(8, "No public key found for the given authentication " + authenticationInfo);
        }
        byte[] readByteArray = Encoder.readByteArray(bArr, 0);
        int length = 0 + 4 + readByteArray.length;
        byte[] readByteArray2 = Encoder.readByteArray(bArr, length);
        int length2 = length + 4 + readByteArray2.length;
        for (Map.Entry entry : hashMap.entrySet()) {
            int intValue = ((Integer) entry.getKey()).intValue();
            PublicKey publicKey = (PublicKey) entry.getValue();
            if (publicKey instanceof DSAPublicKey) {
                if (verifyDSAPublicKey(readByteArray, publicKey, challengeResponse, readByteArray2)) {
                    this.index = Integer.valueOf(intValue);
                    return true;
                }
            } else if ((publicKey instanceof RSAPublicKey) && verifyRSAPublicKeyImpl(readByteArray, publicKey, challengeResponse, readByteArray2)) {
                this.index = Integer.valueOf(intValue);
                return true;
            }
        }
        return false;
    }

    public boolean verifyDSAPublicKey(byte[] bArr, PublicKey publicKey, ChallengeResponse challengeResponse, byte[] bArr2) throws Exception {
        try {
            Signature signature = Signature.getInstance(Util.getSigIdFromHashAlgId(bArr, publicKey.getAlgorithm()));
            signature.initVerify(publicKey);
            signature.update(challengeResponse.nonce);
            signature.update(challengeResponse.requestDigest);
            return signature.verify(bArr2);
        } catch (NoSuchAlgorithmException e) {
            return false;
        }
    }

    public boolean verifyRSAPublicKeyImpl(byte[] bArr, PublicKey publicKey, ChallengeResponse challengeResponse, byte[] bArr2) throws Exception {
        Signature signature = Signature.getInstance(Util.getSigIdFromHashAlgId(bArr, publicKey.getAlgorithm()));
        signature.initVerify(publicKey);
        signature.update(challengeResponse.nonce);
        signature.update(challengeResponse.requestDigest);
        return signature.verify(bArr2);
    }
}
