package com.atlassian.security.auth.trustedapps;

import com.atlassian.security.auth.trustedapps.Transcoder;
import com.atlassian.security.auth.trustedapps.TransportErrorMessage;
import com.atlassian.security.auth.trustedapps.TrustedApplicationUtils;
import com.google.common.annotations.VisibleForTesting;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.CharConversionException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.concurrent.TimeUnit;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.DecoderException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-trust-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider.class
  input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-trusted-apps-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider.class
  input_file:WEB-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider.class
 */
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider.class */
public class BouncyCastleEncryptionProvider extends BaseEncryptionProvider {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) BouncyCastleEncryptionProvider.class);
    public static final Provider PROVIDER = new BouncyCastleProvider();
    private static final String STREAM_CIPHER = "RC4";
    private static final String ASYM_CIPHER = "RSA/NONE/NoPadding";
    private static final String ASYM_ALGORITHM = "RSA";
    public static final String SIGNATURE_ALGORITHM = "SHA1withRSA";
    private static final String UTF8 = "utf-8";
    private final Clock clock;
    private final SecretKeyFactory secretKeyFactory;
    private final Transcoder transcoder;

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-trust-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$BCKeyFactory.class
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-trusted-apps-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$BCKeyFactory.class
      input_file:WEB-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$BCKeyFactory.class
     */
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$BCKeyFactory.class */
    static class BCKeyFactory implements SecretKeyFactory {
        BCKeyFactory() {
        }

        @Override // com.atlassian.security.auth.trustedapps.BouncyCastleEncryptionProvider.SecretKeyFactory
        public SecretKey generateSecretKey() {
            try {
                return KeyGenerator.getInstance(BouncyCastleEncryptionProvider.STREAM_CIPHER, BouncyCastleEncryptionProvider.PROVIDER).generateKey();
            } catch (NoSuchAlgorithmException e) {
                throw new AssertionError(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-trust-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$IllegalKeyException.class
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-trusted-apps-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$IllegalKeyException.class
      input_file:WEB-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$IllegalKeyException.class
     */
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$IllegalKeyException.class */
    public static class IllegalKeyException extends IllegalArgumentException {
        IllegalKeyException(Exception exc) {
            super(exc.toString());
            initCause(exc);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-trust-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SecretKeyFactory.class
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-trusted-apps-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SecretKeyFactory.class
      input_file:WEB-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SecretKeyFactory.class
     */
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SecretKeyFactory.class */
    public interface SecretKeyFactory {
        SecretKey generateSecretKey();
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-trust-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SecretKeyValidator.class
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-trusted-apps-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SecretKeyValidator.class
      input_file:WEB-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SecretKeyValidator.class
     */
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SecretKeyValidator.class */
    interface SecretKeyValidator {
        boolean isValid(SecretKey secretKey);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-trust-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SignatureString.class
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-trusted-apps-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SignatureString.class
      input_file:WEB-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SignatureString.class
     */
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SignatureString.class */
    public static class SignatureString {
        private final String userName;
        private final long timeStamp;
        private final String signature = generateSignature();

        public SignatureString(String str, long j) {
            this.userName = str;
            this.timeStamp = j;
        }

        private String generateSignature() {
            StringWriter stringWriter = new StringWriter();
            stringWriter.write(Long.toString(this.timeStamp));
            stringWriter.write(10);
            stringWriter.write(this.userName);
            stringWriter.write(10);
            stringWriter.write(TrustedApplicationUtils.Constant.MAGIC);
            stringWriter.flush();
            return stringWriter.toString();
        }

        public long getTimeStamp() {
            return this.timeStamp;
        }

        public String getUserName() {
            return this.userName;
        }

        public String getSignature() {
            return this.signature;
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-trust-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$TransmissionValidator.class
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-trusted-apps-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$TransmissionValidator.class
      input_file:WEB-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$TransmissionValidator.class
     */
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$TransmissionValidator.class */
    static class TransmissionValidator implements SecretKeyValidator {
        TransmissionValidator() {
        }

        @Override // com.atlassian.security.auth.trustedapps.BouncyCastleEncryptionProvider.SecretKeyValidator
        public boolean isValid(SecretKey secretKey) {
            byte[] encoded = secretKey.getEncoded();
            return encoded.length == 16 && encoded[0] != 0;
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-trust-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$ValidatingSecretKeyFactory.class
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-trusted-apps-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$ValidatingSecretKeyFactory.class
      input_file:WEB-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$ValidatingSecretKeyFactory.class
     */
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-plugin-6.0.7.jar:META-INF/lib/atlassian-trusted-apps-core-6.0.0.jar:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$ValidatingSecretKeyFactory.class */
    static class ValidatingSecretKeyFactory implements SecretKeyFactory {
        private final SecretKeyFactory delegate;
        private final SecretKeyValidator validator;

        ValidatingSecretKeyFactory(SecretKeyFactory secretKeyFactory, SecretKeyValidator secretKeyValidator) {
            this.delegate = secretKeyFactory;
            this.validator = secretKeyValidator;
        }

        @Override // com.atlassian.security.auth.trustedapps.BouncyCastleEncryptionProvider.SecretKeyFactory
        public SecretKey generateSecretKey() {
            SecretKey generateSecretKey = this.delegate.generateSecretKey();
            while (true) {
                SecretKey secretKey = generateSecretKey;
                if (this.validator.isValid(secretKey)) {
                    return secretKey;
                }
                generateSecretKey = this.delegate.generateSecretKey();
            }
        }
    }

    public BouncyCastleEncryptionProvider() {
        this(new ValidatingSecretKeyFactory(new BCKeyFactory(), new TransmissionValidator()), new Transcoder.Base64Transcoder(), new SystemClock());
    }

    private BouncyCastleEncryptionProvider(SecretKeyFactory secretKeyFactory, Transcoder transcoder, Clock clock) {
        Null.not("secretKeyFactory", secretKeyFactory);
        Null.not("transcoder", transcoder);
        Null.not("clock", clock);
        this.secretKeyFactory = secretKeyFactory;
        this.transcoder = transcoder;
        this.clock = clock;
    }

    @VisibleForTesting
    BouncyCastleEncryptionProvider(Clock clock) {
        this(new ValidatingSecretKeyFactory(new BCKeyFactory(), new TransmissionValidator()), new Transcoder.Base64Transcoder(), clock);
    }

    @Override // com.atlassian.security.auth.trustedapps.EncryptionProvider
    public PublicKey toPublicKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        return KeyFactory.getInstance(ASYM_ALGORITHM, PROVIDER).generatePublic(new X509EncodedKeySpec(bArr));
    }

    @Override // com.atlassian.security.auth.trustedapps.EncryptionProvider
    public PrivateKey toPrivateKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        return KeyFactory.getInstance(ASYM_ALGORITHM, PROVIDER).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    @Override // com.atlassian.security.auth.trustedapps.EncryptionProvider
    public KeyPair generateNewKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException {
        return KeyPairGenerator.getInstance(ASYM_ALGORITHM, PROVIDER).generateKeyPair();
    }

    @Override // com.atlassian.security.auth.trustedapps.EncryptionProvider
    public ApplicationCertificate decodeEncryptedCertificate(EncryptedCertificate encryptedCertificate, PublicKey publicKey, String str) throws InvalidCertificateException {
        try {
            BufferedReader v2CertificateReader = TrustedApplicationUtils.Constant.VERSION_TWO.equals(TrustedApplicationUtils.getProtocolVersionInUse()) ? getV2CertificateReader(encryptedCertificate, publicKey, str) : getV3CertificateReader(encryptedCertificate);
            try {
                String readLine = v2CertificateReader.readLine();
                String readLine2 = v2CertificateReader.readLine();
                TrustedApplicationUtils.validateMagicNumber("secret key", str, encryptedCertificate.getProtocolVersion(), v2CertificateReader.readLine());
                v2CertificateReader.close();
                return new DefaultApplicationCertificate(str, readLine2, Long.parseLong(readLine), encryptedCertificate.getProtocolVersion());
            } catch (CharConversionException e) {
                throw new SystemException(str, e);
            } catch (IOException e2) {
                throw new RuntimeException(e2);
            } catch (NumberFormatException e3) {
                throw new SystemException(str, e3);
            }
        } catch (IOException e4) {
            throw new RuntimeException(e4);
        } catch (NumberFormatException e5) {
            throw new SystemException(str, e5);
        } catch (SecurityException e6) {
            throw new InvalidCertificateException(new TransportErrorMessage.BadMagicNumber("secret key", str));
        } catch (InvalidKeyException e7) {
            throw new InvalidCertificateException(new TransportErrorMessage.BadMagicNumber("secret key", str));
        } catch (NoSuchAlgorithmException e8) {
            throw new AssertionError(e8);
        } catch (BadPaddingException e9) {
            throw new SystemException(str, e9);
        } catch (IllegalBlockSizeException e10) {
            throw new SystemException(str, e10);
        } catch (NoSuchPaddingException e11) {
            throw new AssertionError(e11);
        } catch (DecoderException e12) {
            throw new InvalidCertificateException(new TransportErrorMessage.BadMagicNumber("secret key", str));
        }
    }

    private BufferedReader getV3CertificateReader(EncryptedCertificate encryptedCertificate) throws UnsupportedEncodingException {
        return new BufferedReader(new InputStreamReader(new ByteArrayInputStream(this.transcoder.decode(encryptedCertificate.getCertificate())), "utf-8"));
    }

    private BufferedReader getV2CertificateReader(EncryptedCertificate encryptedCertificate, PublicKey publicKey, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, UnsupportedEncodingException, IllegalBlockSizeException, BadPaddingException, InvalidCertificateException {
        Cipher cipher = Cipher.getInstance(ASYM_CIPHER, PROVIDER);
        cipher.init(2, publicKey);
        String magicNumber = encryptedCertificate.getMagicNumber();
        if (magicNumber != null) {
            TrustedApplicationUtils.validateMagicNumber("public key", str, encryptedCertificate.getProtocolVersion(), new String(cipher.doFinal(this.transcoder.decode(magicNumber)), "utf-8"));
        } else if (encryptedCertificate.getProtocolVersion() != null) {
            throw new InvalidCertificateException(new TransportErrorMessage.BadMagicNumber("public key", str));
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(cipher.doFinal(this.transcoder.decode(encryptedCertificate.getSecretKey())), STREAM_CIPHER);
        Cipher cipher2 = Cipher.getInstance(STREAM_CIPHER, PROVIDER);
        cipher2.init(2, secretKeySpec);
        return new BufferedReader(new InputStreamReader(new ByteArrayInputStream(cipher2.doFinal(this.transcoder.decode(encryptedCertificate.getCertificate()))), "utf-8"));
    }

    @Override // com.atlassian.security.auth.trustedapps.EncryptionProvider
    public EncryptedCertificate createEncryptedCertificate(String str, PrivateKey privateKey, String str2) {
        return createEncryptedCertificate(str, privateKey, str2, null);
    }

    @Override // com.atlassian.security.auth.trustedapps.EncryptionProvider
    public EncryptedCertificate createEncryptedCertificate(String str, PrivateKey privateKey, String str2, String str3) {
        try {
            return TrustedApplicationUtils.Constant.VERSION_TWO.equals(TrustedApplicationUtils.getProtocolVersionInUse()) ? generateV2EncryptedCertificate(privateKey, str2, str, str3) : generateV3EncryptedCertificate(privateKey, str2, str, str3);
        } catch (UnsupportedEncodingException e) {
            throw new IllegalKeyException(e);
        } catch (InvalidKeyException e2) {
            throw new IllegalKeyException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new AssertionError(e3);
        } catch (SignatureException e4) {
            throw new IllegalKeyException(e4);
        } catch (BadPaddingException e5) {
            throw new IllegalKeyException(e5);
        } catch (IllegalBlockSizeException e6) {
            throw new IllegalKeyException(e6);
        } catch (NoSuchPaddingException e7) {
            throw new AssertionError(e7);
        }
    }

    private EncryptedCertificate generateV3EncryptedCertificate(PrivateKey privateKey, String str, String str2, String str3) throws UnsupportedEncodingException, BadPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        SignatureString generateCertificate = generateCertificate(str2);
        return new DefaultEncryptedCertificate(str, null, this.transcoder.encode(generateCertificate.getSignature().getBytes("utf-8")), TrustedApplicationUtils.Constant.VERSION_THREE, null, generateSignature(privateKey, TrustedApplicationUtils.generateSignatureBaseString(generateCertificate.getTimeStamp(), str3, str2)));
    }

    private EncryptedCertificate generateV2EncryptedCertificate(PrivateKey privateKey, String str, String str2, String str3) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException, SignatureException {
        SecretKey generateSecretKey = this.secretKeyFactory.generateSecretKey();
        Cipher cipher = Cipher.getInstance(STREAM_CIPHER, PROVIDER);
        cipher.init(1, generateSecretKey);
        Cipher cipher2 = Cipher.getInstance(ASYM_CIPHER, PROVIDER);
        cipher2.init(1, privateKey);
        String encode = this.transcoder.encode(cipher2.doFinal(generateSecretKey.getEncoded()));
        String encode2 = this.transcoder.encode(cipher2.doFinal(this.transcoder.getBytes(TrustedApplicationUtils.Constant.MAGIC)));
        SignatureString generateCertificate = generateCertificate(str2);
        return new DefaultEncryptedCertificate(str, encode, this.transcoder.encode(cipher.doFinal(this.transcoder.getBytes(generateCertificate.getSignature()))), TrustedApplicationUtils.Constant.VERSION_TWO, encode2, generateSignature(privateKey, TrustedApplicationUtils.generateSignatureBaseString(generateCertificate.getTimeStamp(), str3, str2)));
    }

    private SignatureString generateCertificate(String str) throws IllegalBlockSizeException, BadPaddingException {
        return new SignatureString(str, this.clock.currentTimeMillis() + TimeUnit.SECONDS.toMillis(900L));
    }

    @Override // com.atlassian.security.auth.trustedapps.EncryptionProvider
    public String generateSignature(PrivateKey privateKey, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnsupportedEncodingException {
        Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM, PROVIDER);
        signature.initSign(privateKey);
        signature.update(bArr);
        String encode = this.transcoder.encode(signature.sign());
        log.debug("Signature for request to '{}' is '{}'", bArr, encode);
        return encode;
    }

    @Override // com.atlassian.security.auth.trustedapps.EncryptionProvider
    public boolean verifySignature(PublicKey publicKey, byte[] bArr, String str) throws UnableToVerifySignatureException {
        try {
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM, PROVIDER);
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(Base64.decode(str));
        } catch (StringIndexOutOfBoundsException e) {
            throw new UnableToVerifySignatureException(e);
        } catch (InvalidKeyException e2) {
            throw new UnableToVerifySignatureException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new UnableToVerifySignatureException(e3);
        } catch (SignatureException e4) {
            throw new UnableToVerifySignatureException(e4);
        }
    }
}
