package im.status.keycard.applet;

import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.Signature;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.util.Arrays;

/* loaded from: classes.dex */
public class Certificate extends RecoverableSignature {
    private byte[] identPub;

    public Certificate(byte[] bArr, boolean z, byte[] bArr2, byte[] bArr3, int i) {
        super(bArr, z, bArr2, bArr3, i);
    }

    public static Certificate fromTLV(byte[] bArr) {
        try {
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, 33);
            byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 33, 65);
            byte[] copyOfRange3 = Arrays.copyOfRange(bArr, 65, 97);
            byte b = bArr[97];
            Certificate certificate = new Certificate(RecoverableSignature.recoverFromSignature((int) b, MessageDigest.getInstance("SHA256", BouncyCastleProvider.PROVIDER_NAME).digest(copyOfRange), copyOfRange2, copyOfRange3, true), true, copyOfRange2, copyOfRange3, b);
            certificate.identPub = copyOfRange;
            return certificate;
        } catch (IllegalArgumentException e) {
            throw e;
        } catch (Exception unused) {
            throw new RuntimeException("Is BouncyCastle in the classpath?");
        }
    }

    public static byte[] verifyIdentity(byte[] bArr, byte[] bArr2) {
        try {
            TinyBERTLV tinyBERTLV = new TinyBERTLV(bArr2);
            tinyBERTLV.enterConstructed(-96);
            Certificate fromTLV = fromTLV(tinyBERTLV.readPrimitive(-118));
            byte[] peekUnread = tinyBERTLV.peekUnread();
            Signature signature = Signature.getInstance("NONEWithECDSA", BouncyCastleProvider.PROVIDER_NAME);
            ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("secp256k1");
            signature.initVerify((ECPublicKey) KeyFactory.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME).generatePublic(new ECPublicKeySpec(parameterSpec.getCurve().decodePoint(fromTLV.identPub), parameterSpec)));
            signature.update(bArr);
            if (signature.verify(peekUnread)) {
                return fromTLV.getPublicKey();
            }
            return null;
        } catch (Exception unused) {
            throw new RuntimeException("Is BouncyCastle in the classpath?");
        }
    }
}
