package com.google.crypto.tink.integration.awskmsv2;

import com.google.crypto.tink.PublicKeyVerify;
import java.security.GeneralSecurityException;
import software.amazon.awssdk.core.SdkBytes;
import software.amazon.awssdk.services.kms.KmsClient;
import software.amazon.awssdk.services.kms.model.KmsInvalidSignatureException;
import software.amazon.awssdk.services.kms.model.VerifyRequest;

/* loaded from: input_file:com/google/crypto/tink/integration/awskmsv2/AwsKmsPublicKeyVerify.class */
public final class AwsKmsPublicKeyVerify implements PublicKeyVerify {
    private final KmsClient kmsClient;
    private final String signatureAlgorithm;
    private final String signatureKeyId;

    public AwsKmsPublicKeyVerify(KmsClient kmsClient, String str, String str2) {
        this.kmsClient = kmsClient;
        this.signatureKeyId = str;
        this.signatureAlgorithm = str2;
    }

    @Override // com.google.crypto.tink.PublicKeyVerify
    public void verify(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        try {
            if (this.kmsClient.verify((VerifyRequest) VerifyRequest.builder().message(SdkBytes.fromByteArray(bArr2)).signature(SdkBytes.fromByteArray(bArr)).signingAlgorithm(this.signatureAlgorithm).keyId(this.signatureKeyId).mo12755build()).signatureValid().booleanValue()) {
            } else {
                throw new IllegalStateException("Received false signatureValid response from verify request");
            }
        } catch (KmsInvalidSignatureException e) {
            throw new GeneralSecurityException("Signature validation failed", e);
        }
    }
}
