package tech.relaycorp.relaynet.crypto;

import java.io.IOException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TuplesKt;
import kotlin.TypeCastException;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.selector.X509CertificateHolderSelector;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.CollectionStore;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import tech.relaycorp.relaynet.CryptoUtils;
import tech.relaycorp.relaynet.HashingAlgorithm;
import tech.relaycorp.relaynet.wrappers.x509.Certificate;

/* compiled from: SignedData.kt */
@Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��6\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0012\n\u0002\b\t\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\b��\u0018�� \u001d2\u00020\u0001:\u0001\u001dB\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0006\u0010\u0017\u001a\u00020\u000fJ\u001e\u0010\u0018\u001a\u00020\u00192\n\b\u0002\u0010\u001a\u001a\u0004\u0018\u00010\u000f2\n\b\u0002\u0010\u001b\u001a\u0004\u0018\u00010\u001cR\u0014\u0010\u0002\u001a\u00020\u0003X\u0080\u0004¢\u0006\b\n��\u001a\u0004\b\u0005\u0010\u0006R!\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\t0\b8FX\u0086\u0084\u0002¢\u0006\f\n\u0004\b\f\u0010\r\u001a\u0004\b\n\u0010\u000bR\u001d\u0010\u000e\u001a\u0004\u0018\u00010\u000f8FX\u0086\u0084\u0002¢\u0006\f\n\u0004\b\u0012\u0010\r\u001a\u0004\b\u0010\u0010\u0011R\u001d\u0010\u0013\u001a\u0004\u0018\u00010\t8FX\u0086\u0084\u0002¢\u0006\f\n\u0004\b\u0016\u0010\r\u001a\u0004\b\u0014\u0010\u0015¨\u0006\u001e"}, d2 = {"Ltech/relaycorp/relaynet/crypto/SignedData;", "", "bcSignedData", "Lorg/bouncycastle/cms/CMSSignedData;", "(Lorg/bouncycastle/cms/CMSSignedData;)V", "getBcSignedData$relaynet", "()Lorg/bouncycastle/cms/CMSSignedData;", "certificates", "", "Ltech/relaycorp/relaynet/wrappers/x509/Certificate;", "getCertificates", "()Ljava/util/Set;", "certificates$delegate", "Lkotlin/Lazy;", "plaintext", "", "getPlaintext", "()[B", "plaintext$delegate", "signerCertificate", "getSignerCertificate", "()Ltech/relaycorp/relaynet/wrappers/x509/Certificate;", "signerCertificate$delegate", "serialize", "verify", "", "expectedPlaintext", "signerPublicKey", "Ljava/security/PublicKey;", "Companion", "relaynet"})
/* loaded from: input_file:tech/relaycorp/relaynet/crypto/SignedData.class */
public final class SignedData {

    @Nullable
    private final Lazy plaintext$delegate;

    @Nullable
    private final Lazy signerCertificate$delegate;

    @NotNull
    private final Lazy certificates$delegate;

    @NotNull
    private final CMSSignedData bcSignedData;
    public static final Companion Companion = new Companion(null);
    private static final Map<HashingAlgorithm, String> signatureAlgorithmMap = MapsKt.mapOf(new Pair[]{TuplesKt.to(HashingAlgorithm.SHA256, "SHA256WITHRSAANDMGF1"), TuplesKt.to(HashingAlgorithm.SHA384, "SHA384WITHRSAANDMGF1"), TuplesKt.to(HashingAlgorithm.SHA512, "SHA512WITHRSAANDMGF1")});

    /* compiled from: SignedData.kt */
    @Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��`\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010$\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\"\n��\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0010\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\nH\u0007J\u0010\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000eH\u0002J\u001a\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u00122\b\u0010\u0013\u001a\u0004\u0018\u00010\u0005H\u0002J\b\u0010\u0014\u001a\u00020\u0015H\u0002J.\u0010\u0016\u001a\u00020\b2\u0006\u0010\u0017\u001a\u00020\n2\u0006\u0010\u0011\u001a\u00020\u00122\n\b\u0002\u0010\u0013\u001a\u0004\u0018\u00010\u00052\b\b\u0002\u0010\u0018\u001a\u00020\u0019H\u0007JF\u0010\u0016\u001a\u00020\b2\u0006\u0010\u0017\u001a\u00020\n2\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u001a\u001a\u00020\u001b2\u000e\b\u0002\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\u001b0\u001d2\n\b\u0002\u0010\u0013\u001a\u0004\u0018\u00010\u00052\b\b\u0002\u0010\u0018\u001a\u00020\u0019H\u0007J.\u0010\u0016\u001a\u00020\b2\u0006\u0010\u0017\u001a\u00020\n2\u0006\u0010\u001e\u001a\u00020\u001f2\f\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\u001b0\u001d2\u0006\u0010\u0018\u001a\u00020\u0019H\u0002R\u001a\u0010\u0003\u001a\u000e\u0012\u0004\u0012\u00020\u0005\u0012\u0004\u0012\u00020\u00060\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006 "}, d2 = {"Ltech/relaycorp/relaynet/crypto/SignedData$Companion;", "", "()V", "signatureAlgorithmMap", "", "Ltech/relaycorp/relaynet/HashingAlgorithm;", "", "deserialize", "Ltech/relaycorp/relaynet/crypto/SignedData;", "serialization", "", "getSignerInfo", "Lorg/bouncycastle/cms/SignerInformation;", "bcSignedData", "Lorg/bouncycastle/cms/CMSSignedData;", "makeContentSigner", "Lorg/bouncycastle/operator/ContentSigner;", "signerPrivateKey", "Ljava/security/PrivateKey;", "hashingAlgorithm", "makeSignerInfoGeneratorBuilder", "Lorg/bouncycastle/cms/jcajce/JcaSignerInfoGeneratorBuilder;", "sign", "plaintext", "encapsulatePlaintext", "", "signerCertificate", "Ltech/relaycorp/relaynet/wrappers/x509/Certificate;", "encapsulatedCertificates", "", "signerInfoGenerator", "Lorg/bouncycastle/cms/SignerInfoGenerator;", "relaynet"})
    /* loaded from: input_file:tech/relaycorp/relaynet/crypto/SignedData$Companion.class */
    public static final class Companion {
        @JvmStatic
        @NotNull
        public final SignedData sign(@NotNull byte[] bArr, @NotNull PrivateKey privateKey, @NotNull Certificate certificate, @NotNull Set<Certificate> set, @Nullable HashingAlgorithm hashingAlgorithm, boolean z) {
            Intrinsics.checkParameterIsNotNull(bArr, "plaintext");
            Intrinsics.checkParameterIsNotNull(privateKey, "signerPrivateKey");
            Intrinsics.checkParameterIsNotNull(certificate, "signerCertificate");
            Intrinsics.checkParameterIsNotNull(set, "encapsulatedCertificates");
            SignerInfoGenerator build = makeSignerInfoGeneratorBuilder().build(makeContentSigner(privateKey, hashingAlgorithm), certificate.getCertificateHolder());
            Intrinsics.checkExpressionValueIsNotNull(build, "signerInfoGenerator");
            return sign(bArr, build, set, z);
        }

        public static /* synthetic */ SignedData sign$default(Companion companion, byte[] bArr, PrivateKey privateKey, Certificate certificate, Set set, HashingAlgorithm hashingAlgorithm, boolean z, int i, Object obj) {
            if ((i & 8) != 0) {
                set = SetsKt.emptySet();
            }
            if ((i & 16) != 0) {
                hashingAlgorithm = (HashingAlgorithm) null;
            }
            if ((i & 32) != 0) {
                z = true;
            }
            return companion.sign(bArr, privateKey, certificate, set, hashingAlgorithm, z);
        }

        @JvmStatic
        @NotNull
        public final SignedData sign(@NotNull byte[] bArr, @NotNull PrivateKey privateKey, @Nullable HashingAlgorithm hashingAlgorithm, boolean z) {
            Intrinsics.checkParameterIsNotNull(bArr, "plaintext");
            Intrinsics.checkParameterIsNotNull(privateKey, "signerPrivateKey");
            SignerInfoGenerator build = makeSignerInfoGeneratorBuilder().build(makeContentSigner(privateKey, hashingAlgorithm), new byte[0]);
            Intrinsics.checkExpressionValueIsNotNull(build, "signerInfoGenerator");
            return sign(bArr, build, SetsKt.emptySet(), z);
        }

        public static /* synthetic */ SignedData sign$default(Companion companion, byte[] bArr, PrivateKey privateKey, HashingAlgorithm hashingAlgorithm, boolean z, int i, Object obj) {
            if ((i & 4) != 0) {
                hashingAlgorithm = (HashingAlgorithm) null;
            }
            if ((i & 8) != 0) {
                z = true;
            }
            return companion.sign(bArr, privateKey, hashingAlgorithm, z);
        }

        private final SignedData sign(byte[] bArr, SignerInfoGenerator signerInfoGenerator, Set<Certificate> set, boolean z) {
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSignerInfoGenerator(signerInfoGenerator);
            Set<Certificate> set2 = set;
            ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(set2, 10));
            Iterator<T> it = set2.iterator();
            while (it.hasNext()) {
                arrayList.add(((Certificate) it.next()).getCertificateHolder());
            }
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(arrayList));
            CMSSignedData generate = cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), z);
            CMSSignedData cMSSignedData = z ? generate : new CMSSignedData(generate.toASN1Structure());
            Intrinsics.checkExpressionValueIsNotNull(cMSSignedData, "if (encapsulatePlaintext…edData.toASN1Structure())");
            return new SignedData(cMSSignedData);
        }

        private final JcaSignerInfoGeneratorBuilder makeSignerInfoGeneratorBuilder() {
            return new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build());
        }

        private final ContentSigner makeContentSigner(PrivateKey privateKey, HashingAlgorithm hashingAlgorithm) {
            HashingAlgorithm hashingAlgorithm2 = hashingAlgorithm;
            if (hashingAlgorithm2 == null) {
                hashingAlgorithm2 = HashingAlgorithm.SHA256;
            }
            ContentSigner build = new JcaContentSignerBuilder((String) SignedData.signatureAlgorithmMap.get(hashingAlgorithm2)).setProvider(CryptoUtils.getBC_PROVIDER()).build(privateKey);
            Intrinsics.checkExpressionValueIsNotNull(build, "signerBuilder.build(signerPrivateKey)");
            return build;
        }

        @JvmStatic
        @NotNull
        public final SignedData deserialize(@NotNull byte[] bArr) {
            Intrinsics.checkParameterIsNotNull(bArr, "serialization");
            if (bArr.length == 0) {
                throw new SignedDataException("Value cannot be empty", null, 2, null);
            }
            try {
                try {
                    try {
                        return new SignedData(new CMSSignedData(ContentInfo.getInstance(new ASN1InputStream(bArr).readObject())));
                    } catch (CMSException e) {
                        throw new SignedDataException("ContentInfo wraps invalid SignedData value", null, 2, null);
                    }
                } catch (IllegalArgumentException e2) {
                    throw new SignedDataException("SignedData value is not wrapped in ContentInfo", null, 2, null);
                }
            } catch (IOException e3) {
                throw new SignedDataException("Value is not DER-encoded", null, 2, null);
            }
        }

        public final SignerInformation getSignerInfo(CMSSignedData cMSSignedData) {
            int size = cMSSignedData.getSignerInfos().size();
            if (size != 1) {
                throw new SignedDataException("SignedData should contain exactly one SignerInfo (got " + size + ')', null, 2, null);
            }
            Iterable signerInfos = cMSSignedData.getSignerInfos();
            Intrinsics.checkExpressionValueIsNotNull(signerInfos, "bcSignedData.signerInfos");
            Object first = CollectionsKt.first(signerInfos);
            Intrinsics.checkExpressionValueIsNotNull(first, "bcSignedData.signerInfos.first()");
            return (SignerInformation) first;
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @Nullable
    public final byte[] getPlaintext() {
        return (byte[]) this.plaintext$delegate.getValue();
    }

    @Nullable
    public final Certificate getSignerCertificate() {
        return (Certificate) this.signerCertificate$delegate.getValue();
    }

    @NotNull
    public final Set<Certificate> getCertificates() {
        return (Set) this.certificates$delegate.getValue();
    }

    @NotNull
    public final byte[] serialize() {
        byte[] encoded = this.bcSignedData.getEncoded();
        Intrinsics.checkExpressionValueIsNotNull(encoded, "bcSignedData.encoded");
        return encoded;
    }

    public final void verify(@Nullable byte[] bArr, @Nullable PublicKey publicKey) throws SignedDataException {
        SignerInformationVerifier build;
        if (getPlaintext() != null && bArr != null) {
            throw new SignedDataException("No specific plaintext should be expected because one is already encapsulated", null, 2, null);
        }
        byte[] plaintext = getPlaintext();
        if (plaintext == null) {
            plaintext = bArr;
        }
        if (plaintext == null) {
            throw new SignedDataException("Plaintext should be encapsulated or explicitly set", null, 2, null);
        }
        byte[] bArr2 = plaintext;
        if (getSignerCertificate() != null && publicKey != null) {
            throw new SignedDataException("No specific signer certificate should be expected because one is already encapsulated", null, 2, null);
        }
        if (getSignerCertificate() == null && publicKey == null) {
            throw new SignedDataException("Signer certificate should be encapsulated or explicitly set", null, 2, null);
        }
        SignerInformation signerInfo = Companion.getSignerInfo(new CMSSignedData(new CMSProcessableByteArray(bArr2), this.bcSignedData.toASN1Structure()));
        JcaSimpleSignerInfoVerifierBuilder provider = new JcaSimpleSignerInfoVerifierBuilder().setProvider(CryptoUtils.getBC_PROVIDER());
        if (getSignerCertificate() != null) {
            Certificate signerCertificate = getSignerCertificate();
            if (signerCertificate == null) {
                Intrinsics.throwNpe();
            }
            build = provider.build(signerCertificate.getCertificateHolder());
        } else {
            build = provider.build(publicKey);
        }
        try {
            if (!signerInfo.verify(build)) {
                throw new SignedDataException("Invalid signature", null, 2, null);
            }
        } catch (CMSException e) {
            throw new SignedDataException("Invalid signature", e);
        }
    }

    public static /* synthetic */ void verify$default(SignedData signedData, byte[] bArr, PublicKey publicKey, int i, Object obj) throws SignedDataException {
        if ((i & 1) != 0) {
            bArr = (byte[]) null;
        }
        if ((i & 2) != 0) {
            publicKey = (PublicKey) null;
        }
        signedData.verify(bArr, publicKey);
    }

    @NotNull
    public final CMSSignedData getBcSignedData$relaynet() {
        return this.bcSignedData;
    }

    public SignedData(@NotNull CMSSignedData cMSSignedData) {
        Intrinsics.checkParameterIsNotNull(cMSSignedData, "bcSignedData");
        this.bcSignedData = cMSSignedData;
        this.plaintext$delegate = LazyKt.lazy(new Function0<byte[]>() { // from class: tech.relaycorp.relaynet.crypto.SignedData$plaintext$2
            @Nullable
            public final byte[] invoke() {
                CMSTypedData signedContent = SignedData.this.getBcSignedData$relaynet().getSignedContent();
                return (byte[]) (signedContent != null ? signedContent.getContent() : null);
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        });
        this.signerCertificate$delegate = LazyKt.lazy(new Function0<Certificate>() { // from class: tech.relaycorp.relaynet.crypto.SignedData$signerCertificate$2
            @Nullable
            public final Certificate invoke() {
                Certificate certificate;
                SignerInformation signerInfo = SignedData.Companion.getSignerInfo(SignedData.this.getBcSignedData$relaynet());
                SignerId sid = signerInfo.getSID();
                Intrinsics.checkExpressionValueIsNotNull(sid, "signerInfo.sid");
                X500Name issuer = sid.getIssuer();
                SignerId sid2 = signerInfo.getSID();
                Intrinsics.checkExpressionValueIsNotNull(sid2, "signerInfo.sid");
                Collection matches = SignedData.this.getBcSignedData$relaynet().getCertificates().getMatches(new X509CertificateHolderSelector(issuer, sid2.getSerialNumber()));
                try {
                    Intrinsics.checkExpressionValueIsNotNull(matches, "signerCertMatches");
                    Object first = CollectionsKt.first(matches);
                    Intrinsics.checkExpressionValueIsNotNull(first, "signerCertMatches.first()");
                    certificate = new Certificate((X509CertificateHolder) first);
                } catch (NoSuchElementException e) {
                    certificate = null;
                }
                return certificate;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        });
        this.certificates$delegate = LazyKt.lazy(new Function0<Set<? extends Certificate>>() { // from class: tech.relaycorp.relaynet.crypto.SignedData$certificates$2
            @NotNull
            public final Set<Certificate> invoke() {
                Iterable certificates = SignedData.this.getBcSignedData$relaynet().getCertificates();
                if (certificates == null) {
                    throw new TypeCastException("null cannot be cast to non-null type org.bouncycastle.util.CollectionStore<org.bouncycastle.cert.X509CertificateHolder!>");
                }
                Iterable<X509CertificateHolder> iterable = (CollectionStore) certificates;
                ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(iterable, 10));
                for (X509CertificateHolder x509CertificateHolder : iterable) {
                    Intrinsics.checkExpressionValueIsNotNull(x509CertificateHolder, "it");
                    arrayList.add(new Certificate(x509CertificateHolder));
                }
                return CollectionsKt.toSet(arrayList);
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        });
    }

    @JvmStatic
    @NotNull
    public static final SignedData sign(@NotNull byte[] bArr, @NotNull PrivateKey privateKey, @NotNull Certificate certificate, @NotNull Set<Certificate> set, @Nullable HashingAlgorithm hashingAlgorithm, boolean z) {
        return Companion.sign(bArr, privateKey, certificate, set, hashingAlgorithm, z);
    }

    @JvmStatic
    @NotNull
    public static final SignedData sign(@NotNull byte[] bArr, @NotNull PrivateKey privateKey, @Nullable HashingAlgorithm hashingAlgorithm, boolean z) {
        return Companion.sign(bArr, privateKey, hashingAlgorithm, z);
    }

    @JvmStatic
    @NotNull
    public static final SignedData deserialize(@NotNull byte[] bArr) {
        return Companion.deserialize(bArr);
    }
}
