package tech.relaycorp.relaynet.cms;

import java.io.IOException;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TuplesKt;
import kotlin.TypeCastException;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SpreadBuilder;
import kotlin.sequences.Sequence;
import kotlin.sequences.SequencesKt;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.selector.X509CertificateHolderSelector;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.CollectionStore;
import org.jetbrains.annotations.NotNull;
import tech.relaycorp.relaynet.HashingAlgorithm;
import tech.relaycorp.relaynet.wrappers.x509.Certificate;

/* compiled from: SignedData.kt */
@Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 2, d1 = {"��B\n��\n\u0002\u0010$\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\"\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\u001a\u0010\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u0007H\u0002\u001a\u0010\u0010\b\u001a\u00020\u00072\u0006\u0010\t\u001a\u00020\nH\u0002\u001a8\u0010\u000b\u001a\u00020\n2\u0006\u0010\f\u001a\u00020\n2\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\u000e\b\u0002\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u00100\u00122\b\b\u0002\u0010\u0013\u001a\u00020\u0002\u001a\u000e\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\n\"\u001a\u0010��\u001a\u000e\u0012\u0004\u0012\u00020\u0002\u0012\u0004\u0012\u00020\u00030\u0001X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0017"}, d2 = {"signatureAlgorithmMap", "", "Ltech/relaycorp/relaynet/HashingAlgorithm;", "", "getSignerInfoFromSignedData", "Lorg/bouncycastle/cms/SignerInformation;", "signedData", "Lorg/bouncycastle/cms/CMSSignedData;", "parseCmsSignedData", "cmsSignedDataSerialized", "", "sign", "plaintext", "signerPrivateKey", "Ljava/security/PrivateKey;", "signerCertificate", "Ltech/relaycorp/relaynet/wrappers/x509/Certificate;", "caCertificates", "", "hashingAlgorithm", "verifySignature", "Ltech/relaycorp/relaynet/cms/SignatureVerification;", "cmsSignedData", "relaynet"})
/* loaded from: input_file:tech/relaycorp/relaynet/cms/SignedDataKt.class */
public final class SignedDataKt {
    private static final Map<HashingAlgorithm, String> signatureAlgorithmMap = MapsKt.mapOf(new Pair[]{TuplesKt.to(HashingAlgorithm.SHA256, "SHA256withRSA"), TuplesKt.to(HashingAlgorithm.SHA384, "SHA384withRSA"), TuplesKt.to(HashingAlgorithm.SHA512, "SHA512withRSA")});

    @NotNull
    public static final byte[] sign(@NotNull byte[] bArr, @NotNull PrivateKey privateKey, @NotNull Certificate certificate, @NotNull Set<Certificate> set, @NotNull HashingAlgorithm hashingAlgorithm) throws SignedDataException {
        Intrinsics.checkParameterIsNotNull(bArr, "plaintext");
        Intrinsics.checkParameterIsNotNull(privateKey, "signerPrivateKey");
        Intrinsics.checkParameterIsNotNull(certificate, "signerCertificate");
        Intrinsics.checkParameterIsNotNull(set, "caCertificates");
        Intrinsics.checkParameterIsNotNull(hashingAlgorithm, "hashingAlgorithm");
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        ContentSigner build = new JcaContentSignerBuilder(signatureAlgorithmMap.get(hashingAlgorithm)).build(privateKey);
        Intrinsics.checkExpressionValueIsNotNull(build, "signerBuilder.build(signerPrivateKey)");
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(build, certificate.getCertificateHolder()));
        Set<Certificate> set2 = set;
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(set2, 10));
        Iterator<T> it = set2.iterator();
        while (it.hasNext()) {
            arrayList.add(((Certificate) it.next()).getCertificateHolder());
        }
        ArrayList arrayList2 = arrayList;
        SpreadBuilder spreadBuilder = new SpreadBuilder(2);
        spreadBuilder.add(certificate.getCertificateHolder());
        Object[] array = arrayList2.toArray(new X509CertificateHolder[0]);
        if (array == null) {
            throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
        }
        spreadBuilder.addSpread(array);
        cMSSignedDataGenerator.addCertificates(new JcaCertStore(CollectionsKt.listOf((X509CertificateHolder[]) spreadBuilder.toArray(new X509CertificateHolder[spreadBuilder.size()]))));
        CMSSignedData generate = cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true);
        Intrinsics.checkExpressionValueIsNotNull(generate, "cmsSignedData");
        byte[] encoded = generate.getEncoded();
        Intrinsics.checkExpressionValueIsNotNull(encoded, "cmsSignedData.encoded");
        return encoded;
    }

    public static /* synthetic */ byte[] sign$default(byte[] bArr, PrivateKey privateKey, Certificate certificate, Set set, HashingAlgorithm hashingAlgorithm, int i, Object obj) throws SignedDataException {
        if ((i & 8) != 0) {
            set = SetsKt.emptySet();
        }
        if ((i & 16) != 0) {
            hashingAlgorithm = HashingAlgorithm.SHA256;
        }
        return sign(bArr, privateKey, certificate, set, hashingAlgorithm);
    }

    @NotNull
    public static final SignatureVerification verifySignature(@NotNull byte[] bArr) throws SignedDataException {
        Intrinsics.checkParameterIsNotNull(bArr, "cmsSignedData");
        CMSSignedData parseCmsSignedData = parseCmsSignedData(bArr);
        SignerInformation signerInfoFromSignedData = getSignerInfoFromSignedData(parseCmsSignedData);
        SignerId sid = signerInfoFromSignedData.getSID();
        Intrinsics.checkExpressionValueIsNotNull(sid, "signerInfo.sid");
        X500Name issuer = sid.getIssuer();
        SignerId sid2 = signerInfoFromSignedData.getSID();
        Intrinsics.checkExpressionValueIsNotNull(sid2, "signerInfo.sid");
        Collection matches = parseCmsSignedData.getCertificates().getMatches(new X509CertificateHolderSelector(issuer, sid2.getSerialNumber()));
        try {
            Intrinsics.checkExpressionValueIsNotNull(matches, "signerCertMatches");
            X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) CollectionsKt.first(matches);
            try {
                signerInfoFromSignedData.verify(new JcaSimpleSignerInfoVerifierBuilder().build(x509CertificateHolder));
                Iterable certificates = parseCmsSignedData.getCertificates();
                if (certificates == null) {
                    throw new TypeCastException("null cannot be cast to non-null type org.bouncycastle.util.CollectionStore<org.bouncycastle.cert.X509CertificateHolder!>");
                }
                Sequence asSequence = CollectionsKt.asSequence((CollectionStore) certificates);
                CMSTypedData signedContent = parseCmsSignedData.getSignedContent();
                Intrinsics.checkExpressionValueIsNotNull(signedContent, "signedData.signedContent");
                Object content = signedContent.getContent();
                if (content == null) {
                    throw new TypeCastException("null cannot be cast to non-null type kotlin.ByteArray");
                }
                Intrinsics.checkExpressionValueIsNotNull(x509CertificateHolder, "signerCertificateHolder");
                return new SignatureVerification((byte[]) content, new Certificate(x509CertificateHolder), SequencesKt.toSet(SequencesKt.map(asSequence, new Function1<X509CertificateHolder, Certificate>() { // from class: tech.relaycorp.relaynet.cms.SignedDataKt$verifySignature$1
                    @NotNull
                    public final Certificate invoke(X509CertificateHolder x509CertificateHolder2) {
                        Intrinsics.checkExpressionValueIsNotNull(x509CertificateHolder2, "it");
                        return new Certificate(x509CertificateHolder2);
                    }
                })));
            } catch (CMSException e) {
                throw new SignedDataException("Invalid signature");
            }
        } catch (NoSuchElementException e2) {
            throw new SignedDataException("Certificate of signer should be attached");
        }
    }

    private static final SignerInformation getSignerInfoFromSignedData(CMSSignedData cMSSignedData) {
        if (cMSSignedData.getSignedContent() == null) {
            throw new SignedDataException("Signed plaintext should be encapsulated");
        }
        if (cMSSignedData.getSignerInfos().size() != 1) {
            throw new SignedDataException("SignedData should contain exactly one SignerInfo (got " + cMSSignedData.getSignerInfos().size() + ')');
        }
        Iterable signerInfos = cMSSignedData.getSignerInfos();
        Intrinsics.checkExpressionValueIsNotNull(signerInfos, "signedData.signerInfos");
        Object first = CollectionsKt.first(signerInfos);
        Intrinsics.checkExpressionValueIsNotNull(first, "signedData.signerInfos.first()");
        return (SignerInformation) first;
    }

    private static final CMSSignedData parseCmsSignedData(byte[] bArr) throws SignedDataException {
        try {
            try {
                try {
                    return new CMSSignedData(ContentInfo.getInstance(new ASN1InputStream(bArr).readObject()));
                } catch (CMSException e) {
                    throw new SignedDataException("ContentInfo wraps invalid SignedData value");
                }
            } catch (IllegalArgumentException e2) {
                throw new SignedDataException("SignedData value is not wrapped in ContentInfo");
            }
        } catch (IOException e3) {
            throw new SignedDataException("Value is not DER-encoded");
        }
    }
}
