package io.iohk.scalanet.peergroup.dynamictls;

import io.iohk.scalanet.crypto.CryptoUtils$;
import io.iohk.scalanet.peergroup.dynamictls.DynamicTLSExtension;
import java.security.KeyPair;
import java.security.SecureRandom;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DLBitString;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import scala.None$;
import scala.Option;
import scala.Serializable;
import scala.Some;
import scala.Tuple2;
import scala.util.Try$;
import scodec.Attempt;
import scodec.Attempt$;
import scodec.bits.BitVector;
import scodec.bits.BitVector$;
import scodec.codecs.package$;

/* compiled from: DynamicTLSExtension.scala */
/* loaded from: input_file:io/iohk/scalanet/peergroup/dynamictls/DynamicTLSExtension$SignedKey$.class */
public class DynamicTLSExtension$SignedKey$ implements Serializable {
    public static DynamicTLSExtension$SignedKey$ MODULE$;
    private final String extensionIdentifier;
    private final ASN1ObjectIdentifier signedKeyExtensionIdentifier;

    static {
        new DynamicTLSExtension$SignedKey$();
    }

    public String extensionIdentifier() {
        return this.extensionIdentifier;
    }

    public ASN1ObjectIdentifier signedKeyExtensionIdentifier() {
        return this.signedKeyExtensionIdentifier;
    }

    private Attempt<DynamicTLSExtension.SignedKey.SignedKeyBytes> parseAsn1EncodedBytes(byte[] bArr) {
        return Attempt$.MODULE$.fromTry(Try$.MODULE$.apply(() -> {
            DLSequence parseExtensionValue = JcaX509ExtensionUtils.parseExtensionValue(bArr);
            return new DynamicTLSExtension.SignedKey.SignedKeyBytes(parseExtensionValue.getObjectAt(0).getBytes(), parseExtensionValue.getObjectAt(1).getBytes());
        }));
    }

    private Attempt<ASN1Encodable> toASN1Encodable(DynamicTLSExtension.SignedKey signedKey) {
        return DynamicTLSExtension$ExtensionPublicKey$.MODULE$.extensionPublicKeyCodec().encode(signedKey.publicKey()).flatMap(bitVector -> {
            return package$.MODULE$.bits().encode(signedKey.signature()).map(bitVector -> {
                DLBitString dLBitString = new DLBitString(bitVector.toByteArray());
                DLBitString dLBitString2 = new DLBitString(bitVector.toByteArray());
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector(2);
                aSN1EncodableVector.add(dLBitString);
                aSN1EncodableVector.add(dLBitString2);
                return new DLSequence(aSN1EncodableVector);
            });
        });
    }

    private Attempt<DynamicTLSExtension.Extension> toCertExtension(DynamicTLSExtension.SignedKey signedKey) {
        return toASN1Encodable(signedKey).map(aSN1Encodable -> {
            return new DynamicTLSExtension.Extension(MODULE$.signedKeyExtensionIdentifier(), true, aSN1Encodable);
        });
    }

    public Attempt<DynamicTLSExtension.SignedKey> parseAsn1EncodedValue(byte[] bArr) {
        return parseAsn1EncodedBytes(bArr).flatMap(signedKeyBytes -> {
            return DynamicTLSExtension$ExtensionPublicKey$.MODULE$.extensionPublicKeyCodec().decodeValue(BitVector$.MODULE$.apply(signedKeyBytes.publicKey())).flatMap(extensionPublicKey -> {
                return package$.MODULE$.bits().decodeValue(BitVector$.MODULE$.apply(signedKeyBytes.signature())).map(bitVector -> {
                    return new DynamicTLSExtension.SignedKey(extensionPublicKey, bitVector);
                });
            });
        });
    }

    private Attempt<DynamicTLSExtension.SignedKey> buildSignedKey(KeyType keyType, KeyPair keyPair, BitVector bitVector, SecureRandom secureRandom) {
        BitVector apply = BitVector$.MODULE$.apply(CryptoUtils$.MODULE$.signEcdsa(DynamicTLSExtension$.MODULE$.prefixAsBytes().$plus$plus(bitVector).toByteArray(), keyPair.getPrivate(), secureRandom));
        return Attempt$.MODULE$.fromTry(DynamicTLSExtension$ExtensionPublicKey$.MODULE$.apply(keyType, keyPair.getPublic()).map(extensionPublicKey -> {
            return new DynamicTLSExtension.SignedKey(extensionPublicKey, apply);
        }));
    }

    public Attempt<Tuple2<DynamicTLSExtension.SignedKey, DynamicTLSExtension.Extension>> buildSignedKeyExtension(KeyType keyType, KeyPair keyPair, BitVector bitVector, SecureRandom secureRandom) {
        return buildSignedKey(keyType, keyPair, bitVector, secureRandom).flatMap(signedKey -> {
            return MODULE$.toCertExtension(signedKey).map(extension -> {
                return new Tuple2(signedKey, extension);
            });
        });
    }

    public boolean verifySignature(DynamicTLSExtension.SignedKey signedKey, BitVector bitVector) {
        return CryptoUtils$.MODULE$.verifyEcdsa(DynamicTLSExtension$.MODULE$.prefixAsBytes().$plus$plus(bitVector).toByteArray(), signedKey.signature().toByteArray(), signedKey.publicKey().encodedPublicKey());
    }

    public DynamicTLSExtension.SignedKey apply(DynamicTLSExtension.ExtensionPublicKey extensionPublicKey, BitVector bitVector) {
        return new DynamicTLSExtension.SignedKey(extensionPublicKey, bitVector);
    }

    public Option<Tuple2<DynamicTLSExtension.ExtensionPublicKey, BitVector>> unapply(DynamicTLSExtension.SignedKey signedKey) {
        return signedKey == null ? None$.MODULE$ : new Some(new Tuple2(signedKey.publicKey(), signedKey.signature()));
    }

    private Object readResolve() {
        return MODULE$;
    }

    public DynamicTLSExtension$SignedKey$() {
        MODULE$ = this;
        this.extensionIdentifier = "1.3.6.1.4.1.53594.1.1";
        this.signedKeyExtensionIdentifier = new ASN1ObjectIdentifier(extensionIdentifier());
    }
}
