package net.corda.crypto.internal;

import java.security.PublicKey;
import java.util.ArrayList;
import java.util.NoSuchElementException;
import java.util.UUID;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import net.corda.crypto.KeyManagementBackend;
import net.corda.crypto.SigningPersistentKey;
import net.corda.v5.cipher.suite.CipherSchemeMetadata;
import net.corda.v5.cipher.suite.CryptoService;
import net.corda.v5.cipher.suite.WrappedKeyPair;
import net.corda.v5.cipher.suite.WrappedPrivateKey;
import net.corda.v5.crypto.CryptoUtils;
import net.corda.v5.crypto.DigitalSignature;
import net.corda.v5.crypto.exceptions.CryptoServiceException;
import net.corda.v5.crypto.internal.SignatureScheme;
import org.jetbrains.annotations.NotNull;

/* compiled from: KeyManagementBackendImpl.kt */
@Metadata(mv = {1, 4, 1}, bv = {1, 0, 3}, k = 1, d1 = {"��P\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n��\n\u0002\u0010\u001c\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n��\b\u0016\u0018��2\u00020\u0001B/\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\b\b\u0002\u0010\n\u001a\u00020\t¢\u0006\u0002\u0010\u000bJ\b\u0010\u000e\u001a\u00020\u000fH\u0016J\u001c\u0010\u0010\u001a\b\u0012\u0004\u0012\u00020\u00120\u00112\f\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\u00120\u0011H\u0016J\b\u0010\u0014\u001a\u00020\u0012H\u0016J\u0010\u0010\u0014\u001a\u00020\u00122\u0006\u0010\u0015\u001a\u00020\u0016H\u0016J\u0012\u0010\u0017\u001a\u00020\u00122\b\u0010\u0015\u001a\u0004\u0018\u00010\u0016H\u0002J\u0010\u0010\u0018\u001a\u00020\u00122\u0006\u0010\u0019\u001a\u00020\u0012H\u0002J\u0018\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u0019\u001a\u00020\u0012H\u0016R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\n\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001e"}, d2 = {"Lnet/corda/crypto/internal/KeyManagementBackendImpl;", "Lnet/corda/crypto/KeyManagementBackend;", "signingService", "Lnet/corda/crypto/internal/SigningServiceInternal;", "freshKeysCryptoService", "Lnet/corda/v5/cipher/suite/CryptoService;", "schemeMetadata", "Lnet/corda/v5/cipher/suite/CipherSchemeMetadata;", "defaultFreshKeySignatureSchemeCodeName", "", "masterWrappingKeyAlias", "(Lnet/corda/crypto/internal/SigningServiceInternal;Lnet/corda/v5/cipher/suite/CryptoService;Lnet/corda/v5/cipher/suite/CipherSchemeMetadata;Ljava/lang/String;Ljava/lang/String;)V", "defaultFreshKeySignatureScheme", "Lnet/corda/v5/crypto/internal/SignatureScheme;", "ensureWrappingKey", "", "filterMyKeys", "", "Ljava/security/PublicKey;", "candidateKeys", "freshKey", "externalId", "Ljava/util/UUID;", "generateFreshKey", "getSigningPublicKey", "publicKey", "sign", "Lnet/corda/v5/crypto/DigitalSignature$WithKey;", "bytes", "", "crypto-impl"})
/* loaded from: input_file:net/corda/crypto/internal/KeyManagementBackendImpl.class */
public class KeyManagementBackendImpl implements KeyManagementBackend {
    private final SignatureScheme defaultFreshKeySignatureScheme;
    private final SigningServiceInternal signingService;
    private final CryptoService freshKeysCryptoService;
    private final CipherSchemeMetadata schemeMetadata;
    private final String masterWrappingKeyAlias;

    @Override // net.corda.crypto.KeyManagementBackend
    @NotNull
    public PublicKey freshKey() {
        return generateFreshKey(null);
    }

    @Override // net.corda.crypto.KeyManagementBackend
    @NotNull
    public PublicKey freshKey(@NotNull UUID uuid) {
        Intrinsics.checkNotNullParameter(uuid, "externalId");
        return generateFreshKey(uuid);
    }

    @Override // net.corda.crypto.KeyManagementBackend
    @NotNull
    public DigitalSignature.WithKey sign(@NotNull byte[] bArr, @NotNull PublicKey publicKey) {
        byte[] sign;
        Intrinsics.checkNotNullParameter(bArr, "bytes");
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        PublicKey signingPublicKey = getSigningPublicKey(publicKey);
        SigningPersistentKey find = this.signingService.find(signingPublicKey);
        if (find == null) {
            throw new CryptoServiceException("The entry for public key '" + CryptoUtils.toStringShort(publicKey) + "' is not found");
        }
        SignatureScheme findScheme = this.schemeMetadata.findScheme(find.getSchemeCodeName());
        if (find.getAlias() == null) {
            if (find.getPrivateKeyMaterial() != null) {
                String masterKeyAlias = find.getMasterKeyAlias();
                if (!(masterKeyAlias == null || StringsKt.isBlank(masterKeyAlias))) {
                    byte[] privateKeyMaterial = find.getPrivateKeyMaterial();
                    Intrinsics.checkNotNull(privateKeyMaterial);
                    String masterKeyAlias2 = find.getMasterKeyAlias();
                    Intrinsics.checkNotNull(masterKeyAlias2);
                    sign = this.freshKeysCryptoService.sign(new WrappedPrivateKey(privateKeyMaterial, masterKeyAlias2, findScheme, find.getVersion()), bArr);
                }
            }
            throw new IllegalArgumentException("Cannot perform the sign operation as either the key material is absent or the master key alias.");
        }
        SigningServiceInternal signingServiceInternal = this.signingService;
        String alias = find.getAlias();
        Intrinsics.checkNotNull(alias);
        sign = signingServiceInternal.sign(alias, bArr, findScheme);
        return new DigitalSignature.WithKey(signingPublicKey, sign);
    }

    @Override // net.corda.crypto.KeyManagementBackend
    public void ensureWrappingKey() {
        if (this.freshKeysCryptoService.requiresWrappingKey()) {
            this.freshKeysCryptoService.createWrappingKey(this.masterWrappingKeyAlias, false);
        }
    }

    @Override // net.corda.crypto.KeyManagementBackend
    @NotNull
    public Iterable<PublicKey> filterMyKeys(@NotNull Iterable<? extends PublicKey> iterable) {
        Intrinsics.checkNotNullParameter(iterable, "candidateKeys");
        ArrayList arrayList = new ArrayList();
        for (PublicKey publicKey : iterable) {
            if (this.signingService.find(publicKey) != null) {
                arrayList.add(publicKey);
            }
        }
        return CollectionsKt.toMutableList(arrayList);
    }

    private final PublicKey generateFreshKey(UUID uuid) {
        WrappedKeyPair generateWrappedKeyPair = this.freshKeysCryptoService.generateWrappedKeyPair(this.masterWrappingKeyAlias, this.defaultFreshKeySignatureScheme);
        this.signingService.save(generateWrappedKeyPair, this.masterWrappingKeyAlias, this.defaultFreshKeySignatureScheme, uuid);
        return generateWrappedKeyPair.getPublicKey();
    }

    private final PublicKey getSigningPublicKey(PublicKey publicKey) {
        for (Object obj : CryptoUtils.getKeys(publicKey)) {
            if (this.signingService.find((PublicKey) obj) != null) {
                return (PublicKey) obj;
            }
        }
        throw new NoSuchElementException("Collection contains no element matching the predicate.");
    }

    public KeyManagementBackendImpl(@NotNull SigningServiceInternal signingServiceInternal, @NotNull CryptoService cryptoService, @NotNull CipherSchemeMetadata cipherSchemeMetadata, @NotNull String str, @NotNull String str2) {
        Intrinsics.checkNotNullParameter(signingServiceInternal, "signingService");
        Intrinsics.checkNotNullParameter(cryptoService, "freshKeysCryptoService");
        Intrinsics.checkNotNullParameter(cipherSchemeMetadata, "schemeMetadata");
        Intrinsics.checkNotNullParameter(str, "defaultFreshKeySignatureSchemeCodeName");
        Intrinsics.checkNotNullParameter(str2, "masterWrappingKeyAlias");
        this.signingService = signingServiceInternal;
        this.freshKeysCryptoService = cryptoService;
        this.schemeMetadata = cipherSchemeMetadata;
        this.masterWrappingKeyAlias = str2;
        this.defaultFreshKeySignatureScheme = this.schemeMetadata.findScheme(str);
        SignatureScheme[] supportedWrappingSchemes = this.freshKeysCryptoService.supportedWrappingSchemes();
        ArrayList arrayList = new ArrayList(supportedWrappingSchemes.length);
        for (SignatureScheme signatureScheme : supportedWrappingSchemes) {
            arrayList.add(signatureScheme.getSchemeCodeName());
        }
        ArrayList arrayList2 = arrayList;
        if (!arrayList2.contains(this.defaultFreshKeySignatureScheme.getSchemeCodeName())) {
            throw new CryptoServiceException("The default signature schema '" + this.defaultFreshKeySignatureScheme.getSchemeCodeName() + "' is not supported, supported [" + CollectionsKt.joinToString$default(arrayList2, ", ", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null) + ']');
        }
    }

    public /* synthetic */ KeyManagementBackendImpl(SigningServiceInternal signingServiceInternal, CryptoService cryptoService, CipherSchemeMetadata cipherSchemeMetadata, String str, String str2, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(signingServiceInternal, cryptoService, cipherSchemeMetadata, str, (i & 16) != 0 ? "wrapping-key-alias" : str2);
    }
}
