package tech.relaycorp.veraid;

import java.security.PrivateKey;
import java.time.ZonedDateTime;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.collections.SetsKt;
import kotlin.coroutines.Continuation;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.ClosedRange;
import kotlin.ranges.RangesKt;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import tech.relaycorp.veraid.SignatureMetadata;
import tech.relaycorp.veraid.dns.DnssecChain;
import tech.relaycorp.veraid.dns.InvalidChainException;
import tech.relaycorp.veraid.pki.MemberCertificate;
import tech.relaycorp.veraid.pki.MemberIdBundle;
import tech.relaycorp.veraid.pki.OrgCertificate;
import tech.relaycorp.veraid.utils.asn1.ASN1Exception;
import tech.relaycorp.veraid.utils.asn1.ASN1Utils;
import tech.relaycorp.veraid.utils.cms.SignedData;
import tech.relaycorp.veraid.utils.cms.SignedDataException;
import tech.relaycorp.veraid.utils.x509.Certificate;
import tech.relaycorp.veraid.utils.x509.CertificateException;

/* compiled from: SignatureBundle.kt */
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��F\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\u0018�� \u001b2\u00020\u0001:\u0001\u001bB\u0017\b��\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\b\u0010\u000b\u001a\u00020\fH\u0002J\u0006\u0010\r\u001a\u00020\u000eJ(\u0010\u000f\u001a\u00020\u00102\b\u0010\u0011\u001a\u0004\u0018\u00010\u000e2\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0015H\u0086@¢\u0006\u0002\u0010\u0016J8\u0010\u000f\u001a\u00020\u00102\b\u0010\u0011\u001a\u0004\u0018\u00010\u000e2\u0006\u0010\u0012\u001a\u00020\u00132\u0016\b\u0002\u0010\u0017\u001a\u0010\u0012\u0004\u0012\u00020\u0015\u0018\u00010\u0018j\u0004\u0018\u0001`\u0019H\u0086@¢\u0006\u0002\u0010\u001aR\u0014\u0010\u0002\u001a\u00020\u0003X\u0080\u0004¢\u0006\b\n��\u001a\u0004\b\u0007\u0010\bR\u0014\u0010\u0004\u001a\u00020\u0005X\u0080\u0004¢\u0006\b\n��\u001a\u0004\b\t\u0010\n¨\u0006\u001c"}, d2 = {"Ltech/relaycorp/veraid/SignatureBundle;", "", "memberIdBundle", "Ltech/relaycorp/veraid/pki/MemberIdBundle;", "signedData", "Ltech/relaycorp/veraid/utils/cms/SignedData;", "(Ltech/relaycorp/veraid/pki/MemberIdBundle;Ltech/relaycorp/veraid/utils/cms/SignedData;)V", "getMemberIdBundle$veraid", "()Ltech/relaycorp/veraid/pki/MemberIdBundle;", "getSignedData$veraid", "()Ltech/relaycorp/veraid/utils/cms/SignedData;", "getSignatureMetadata", "Ltech/relaycorp/veraid/SignatureMetadata;", "serialise", "", "verify", "Ltech/relaycorp/veraid/SignatureBundleVerification;", "plaintext", "serviceOid", "", "date", "Ljava/time/ZonedDateTime;", "([BLjava/lang/String;Ljava/time/ZonedDateTime;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "datePeriod", "Lkotlin/ranges/ClosedRange;", "Ltech/relaycorp/veraid/DatePeriod;", "([BLjava/lang/String;Lkotlin/ranges/ClosedRange;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "Companion", "veraid"})
/* loaded from: input_file:tech/relaycorp/veraid/SignatureBundle.class */
public final class SignatureBundle {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private final MemberIdBundle memberIdBundle;

    @NotNull
    private final SignedData signedData;

    /* compiled from: SignatureBundle.kt */
    @Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��:\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0010\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u0006H\u0007JD\u0010\u0007\u001a\u00020\u00042\u0006\u0010\b\u001a\u00020\u00062\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\b\b\u0002\u0010\u0011\u001a\u00020\u00102\b\b\u0002\u0010\u0012\u001a\u00020\u0013H\u0007¨\u0006\u0014"}, d2 = {"Ltech/relaycorp/veraid/SignatureBundle$Companion;", "", "()V", "deserialise", "Ltech/relaycorp/veraid/SignatureBundle;", "serialisation", "", "generate", "plaintext", "serviceOid", "", "memberIdBundle", "Ltech/relaycorp/veraid/pki/MemberIdBundle;", "signingKey", "Ljava/security/PrivateKey;", "expiryDate", "Ljava/time/ZonedDateTime;", "startDate", "encapsulatePlaintext", "", "veraid"})
    /* loaded from: input_file:tech/relaycorp/veraid/SignatureBundle$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        @JvmStatic
        @NotNull
        public final SignatureBundle generate(@NotNull byte[] bArr, @NotNull String str, @NotNull MemberIdBundle memberIdBundle, @NotNull PrivateKey privateKey, @NotNull ZonedDateTime zonedDateTime, @NotNull ZonedDateTime zonedDateTime2, boolean z) throws SignatureException {
            Intrinsics.checkNotNullParameter(bArr, "plaintext");
            Intrinsics.checkNotNullParameter(str, "serviceOid");
            Intrinsics.checkNotNullParameter(memberIdBundle, "memberIdBundle");
            Intrinsics.checkNotNullParameter(privateKey, "signingKey");
            Intrinsics.checkNotNullParameter(zonedDateTime, "expiryDate");
            Intrinsics.checkNotNullParameter(zonedDateTime2, "startDate");
            return new SignatureBundle(memberIdBundle, SignedData.Companion.sign$default(SignedData.Companion, bArr, privateKey, memberIdBundle.getMemberCertificate$veraid(), SetsKt.setOf(new Certificate[]{memberIdBundle.getMemberCertificate$veraid(), memberIdBundle.getOrgCertificate$veraid()}), null, z, CollectionsKt.listOf(new Attribute(VeraidOids.INSTANCE.getSIGNATURE_METADATA_ATTR(), new DERSet(new SignatureMetadata(new ASN1ObjectIdentifier(str), RangesKt.rangeTo(zonedDateTime2, zonedDateTime)).encode()))), 16, null));
        }

        public static /* synthetic */ SignatureBundle generate$default(Companion companion, byte[] bArr, String str, MemberIdBundle memberIdBundle, PrivateKey privateKey, ZonedDateTime zonedDateTime, ZonedDateTime zonedDateTime2, boolean z, int i, Object obj) throws SignatureException {
            if ((i & 32) != 0) {
                ZonedDateTime now = ZonedDateTime.now();
                Intrinsics.checkNotNullExpressionValue(now, "now(...)");
                zonedDateTime2 = now;
            }
            if ((i & 64) != 0) {
                z = false;
            }
            return companion.generate(bArr, str, memberIdBundle, privateKey, zonedDateTime, zonedDateTime2, z);
        }

        @JvmStatic
        @NotNull
        public final SignatureBundle deserialise(@NotNull byte[] bArr) throws SignatureException {
            Intrinsics.checkNotNullParameter(bArr, "serialisation");
            try {
                ASN1TaggedObject[] deserializeHeterogeneousSequence = ASN1Utils.INSTANCE.deserializeHeterogeneousSequence(bArr);
                if (deserializeHeterogeneousSequence.length < 4) {
                    throw new SignatureException("Signature bundle should have at least 4 items", null, 2, null);
                }
                try {
                    OrgCertificate decode$veraid = OrgCertificate.Companion.decode$veraid(deserializeHeterogeneousSequence[2]);
                    try {
                        DnssecChain decode$veraid2 = DnssecChain.Companion.decode$veraid(decode$veraid.getCommonName$veraid(), deserializeHeterogeneousSequence[1]);
                        try {
                            SignedData decode = SignedData.Companion.decode(deserializeHeterogeneousSequence[3]);
                            Certificate signerCertificate = decode.getSignerCertificate();
                            if (signerCertificate == null) {
                                throw new SignatureException("SignedData should have signer certificate attached", null, 2, null);
                            }
                            return new SignatureBundle(new MemberIdBundle(decode$veraid2, decode$veraid, new MemberCertificate(signerCertificate.getCertificateHolder$veraid())), decode);
                        } catch (SignedDataException e) {
                            throw new SignatureException("SignedData is malformed", e);
                        }
                    } catch (InvalidChainException e2) {
                        throw new SignatureException("VeraId DNSSEC chain is malformed", e2);
                    }
                } catch (CertificateException e3) {
                    throw new SignatureException("Organisation certificate is malformed", e3);
                }
            } catch (ASN1Exception e4) {
                throw new SignatureException("Signature bundle should be a SEQUENCE", e4);
            }
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public SignatureBundle(@NotNull MemberIdBundle memberIdBundle, @NotNull SignedData signedData) {
        Intrinsics.checkNotNullParameter(memberIdBundle, "memberIdBundle");
        Intrinsics.checkNotNullParameter(signedData, "signedData");
        this.memberIdBundle = memberIdBundle;
        this.signedData = signedData;
    }

    @NotNull
    public final MemberIdBundle getMemberIdBundle$veraid() {
        return this.memberIdBundle;
    }

    @NotNull
    public final SignedData getSignedData$veraid() {
        return this.signedData;
    }

    @NotNull
    public final byte[] serialise() {
        return ASN1Utils.INSTANCE.serializeSequence(CollectionsKt.listOf(new ASN1Object[]{new ASN1Integer(0L), this.memberIdBundle.getDnssecChain$veraid().encode$veraid(), this.memberIdBundle.getOrgCertificate$veraid().encode$veraid(), this.signedData.encode()}), false);
    }

    @Nullable
    public final Object verify(@Nullable byte[] bArr, @NotNull String str, @NotNull ZonedDateTime zonedDateTime, @NotNull Continuation<? super SignatureBundleVerification> continuation) {
        return verify(bArr, str, RangesKt.rangeTo(zonedDateTime, zonedDateTime), continuation);
    }

    /* JADX WARN: Removed duplicated region for block: B:35:0x0179  */
    /* JADX WARN: Removed duplicated region for block: B:43:0x0132  */
    /* JADX WARN: Removed duplicated region for block: B:45:0x0184  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x005c  */
    @org.jetbrains.annotations.Nullable
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.Object verify(@org.jetbrains.annotations.Nullable byte[] r8, @org.jetbrains.annotations.NotNull java.lang.String r9, @org.jetbrains.annotations.Nullable kotlin.ranges.ClosedRange<java.time.ZonedDateTime> r10, @org.jetbrains.annotations.NotNull kotlin.coroutines.Continuation<? super tech.relaycorp.veraid.SignatureBundleVerification> r11) {
        /*
            Method dump skipped, instructions count: 398
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: tech.relaycorp.veraid.SignatureBundle.verify(byte[], java.lang.String, kotlin.ranges.ClosedRange, kotlin.coroutines.Continuation):java.lang.Object");
    }

    public static /* synthetic */ Object verify$default(SignatureBundle signatureBundle, byte[] bArr, String str, ClosedRange closedRange, Continuation continuation, int i, Object obj) {
        if ((i & 4) != 0) {
            closedRange = null;
        }
        return signatureBundle.verify(bArr, str, (ClosedRange<ZonedDateTime>) closedRange, (Continuation<? super SignatureBundleVerification>) continuation);
    }

    private final SignatureMetadata getSignatureMetadata() {
        AttributeTable signedAttrs = this.signedData.getSignedAttrs();
        Attribute attribute = signedAttrs != null ? signedAttrs.get(VeraidOids.INSTANCE.getSIGNATURE_METADATA_ATTR()) : null;
        if (attribute == null) {
            throw new SignatureException("SignedData should have VeraId metadata attribute", null, 2, null);
        }
        if (attribute.getAttrValues().size() == 0) {
            throw new SignatureException("Metadata attribute should have at least one value", null, 2, null);
        }
        ASN1Encodable objectAt = attribute.getAttrValues().getObjectAt(0);
        try {
            SignatureMetadata.Companion companion = SignatureMetadata.Companion;
            Intrinsics.checkNotNull(objectAt);
            return companion.decode(objectAt);
        } catch (SignatureException e) {
            throw new SignatureException("Metadata attribute is malformed", e);
        }
    }

    @JvmStatic
    @NotNull
    public static final SignatureBundle generate(@NotNull byte[] bArr, @NotNull String str, @NotNull MemberIdBundle memberIdBundle, @NotNull PrivateKey privateKey, @NotNull ZonedDateTime zonedDateTime, @NotNull ZonedDateTime zonedDateTime2, boolean z) throws SignatureException {
        return Companion.generate(bArr, str, memberIdBundle, privateKey, zonedDateTime, zonedDateTime2, z);
    }

    @JvmStatic
    @NotNull
    public static final SignatureBundle deserialise(@NotNull byte[] bArr) throws SignatureException {
        return Companion.deserialise(bArr);
    }
}
