package net.corda.cipher.suite.impl;

import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import kotlin.Metadata;
import kotlin.collections.MapsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import net.corda.crypto.cipher.suite.CipherSchemeMetadata;
import net.corda.crypto.cipher.suite.CustomSignatureSpec;
import net.corda.crypto.cipher.suite.SignatureSpecUtils;
import net.corda.crypto.cipher.suite.SignatureVerificationService;
import net.corda.crypto.cipher.suite.schemes.KeyScheme;
import net.corda.crypto.impl.SignatureInstances;
import net.corda.crypto.impl.SignatureSpecUtilsKt;
import net.corda.sandbox.type.UsedByFlow;
import net.corda.sandbox.type.UsedByPersistence;
import net.corda.sandbox.type.UsedByVerification;
import net.corda.v5.application.crypto.DigestService;
import net.corda.v5.base.util.KotlinUtils;
import net.corda.v5.crypto.DigestAlgorithmName;
import net.corda.v5.crypto.PublicKeyUtils;
import net.corda.v5.crypto.SignatureSpec;
import net.corda.v5.crypto.exceptions.CryptoSignatureException;
import net.corda.v5.serialization.SingletonSerializeAsToken;
import org.jetbrains.annotations.NotNull;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ServiceScope;
import org.slf4j.Logger;

/* compiled from: SignatureVerificationServiceImpl.kt */
@Metadata(mv = {1, 7, 1}, k = 1, xi = 48, d1 = {"��\\\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n\u0002\b\u0002\b\u0007\u0018�� \u001c2\u00020\u00012\u00020\u00022\u00020\u00032\u00020\u00042\u00020\u0005:\u0001\u001cB\u001b\b\u0007\u0012\b\b\u0001\u0010\u0006\u001a\u00020\u0007\u0012\b\b\u0001\u0010\b\u001a\u00020\t¢\u0006\u0002\u0010\nJ0\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0016H\u0002J(\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0016H\u0016J(\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0016H\u0016J(\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0016H\u0016J(\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0016H\u0016R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u000b\u001a\u00020\fX\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001d"}, d2 = {"Lnet/corda/cipher/suite/impl/SignatureVerificationServiceImpl;", "Lnet/corda/crypto/cipher/suite/SignatureVerificationService;", "Lnet/corda/sandbox/type/UsedByFlow;", "Lnet/corda/sandbox/type/UsedByPersistence;", "Lnet/corda/sandbox/type/UsedByVerification;", "Lnet/corda/v5/serialization/SingletonSerializeAsToken;", "schemeMetadata", "Lnet/corda/crypto/cipher/suite/CipherSchemeMetadata;", "hashingService", "Lnet/corda/v5/application/crypto/DigestService;", "(Lnet/corda/crypto/cipher/suite/CipherSchemeMetadata;Lnet/corda/v5/application/crypto/DigestService;)V", "signatureInstances", "Lnet/corda/crypto/impl/SignatureInstances;", "isValid", "", "publicKey", "Ljava/security/PublicKey;", "scheme", "Lnet/corda/crypto/cipher/suite/schemes/KeyScheme;", "signatureSpec", "Lnet/corda/v5/crypto/SignatureSpec;", "signatureData", "", "clearData", "digest", "Lnet/corda/v5/crypto/DigestAlgorithmName;", "verify", "", "Companion", "cipher-suite-impl"})
@Component(service = {SignatureVerificationService.class, UsedByFlow.class, UsedByPersistence.class, UsedByVerification.class}, scope = ServiceScope.PROTOTYPE)
/* loaded from: input_file:net/corda/cipher/suite/impl/SignatureVerificationServiceImpl.class */
public final class SignatureVerificationServiceImpl implements SignatureVerificationService, UsedByFlow, UsedByPersistence, UsedByVerification, SingletonSerializeAsToken {

    @NotNull
    private final CipherSchemeMetadata schemeMetadata;

    @NotNull
    private final DigestService hashingService;

    @NotNull
    private final SignatureInstances signatureInstances;

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final Logger logger = KotlinUtils.contextLogger(Companion);

    /* compiled from: SignatureVerificationServiceImpl.kt */
    @Metadata(mv = {1, 7, 1}, k = 1, xi = 48, d1 = {"��\u0012\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0005"}, d2 = {"Lnet/corda/cipher/suite/impl/SignatureVerificationServiceImpl$Companion;", "", "()V", "logger", "Lorg/slf4j/Logger;", "cipher-suite-impl"})
    /* loaded from: input_file:net/corda/cipher/suite/impl/SignatureVerificationServiceImpl$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @Activate
    public SignatureVerificationServiceImpl(@Reference(service = CipherSchemeMetadata.class) @NotNull CipherSchemeMetadata cipherSchemeMetadata, @Reference(service = DigestService.class) @NotNull DigestService digestService) {
        Intrinsics.checkNotNullParameter(cipherSchemeMetadata, "schemeMetadata");
        Intrinsics.checkNotNullParameter(digestService, "hashingService");
        this.schemeMetadata = cipherSchemeMetadata;
        this.hashingService = digestService;
        this.signatureInstances = new SignatureInstances(this.schemeMetadata.getProviders());
    }

    public void verify(@NotNull PublicKey publicKey, @NotNull SignatureSpec signatureSpec, @NotNull byte[] bArr, @NotNull byte[] bArr2) {
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        Intrinsics.checkNotNullParameter(signatureSpec, "signatureSpec");
        Intrinsics.checkNotNullParameter(bArr, "signatureData");
        Intrinsics.checkNotNullParameter(bArr2, "clearData");
        Logger logger2 = logger;
        if (logger2.isDebugEnabled()) {
            logger2.debug("verify(publicKey=" + PublicKeyUtils.publicKeyId(publicKey) + ",signatureSpec=" + signatureSpec.getSignatureName() + ")");
        }
        try {
            if (!isValid(publicKey, this.schemeMetadata.findKeyScheme(publicKey), signatureSpec, bArr, bArr2)) {
                throw new CryptoSignatureException("Signature Verification failed!");
            }
        } catch (RuntimeException e) {
            throw e;
        } catch (Throwable th) {
            throw new CryptoSignatureException("Signature Verification failed!", th);
        }
    }

    public void verify(@NotNull PublicKey publicKey, @NotNull DigestAlgorithmName digestAlgorithmName, @NotNull byte[] bArr, @NotNull byte[] bArr2) {
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        Intrinsics.checkNotNullParameter(digestAlgorithmName, "digest");
        Intrinsics.checkNotNullParameter(bArr, "signatureData");
        Intrinsics.checkNotNullParameter(bArr2, "clearData");
        Logger logger2 = logger;
        if (logger2.isDebugEnabled()) {
            logger2.debug("verify(publicKey=" + PublicKeyUtils.publicKeyId(publicKey) + ",digest=" + digestAlgorithmName.getName() + ")");
        }
        SignatureSpec inferSignatureSpec = this.schemeMetadata.inferSignatureSpec(publicKey, digestAlgorithmName);
        if (!(inferSignatureSpec != null)) {
            throw new IllegalArgumentException(("Failed to infer the signature spec for key=" + PublicKeyUtils.publicKeyId(publicKey) + "  (" + this.schemeMetadata.findKeyScheme(publicKey).getCodeName() + ":" + digestAlgorithmName.getName() + ")").toString());
        }
        try {
            if (!isValid(publicKey, this.schemeMetadata.findKeyScheme(publicKey), inferSignatureSpec, bArr, bArr2)) {
                throw new CryptoSignatureException("Signature Verification failed!");
            }
        } catch (RuntimeException e) {
            throw e;
        } catch (Throwable th) {
            throw new CryptoSignatureException("Signature Verification failed!", th);
        }
    }

    public boolean isValid(@NotNull PublicKey publicKey, @NotNull SignatureSpec signatureSpec, @NotNull byte[] bArr, @NotNull byte[] bArr2) {
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        Intrinsics.checkNotNullParameter(signatureSpec, "signatureSpec");
        Intrinsics.checkNotNullParameter(bArr, "signatureData");
        Intrinsics.checkNotNullParameter(bArr2, "clearData");
        Logger logger2 = logger;
        if (logger2.isDebugEnabled()) {
            logger2.debug("isValid(publicKey=" + PublicKeyUtils.publicKeyId(publicKey) + ",signatureSpec=" + signatureSpec.getSignatureName() + ")");
        }
        return isValid(publicKey, this.schemeMetadata.findKeyScheme(publicKey), signatureSpec, bArr, bArr2);
    }

    public boolean isValid(@NotNull PublicKey publicKey, @NotNull DigestAlgorithmName digestAlgorithmName, @NotNull byte[] bArr, @NotNull byte[] bArr2) {
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        Intrinsics.checkNotNullParameter(digestAlgorithmName, "digest");
        Intrinsics.checkNotNullParameter(bArr, "signatureData");
        Intrinsics.checkNotNullParameter(bArr2, "clearData");
        Logger logger2 = logger;
        if (logger2.isDebugEnabled()) {
            logger2.debug("isValid(publicKey=" + PublicKeyUtils.publicKeyId(publicKey) + ",digest=" + digestAlgorithmName.getName() + ")");
        }
        SignatureSpec inferSignatureSpec = this.schemeMetadata.inferSignatureSpec(publicKey, digestAlgorithmName);
        if (inferSignatureSpec != null) {
            return isValid(publicKey, this.schemeMetadata.findKeyScheme(publicKey), inferSignatureSpec, bArr, bArr2);
        }
        throw new IllegalArgumentException(("Failed to infer the signature spec for key=" + PublicKeyUtils.publicKeyId(publicKey) + "  (" + this.schemeMetadata.findKeyScheme(publicKey).getCodeName() + ":" + digestAlgorithmName.getName() + ")").toString());
    }

    private final boolean isValid(final PublicKey publicKey, KeyScheme keyScheme, final SignatureSpec signatureSpec, final byte[] bArr, byte[] bArr2) {
        if (!this.schemeMetadata.getSchemes().contains(keyScheme)) {
            throw new IllegalArgumentException(("Unsupported key/algorithm for codeName: " + keyScheme.getCodeName()).toString());
        }
        if (!(!(bArr.length == 0))) {
            throw new IllegalArgumentException("Signature data is empty!".toString());
        }
        if (!(!(bArr2.length == 0))) {
            throw new IllegalArgumentException("Clear data is empty, nothing to verify!".toString());
        }
        final byte[] signingData = SignatureSpecUtilsKt.getSigningData(signatureSpec, this.hashingService, bArr2);
        if (!(signatureSpec instanceof CustomSignatureSpec) || !Intrinsics.areEqual(keyScheme.getAlgorithmName(), "RSA")) {
            return ((Boolean) this.signatureInstances.withSignature(keyScheme, signatureSpec, new Function1<Signature, Boolean>() { // from class: net.corda.cipher.suite.impl.SignatureVerificationServiceImpl$isValid$7
                /* JADX INFO: Access modifiers changed from: package-private */
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(1);
                }

                @NotNull
                public final Boolean invoke(@NotNull Signature signature) {
                    Intrinsics.checkNotNullParameter(signature, "signature");
                    AlgorithmParameterSpec paramsSafely = SignatureSpecUtils.getParamsSafely(signatureSpec);
                    if (paramsSafely != null) {
                        signature.setParameter(paramsSafely);
                    }
                    signature.initVerify(publicKey);
                    signature.update(signingData);
                    return Boolean.valueOf(signature.verify(bArr));
                }
            })).booleanValue();
        }
        Cipher cipher = Cipher.getInstance(signatureSpec.getSignatureName(), (Provider) MapsKt.getValue(this.schemeMetadata.getProviders(), keyScheme.getProviderName()));
        cipher.init(2, publicKey);
        return Arrays.equals(cipher.doFinal(bArr), signingData);
    }
}
