package net.corda.cipher.suite.internal;

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.ArraysKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import net.corda.cipher.suite.internal.schemes.SignatureInstances;
import net.corda.crypto.internal.BasicCachedKey;
import net.corda.crypto.internal.BasicKeyCache;
import net.corda.crypto.internal.WrappingKey;
import net.corda.v5.base.util.KotlinUtilsKt;
import net.corda.v5.cipher.suite.CipherSchemeMetadata;
import net.corda.v5.cipher.suite.CryptoService;
import net.corda.v5.cipher.suite.KeyEncodingService;
import net.corda.v5.cipher.suite.WrappedKeyPair;
import net.corda.v5.cipher.suite.WrappedPrivateKey;
import net.corda.v5.crypto.exceptions.CryptoServiceBadRequestException;
import net.corda.v5.crypto.exceptions.CryptoServiceException;
import net.corda.v5.crypto.internal.SignatureScheme;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;

/* compiled from: BasicCryptoService.kt */
@Metadata(mv = {1, 4, 1}, bv = {1, 0, 3}, k = 1, d1 = {"��l\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000b\n��\n\u0002\u0010\u000e\n��\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0010\u0012\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0016\u0018�� /2\u00020\u0001:\u0001/B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0010\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0016J\u0018\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00122\u0006\u0010\u0016\u001a\u00020\u0010H\u0016J \u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0019\u001a\u00020\u00182\u0006\u0010\u001a\u001a\u00020\u000bH\u0002J(\u0010\u001b\u001a\u00020\u00182\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0019\u001a\u00020\u00182\u0006\u0010\u001a\u001a\u00020\u000b2\u0006\u0010\u001c\u001a\u00020\u0012H\u0002J\u0012\u0010\u001d\u001a\u0004\u0018\u00010\u001e2\u0006\u0010\u0011\u001a\u00020\u0012H\u0016J\u0018\u0010\u001f\u001a\u00020\u001e2\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u001a\u001a\u00020\u000bH\u0016J\u0018\u0010 \u001a\u00020!2\u0006\u0010\u0015\u001a\u00020\u00122\u0006\u0010\"\u001a\u00020\u000bH\u0016J\u0010\u0010#\u001a\u00020\u00102\u0006\u0010$\u001a\u00020\u000bH\u0002J\u001e\u0010%\u001a\u00020\u00142\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010&\u001a\u00020'2\u0006\u0010\u001a\u001a\u00020\u000bJ\u0010\u0010(\u001a\u00020)2\u0006\u0010\u001a\u001a\u00020\u000bH\u0002J\b\u0010*\u001a\u00020\u0010H\u0016J \u0010+\u001a\u00020\u00182\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0019\u001a\u00020\u00182\u0006\u0010\u001a\u001a\u00020\u000bH\u0016J*\u0010+\u001a\u00020\u00182\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0019\u001a\u00020\u00182\u0006\u0010\u001a\u001a\u00020\u000b2\b\u0010\u001c\u001a\u0004\u0018\u00010\u0012H\u0016J\u0018\u0010+\u001a\u00020\u00182\u0006\u0010,\u001a\u00020-2\u0006\u0010\u0019\u001a\u00020\u0018H\u0016J\u0013\u0010\t\u001a\b\u0012\u0004\u0012\u00020\u000b0\nH\u0016¢\u0006\u0002\u0010\rJ\u0013\u0010.\u001a\b\u0012\u0004\u0012\u00020\u000b0\nH\u0016¢\u0006\u0002\u0010\rR\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n��R\u001c\u0010\t\u001a\b\u0012\u0004\u0012\u00020\u000b0\nX\u0094\u0004¢\u0006\n\n\u0002\u0010\u000e\u001a\u0004\b\f\u0010\r¨\u00060"}, d2 = {"Lnet/corda/cipher/suite/internal/BasicCryptoService;", "Lnet/corda/v5/cipher/suite/CryptoService;", "cache", "Lnet/corda/crypto/internal/BasicKeyCache;", "schemeMetadata", "Lnet/corda/v5/cipher/suite/CipherSchemeMetadata;", "(Lnet/corda/crypto/internal/BasicKeyCache;Lnet/corda/v5/cipher/suite/CipherSchemeMetadata;)V", "signatureInstances", "Lnet/corda/cipher/suite/internal/schemes/SignatureInstances;", "supportedSchemes", "", "Lnet/corda/v5/crypto/internal/SignatureScheme;", "getSupportedSchemes", "()[Lnet/corda/v5/crypto/internal/SignatureScheme;", "[Lnet/corda/v5/crypto/internal/SignatureScheme;", "containsKey", "", "alias", "", "createWrappingKey", "", "masterKeyAlias", "failIfExists", "doSign", "", "data", "scheme", "doSignWithAlgorithm", "signAlgorithm", "findPublicKey", "Ljava/security/PublicKey;", "generateKeyPair", "generateWrappedKeyPair", "Lnet/corda/v5/cipher/suite/WrappedKeyPair;", "wrappedKeyScheme", "isSupported", "signatureScheme", "persistKeyPair", "keyPair", "Ljava/security/KeyPair;", "provider", "Ljava/security/Provider;", "requiresWrappingKey", "sign", "wrappedKey", "Lnet/corda/v5/cipher/suite/WrappedPrivateKey;", "supportedWrappingSchemes", "Companion", "crypto-impl"})
/* loaded from: input_file:net/corda/cipher/suite/internal/BasicCryptoService.class */
public class BasicCryptoService implements CryptoService {
    private final SignatureInstances signatureInstances;

    @NotNull
    private final SignatureScheme[] supportedSchemes;
    private final BasicKeyCache cache;
    private final CipherSchemeMetadata schemeMetadata;

    @NotNull
    public static final Companion Companion = new Companion(null);
    private static final Logger logger = KotlinUtilsKt.contextLogger(Companion);

    /* compiled from: BasicCryptoService.kt */
    @Metadata(mv = {1, 4, 1}, bv = {1, 0, 3}, k = 1, d1 = {"��\u0012\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0005"}, d2 = {"Lnet/corda/cipher/suite/internal/BasicCryptoService$Companion;", "", "()V", "logger", "Lorg/slf4j/Logger;", "crypto-impl"})
    /* loaded from: input_file:net/corda/cipher/suite/internal/BasicCryptoService$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @NotNull
    protected SignatureScheme[] getSupportedSchemes() {
        return this.supportedSchemes;
    }

    public boolean requiresWrappingKey() {
        return true;
    }

    @NotNull
    public SignatureScheme[] supportedSchemes() {
        return getSupportedSchemes();
    }

    @NotNull
    public SignatureScheme[] supportedWrappingSchemes() {
        return supportedSchemes();
    }

    public boolean containsKey(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "alias");
        return this.cache.find(str) != null;
    }

    @Nullable
    public PublicKey findPublicKey(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "alias");
        BasicCachedKey find = this.cache.find(str);
        if (find != null) {
            return find.getPublicKey();
        }
        return null;
    }

    public void createWrappingKey(@NotNull String str, boolean z) {
        Intrinsics.checkNotNullParameter(str, "masterKeyAlias");
        if (this.cache.find(str) != null) {
            if (z) {
                throw new CryptoServiceBadRequestException("There is an existing key with the alias: " + str);
            }
            if (z) {
                throw new NoWhenBranchMatchedException();
            }
            return;
        }
        try {
            this.cache.save(str, WrappingKey.Companion.createWrappingKey((KeyEncodingService) this.schemeMetadata));
        } catch (Exception e) {
            throw new CryptoServiceException("Failed create wrapping key with alias " + str, e);
        } catch (CryptoServiceException e2) {
            throw e2;
        }
    }

    @NotNull
    public PublicKey generateKeyPair(@NotNull String str, @NotNull SignatureScheme signatureScheme) {
        Intrinsics.checkNotNullParameter(str, "alias");
        Intrinsics.checkNotNullParameter(signatureScheme, "scheme");
        logger.debug("BasicCryptoService.generateKeyPair(alias={}, scheme={})", str, signatureScheme);
        if (!isSupported(signatureScheme)) {
            throw new CryptoServiceBadRequestException("Unsupported signature scheme: " + signatureScheme.getSchemeCodeName());
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(signatureScheme.getAlgorithmName(), provider(signatureScheme));
            if (signatureScheme.getAlgSpec() != null) {
                keyPairGenerator.initialize(signatureScheme.getAlgSpec(), this.schemeMetadata.getSecureRandom());
            } else {
                Integer keySize = signatureScheme.getKeySize();
                Intrinsics.checkNotNull(keySize);
                keyPairGenerator.initialize(keySize.intValue(), this.schemeMetadata.getSecureRandom());
            }
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            BasicKeyCache basicKeyCache = this.cache;
            Intrinsics.checkNotNullExpressionValue(generateKeyPair, "keyPair");
            basicKeyCache.save(str, generateKeyPair, signatureScheme);
            PublicKey publicKey = generateKeyPair.getPublic();
            Intrinsics.checkNotNullExpressionValue(publicKey, "keyPair.public");
            return publicKey;
        } catch (CryptoServiceException e) {
            throw e;
        } catch (Exception e2) {
            throw new CryptoServiceException("Cannot generate key for alias " + str + " and signature scheme " + signatureScheme.getSchemeCodeName(), e2);
        }
    }

    @NotNull
    public WrappedKeyPair generateWrappedKeyPair(@NotNull String str, @NotNull SignatureScheme signatureScheme) {
        WrappingKey wrappingKey;
        Intrinsics.checkNotNullParameter(str, "masterKeyAlias");
        Intrinsics.checkNotNullParameter(signatureScheme, "wrappedKeyScheme");
        logger.debug("BasicCryptoService.wrappedKeyScheme(wrappedKeyScheme={})", signatureScheme);
        if (!isSupported(signatureScheme)) {
            throw new CryptoServiceBadRequestException("Unsupported signature scheme: " + signatureScheme.getSchemeCodeName());
        }
        BasicCachedKey find = this.cache.find(str);
        if (find == null || (wrappingKey = find.getWrappingKey()) == null) {
            throw new CryptoServiceBadRequestException("The " + str + " is not created yet.");
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(signatureScheme.getAlgorithmName(), provider(signatureScheme));
            if (signatureScheme.getAlgSpec() != null) {
                keyPairGenerator.initialize(signatureScheme.getAlgSpec(), this.schemeMetadata.getSecureRandom());
            } else {
                Integer keySize = signatureScheme.getKeySize();
                Intrinsics.checkNotNull(keySize);
                keyPairGenerator.initialize(keySize.intValue(), this.schemeMetadata.getSecureRandom());
            }
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Intrinsics.checkNotNullExpressionValue(generateKeyPair, "keyPair");
            PrivateKey privateKey = generateKeyPair.getPrivate();
            Intrinsics.checkNotNullExpressionValue(privateKey, "keyPair.private");
            byte[] wrap = wrappingKey.wrap(privateKey);
            PublicKey publicKey = generateKeyPair.getPublic();
            Intrinsics.checkNotNullExpressionValue(publicKey, "keyPair.public");
            return new WrappedKeyPair(publicKey, wrap, 1);
        } catch (CryptoServiceException e) {
            throw e;
        } catch (Exception e2) {
            throw new CryptoServiceException("Cannot generate wrapped key pair with scheme: " + signatureScheme.getSchemeCodeName(), e2);
        }
    }

    @NotNull
    public byte[] sign(@NotNull String str, @NotNull byte[] bArr, @NotNull SignatureScheme signatureScheme, @Nullable String str2) {
        Intrinsics.checkNotNullParameter(str, "alias");
        Intrinsics.checkNotNullParameter(bArr, "data");
        Intrinsics.checkNotNullParameter(signatureScheme, "scheme");
        String str3 = str2;
        if (str3 == null) {
            str3 = "Null";
        }
        logger.debug("BasicCryptoService.sign(alias={}, sign_algorithm={})", str, str3);
        try {
            return str2 == null ? doSign(str, bArr, signatureScheme) : doSignWithAlgorithm(str, bArr, signatureScheme, str2);
        } catch (Exception e) {
            throw new CryptoServiceException("Cannot sign using the key with alias " + str, e);
        } catch (CryptoServiceException e2) {
            throw e2;
        }
    }

    @NotNull
    public byte[] sign(@NotNull String str, @NotNull byte[] bArr, @NotNull SignatureScheme signatureScheme) {
        Intrinsics.checkNotNullParameter(str, "alias");
        Intrinsics.checkNotNullParameter(bArr, "data");
        Intrinsics.checkNotNullParameter(signatureScheme, "scheme");
        return sign(str, bArr, signatureScheme, null);
    }

    @NotNull
    public byte[] sign(@NotNull WrappedPrivateKey wrappedPrivateKey, @NotNull byte[] bArr) {
        WrappingKey wrappingKey;
        Intrinsics.checkNotNullParameter(wrappedPrivateKey, "wrappedKey");
        Intrinsics.checkNotNullParameter(bArr, "data");
        logger.debug("BasicCryptoService.sign(wrappedKey)");
        BasicCachedKey find = this.cache.find(wrappedPrivateKey.getMasterKeyAlias());
        if (find == null || (wrappingKey = find.getWrappingKey()) == null) {
            throw new CryptoServiceBadRequestException("The " + wrappedPrivateKey.getMasterKeyAlias() + " is not created yet.");
        }
        if (bArr.length == 0) {
            throw new CryptoServiceBadRequestException("Signing of an empty array is not permitted.");
        }
        try {
            PrivateKey unwrap = wrappingKey.unwrap(wrappedPrivateKey.getKeyMaterial(), wrappedPrivateKey.getSignatureScheme().getAlgorithmName());
            Signature signatureInstance = this.signatureInstances.getSignatureInstance(wrappedPrivateKey.getSignatureScheme().getSignatureName(), provider(wrappedPrivateKey.getSignatureScheme()));
            signatureInstance.initSign(unwrap, this.schemeMetadata.getSecureRandom());
            signatureInstance.update(bArr);
            byte[] sign = signatureInstance.sign();
            Intrinsics.checkNotNullExpressionValue(sign, "signature.sign()");
            return sign;
        } catch (CryptoServiceException e) {
            throw e;
        } catch (Exception e2) {
            throw new CryptoServiceException("Cannot sign using the key with wrapped private key", e2);
        }
    }

    private final boolean isSupported(SignatureScheme signatureScheme) {
        return ArraysKt.contains(getSupportedSchemes(), signatureScheme);
    }

    private final byte[] doSignWithAlgorithm(String str, byte[] bArr, SignatureScheme signatureScheme, String str2) {
        PrivateKey privateKey;
        BasicCachedKey find = this.cache.find(str);
        if (find == null || (privateKey = find.getPrivateKey()) == null) {
            throw new CryptoServiceBadRequestException("Unable to sign: There is no private key under the alias: " + str);
        }
        Signature signature = Signature.getInstance(str2, provider(signatureScheme));
        signature.initSign(privateKey, this.schemeMetadata.getSecureRandom());
        signature.update(bArr);
        byte[] sign = signature.sign();
        Intrinsics.checkNotNullExpressionValue(sign, "signature.sign()");
        return sign;
    }

    private final byte[] doSign(String str, final byte[] bArr, final SignatureScheme signatureScheme) {
        final PrivateKey privateKey;
        BasicCachedKey find = this.cache.find(str);
        if (find == null || (privateKey = find.getPrivateKey()) == null) {
            throw new CryptoServiceBadRequestException("Unable to sign: There is no private key under the alias: " + str);
        }
        if (!isSupported(signatureScheme)) {
            throw new CryptoServiceBadRequestException("Unsupported signature scheme: " + signatureScheme.getSchemeCodeName());
        }
        if (bArr.length == 0) {
            throw new CryptoServiceBadRequestException("Signing of an empty array is not permitted.");
        }
        Object withSignature = this.signatureInstances.withSignature(signatureScheme, new Function1<Signature, byte[]>() { // from class: net.corda.cipher.suite.internal.BasicCryptoService$doSign$1
            public final byte[] invoke(@NotNull Signature signature) {
                CipherSchemeMetadata cipherSchemeMetadata;
                Intrinsics.checkNotNullParameter(signature, "signature");
                if (StringsKt.equals(signatureScheme.getAlgorithmName(), "RSA", true) || Intrinsics.areEqual(signatureScheme.getAlgorithmName(), "1.3.101.112") || StringsKt.equals(signatureScheme.getAlgorithmName(), "EdDSA", true)) {
                    signature.initSign(privateKey);
                } else {
                    PrivateKey privateKey2 = privateKey;
                    cipherSchemeMetadata = BasicCryptoService.this.schemeMetadata;
                    signature.initSign(privateKey2, cipherSchemeMetadata.getSecureRandom());
                }
                signature.update(bArr);
                return signature.sign();
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }
        });
        Intrinsics.checkNotNullExpressionValue(withSignature, "signatureInstances.withS…ignature.sign()\n        }");
        return (byte[]) withSignature;
    }

    public final void persistKeyPair(@NotNull String str, @NotNull KeyPair keyPair, @NotNull SignatureScheme signatureScheme) {
        Intrinsics.checkNotNullParameter(str, "alias");
        Intrinsics.checkNotNullParameter(keyPair, "keyPair");
        Intrinsics.checkNotNullParameter(signatureScheme, "scheme");
        this.cache.save(str, keyPair, signatureScheme);
    }

    private final Provider provider(SignatureScheme signatureScheme) {
        return (Provider) MapsKt.getValue(this.schemeMetadata.getProviders(), signatureScheme.getProviderName());
    }

    public BasicCryptoService(@NotNull BasicKeyCache basicKeyCache, @NotNull CipherSchemeMetadata cipherSchemeMetadata) {
        Intrinsics.checkNotNullParameter(basicKeyCache, "cache");
        Intrinsics.checkNotNullParameter(cipherSchemeMetadata, "schemeMetadata");
        this.cache = basicKeyCache;
        this.schemeMetadata = cipherSchemeMetadata;
        this.signatureInstances = new SignatureInstances(this.schemeMetadata.getProviders());
        this.supportedSchemes = this.schemeMetadata.getSchemes();
    }
}
