package net.corda.nodeapi.internal.cryptoservice.bouncycastle;

import java.io.FileOutputStream;
import java.nio.file.Path;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.io.CloseableKt;
import kotlin.jvm.JvmField;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.test.AssertionsKt;
import kotlin.text.Charsets;
import net.corda.core.crypto.Crypto;
import net.corda.core.crypto.SignatureScheme;
import net.corda.core.crypto.internal.ProviderMapKt;
import net.corda.core.internal.PathUtilsKt;
import net.corda.core.utilities.KotlinUtilsKt;
import net.corda.coretesting.internal.stubs.CertificateStoreStubs;
import net.corda.nodeapi.internal.config.CertificateStoreSupplier;
import net.corda.nodeapi.internal.crypto.CertificateType;
import net.corda.nodeapi.internal.crypto.DevCertificatesTest;
import net.corda.nodeapi.internal.crypto.KeyStoreUtilities;
import net.corda.nodeapi.internal.crypto.X509Utilities;
import net.corda.nodeapi.internal.cryptoservice.CryptoService;
import net.corda.nodeapi.internal.cryptoservice.CryptoServiceException;
import net.corda.nodeapi.internal.cryptoservice.SignOnlyCryptoService;
import net.corda.nodeapi.internal.cryptoservice.WrappedPrivateKey;
import net.corda.nodeapi.internal.cryptoservice.WrappingMode;
import net.corda.testing.core.TestConstants;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.ThrowableAssert;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.jetbrains.annotations.NotNull;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;

/* compiled from: BCCryptoServiceTests.kt */
@Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��b\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0002\n\u0002\b\u0005\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\t\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000b\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n\u0002\b\u0003\u0018�� 62\u00020\u0001:\u00016B\u0005¢\u0006\u0002\u0010\u0002J\b\u0010\u0011\u001a\u00020\u0012H\u0007J\b\u0010\u0013\u001a\u00020\u0012H\u0007J\b\u0010\u0014\u001a\u00020\u0012H\u0007J\b\u0010\u0015\u001a\u00020\u0012H\u0007J\u0018\u0010\u0016\u001a\u00020\n2\u0006\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001aH\u0002J\b\u0010\u001b\u001a\u00020\u0012H\u0007J\b\u0010\u001c\u001a\u00020\u0012H\u0007J\b\u0010\u001d\u001a\u00020\u0012H\u0007J\b\u0010\u001e\u001a\u00020\u0012H\u0007J\b\u0010\u001f\u001a\u00020\u0012H\u0007J\b\u0010 \u001a\u00020\u0012H\u0007J\b\u0010!\u001a\u00020\u0012H\u0007J\u0018\u0010\"\u001a\u00020\u00122\u0006\u0010#\u001a\u00020$2\u0006\u0010%\u001a\u00020&H\u0002J$\u0010'\u001a\u00020\u00122\u0006\u0010#\u001a\u00020(2\u0006\u0010)\u001a\u00020\u00182\n\b\u0002\u0010*\u001a\u0004\u0018\u00010&H\u0002J\b\u0010+\u001a\u00020\u0012H\u0007J \u0010,\u001a\u00020-2\u0006\u0010.\u001a\u00020\u00182\u0006\u0010\u0017\u001a\u00020\u00182\u0006\u0010/\u001a\u00020\u0018H\u0002J(\u00100\u001a\u00020-2\u0006\u0010.\u001a\u00020\u00182\u0006\u00101\u001a\u0002022\u0006\u00103\u001a\u0002042\u0006\u00105\u001a\u000204H\u0002R\u001a\u0010\u0003\u001a\u00020\u0004X\u0086.¢\u0006\u000e\n��\u001a\u0004\b\u0005\u0010\u0006\"\u0004\b\u0007\u0010\bR\u000e\u0010\t\u001a\u00020\nX\u0082.¢\u0006\u0002\n��R\u0010\u0010\u000b\u001a\u00020\f8\u0006X\u0087\u0004¢\u0006\u0002\n��R\u0010\u0010\r\u001a\u00020\f8\u0006X\u0087\u0004¢\u0006\u0002\n��R\u001a\u0010\u000e\u001a\u00020\u0004X\u0086.¢\u0006\u000e\n��\u001a\u0004\b\u000f\u0010\u0006\"\u0004\b\u0010\u0010\b¨\u00067"}, d2 = {"Lnet/corda/nodeapi/internal/cryptoservice/bouncycastle/BCCryptoServiceTests;", "", "()V", "certificatesDirectory", "Ljava/nio/file/Path;", "getCertificatesDirectory", "()Ljava/nio/file/Path;", "setCertificatesDirectory", "(Ljava/nio/file/Path;)V", "signingCertificateStore", "Lnet/corda/nodeapi/internal/config/CertificateStoreSupplier;", "temporaryFolder", "Lorg/junit/rules/TemporaryFolder;", "temporaryKeystoreFolder", "wrappingKeyStorePath", "getWrappingKeyStorePath", "setWrappingKeyStorePath", "BCCryptoService generate key pair and sign both data and cert", "", "BCCryptoService generate key pair and sign with existing schemes", "BCCryptoService generate key pair and sign with passed signing algorithm", "When key does not exist getPublicKey, sign and getSigner should throw", "createKeystore", "alias", "", "keyPair", "Ljava/security/KeyPair;", "cryptoService can generate wrapped key pair and sign with the private key successfully", "cryptoService can generate wrapped key pair and sign with the private key successfully, using default algorithm", "cryptoService can sign with previously encoded version of wrapped key", "cryptoService does fail when requested to create same wrapping key twice with failIfExists is true", "cryptoService does not fail when requested to create same wrapping key twice with failIfExists is false", "cryptoService fails when asked to generate wrapped key pair or sign, but the master key specified does not exist", "cryptoService supports degraded mode of wrapping", "generateKeyAndSignForScheme", "cryptoService", "Lnet/corda/nodeapi/internal/cryptoservice/bouncycastle/BCCryptoService;", "signatureScheme", "Lnet/corda/core/crypto/SignatureScheme;", "generateWrappedKeyPairSignAndVerify", "Lnet/corda/nodeapi/internal/cryptoservice/CryptoService;", "wrappingKeyAlias", "algorithm", "setUp", "signAndVerify", "", "signAlgo", "keyTypeAlgo", "verify", "publicKey", "Ljava/security/PublicKey;", "signatureData", "", "clearData", "Companion", "node-api"})
/* loaded from: input_file:net/corda/nodeapi/internal/cryptoservice/bouncycastle/BCCryptoServiceTests.class */
public final class BCCryptoServiceTests {
    private CertificateStoreSupplier signingCertificateStore;

    @NotNull
    public Path certificatesDirectory;

    @NotNull
    public Path wrappingKeyStorePath;

    @NotNull
    private static final byte[] clearData;
    public static final Companion Companion = new Companion(null);

    @JvmField
    @Rule
    @NotNull
    public final TemporaryFolder temporaryFolder = new TemporaryFolder();

    @JvmField
    @Rule
    @NotNull
    public final TemporaryFolder temporaryKeystoreFolder = new TemporaryFolder();

    /* compiled from: BCCryptoServiceTests.kt */
    @Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��\u0014\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0003\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u0011\u0010\u0003\u001a\u00020\u0004¢\u0006\b\n��\u001a\u0004\b\u0005\u0010\u0006¨\u0006\u0007"}, d2 = {"Lnet/corda/nodeapi/internal/cryptoservice/bouncycastle/BCCryptoServiceTests$Companion;", "", "()V", "clearData", "", "getClearData", "()[B", "node-api"})
    /* loaded from: input_file:net/corda/nodeapi/internal/cryptoservice/bouncycastle/BCCryptoServiceTests$Companion.class */
    public static final class Companion {
        @NotNull
        public final byte[] getClearData() {
            return BCCryptoServiceTests.clearData;
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @NotNull
    public final Path getCertificatesDirectory() {
        Path path = this.certificatesDirectory;
        if (path == null) {
            Intrinsics.throwUninitializedPropertyAccessException("certificatesDirectory");
        }
        return path;
    }

    public final void setCertificatesDirectory(@NotNull Path path) {
        Intrinsics.checkParameterIsNotNull(path, "<set-?>");
        this.certificatesDirectory = path;
    }

    @NotNull
    public final Path getWrappingKeyStorePath() {
        Path path = this.wrappingKeyStorePath;
        if (path == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wrappingKeyStorePath");
        }
        return path;
    }

    public final void setWrappingKeyStorePath(@NotNull Path path) {
        Intrinsics.checkParameterIsNotNull(path, "<set-?>");
        this.wrappingKeyStorePath = path;
    }

    @Before
    public final void setUp() {
        Path path = this.temporaryFolder.getRoot().toPath();
        Intrinsics.checkExpressionValueIsNotNull(path, "baseDirectory");
        this.certificatesDirectory = PathUtilsKt.div(path, "certificates");
        CertificateStoreStubs.Signing.Companion companion = CertificateStoreStubs.Signing.Companion;
        Path path2 = this.certificatesDirectory;
        if (path2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("certificatesDirectory");
        }
        this.signingCertificateStore = CertificateStoreStubs.Signing.Companion.withCertificatesDirectory$default(companion, path2, (String) null, (String) null, (String) null, 14, (Object) null);
        Path path3 = this.certificatesDirectory;
        if (path3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("certificatesDirectory");
        }
        this.wrappingKeyStorePath = PathUtilsKt.div(path3, "wrappingkeystore.pkcs12");
    }

    @Test(timeout = 300000)
    /* renamed from: BCCryptoService generate key pair and sign both data and cert, reason: not valid java name */
    public final void m41BCCryptoServicegeneratekeypairandsignbothdataandcert() {
        X500Principal x500Principal = TestConstants.ALICE_NAME.getX500Principal();
        CertificateStoreSupplier certificateStoreSupplier = this.signingCertificateStore;
        if (certificateStoreSupplier == null) {
            Intrinsics.throwUninitializedPropertyAccessException("signingCertificateStore");
        }
        Path path = this.wrappingKeyStorePath;
        if (path == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wrappingKeyStorePath");
        }
        BCCryptoService bCCryptoService = new BCCryptoService(x500Principal, certificateStoreSupplier, path);
        List supportedSignatureSchemes = Crypto.supportedSignatureSchemes();
        ArrayList arrayList = new ArrayList();
        for (Object obj : supportedSignatureSchemes) {
            SignatureScheme signatureScheme = (SignatureScheme) obj;
            if ((Intrinsics.areEqual(signatureScheme, Crypto.COMPOSITE_KEY) ^ true) && (Intrinsics.areEqual(signatureScheme.getSignatureName(), "SHA512WITHSPHINCS256") ^ true)) {
                arrayList.add(obj);
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            generateKeyAndSignForScheme(bCCryptoService, (SignatureScheme) it.next());
        }
    }

    private final void generateKeyAndSignForScheme(final BCCryptoService bCCryptoService, SignatureScheme signatureScheme) {
        final String str = "signature" + signatureScheme.getSchemeNumberID();
        PublicKey generateKeyPair = bCCryptoService.generateKeyPair(str, signatureScheme);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$generateKeyAndSignForScheme$1
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m72invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m72invoke() {
                return bCCryptoService.containsKey(str);
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default(Crypto.doVerify(generateKeyPair, SignOnlyCryptoService.DefaultImpls.sign$default(bCCryptoService, str, clearData, (String) null, 4, (Object) null), clearData), (String) null, 2, (Object) null);
        ContentSigner signer = bCCryptoService.getSigner(str);
        X500Principal x500Principal = new X500Principal("CN=Test");
        X509Utilities x509Utilities = X509Utilities.INSTANCE;
        Duration duration = Duration.ZERO;
        Intrinsics.checkExpressionValueIsNotNull(duration, "Duration.ZERO");
        X509Certificate createCertificate$default = X509Utilities.createCertificate$default(X509Utilities.INSTANCE, CertificateType.CONFIDENTIAL_LEGAL_IDENTITY, x500Principal, generateKeyPair, signer, x500Principal, generateKeyPair, X509Utilities.getCertificateValidityWindow$default(x509Utilities, duration, KotlinUtilsKt.getDays(365), (X509Certificate) null, 4, (Object) null), (NameConstraints) null, (String) null, (X500Name) null, 896, (Object) null);
        createCertificate$default.checkValidity();
        createCertificate$default.verify(generateKeyPair);
    }

    @Test(timeout = 300000)
    /* renamed from: BCCryptoService generate key pair and sign with existing schemes, reason: not valid java name */
    public final void m42BCCryptoServicegeneratekeypairandsignwithexistingschemes() {
        X500Principal x500Principal = TestConstants.ALICE_NAME.getX500Principal();
        CertificateStoreSupplier certificateStoreSupplier = this.signingCertificateStore;
        if (certificateStoreSupplier == null) {
            Intrinsics.throwUninitializedPropertyAccessException("signingCertificateStore");
        }
        Path path = this.wrappingKeyStorePath;
        if (path == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wrappingKeyStorePath");
        }
        final BCCryptoService bCCryptoService = new BCCryptoService(x500Principal, certificateStoreSupplier, path);
        List supportedSignatureSchemes = Crypto.supportedSignatureSchemes();
        ArrayList<SignatureScheme> arrayList = new ArrayList();
        for (Object obj : supportedSignatureSchemes) {
            SignatureScheme signatureScheme = (SignatureScheme) obj;
            if ((Intrinsics.areEqual(signatureScheme, Crypto.COMPOSITE_KEY) ^ true) && (Intrinsics.areEqual(signatureScheme.getSignatureName(), "SHA512WITHSPHINCS256") ^ true)) {
                arrayList.add(obj);
            }
        }
        for (SignatureScheme signatureScheme2 : arrayList) {
            final String str = "signature" + signatureScheme2.getSchemeNumberID();
            PublicKey generateKeyPair = bCCryptoService.generateKeyPair(str, signatureScheme2);
            AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with existing schemes$$inlined$forEach$lambda$1
                /* JADX INFO: Access modifiers changed from: package-private */
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                public /* bridge */ /* synthetic */ Object invoke() {
                    return Boolean.valueOf(m53invoke());
                }

                /* renamed from: invoke, reason: collision with other method in class */
                public final boolean m53invoke() {
                    return bCCryptoService.containsKey(str);
                }
            }, 1, (Object) null);
            AssertionsKt.assertTrue$default(Crypto.doVerify(generateKeyPair, bCCryptoService.sign(str, clearData, signatureScheme2.getSignatureName()), clearData), (String) null, 2, (Object) null);
        }
    }

    @Test(timeout = 300000)
    /* renamed from: BCCryptoService generate key pair and sign with passed signing algorithm, reason: not valid java name */
    public final void m43x58cf13eb() {
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$1
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m54invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m54invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("NONEwithRSA", "myKeyAlias", "RSA");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$2
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m60invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m60invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("MD2withRSA", "myKeyAlias", "RSA");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$3
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m61invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m61invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("MD5withRSA", "myKeyAlias", "RSA");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$4
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m62invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m62invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("SHA1withRSA", "myKeyAlias", "RSA");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$5
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m63invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m63invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("SHA224withRSA", "myKeyAlias", "RSA");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$6
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m64invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m64invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("SHA256withRSA", "myKeyAlias", "RSA");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$7
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m65invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m65invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("SHA384withRSA", "myKeyAlias", "RSA");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$8
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m66invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m66invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("SHA512withRSA", "myKeyAlias", "RSA");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$9
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m67invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m67invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("NONEwithECDSA", "myKeyAlias", "EC");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$10
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m55invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m55invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("SHA1withECDSA", "myKeyAlias", "EC");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$11
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m56invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m56invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("SHA224withECDSA", "myKeyAlias", "EC");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$12
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m57invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m57invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("SHA256withECDSA", "myKeyAlias", "EC");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$13
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m58invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m58invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("SHA384withECDSA", "myKeyAlias", "EC");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$BCCryptoService generate key pair and sign with passed signing algorithm$14
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m59invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m59invoke() {
                boolean signAndVerify;
                signAndVerify = BCCryptoServiceTests.this.signAndVerify("SHA512withECDSA", "myKeyAlias", "EC");
                return signAndVerify;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, (Object) null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean signAndVerify(String str, final String str2, String str3) {
        KeyPair genKeyPair = KeyPairGenerator.getInstance(str3).genKeyPair();
        X500Principal x500Principal = TestConstants.ALICE_NAME.getX500Principal();
        Intrinsics.checkExpressionValueIsNotNull(genKeyPair, "keyPair");
        CertificateStoreSupplier createKeystore = createKeystore(str2, genKeyPair);
        Path path = this.wrappingKeyStorePath;
        if (path == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wrappingKeyStorePath");
        }
        final BCCryptoService bCCryptoService = new BCCryptoService(x500Principal, createKeystore, path);
        AssertionsKt.assertTrue$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$signAndVerify$1
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m73invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m73invoke() {
                return bCCryptoService.containsKey(str2);
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        }, 1, (Object) null);
        return verify(str, bCCryptoService.getPublicKey(str2), bCCryptoService.sign(str2, clearData, str), clearData);
    }

    private final boolean verify(String str, PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        Signature signature = Signature.getInstance(str, new BouncyCastleProvider());
        signature.initVerify(publicKey);
        signature.update(bArr2);
        return signature.verify(bArr);
    }

    private final CertificateStoreSupplier createKeystore(String str, KeyPair keyPair) {
        KeyStore keyStore = KeyStore.getInstance("pkcs12");
        keyStore.load(null, null);
        Path path = this.temporaryKeystoreFolder.getRoot().toPath();
        Intrinsics.checkExpressionValueIsNotNull(path, "baseDirectory");
        Path div = PathUtilsKt.div(path, "keys-with-more-algos.jks");
        X500Principal x500Principal = new X500Principal("CN=Test");
        X509Utilities x509Utilities = X509Utilities.INSTANCE;
        Duration duration = Duration.ZERO;
        Intrinsics.checkExpressionValueIsNotNull(duration, "Duration.ZERO");
        Pair certificateValidityWindow$default = X509Utilities.getCertificateValidityWindow$default(x509Utilities, duration, KotlinUtilsKt.getDays(365), (X509Certificate) null, 4, (Object) null);
        X509Utilities x509Utilities2 = X509Utilities.INSTANCE;
        CertificateType certificateType = CertificateType.TLS;
        PublicKey publicKey = keyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "keyPair.public");
        X509Certificate createCertificate$default = X509Utilities.createCertificate$default(x509Utilities2, certificateType, x500Principal, keyPair, x500Principal, publicKey, certificateValidityWindow$default, (NameConstraints) null, (String) null, (X500Name) null, 448, (Object) null);
        PrivateKey privateKey = keyPair.getPrivate();
        char[] charArray = DevCertificatesTest.OLD_DEV_KEYSTORE_PASS.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        keyStore.setKeyEntry(str, privateKey, charArray, new X509Certificate[]{createCertificate$default});
        FileOutputStream fileOutputStream = new FileOutputStream(div.toString());
        Throwable th = (Throwable) null;
        try {
            try {
                FileOutputStream fileOutputStream2 = fileOutputStream;
                char[] charArray2 = DevCertificatesTest.OLD_DEV_KEYSTORE_PASS.toCharArray();
                Intrinsics.checkExpressionValueIsNotNull(charArray2, "(this as java.lang.String).toCharArray()");
                keyStore.store(fileOutputStream2, charArray2);
                Unit unit = Unit.INSTANCE;
                CloseableKt.closeFinally(fileOutputStream, th);
                return CertificateStoreStubs.Signing.Companion.withCertificatesDirectory(path, DevCertificatesTest.OLD_DEV_KEYSTORE_PASS, DevCertificatesTest.OLD_DEV_KEYSTORE_PASS, "keys-with-more-algos.jks");
            } finally {
            }
        } catch (Throwable th2) {
            CloseableKt.closeFinally(fileOutputStream, th);
            throw th2;
        }
    }

    @Test(timeout = 300000)
    /* renamed from: When key does not exist getPublicKey, sign and getSigner should throw, reason: not valid java name */
    public final void m44x8c7d07bb() {
        final String str = "nonExistingAlias";
        X500Principal x500Principal = TestConstants.ALICE_NAME.getX500Principal();
        CertificateStoreSupplier certificateStoreSupplier = this.signingCertificateStore;
        if (certificateStoreSupplier == null) {
            Intrinsics.throwUninitializedPropertyAccessException("signingCertificateStore");
        }
        Path path = this.wrappingKeyStorePath;
        if (path == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wrappingKeyStorePath");
        }
        final BCCryptoService bCCryptoService = new BCCryptoService(x500Principal, certificateStoreSupplier, path);
        AssertionsKt.assertFalse$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$When key does not exist getPublicKey, sign and getSigner should throw$1
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m68invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m68invoke() {
                return bCCryptoService.containsKey(str);
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        }, 1, (Object) null);
        Function0<Unit> function0 = new Function0<Unit>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$When key does not exist getPublicKey, sign and getSigner should throw$2
            public /* bridge */ /* synthetic */ Object invoke() {
                m69invoke();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final void m69invoke() {
                bCCryptoService.getPublicKey(str);
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        };
        AssertionsKt.assertFailsWith(Reflection.getOrCreateKotlinClass(CryptoServiceException.class), (String) null, function0);
        Function0<Unit> function02 = new Function0<Unit>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$When key does not exist getPublicKey, sign and getSigner should throw$3
            public /* bridge */ /* synthetic */ Object invoke() {
                m70invoke();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final void m70invoke() {
                SignOnlyCryptoService.DefaultImpls.sign$default(bCCryptoService, str, BCCryptoServiceTests.Companion.getClearData(), (String) null, 4, (Object) null);
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        };
        AssertionsKt.assertFailsWith(Reflection.getOrCreateKotlinClass(CryptoServiceException.class), (String) null, function02);
        Function0<Unit> function03 = new Function0<Unit>() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$When key does not exist getPublicKey, sign and getSigner should throw$4
            public /* bridge */ /* synthetic */ Object invoke() {
                m71invoke();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final void m71invoke() {
                bCCryptoService.getSigner(str);
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        };
        AssertionsKt.assertFailsWith(Reflection.getOrCreateKotlinClass(CryptoServiceException.class), (String) null, function03);
    }

    @Test(timeout = 300000)
    /* renamed from: cryptoService supports degraded mode of wrapping, reason: not valid java name */
    public final void m45cryptoServicesupportsdegradedmodeofwrapping() {
        X500Principal x500Principal = TestConstants.ALICE_NAME.getX500Principal();
        CertificateStoreSupplier certificateStoreSupplier = this.signingCertificateStore;
        if (certificateStoreSupplier == null) {
            Intrinsics.throwUninitializedPropertyAccessException("signingCertificateStore");
        }
        Path path = this.wrappingKeyStorePath;
        if (path == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wrappingKeyStorePath");
        }
        Assertions.assertThat(new BCCryptoService(x500Principal, certificateStoreSupplier, path).getWrappingMode()).isEqualTo(WrappingMode.DEGRADED_WRAPPED);
    }

    @Test(timeout = 300000)
    /* renamed from: cryptoService does not fail when requested to create same wrapping key twice with failIfExists is false, reason: not valid java name */
    public final void m46x11e4c9dc() {
        X500Principal x500Principal = TestConstants.ALICE_NAME.getX500Principal();
        CertificateStoreSupplier certificateStoreSupplier = this.signingCertificateStore;
        if (certificateStoreSupplier == null) {
            Intrinsics.throwUninitializedPropertyAccessException("signingCertificateStore");
        }
        Path path = this.wrappingKeyStorePath;
        if (path == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wrappingKeyStorePath");
        }
        BCCryptoService bCCryptoService = new BCCryptoService(x500Principal, certificateStoreSupplier, path);
        String uuid = UUID.randomUUID().toString();
        Intrinsics.checkExpressionValueIsNotNull(uuid, "keyAlias");
        CryptoService.DefaultImpls.createWrappingKey$default(bCCryptoService, uuid, false, 2, (Object) null);
        bCCryptoService.createWrappingKey(uuid, false);
    }

    @Test(timeout = 300000)
    /* renamed from: cryptoService does fail when requested to create same wrapping key twice with failIfExists is true, reason: not valid java name */
    public final void m47x4e73ab82() {
        X500Principal x500Principal = TestConstants.ALICE_NAME.getX500Principal();
        CertificateStoreSupplier certificateStoreSupplier = this.signingCertificateStore;
        if (certificateStoreSupplier == null) {
            Intrinsics.throwUninitializedPropertyAccessException("signingCertificateStore");
        }
        Path path = this.wrappingKeyStorePath;
        if (path == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wrappingKeyStorePath");
        }
        final BCCryptoService bCCryptoService = new BCCryptoService(x500Principal, certificateStoreSupplier, path);
        final String uuid = UUID.randomUUID().toString();
        Intrinsics.checkExpressionValueIsNotNull(uuid, "keyAlias");
        CryptoService.DefaultImpls.createWrappingKey$default(bCCryptoService, uuid, false, 2, (Object) null);
        Assertions.assertThat(bCCryptoService.containsKey(uuid)).isTrue();
        Assertions.assertThatThrownBy(new ThrowableAssert.ThrowingCallable() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$cryptoService does fail when requested to create same wrapping key twice with failIfExists is true$1
            public final void call() {
                BCCryptoService bCCryptoService2 = bCCryptoService;
                String str = uuid;
                Intrinsics.checkExpressionValueIsNotNull(str, "keyAlias");
                CryptoService.DefaultImpls.createWrappingKey$default(bCCryptoService2, str, false, 2, (Object) null);
            }
        }).isInstanceOf(IllegalArgumentException.class).hasMessage("There is an existing key with the alias: " + uuid);
    }

    @Test(timeout = 300000)
    /* renamed from: cryptoService fails when asked to generate wrapped key pair or sign, but the master key specified does not exist, reason: not valid java name */
    public final void m48x6b58d0a3() {
        X500Principal x500Principal = TestConstants.ALICE_NAME.getX500Principal();
        CertificateStoreSupplier certificateStoreSupplier = this.signingCertificateStore;
        if (certificateStoreSupplier == null) {
            Intrinsics.throwUninitializedPropertyAccessException("signingCertificateStore");
        }
        Path path = this.wrappingKeyStorePath;
        if (path == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wrappingKeyStorePath");
        }
        final BCCryptoService bCCryptoService = new BCCryptoService(x500Principal, certificateStoreSupplier, path);
        final String uuid = UUID.randomUUID().toString();
        Assertions.assertThatThrownBy(new ThrowableAssert.ThrowingCallable() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$cryptoService fails when asked to generate wrapped key pair or sign, but the master key specified does not exist$1
            public final void call() {
                BCCryptoService bCCryptoService2 = bCCryptoService;
                String str = uuid;
                Intrinsics.checkExpressionValueIsNotNull(str, "wrappingKeyAlias");
                CryptoService.DefaultImpls.generateWrappedKeyPair$default(bCCryptoService2, str, (SignatureScheme) null, 2, (Object) null);
            }
        }).isInstanceOf(IllegalStateException.class).hasMessage("There is no master key under the alias: " + uuid);
        byte[] bytes = "key".getBytes(Charsets.UTF_8);
        Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
        final WrappedPrivateKey wrappedPrivateKey = new WrappedPrivateKey(bytes, Crypto.ECDSA_SECP256R1_SHA256, (Integer) null, 4, (DefaultConstructorMarker) null);
        final byte[] bytes2 = "data".getBytes(Charsets.UTF_8);
        Intrinsics.checkExpressionValueIsNotNull(bytes2, "(this as java.lang.String).getBytes(charset)");
        Assertions.assertThatThrownBy(new ThrowableAssert.ThrowingCallable() { // from class: net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoServiceTests$cryptoService fails when asked to generate wrapped key pair or sign, but the master key specified does not exist$2
            public final void call() {
                BCCryptoService bCCryptoService2 = bCCryptoService;
                String str = uuid;
                Intrinsics.checkExpressionValueIsNotNull(str, "wrappingKeyAlias");
                bCCryptoService2.sign(str, wrappedPrivateKey, bytes2);
            }
        }).isInstanceOf(IllegalStateException.class).hasMessage("There is no master key under the alias: " + uuid);
    }

    @Test(timeout = 300000)
    /* renamed from: cryptoService can generate wrapped key pair and sign with the private key successfully, using default algorithm, reason: not valid java name */
    public final void m49xd3916af1() {
        X500Principal x500Principal = TestConstants.ALICE_NAME.getX500Principal();
        CertificateStoreSupplier certificateStoreSupplier = this.signingCertificateStore;
        if (certificateStoreSupplier == null) {
            Intrinsics.throwUninitializedPropertyAccessException("signingCertificateStore");
        }
        Path path = this.wrappingKeyStorePath;
        if (path == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wrappingKeyStorePath");
        }
        CryptoService bCCryptoService = new BCCryptoService(x500Principal, certificateStoreSupplier, path);
        String uuid = UUID.randomUUID().toString();
        Intrinsics.checkExpressionValueIsNotNull(uuid, "wrappingKeyAlias");
        CryptoService.DefaultImpls.createWrappingKey$default(bCCryptoService, uuid, false, 2, (Object) null);
        generateWrappedKeyPairSignAndVerify$default(this, bCCryptoService, uuid, null, 4, null);
    }

    @Test(timeout = 300000)
    /* renamed from: cryptoService can generate wrapped key pair and sign with the private key successfully, reason: not valid java name */
    public final void m50xcd2f58af() {
        X500Principal x500Principal = TestConstants.ALICE_NAME.getX500Principal();
        CertificateStoreSupplier certificateStoreSupplier = this.signingCertificateStore;
        if (certificateStoreSupplier == null) {
            Intrinsics.throwUninitializedPropertyAccessException("signingCertificateStore");
        }
        Path path = this.wrappingKeyStorePath;
        if (path == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wrappingKeyStorePath");
        }
        BCCryptoService bCCryptoService = new BCCryptoService(x500Principal, certificateStoreSupplier, path);
        String uuid = UUID.randomUUID().toString();
        Intrinsics.checkExpressionValueIsNotNull(uuid, "wrappingKeyAlias");
        CryptoService.DefaultImpls.createWrappingKey$default(bCCryptoService, uuid, false, 2, (Object) null);
        generateWrappedKeyPairSignAndVerify((CryptoService) bCCryptoService, uuid, Crypto.ECDSA_SECP256R1_SHA256);
        generateWrappedKeyPairSignAndVerify((CryptoService) bCCryptoService, uuid, Crypto.ECDSA_SECP256K1_SHA256);
        generateWrappedKeyPairSignAndVerify((CryptoService) bCCryptoService, uuid, Crypto.RSA_SHA256);
    }

    private final void generateWrappedKeyPairSignAndVerify(CryptoService cryptoService, String str, SignatureScheme signatureScheme) {
        byte[] bytes = "data".getBytes(Charsets.UTF_8);
        Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
        Pair generateWrappedKeyPair = signatureScheme != null ? cryptoService.generateWrappedKeyPair(str, signatureScheme) : CryptoService.DefaultImpls.generateWrappedKeyPair$default(cryptoService, str, (SignatureScheme) null, 2, (Object) null);
        Crypto.doVerify((PublicKey) generateWrappedKeyPair.component1(), cryptoService.sign(str, (WrappedPrivateKey) generateWrappedKeyPair.component2(), bytes), bytes);
    }

    static /* bridge */ /* synthetic */ void generateWrappedKeyPairSignAndVerify$default(BCCryptoServiceTests bCCryptoServiceTests, CryptoService cryptoService, String str, SignatureScheme signatureScheme, int i, Object obj) {
        if ((i & 4) != 0) {
            signatureScheme = (SignatureScheme) null;
        }
        bCCryptoServiceTests.generateWrappedKeyPairSignAndVerify(cryptoService, str, signatureScheme);
    }

    @Test(timeout = 300000)
    /* renamed from: cryptoService can sign with previously encoded version of wrapped key, reason: not valid java name */
    public final void m51xc0b8d01e() {
        X500Principal x500Principal = TestConstants.ALICE_NAME.getX500Principal();
        CertificateStoreSupplier certificateStoreSupplier = this.signingCertificateStore;
        if (certificateStoreSupplier == null) {
            Intrinsics.throwUninitializedPropertyAccessException("signingCertificateStore");
        }
        Path path = this.wrappingKeyStorePath;
        if (path == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wrappingKeyStorePath");
        }
        BCCryptoService bCCryptoService = new BCCryptoService(x500Principal, certificateStoreSupplier, path);
        String uuid = UUID.randomUUID().toString();
        Intrinsics.checkExpressionValueIsNotNull(uuid, "wrappingKeyAlias");
        CryptoService.DefaultImpls.createWrappingKey$default(bCCryptoService, uuid, false, 2, (Object) null);
        Path path2 = this.wrappingKeyStorePath;
        if (path2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wrappingKeyStorePath");
        }
        KeyStore loadOrCreateKeyStore$default = KeyStoreUtilities.loadOrCreateKeyStore$default(path2, bCCryptoService.getCertificateStore().getPassword(), "PKCS12", (Provider) null, 8, (Object) null);
        String entryPassword = bCCryptoService.getCertificateStore().getEntryPassword();
        if (entryPassword == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray = entryPassword.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        Key key = loadOrCreateKeyStore$default.getKey(uuid, charArray);
        Cipher cipher = Cipher.getInstance("AES", ProviderMapKt.getCordaBouncyCastleProvider());
        cipher.init(3, key);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", ProviderMapKt.getCordaBouncyCastleProvider());
        keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        Intrinsics.checkExpressionValueIsNotNull(generateKeyPair, "keyPair");
        byte[] wrap = cipher.wrap(generateKeyPair.getPrivate());
        Intrinsics.checkExpressionValueIsNotNull(wrap, "privateKeyMaterialWrapped");
        WrappedPrivateKey wrappedPrivateKey = new WrappedPrivateKey(wrap, Crypto.ECDSA_SECP256R1_SHA256, (Integer) null);
        byte[] bytes = "data".getBytes(Charsets.UTF_8);
        Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
        byte[] sign = bCCryptoService.sign(uuid, wrappedPrivateKey, bytes);
        PublicKey publicKey = generateKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "keyPair.public");
        Crypto.doVerify(publicKey, sign, bytes);
    }

    static {
        byte[] bytes = "data".getBytes(Charsets.UTF_8);
        Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
        clearData = bytes;
    }
}
