package se.digg.dgc.signatures.cose;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.impl.ECDSA;
import com.upokecenter.cbor.CBORException;
import com.upokecenter.cbor.CBORObject;
import com.upokecenter.cbor.CBORType;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Optional;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import se.digg.dgc.signatures.cwt.Cwt;

/* loaded from: input_file:se/digg/dgc/signatures/cose/CoseSign1_Object.class */
public class CoseSign1_Object {
    public static final int MESSAGE_TAG = 18;
    private boolean includeMessageTag;
    private CBORObject protectedAttributes;
    private byte[] protectedAttributesEncoding;
    private CBORObject unprotectedAttributes;
    private byte[] content;
    private byte[] signature;
    private static final byte[] externalData = new byte[0];
    private static final String contextString = "Signature1";

    /* loaded from: input_file:se/digg/dgc/signatures/cose/CoseSign1_Object$CoseSign1_ObjectBuilder.class */
    public static class CoseSign1_ObjectBuilder {
        private final CoseSign1_Object object = new CoseSign1_Object();

        public CoseSign1_Object build() {
            return this.object;
        }

        public CoseSign1_ObjectBuilder protectedAttribute(CBORObject cBORObject, CBORObject cBORObject2) {
            this.object.addProtectedAttribute(cBORObject, cBORObject2);
            return this;
        }

        public CoseSign1_ObjectBuilder unprotectedAttribute(CBORObject cBORObject, CBORObject cBORObject2) {
            this.object.addUnprotectedAttribute(cBORObject, cBORObject2);
            return this;
        }

        public CoseSign1_ObjectBuilder content(byte[] bArr) {
            this.object.setContent(bArr);
            return this;
        }

        public CoseSign1_ObjectBuilder includeMessageTag(boolean z) {
            this.object.setIncludeMessageTag(z);
            return this;
        }
    }

    public CoseSign1_Object() {
        this.includeMessageTag = true;
        this.protectedAttributes = CBORObject.NewMap();
        this.unprotectedAttributes = CBORObject.NewMap();
    }

    public CoseSign1_Object(byte[] bArr) throws CBORException {
        this.includeMessageTag = true;
        CBORObject DecodeFromBytes = CBORObject.DecodeFromBytes(bArr);
        if (DecodeFromBytes.getType() != CBORType.Array) {
            throw new CBORException("Supplied message is not a valid COSE security object");
        }
        if (DecodeFromBytes.isTagged()) {
            if (DecodeFromBytes.GetAllTags().length > 2) {
                throw new CBORException("Invalid object - too many tags");
            }
            if (DecodeFromBytes.GetAllTags().length == 2 && 61 != DecodeFromBytes.getMostOuterTag().ToInt32Unchecked()) {
                throw new CBORException(String.format("Invalid COSE_Sign1 structure - Expected CWT %d tag - but was %d", 61, Integer.valueOf(DecodeFromBytes.getMostInnerTag().ToInt32Unchecked())));
            }
            if (18 != DecodeFromBytes.getMostInnerTag().ToInt32Unchecked()) {
                throw new CBORException(String.format("Invalid COSE_Sign1 structure - Expected %d tag - but was %d", 18, Integer.valueOf(DecodeFromBytes.getMostInnerTag().ToInt32Unchecked())));
            }
        }
        if (DecodeFromBytes.size() != 4) {
            throw new CBORException(String.format("Invalid COSE_Sign1 structure - Expected an array of 4 items - but array has %d items", Integer.valueOf(DecodeFromBytes.size())));
        }
        if (DecodeFromBytes.get(0).getType() != CBORType.ByteString) {
            throw new CBORException(String.format("Invalid COSE_Sign1 structure - Expected item at position 1/4 to be a bstr which is the encoding of the protected attributes, but was %s", DecodeFromBytes.get(0).getType()));
        }
        this.protectedAttributesEncoding = DecodeFromBytes.get(0).GetByteString();
        if (DecodeFromBytes.get(0).GetByteString().length == 0) {
            this.protectedAttributes = CBORObject.NewMap();
        } else {
            this.protectedAttributes = CBORObject.DecodeFromBytes(this.protectedAttributesEncoding);
            if (this.protectedAttributes.size() == 0) {
                this.protectedAttributesEncoding = new byte[0];
            }
        }
        if (DecodeFromBytes.get(1).getType() != CBORType.Map) {
            throw new CBORException(String.format("Invalid COSE_Sign1 structure - Expected item at position 2/4 to be a Map for unprotected attributes, but was %s", DecodeFromBytes.get(1).getType()));
        }
        this.unprotectedAttributes = DecodeFromBytes.get(1);
        if (DecodeFromBytes.get(2).getType() == CBORType.ByteString) {
            this.content = DecodeFromBytes.get(2).GetByteString();
        } else if (!DecodeFromBytes.get(2).isNull()) {
            throw new CBORException(String.format("Invalid COSE_Sign1 structure - Expected item at position 3/4 to be a bstr holding the payload, but was %s", DecodeFromBytes.get(2).getType()));
        }
        if (DecodeFromBytes.get(3).getType() != CBORType.ByteString) {
            throw new CBORException(String.format("Invalid COSE_Sign1 structure - Expected item at position 4/4 to be a bstr holding the signature, but was %s", DecodeFromBytes.get(2).getType()));
        }
        this.signature = DecodeFromBytes.get(3).GetByteString();
    }

    public static CoseSign1_ObjectBuilder builder() {
        return new CoseSign1_ObjectBuilder();
    }

    public static CoseSign1_Object decode(byte[] bArr) throws CBORException {
        return new CoseSign1_Object(bArr);
    }

    public byte[] encode() throws CBORException {
        if (this.signature == null || this.protectedAttributesEncoding == null) {
            throw new CBORException("Cannot encode COSE_Sign1 message - missing signature");
        }
        CBORObject NewArray = CBORObject.NewArray();
        NewArray.Add(this.protectedAttributesEncoding);
        NewArray.Add(this.unprotectedAttributes);
        NewArray.Add(this.content);
        NewArray.Add(this.signature);
        if (this.includeMessageTag) {
            NewArray = CBORObject.FromObjectAndTag(NewArray, 18);
        }
        return NewArray.EncodeToBytes();
    }

    public void sign(PrivateKey privateKey, Provider provider) throws SignatureException, CBORException {
        if (this.signature != null) {
            throw new SignatureException("Object has already been signed");
        }
        if (this.content == null) {
            throw new SignatureException("No content specified");
        }
        if (this.protectedAttributesEncoding == null) {
            if (this.protectedAttributes.size() > 0) {
                this.protectedAttributesEncoding = this.protectedAttributes.EncodeToBytes();
            } else {
                this.protectedAttributesEncoding = new byte[0];
            }
        }
        CBORObject NewArray = CBORObject.NewArray();
        NewArray.Add(contextString);
        NewArray.Add(this.protectedAttributesEncoding);
        NewArray.Add(externalData);
        NewArray.Add(this.content);
        byte[] EncodeToBytes = NewArray.EncodeToBytes();
        CBORObject cBORObject = this.protectedAttributes.get(HeaderParameterKey.ALG.getCborObject());
        if (cBORObject == null) {
            throw new SignatureException("No algorithm ID stored in protected attributes - cannot sign");
        }
        SignatureAlgorithm fromCborObject = SignatureAlgorithm.fromCborObject(cBORObject);
        try {
            Signature signature = provider != null ? Signature.getInstance(fromCborObject.getJcaAlgorithmName(), provider) : Signature.getInstance(fromCborObject.getJcaAlgorithmName());
            signature.initSign(privateKey);
            signature.update(EncodeToBytes);
            byte[] sign = signature.sign();
            if (fromCborObject == SignatureAlgorithm.ES256) {
                this.signature = ECDSA.transcodeSignatureToConcat(sign, 64);
            } else if (fromCborObject == SignatureAlgorithm.ES384) {
                this.signature = ECDSA.transcodeSignatureToConcat(sign, 96);
            } else if (fromCborObject == SignatureAlgorithm.ES512) {
                this.signature = ECDSA.transcodeSignatureToConcat(sign, 132);
            } else {
                this.signature = sign;
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException | JOSEException e) {
            throw new SignatureException("Failed to sign - " + e.getMessage(), e);
        }
    }

    public byte[] getKeyIdentifier() {
        CBORObject cBORObject = (CBORObject) Optional.ofNullable(this.protectedAttributes.get(HeaderParameterKey.KID.getCborObject())).orElse(this.unprotectedAttributes.get(HeaderParameterKey.KID.getCborObject()));
        if (cBORObject == null) {
            return null;
        }
        return cBORObject.GetByteString();
    }

    public Cwt getCwt() throws CBORException {
        if (this.content == null) {
            return null;
        }
        return Cwt.decode(this.content);
    }

    public void verifySignature(PublicKey publicKey) throws SignatureException {
        if (this.signature == null) {
            throw new SignatureException("Object is not signed");
        }
        CBORObject NewArray = CBORObject.NewArray();
        NewArray.Add(contextString);
        NewArray.Add(this.protectedAttributesEncoding);
        NewArray.Add(externalData);
        if (this.content != null) {
            NewArray.Add(this.content);
        } else {
            NewArray.Add((CBORObject) null);
        }
        byte[] EncodeToBytes = NewArray.EncodeToBytes();
        CBORObject cBORObject = this.protectedAttributes.get(HeaderParameterKey.ALG.getCborObject());
        if (cBORObject == null) {
            throw new SignatureException("No algorithm ID stored in protected attributes - cannot sign");
        }
        SignatureAlgorithm fromCborObject = SignatureAlgorithm.fromCborObject(cBORObject);
        byte[] bArr = this.signature;
        try {
            if (fromCborObject == SignatureAlgorithm.ES256 || fromCborObject == SignatureAlgorithm.ES384 || fromCborObject == SignatureAlgorithm.ES512) {
                bArr = ECDSA.transcodeSignatureToDER(this.signature);
            }
            Signature signature = Signature.getInstance(fromCborObject.getJcaAlgorithmName());
            signature.initVerify(publicKey);
            signature.update(EncodeToBytes);
            if (signature.verify(bArr)) {
            } else {
                throw new SignatureException("Signature did not verify correctly");
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException | JOSEException e) {
            throw new SignatureException("Failed to verify signature - " + e.getMessage(), e);
        }
    }

    public void addProtectedAttribute(CBORObject cBORObject, CBORObject cBORObject2) throws CBORException {
        if (this.signature != null) {
            throw new CBORException("Cannot add protected attribute to already signed COSE_Sign1 object");
        }
        removeProtectedAttribute(cBORObject);
        this.protectedAttributes.Add(cBORObject, cBORObject2);
    }

    public void removeProtectedAttribute(CBORObject cBORObject) throws CBORException {
        if (this.protectedAttributes.ContainsKey(cBORObject)) {
            if (this.signature != null) {
                throw new CBORException("Cannot remove protected attribute from signed COSE_Sign1 object");
            }
            this.protectedAttributes.Remove(cBORObject);
        }
    }

    public void addUnprotectedAttribute(CBORObject cBORObject, CBORObject cBORObject2) {
        removeUnprotectedAttribute(cBORObject);
        this.unprotectedAttributes.Add(cBORObject, cBORObject2);
    }

    public void removeUnprotectedAttribute(CBORObject cBORObject) {
        if (this.unprotectedAttributes.ContainsKey(cBORObject)) {
            this.unprotectedAttributes.Remove(cBORObject);
        }
    }

    public void setContent(byte[] bArr) {
        this.content = bArr;
    }

    public void setIncludeMessageTag(boolean z) {
        this.includeMessageTag = z;
    }

    private static void ensureBouncyCastlePresent() {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    static {
        ensureBouncyCastlePresent();
    }
}
