package tech.relaycorp.relaynet.messages.control;

import java.security.PrivateKey;
import kotlin.Metadata;
import kotlin.collections.ArraysKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEROctetString;
import org.jetbrains.annotations.NotNull;
import tech.relaycorp.relaynet.OIDs;
import tech.relaycorp.relaynet.crypto.SignedData;
import tech.relaycorp.relaynet.crypto.SignedDataException;
import tech.relaycorp.relaynet.messages.InvalidMessageException;
import tech.relaycorp.relaynet.wrappers.asn1.ASN1Exception;
import tech.relaycorp.relaynet.wrappers.asn1.ASN1Utils;
import tech.relaycorp.relaynet.wrappers.x509.Certificate;

/* compiled from: NonceSignature.kt */
@Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"�� \n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0010\u0012\n��\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018�� \u000e2\u00020\u0001:\u0001\u000eB\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u000e\u0010\u000b\u001a\u00020\u00032\u0006\u0010\f\u001a\u00020\rR\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\u0007\u0010\bR\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n��\u001a\u0004\b\t\u0010\n¨\u0006\u000f"}, d2 = {"Ltech/relaycorp/relaynet/messages/control/NonceSignature;", "", "nonce", "", "signerCertificate", "Ltech/relaycorp/relaynet/wrappers/x509/Certificate;", "([BLtech/relaycorp/relaynet/wrappers/x509/Certificate;)V", "getNonce", "()[B", "getSignerCertificate", "()Ltech/relaycorp/relaynet/wrappers/x509/Certificate;", "serialize", "privateKey", "Ljava/security/PrivateKey;", "Companion", "relaynet"})
/* loaded from: input_file:tech/relaycorp/relaynet/messages/control/NonceSignature.class */
public final class NonceSignature {

    @NotNull
    private final byte[] nonce;

    @NotNull
    private final Certificate signerCertificate;
    public static final Companion Companion = new Companion(null);

    /* compiled from: NonceSignature.kt */
    @Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��\u0018\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u000e\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u0006¨\u0006\u0007"}, d2 = {"Ltech/relaycorp/relaynet/messages/control/NonceSignature$Companion;", "", "()V", "deserialize", "Ltech/relaycorp/relaynet/messages/control/NonceSignature;", "serialization", "", "relaynet"})
    /* loaded from: input_file:tech/relaycorp/relaynet/messages/control/NonceSignature$Companion.class */
    public static final class Companion {
        @NotNull
        public final NonceSignature deserialize(@NotNull byte[] bArr) throws InvalidMessageException {
            Intrinsics.checkParameterIsNotNull(bArr, "serialization");
            try {
                SignedData deserialize = SignedData.Companion.deserialize(bArr);
                SignedData.verify$default(deserialize, null, 1, null);
                try {
                    ASN1Utils aSN1Utils = ASN1Utils.INSTANCE;
                    byte[] plaintext = deserialize.getPlaintext();
                    if (plaintext == null) {
                        Intrinsics.throwNpe();
                    }
                    ASN1TaggedObject[] deserializeHeterogeneousSequence = aSN1Utils.deserializeHeterogeneousSequence(plaintext);
                    if (deserializeHeterogeneousSequence.length < 2) {
                        throw new InvalidMessageException("Signature sequence should have at least 2 items (got " + deserializeHeterogeneousSequence.length + ')', null, 2, null);
                    }
                    ASN1ObjectIdentifier oid = ASN1Utils.INSTANCE.getOID((ASN1TaggedObject) ArraysKt.first(deserializeHeterogeneousSequence));
                    if (!Intrinsics.areEqual(oid, OIDs.INSTANCE.getNONCE_SIGNATURE())) {
                        throw new InvalidMessageException("Signature OID is invalid (got " + oid.getId() + ')', null, 2, null);
                    }
                    byte[] octets = ASN1Utils.INSTANCE.getOctetString(deserializeHeterogeneousSequence[1]).getOctets();
                    Intrinsics.checkExpressionValueIsNotNull(octets, "nonce.octets");
                    Certificate signerCertificate = deserialize.getSignerCertificate();
                    if (signerCertificate == null) {
                        Intrinsics.throwNpe();
                    }
                    return new NonceSignature(octets, signerCertificate);
                } catch (ASN1Exception e) {
                    throw new InvalidMessageException("Signature plaintext is not a DER sequence", e);
                }
            } catch (SignedDataException e2) {
                throw new InvalidMessageException("SignedData value is invalid", e2);
            }
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @NotNull
    public final byte[] serialize(@NotNull PrivateKey privateKey) {
        Intrinsics.checkParameterIsNotNull(privateKey, "privateKey");
        return SignedData.Companion.sign$default(SignedData.Companion, ASN1Utils.INSTANCE.serializeSequence(new ASN1Encodable[]{(ASN1Encodable) OIDs.INSTANCE.getNONCE_SIGNATURE(), (ASN1Encodable) new DEROctetString(this.nonce)}, false), privateKey, this.signerCertificate, SetsKt.setOf(this.signerCertificate), null, false, 48, null).serialize();
    }

    @NotNull
    public final byte[] getNonce() {
        return this.nonce;
    }

    @NotNull
    public final Certificate getSignerCertificate() {
        return this.signerCertificate;
    }

    public NonceSignature(@NotNull byte[] bArr, @NotNull Certificate certificate) {
        Intrinsics.checkParameterIsNotNull(bArr, "nonce");
        Intrinsics.checkParameterIsNotNull(certificate, "signerCertificate");
        this.nonce = bArr;
        this.signerCertificate = certificate;
    }
}
