package net.corda.testing.node.internal;

import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.Pair;
import kotlin.TypeCastException;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.crypto.Crypto;
import net.corda.core.crypto.CryptoUtils;
import net.corda.core.crypto.SecureHashKt;
import net.corda.core.crypto.SignatureScheme;
import net.corda.core.crypto.internal.Instances;
import net.corda.core.crypto.internal.ProviderMapKt;
import net.corda.nodeapi.internal.crypto.ContentSignerBuilder;
import net.corda.nodeapi.internal.cryptoservice.CryptoService;
import net.corda.nodeapi.internal.cryptoservice.CryptoServiceException;
import net.corda.nodeapi.internal.cryptoservice.WrappedPrivateKey;
import net.corda.nodeapi.internal.cryptoservice.WrappingMode;
import org.bouncycastle.operator.ContentSigner;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: MockCryptoService.kt */
@Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��d\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010$\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010%\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0006\u0018��2\u00020\u0001B\u0019\u0012\u0012\u0010\u0002\u001a\u000e\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\u00050\u0003¢\u0006\u0002\u0010\u0006J\u0010\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u0004H\u0016J\u0018\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\r\u001a\u00020\u00042\u0006\u0010\u0010\u001a\u00020\fH\u0016J\u0018\u0010\u0011\u001a\u00020\u00122\u0006\u0010\r\u001a\u00020\u00042\u0006\u0010\u0013\u001a\u00020\u0014H\u0016J$\u0010\u0015\u001a\u000e\u0012\u0004\u0012\u00020\u0012\u0012\u0004\u0012\u00020\u00170\u00162\u0006\u0010\u0018\u001a\u00020\u00042\u0006\u0010\u0019\u001a\u00020\u0014H\u0016J\u0012\u0010\u001a\u001a\u0004\u0018\u00010\u00122\u0006\u0010\r\u001a\u00020\u0004H\u0016J\u0010\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\r\u001a\u00020\u0004H\u0016J\n\u0010\u001d\u001a\u0004\u0018\u00010\u001eH\u0016J\u0010\u0010\u001f\u001a\u00020\u00042\u0006\u0010\u0013\u001a\u00020\u0014H\u0002J\"\u0010 \u001a\u00020!2\u0006\u0010\r\u001a\u00020\u00042\u0006\u0010\"\u001a\u00020!2\b\u0010#\u001a\u0004\u0018\u00010\u0004H\u0016J \u0010 \u001a\u00020!2\u0006\u0010\u0018\u001a\u00020\u00042\u0006\u0010$\u001a\u00020\u00172\u0006\u0010%\u001a\u00020!H\u0016J \u0010&\u001a\u00020!2\u0006\u0010\r\u001a\u00020\u00042\u0006\u0010\"\u001a\u00020!2\u0006\u0010#\u001a\u00020\u0004H\u0002R\u001a\u0010\u0007\u001a\u000e\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\u00050\bX\u0082\u0004¢\u0006\u0002\n��R\u001a\u0010\t\u001a\u000e\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\n0\bX\u0082\u0004¢\u0006\u0002\n��¨\u0006'"}, d2 = {"Lnet/corda/testing/node/internal/MockCryptoService;", "Lnet/corda/nodeapi/internal/cryptoservice/CryptoService;", "initialKeyPairs", "", "", "Ljava/security/KeyPair;", "(Ljava/util/Map;)V", "aliasToKey", "", "wrappingKeys", "Ljavax/crypto/SecretKey;", "containsKey", "", "alias", "createWrappingKey", "", "failIfExists", "generateKeyPair", "Ljava/security/PublicKey;", "scheme", "Lnet/corda/core/crypto/SignatureScheme;", "generateWrappedKeyPair", "Lkotlin/Pair;", "Lnet/corda/nodeapi/internal/cryptoservice/WrappedPrivateKey;", "masterKeyAlias", "childKeyScheme", "getPublicKey", "getSigner", "Lorg/bouncycastle/operator/ContentSigner;", "getWrappingMode", "Lnet/corda/nodeapi/internal/cryptoservice/WrappingMode;", "keyAlgorithmFromScheme", "sign", "", "data", "signAlgorithm", "wrappedPrivateKey", "payloadToSign", "signWithAlgorithm", "node-driver"})
/* loaded from: input_file:net/corda/testing/node/internal/MockCryptoService.class */
public final class MockCryptoService implements CryptoService {
    private final Map<String, KeyPair> aliasToKey;
    private final Map<String, SecretKey> wrappingKeys;

    public boolean containsKey(@NotNull String str) {
        Intrinsics.checkParameterIsNotNull(str, "alias");
        return this.aliasToKey.containsKey(str);
    }

    @Nullable
    public PublicKey getPublicKey(@NotNull String str) {
        Intrinsics.checkParameterIsNotNull(str, "alias");
        KeyPair keyPair = this.aliasToKey.get(str);
        if (keyPair != null) {
            return keyPair.getPublic();
        }
        return null;
    }

    @NotNull
    public byte[] sign(@NotNull String str, @NotNull byte[] bArr, @Nullable String str2) {
        Intrinsics.checkParameterIsNotNull(str, "alias");
        Intrinsics.checkParameterIsNotNull(bArr, "data");
        try {
            if (str2 != null) {
                return signWithAlgorithm(str, bArr, str2);
            }
            KeyPair keyPair = this.aliasToKey.get(str);
            if (keyPair == null) {
                Intrinsics.throwNpe();
            }
            PrivateKey privateKey = keyPair.getPrivate();
            Intrinsics.checkExpressionValueIsNotNull(privateKey, "aliasToKey[alias]!!.private");
            return Crypto.doSign(privateKey, bArr);
        } catch (Exception e) {
            throw new CryptoServiceException("Cannot sign using the key with alias " + str + ". SHA256 of data to be signed: " + SecureHashKt.sha256(bArr), e, false, 4, (DefaultConstructorMarker) null);
        }
    }

    private final byte[] signWithAlgorithm(String str, byte[] bArr, String str2) {
        KeyPair keyPair = this.aliasToKey.get(str);
        if (keyPair == null) {
            Intrinsics.throwNpe();
        }
        PrivateKey privateKey = keyPair.getPrivate();
        Signature signature = Signature.getInstance(str2, ProviderMapKt.getCordaBouncyCastleProvider());
        signature.initSign(privateKey, CryptoUtils.newSecureRandom());
        signature.update(bArr);
        byte[] sign = signature.sign();
        Intrinsics.checkExpressionValueIsNotNull(sign, "signature.sign()");
        return sign;
    }

    @NotNull
    public ContentSigner getSigner(@NotNull String str) {
        Intrinsics.checkParameterIsNotNull(str, "alias");
        try {
            KeyPair keyPair = this.aliasToKey.get(str);
            if (keyPair == null) {
                Intrinsics.throwNpe();
            }
            PrivateKey privateKey = keyPair.getPrivate();
            Intrinsics.checkExpressionValueIsNotNull(privateKey, "privateKey");
            SignatureScheme findSignatureScheme = Crypto.findSignatureScheme(privateKey);
            return ContentSignerBuilder.build$default(ContentSignerBuilder.INSTANCE, findSignatureScheme, privateKey, Crypto.findProvider(findSignatureScheme.getProviderName()), CryptoUtils.newSecureRandom(), false, 16, (Object) null);
        } catch (Exception e) {
            throw new CryptoServiceException("Cannot get Signer for key with alias " + str, e, false, 4, (DefaultConstructorMarker) null);
        }
    }

    @NotNull
    public PublicKey generateKeyPair(@NotNull String str, @NotNull SignatureScheme signatureScheme) {
        Intrinsics.checkParameterIsNotNull(str, "alias");
        Intrinsics.checkParameterIsNotNull(signatureScheme, "scheme");
        KeyPair generateKeyPair = Crypto.generateKeyPair(signatureScheme);
        this.aliasToKey.put(str, generateKeyPair);
        PublicKey publicKey = generateKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "keyPair.public");
        return publicKey;
    }

    public synchronized void createWrappingKey(@NotNull String str, boolean z) {
        Intrinsics.checkParameterIsNotNull(str, "alias");
        if (this.wrappingKeys.get(str) != null) {
            if (z) {
                throw new IllegalArgumentException("There is an existing key with the alias: " + str);
            }
            if (z) {
                throw new NoWhenBranchMatchedException();
            }
            return;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(wrappingKeySize());
        SecretKey generateKey = keyGenerator.generateKey();
        Map<String, SecretKey> map = this.wrappingKeys;
        Intrinsics.checkExpressionValueIsNotNull(generateKey, "wrappingKey");
        map.put(str, generateKey);
    }

    @NotNull
    public Pair<PublicKey, WrappedPrivateKey> generateWrappedKeyPair(@NotNull String str, @NotNull SignatureScheme signatureScheme) {
        Intrinsics.checkParameterIsNotNull(str, "masterKeyAlias");
        Intrinsics.checkParameterIsNotNull(signatureScheme, "childKeyScheme");
        SecretKey secretKey = this.wrappingKeys.get(str);
        if (secretKey == null) {
            throw new IllegalStateException("There is no master key under the alias: " + str);
        }
        KeyPair generateKeyPair = Crypto.generateKeyPair(signatureScheme);
        Cipher cipher = Cipher.getInstance("AES", ProviderMapKt.getCordaBouncyCastleProvider());
        cipher.init(3, secretKey);
        byte[] wrap = cipher.wrap(generateKeyPair.getPrivate());
        PublicKey publicKey = generateKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(wrap, "privateKeyMaterialWrapped");
        return new Pair<>(publicKey, new WrappedPrivateKey(wrap, signatureScheme, (Integer) null, 4, (DefaultConstructorMarker) null));
    }

    @NotNull
    public byte[] sign(@NotNull String str, @NotNull WrappedPrivateKey wrappedPrivateKey, @NotNull byte[] bArr) {
        Intrinsics.checkParameterIsNotNull(str, "masterKeyAlias");
        Intrinsics.checkParameterIsNotNull(wrappedPrivateKey, "wrappedPrivateKey");
        Intrinsics.checkParameterIsNotNull(bArr, "payloadToSign");
        SecretKey secretKey = this.wrappingKeys.get(str);
        if (secretKey == null) {
            throw new IllegalStateException("There is no master key under the alias: " + str);
        }
        Cipher cipher = Cipher.getInstance("AES", ProviderMapKt.getCordaBouncyCastleProvider());
        cipher.init(4, secretKey);
        Key unwrap = cipher.unwrap(wrappedPrivateKey.getKeyMaterial(), keyAlgorithmFromScheme(wrappedPrivateKey.getSignatureScheme()), 2);
        if (unwrap == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.PrivateKey");
        }
        PrivateKey privateKey = (PrivateKey) unwrap;
        Signature signatureInstance = Instances.INSTANCE.getSignatureInstance(wrappedPrivateKey.getSignatureScheme().getSignatureName(), ProviderMapKt.getCordaBouncyCastleProvider());
        signatureInstance.initSign(privateKey, CryptoUtils.newSecureRandom());
        signatureInstance.update(bArr);
        byte[] sign = signatureInstance.sign();
        Intrinsics.checkExpressionValueIsNotNull(sign, "signature.sign()");
        return sign;
    }

    private final String keyAlgorithmFromScheme(SignatureScheme signatureScheme) {
        if (Intrinsics.areEqual(signatureScheme, Crypto.ECDSA_SECP256R1_SHA256) || Intrinsics.areEqual(signatureScheme, Crypto.ECDSA_SECP256K1_SHA256)) {
            return "EC";
        }
        if (Intrinsics.areEqual(signatureScheme, Crypto.RSA_SHA256)) {
            return "RSA";
        }
        throw new IllegalArgumentException("No algorithm for scheme ID " + signatureScheme.getSchemeNumberID());
    }

    @Nullable
    public WrappingMode getWrappingMode() {
        return WrappingMode.DEGRADED_WRAPPED;
    }

    public MockCryptoService(@NotNull Map<String, KeyPair> map) {
        Intrinsics.checkParameterIsNotNull(map, "initialKeyPairs");
        this.aliasToKey = new LinkedHashMap();
        this.wrappingKeys = new LinkedHashMap();
        for (Map.Entry<String, KeyPair> entry : map.entrySet()) {
            this.aliasToKey.put(entry.getKey(), entry.getValue());
        }
    }

    @NotNull
    public SignatureScheme defaultIdentitySignatureScheme() {
        return CryptoService.DefaultImpls.defaultIdentitySignatureScheme(this);
    }

    @NotNull
    public SignatureScheme defaultTLSSignatureScheme() {
        return CryptoService.DefaultImpls.defaultTLSSignatureScheme(this);
    }

    @NotNull
    public SignatureScheme defaultWrappingSignatureScheme() {
        return CryptoService.DefaultImpls.defaultWrappingSignatureScheme(this);
    }

    public int wrappingKeySize() {
        return CryptoService.DefaultImpls.wrappingKeySize(this);
    }
}
