package net.corda.node.services.keys;

import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.UUID;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Lob;
import javax.persistence.Table;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.collections.SetsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.sequences.SequencesKt;
import net.corda.core.crypto.Crypto;
import net.corda.core.crypto.CryptoUtils;
import net.corda.core.crypto.DigitalSignature;
import net.corda.core.crypto.SignableData;
import net.corda.core.crypto.SignatureScheme;
import net.corda.core.crypto.TransactionSignature;
import net.corda.core.crypto.internal.AliasPrivateKey;
import net.corda.core.identity.PartyAndCertificate;
import net.corda.core.internal.NamedCacheFactory;
import net.corda.core.serialization.SerializationAPIKt;
import net.corda.core.serialization.SerializationContext;
import net.corda.core.serialization.SerializationFactory;
import net.corda.core.serialization.SingletonSerializeAsToken;
import net.corda.node.services.config.NodeConfigurationImpl;
import net.corda.node.services.identity.PersistentIdentityService;
import net.corda.node.services.keys.BasicHSMKeyManagementService;
import net.corda.node.utilities.AppendOnlyPersistentMap;
import net.corda.nodeapi.internal.cryptoservice.CryptoService;
import net.corda.nodeapi.internal.persistence.CordaPersistence;
import net.corda.nodeapi.internal.persistence.DatabaseTransaction;
import org.bouncycastle.operator.ContentSigner;
import org.jetbrains.annotations.NotNull;

/* compiled from: BasicHSMKeyManagementService.kt */
@Metadata(mv = {NodeConfigurationImpl.Defaults.lazyBridgeStart, NodeConfigurationImpl.Defaults.lazyBridgeStart, 11}, bv = {NodeConfigurationImpl.Defaults.lazyBridgeStart, 0, 2}, k = NodeConfigurationImpl.Defaults.lazyBridgeStart, d1 = {"��\u0096\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0010%\n��\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\u001c\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n\u0002\b\u0004\u0018�� 62\u00020\u00012\u00020\u0002:\u000267B%\u0012\u0006\u0010\u0003\u001a\u00020\u0004\u0012\u0006\u0010\u0005\u001a\u00020\u0006\u0012\u0006\u0010\u0007\u001a\u00020\b\u0012\u0006\u0010\t\u001a\u00020\n¢\u0006\u0002\u0010\u000bJ\u0010\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u001c\u001a\u00020\u0010H\u0002J\u001c\u0010\u001d\u001a\b\u0012\u0004\u0012\u00020\u00100\u001e2\f\u0010\u001f\u001a\b\u0012\u0004\u0012\u00020\u00100\u001eH\u0016J\b\u0010 \u001a\u00020\u0010H\u0016J\u0010\u0010 \u001a\u00020\u00102\u0006\u0010!\u001a\u00020\"H\u0016J\u0018\u0010#\u001a\u00020$2\u0006\u0010%\u001a\u00020$2\u0006\u0010&\u001a\u00020\u001bH\u0016J \u0010#\u001a\u00020$2\u0006\u0010%\u001a\u00020$2\u0006\u0010&\u001a\u00020\u001b2\u0006\u0010!\u001a\u00020\"H\u0016J\u0010\u0010'\u001a\u00020(2\u0006\u0010\u001c\u001a\u00020\u0010H\u0002J\u0010\u0010)\u001a\u00020*2\u0006\u0010\u001c\u001a\u00020\u0010H\u0002J\u0010\u0010+\u001a\u00020\u00102\u0006\u0010\u001c\u001a\u00020\u0010H\u0002J\u0018\u0010,\u001a\u00020-2\u0006\u0010.\u001a\u00020/2\u0006\u0010\u001c\u001a\u00020\u0010H\u0016J\u0018\u0010,\u001a\u0002002\u0006\u00101\u001a\u0002022\u0006\u0010\u001c\u001a\u00020\u0010H\u0016J\u0016\u00103\u001a\u0002042\f\u00105\u001a\b\u0012\u0004\u0012\u00020*0\u000fH\u0016R\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n��R\u0011\u0010\u0005\u001a\u00020\u0006¢\u0006\b\n��\u001a\u0004\b\f\u0010\rR\u001a\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u00100\u000f8VX\u0096\u0004¢\u0006\u0006\u001a\u0004\b\u0011\u0010\u0012R&\u0010\u0013\u001a\u001a\u0012\u0004\u0012\u00020\u0010\u0012\u0004\u0012\u00020\u0015\u0012\u0004\u0012\u00020\u0016\u0012\u0004\u0012\u00020\u00170\u0014X\u0082\u0004¢\u0006\u0002\n��R\u001a\u0010\u0018\u001a\u000e\u0012\u0004\u0012\u00020\u0010\u0012\u0004\u0012\u00020\u00170\u0019X\u0082\u0004¢\u0006\u0002\n��¨\u00068"}, d2 = {"Lnet/corda/node/services/keys/BasicHSMKeyManagementService;", "Lnet/corda/core/serialization/SingletonSerializeAsToken;", "Lnet/corda/node/services/keys/KeyManagementServiceInternal;", "cacheFactory", "Lnet/corda/core/internal/NamedCacheFactory;", "identityService", "Lnet/corda/node/services/identity/PersistentIdentityService;", "database", "Lnet/corda/nodeapi/internal/persistence/CordaPersistence;", "cryptoService", "Lnet/corda/nodeapi/internal/cryptoservice/CryptoService;", "(Lnet/corda/core/internal/NamedCacheFactory;Lnet/corda/node/services/identity/PersistentIdentityService;Lnet/corda/nodeapi/internal/persistence/CordaPersistence;Lnet/corda/nodeapi/internal/cryptoservice/CryptoService;)V", "getIdentityService", "()Lnet/corda/node/services/identity/PersistentIdentityService;", "keys", "", "Ljava/security/PublicKey;", "getKeys", "()Ljava/util/Set;", "keysMap", "Lnet/corda/node/utilities/AppendOnlyPersistentMap;", "Ljava/security/PrivateKey;", "Lnet/corda/node/services/keys/BasicHSMKeyManagementService$PersistentKey;", "", "originalKeysMap", "", "containsPublicKey", "", "publicKey", "filterMyKeys", "", "candidateKeys", "freshKey", "externalId", "Ljava/util/UUID;", "freshKeyAndCert", "Lnet/corda/core/identity/PartyAndCertificate;", "identity", "revocationEnabled", "getSigner", "Lorg/bouncycastle/operator/ContentSigner;", "getSigningKeyPair", "Ljava/security/KeyPair;", "getSigningPublicKey", "sign", "Lnet/corda/core/crypto/DigitalSignature$WithKey;", "bytes", "", "Lnet/corda/core/crypto/TransactionSignature;", "signableData", "Lnet/corda/core/crypto/SignableData;", "start", "", "initialKeyPairs", "Companion", "PersistentKey", "node"})
/* loaded from: input_file:net/corda/node/services/keys/BasicHSMKeyManagementService.class */
public final class BasicHSMKeyManagementService extends SingletonSerializeAsToken implements KeyManagementServiceInternal {
    private final Map<PublicKey, String> originalKeysMap;
    private final AppendOnlyPersistentMap<PublicKey, PrivateKey, PersistentKey, String> keysMap;

    @NotNull
    private final PersistentIdentityService identityService;
    private final CordaPersistence database;
    private final CryptoService cryptoService;

    @Deprecated
    public static final Companion Companion = new Companion(null);

    /* compiled from: BasicHSMKeyManagementService.kt */
    @Metadata(mv = {NodeConfigurationImpl.Defaults.lazyBridgeStart, NodeConfigurationImpl.Defaults.lazyBridgeStart, 11}, bv = {NodeConfigurationImpl.Defaults.lazyBridgeStart, 0, 2}, k = NodeConfigurationImpl.Defaults.lazyBridgeStart, d1 = {"��(\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\b\u0082\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J&\u0010\u0003\u001a\u001a\u0012\u0004\u0012\u00020\u0005\u0012\u0004\u0012\u00020\u0006\u0012\u0004\u0012\u00020\u0007\u0012\u0004\u0012\u00020\b0\u00042\u0006\u0010\t\u001a\u00020\n¨\u0006\u000b"}, d2 = {"Lnet/corda/node/services/keys/BasicHSMKeyManagementService$Companion;", "", "()V", "createKeyMap", "Lnet/corda/node/utilities/AppendOnlyPersistentMap;", "Ljava/security/PublicKey;", "Ljava/security/PrivateKey;", "Lnet/corda/node/services/keys/BasicHSMKeyManagementService$PersistentKey;", "", "cacheFactory", "Lnet/corda/core/internal/NamedCacheFactory;", "node"})
    /* loaded from: input_file:net/corda/node/services/keys/BasicHSMKeyManagementService$Companion.class */
    private static final class Companion {
        @NotNull
        public final AppendOnlyPersistentMap<PublicKey, PrivateKey, PersistentKey, String> createKeyMap(@NotNull NamedCacheFactory namedCacheFactory) {
            Intrinsics.checkParameterIsNotNull(namedCacheFactory, "cacheFactory");
            return new AppendOnlyPersistentMap<>(namedCacheFactory, "BasicHSMKeyManagementService_keys", new Function1<PublicKey, String>() { // from class: net.corda.node.services.keys.BasicHSMKeyManagementService$Companion$createKeyMap$1
                @NotNull
                public final String invoke(@NotNull PublicKey publicKey) {
                    Intrinsics.checkParameterIsNotNull(publicKey, "it");
                    return CryptoUtils.toStringShort(publicKey);
                }
            }, new Function1<PersistentKey, Pair<? extends PublicKey, ? extends PrivateKey>>() { // from class: net.corda.node.services.keys.BasicHSMKeyManagementService$Companion$createKeyMap$2
                @NotNull
                public final Pair<PublicKey, PrivateKey> invoke(@NotNull BasicHSMKeyManagementService.PersistentKey persistentKey) {
                    Intrinsics.checkParameterIsNotNull(persistentKey, "it");
                    return new Pair<>(Crypto.decodePublicKey(persistentKey.getPublicKey()), Crypto.decodePrivateKey(persistentKey.getPrivateKey()));
                }
            }, new Function2<PublicKey, PrivateKey, PersistentKey>() { // from class: net.corda.node.services.keys.BasicHSMKeyManagementService$Companion$createKeyMap$3
                @NotNull
                public final BasicHSMKeyManagementService.PersistentKey invoke(@NotNull PublicKey publicKey, @NotNull PrivateKey privateKey) {
                    Intrinsics.checkParameterIsNotNull(publicKey, "key");
                    Intrinsics.checkParameterIsNotNull(privateKey, "value");
                    return new BasicHSMKeyManagementService.PersistentKey(publicKey, privateKey);
                }
            }, PersistentKey.class);
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: BasicHSMKeyManagementService.kt */
    @Table(name = "node_our_key_pairs")
    @Entity
    @Metadata(mv = {NodeConfigurationImpl.Defaults.lazyBridgeStart, NodeConfigurationImpl.Defaults.lazyBridgeStart, 11}, bv = {NodeConfigurationImpl.Defaults.lazyBridgeStart, 0, 2}, k = NodeConfigurationImpl.Defaults.lazyBridgeStart, d1 = {"��$\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\u0010\u0012\n\u0002\b\f\b\u0017\u0018��2\u00020\u0001B\u0017\b\u0016\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006B!\u0012\u0006\u0010\u0007\u001a\u00020\b\u0012\b\b\u0002\u0010\u0002\u001a\u00020\t\u0012\b\b\u0002\u0010\u0004\u001a\u00020\t¢\u0006\u0002\u0010\nR\u001e\u0010\u0004\u001a\u00020\t8\u0016@\u0016X\u0097\u000e¢\u0006\u000e\n��\u001a\u0004\b\u000b\u0010\f\"\u0004\b\r\u0010\u000eR\u001e\u0010\u0002\u001a\u00020\t8\u0016@\u0016X\u0097\u000e¢\u0006\u000e\n��\u001a\u0004\b\u000f\u0010\f\"\u0004\b\u0010\u0010\u000eR\u001e\u0010\u0007\u001a\u00020\b8\u0016@\u0016X\u0097\u000e¢\u0006\u000e\n��\u001a\u0004\b\u0011\u0010\u0012\"\u0004\b\u0013\u0010\u0014¨\u0006\u0015"}, d2 = {"Lnet/corda/node/services/keys/BasicHSMKeyManagementService$PersistentKey;", "", "publicKey", "Ljava/security/PublicKey;", "privateKey", "Ljava/security/PrivateKey;", "(Ljava/security/PublicKey;Ljava/security/PrivateKey;)V", "publicKeyHash", "", "", "(Ljava/lang/String;[B[B)V", "getPrivateKey", "()[B", "setPrivateKey", "([B)V", "getPublicKey", "setPublicKey", "getPublicKeyHash", "()Ljava/lang/String;", "setPublicKeyHash", "(Ljava/lang/String;)V", "node"})
    /* loaded from: input_file:net/corda/node/services/keys/BasicHSMKeyManagementService$PersistentKey.class */
    public static class PersistentKey {

        @Id
        @Column(name = "public_key_hash", length = 130, nullable = false)
        @NotNull
        private String publicKeyHash;

        @Lob
        @Column(name = "public_key", nullable = false)
        @NotNull
        private byte[] publicKey;

        @Lob
        @Column(name = "private_key", nullable = false)
        @NotNull
        private byte[] privateKey;

        @NotNull
        public String getPublicKeyHash() {
            return this.publicKeyHash;
        }

        public void setPublicKeyHash(@NotNull String str) {
            Intrinsics.checkParameterIsNotNull(str, "<set-?>");
            this.publicKeyHash = str;
        }

        @NotNull
        public byte[] getPublicKey() {
            return this.publicKey;
        }

        public void setPublicKey(@NotNull byte[] bArr) {
            Intrinsics.checkParameterIsNotNull(bArr, "<set-?>");
            this.publicKey = bArr;
        }

        @NotNull
        public byte[] getPrivateKey() {
            return this.privateKey;
        }

        public void setPrivateKey(@NotNull byte[] bArr) {
            Intrinsics.checkParameterIsNotNull(bArr, "<set-?>");
            this.privateKey = bArr;
        }

        public PersistentKey(@NotNull String str, @NotNull byte[] bArr, @NotNull byte[] bArr2) {
            Intrinsics.checkParameterIsNotNull(str, "publicKeyHash");
            Intrinsics.checkParameterIsNotNull(bArr, "publicKey");
            Intrinsics.checkParameterIsNotNull(bArr2, "privateKey");
            this.publicKeyHash = str;
            this.publicKey = bArr;
            this.privateKey = bArr2;
        }

        /* JADX WARN: Illegal instructions before constructor call */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public /* synthetic */ PersistentKey(java.lang.String r6, byte[] r7, byte[] r8, int r9, kotlin.jvm.internal.DefaultConstructorMarker r10) {
            /*
                r5 = this;
                r0 = r9
                r1 = 2
                r0 = r0 & r1
                if (r0 == 0) goto L11
                byte[] r0 = org.apache.commons.lang.ArrayUtils.EMPTY_BYTE_ARRAY
                r1 = r0
                java.lang.String r2 = "EMPTY_BYTE_ARRAY"
                kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r1, r2)
                r7 = r0
            L11:
                r0 = r9
                r1 = 4
                r0 = r0 & r1
                if (r0 == 0) goto L22
                byte[] r0 = org.apache.commons.lang.ArrayUtils.EMPTY_BYTE_ARRAY
                r1 = r0
                java.lang.String r2 = "EMPTY_BYTE_ARRAY"
                kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r1, r2)
                r8 = r0
            L22:
                r0 = r5
                r1 = r6
                r2 = r7
                r3 = r8
                r0.<init>(r1, r2, r3)
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: net.corda.node.services.keys.BasicHSMKeyManagementService.PersistentKey.<init>(java.lang.String, byte[], byte[], int, kotlin.jvm.internal.DefaultConstructorMarker):void");
        }

        /* JADX WARN: Illegal instructions before constructor call */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public PersistentKey(@org.jetbrains.annotations.NotNull java.security.PublicKey r8, @org.jetbrains.annotations.NotNull java.security.PrivateKey r9) {
            /*
                r7 = this;
                r0 = r8
                java.lang.String r1 = "publicKey"
                kotlin.jvm.internal.Intrinsics.checkParameterIsNotNull(r0, r1)
                r0 = r9
                java.lang.String r1 = "privateKey"
                kotlin.jvm.internal.Intrinsics.checkParameterIsNotNull(r0, r1)
                r0 = r7
                r1 = r8
                java.lang.String r1 = net.corda.core.crypto.CryptoUtils.toStringShort(r1)
                r2 = r8
                byte[] r2 = r2.getEncoded()
                r3 = r2
                java.lang.String r4 = "publicKey.encoded"
                kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r3, r4)
                r3 = r9
                byte[] r3 = r3.getEncoded()
                r4 = r3
                java.lang.String r5 = "privateKey.encoded"
                kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r4, r5)
                r0.<init>(r1, r2, r3)
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: net.corda.node.services.keys.BasicHSMKeyManagementService.PersistentKey.<init>(java.security.PublicKey, java.security.PrivateKey):void");
        }

        public PersistentKey() {
        }
    }

    @Override // net.corda.node.services.keys.KeyManagementServiceInternal
    public void start(@NotNull Set<KeyPair> set) {
        Intrinsics.checkParameterIsNotNull(set, "initialKeyPairs");
        for (KeyPair keyPair : set) {
            if (!(keyPair.getPrivate() instanceof AliasPrivateKey)) {
                StringBuilder append = new StringBuilder().append(getClass().getName()).append(" supports AliasPrivateKeys only, but ");
                PrivateKey privateKey = keyPair.getPrivate();
                Intrinsics.checkExpressionValueIsNotNull(privateKey, "it.private");
                throw new IllegalArgumentException(append.append(privateKey.getAlgorithm()).append(" key was found").toString().toString());
            }
            Map<PublicKey, String> map = this.originalKeysMap;
            PublicKey publicKey = keyPair.getPublic();
            Intrinsics.checkExpressionValueIsNotNull(publicKey, "it.public");
            PublicKey supportedPublicKey = Crypto.toSupportedPublicKey(publicKey);
            AliasPrivateKey aliasPrivateKey = keyPair.getPrivate();
            if (aliasPrivateKey == null) {
                throw new TypeCastException("null cannot be cast to non-null type net.corda.core.crypto.internal.AliasPrivateKey");
            }
            map.put(supportedPublicKey, aliasPrivateKey.getAlias());
        }
    }

    @NotNull
    public Set<PublicKey> getKeys() {
        return (Set) this.database.transaction(new Function1<DatabaseTransaction, Set<? extends PublicKey>>() { // from class: net.corda.node.services.keys.BasicHSMKeyManagementService$keys$1
            @NotNull
            public final Set<PublicKey> invoke(@NotNull DatabaseTransaction databaseTransaction) {
                Map map;
                AppendOnlyPersistentMap appendOnlyPersistentMap;
                Intrinsics.checkParameterIsNotNull(databaseTransaction, "$receiver");
                map = BasicHSMKeyManagementService.this.originalKeysMap;
                Set keySet = map.keySet();
                appendOnlyPersistentMap = BasicHSMKeyManagementService.this.keysMap;
                return SetsKt.plus(keySet, SequencesKt.toSet(SequencesKt.map(appendOnlyPersistentMap.allPersisted(), new Function1<Pair<? extends PublicKey, ? extends PrivateKey>, PublicKey>() { // from class: net.corda.node.services.keys.BasicHSMKeyManagementService$keys$1.1
                    @NotNull
                    public final PublicKey invoke(@NotNull Pair<? extends PublicKey, ? extends PrivateKey> pair) {
                        Intrinsics.checkParameterIsNotNull(pair, "it");
                        return (PublicKey) pair.getFirst();
                    }
                })));
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(1);
            }
        });
    }

    private final boolean containsPublicKey(PublicKey publicKey) {
        return this.originalKeysMap.containsKey(publicKey) || this.keysMap.contains(publicKey);
    }

    @NotNull
    public Iterable<PublicKey> filterMyKeys(@NotNull final Iterable<? extends PublicKey> iterable) {
        Intrinsics.checkParameterIsNotNull(iterable, "candidateKeys");
        return (Iterable) this.database.transaction(new Function1<DatabaseTransaction, Iterable<? extends PublicKey>>() { // from class: net.corda.node.services.keys.BasicHSMKeyManagementService$filterMyKeys$1
            @NotNull
            public final Iterable<PublicKey> invoke(@NotNull DatabaseTransaction databaseTransaction) {
                Intrinsics.checkParameterIsNotNull(databaseTransaction, "$receiver");
                return BasicHSMKeyManagementService.this.getIdentityService().stripNotOurKeys(iterable);
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }
        });
    }

    @NotNull
    public PublicKey freshKey() {
        final KeyPair generateKeyPair = CryptoUtils.generateKeyPair();
        this.database.transaction(new Function1<DatabaseTransaction, Unit>() { // from class: net.corda.node.services.keys.BasicHSMKeyManagementService$freshKey$1
            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                invoke((DatabaseTransaction) obj);
                return Unit.INSTANCE;
            }

            public final void invoke(@NotNull DatabaseTransaction databaseTransaction) {
                AppendOnlyPersistentMap appendOnlyPersistentMap;
                Intrinsics.checkParameterIsNotNull(databaseTransaction, "$receiver");
                appendOnlyPersistentMap = BasicHSMKeyManagementService.this.keysMap;
                PublicKey publicKey = generateKeyPair.getPublic();
                Intrinsics.checkExpressionValueIsNotNull(publicKey, "keyPair.public");
                PrivateKey privateKey = generateKeyPair.getPrivate();
                Intrinsics.checkExpressionValueIsNotNull(privateKey, "keyPair.private");
                appendOnlyPersistentMap.set(publicKey, privateKey);
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }
        });
        PublicKey publicKey = generateKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "keyPair.public");
        return publicKey;
    }

    @NotNull
    public PublicKey freshKey(@NotNull final UUID uuid) {
        Intrinsics.checkParameterIsNotNull(uuid, "externalId");
        final PublicKey freshKey = freshKey();
        this.database.transaction(new Function1<DatabaseTransaction, Unit>() { // from class: net.corda.node.services.keys.BasicHSMKeyManagementService$freshKey$2
            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                invoke((DatabaseTransaction) obj);
                return Unit.INSTANCE;
            }

            public final void invoke(@NotNull DatabaseTransaction databaseTransaction) {
                Intrinsics.checkParameterIsNotNull(databaseTransaction, "$receiver");
                databaseTransaction.getSession().persist(new PublicKeyHashToExternalId(uuid, freshKey));
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }
        });
        return freshKey;
    }

    @NotNull
    public PartyAndCertificate freshKeyAndCert(@NotNull PartyAndCertificate partyAndCertificate, boolean z) {
        Intrinsics.checkParameterIsNotNull(partyAndCertificate, "identity");
        return KMSUtilsKt.freshCertificate(this.identityService, freshKey(), partyAndCertificate, getSigner(partyAndCertificate.getOwningKey()));
    }

    @NotNull
    public PartyAndCertificate freshKeyAndCert(@NotNull PartyAndCertificate partyAndCertificate, boolean z, @NotNull final UUID uuid) {
        Intrinsics.checkParameterIsNotNull(partyAndCertificate, "identity");
        Intrinsics.checkParameterIsNotNull(uuid, "externalId");
        final PartyAndCertificate freshKeyAndCert = freshKeyAndCert(partyAndCertificate, z);
        this.database.transaction(new Function1<DatabaseTransaction, Unit>() { // from class: net.corda.node.services.keys.BasicHSMKeyManagementService$freshKeyAndCert$1
            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                invoke((DatabaseTransaction) obj);
                return Unit.INSTANCE;
            }

            public final void invoke(@NotNull DatabaseTransaction databaseTransaction) {
                Intrinsics.checkParameterIsNotNull(databaseTransaction, "$receiver");
                databaseTransaction.getSession().persist(new PublicKeyHashToExternalId(uuid, freshKeyAndCert.getOwningKey()));
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }
        });
        return freshKeyAndCert;
    }

    private final ContentSigner getSigner(PublicKey publicKey) {
        PublicKey signingPublicKey = getSigningPublicKey(publicKey);
        if (!this.originalKeysMap.containsKey(signingPublicKey)) {
            return KMSUtilsKt.getSigner(getSigningKeyPair(signingPublicKey));
        }
        CryptoService cryptoService = this.cryptoService;
        String str = this.originalKeysMap.get(signingPublicKey);
        if (str == null) {
            Intrinsics.throwNpe();
        }
        return cryptoService.getSigner(str);
    }

    private final KeyPair getSigningKeyPair(final PublicKey publicKey) {
        return (KeyPair) this.database.transaction(new Function1<DatabaseTransaction, KeyPair>() { // from class: net.corda.node.services.keys.BasicHSMKeyManagementService$getSigningKeyPair$1
            @NotNull
            public final KeyPair invoke(@NotNull DatabaseTransaction databaseTransaction) {
                AppendOnlyPersistentMap appendOnlyPersistentMap;
                Intrinsics.checkParameterIsNotNull(databaseTransaction, "$receiver");
                PublicKey publicKey2 = publicKey;
                appendOnlyPersistentMap = BasicHSMKeyManagementService.this.keysMap;
                V v = appendOnlyPersistentMap.get(publicKey);
                if (v == 0) {
                    Intrinsics.throwNpe();
                }
                return new KeyPair(publicKey2, (PrivateKey) v);
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }
        });
    }

    private final PublicKey getSigningPublicKey(PublicKey publicKey) {
        for (Object obj : CryptoUtils.getKeys(publicKey)) {
            if (containsPublicKey((PublicKey) obj)) {
                return (PublicKey) obj;
            }
        }
        throw new NoSuchElementException("Collection contains no element matching the predicate.");
    }

    @NotNull
    public DigitalSignature.WithKey sign(@NotNull byte[] bArr, @NotNull PublicKey publicKey) {
        Intrinsics.checkParameterIsNotNull(bArr, "bytes");
        Intrinsics.checkParameterIsNotNull(publicKey, "publicKey");
        PublicKey signingPublicKey = getSigningPublicKey(publicKey);
        if (!this.originalKeysMap.containsKey(signingPublicKey)) {
            return CryptoUtils.sign(getSigningKeyPair(signingPublicKey), bArr);
        }
        CryptoService cryptoService = this.cryptoService;
        String str = this.originalKeysMap.get(signingPublicKey);
        if (str == null) {
            Intrinsics.throwNpe();
        }
        return new DigitalSignature.WithKey(signingPublicKey, cryptoService.sign(str, bArr));
    }

    @NotNull
    public TransactionSignature sign(@NotNull SignableData signableData, @NotNull PublicKey publicKey) {
        Intrinsics.checkParameterIsNotNull(signableData, "signableData");
        Intrinsics.checkParameterIsNotNull(publicKey, "publicKey");
        PublicKey signingPublicKey = getSigningPublicKey(publicKey);
        if (!this.originalKeysMap.containsKey(signingPublicKey)) {
            return CryptoUtils.sign(getSigningKeyPair(signingPublicKey), signableData);
        }
        SignatureScheme findSignatureScheme = Crypto.findSignatureScheme(signingPublicKey);
        SignatureScheme findSignatureScheme2 = Crypto.findSignatureScheme(signableData.getSignatureMetadata().getSchemeNumberID());
        if (!(Intrinsics.areEqual(findSignatureScheme, findSignatureScheme2) || Intrinsics.areEqual(findSignatureScheme2, Crypto.COMPOSITE_KEY))) {
            throw new IllegalArgumentException(("Metadata schemeCodeName: " + findSignatureScheme2.getSchemeCodeName() + " is not aligned with the key type: " + findSignatureScheme.getSchemeCodeName() + '.').toString());
        }
        CryptoService cryptoService = this.cryptoService;
        String str = this.originalKeysMap.get(signingPublicKey);
        if (str == null) {
            Intrinsics.throwNpe();
        }
        return new TransactionSignature(cryptoService.sign(str, SerializationAPIKt.serialize$default(signableData, (SerializationFactory) null, (SerializationContext) null, 3, (Object) null).getBytes()), signingPublicKey, signableData.getSignatureMetadata());
    }

    @NotNull
    public final PersistentIdentityService getIdentityService() {
        return this.identityService;
    }

    public BasicHSMKeyManagementService(@NotNull NamedCacheFactory namedCacheFactory, @NotNull PersistentIdentityService persistentIdentityService, @NotNull CordaPersistence cordaPersistence, @NotNull CryptoService cryptoService) {
        Intrinsics.checkParameterIsNotNull(namedCacheFactory, "cacheFactory");
        Intrinsics.checkParameterIsNotNull(persistentIdentityService, "identityService");
        Intrinsics.checkParameterIsNotNull(cordaPersistence, "database");
        Intrinsics.checkParameterIsNotNull(cryptoService, "cryptoService");
        this.identityService = persistentIdentityService;
        this.database = cordaPersistence;
        this.cryptoService = cryptoService;
        this.originalKeysMap = new LinkedHashMap();
        this.keysMap = Companion.createKeyMap(namedCacheFactory);
    }
}
