package net.corda.core.identity;

import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Set;
import kotlin.Metadata;
import kotlin.collections.SetsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.ranges.IntProgression;
import kotlin.ranges.RangesKt;
import net.corda.core.internal.CertRole;
import net.corda.core.internal.InternalUtils;
import net.corda.core.serialization.CordaSerializable;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: PartyAndCertificate.kt */
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��X\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\b\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\"\n��\b\u0007\u0018��2\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\t\u0010\u0017\u001a\u00020\u0014H\u0086\u0002J\t\u0010\u0018\u001a\u00020\bH\u0086\u0002J\u0013\u0010\u0019\u001a\u00020\u001a2\b\u0010\u001b\u001a\u0004\u0018\u00010\u0001H\u0096\u0002J\b\u0010\u001c\u001a\u00020\u001dH\u0016J\b\u0010\u001e\u001a\u00020\u001fH\u0016J\u000e\u0010 \u001a\u00020!2\u0006\u0010\"\u001a\u00020#J\u0014\u0010 \u001a\u00020!2\f\u0010$\u001a\b\u0012\u0004\u0012\u00020#0%R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\u0005\u0010\u0006R\u0011\u0010\u0007\u001a\u00020\b¢\u0006\b\n��\u001a\u0004\b\t\u0010\nR\u0011\u0010\u000b\u001a\u00020\f8F¢\u0006\u0006\u001a\u0004\b\r\u0010\u000eR\u0011\u0010\u000f\u001a\u00020\u00108F¢\u0006\u0006\u001a\u0004\b\u0011\u0010\u0012R\u0011\u0010\u0013\u001a\u00020\u0014¢\u0006\b\n��\u001a\u0004\b\u0015\u0010\u0016¨\u0006&"}, d2 = {"Lnet/corda/core/identity/PartyAndCertificate;", "", "certPath", "Ljava/security/cert/CertPath;", "(Ljava/security/cert/CertPath;)V", "getCertPath", "()Ljava/security/cert/CertPath;", "certificate", "Ljava/security/cert/X509Certificate;", "getCertificate", "()Ljava/security/cert/X509Certificate;", "name", "Lnet/corda/core/identity/CordaX500Name;", "getName", "()Lnet/corda/core/identity/CordaX500Name;", "owningKey", "Ljava/security/PublicKey;", "getOwningKey", "()Ljava/security/PublicKey;", "party", "Lnet/corda/core/identity/Party;", "getParty", "()Lnet/corda/core/identity/Party;", "component1", "component2", "equals", "", "other", "hashCode", "", "toString", "", "verify", "Ljava/security/cert/PKIXCertPathValidatorResult;", "trustAnchor", "Ljava/security/cert/TrustAnchor;", "trustAnchors", "", "core"})
@CordaSerializable
@SourceDebugExtension({"SMAP\nPartyAndCertificate.kt\nKotlin\n*S Kotlin\n*F\n+ 1 PartyAndCertificate.kt\nnet/corda/core/identity/PartyAndCertificate\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,73:1\n1#2:74\n*E\n"})
/* loaded from: input_file:corda-core-4.12.3.jar:net/corda/core/identity/PartyAndCertificate.class */
public final class PartyAndCertificate {

    @NotNull
    private final CertPath certPath;

    @NotNull
    private final transient X509Certificate certificate;

    @NotNull
    private final transient Party party;

    public PartyAndCertificate(@NotNull CertPath certPath) {
        Intrinsics.checkNotNullParameter(certPath, "certPath");
        this.certPath = certPath;
        if (!Intrinsics.areEqual(this.certPath.getType(), "X.509")) {
            throw new IllegalArgumentException("Only X.509 certificates supported".toString());
        }
        List<? extends Certificate> certificates = this.certPath.getCertificates();
        if (!(certificates.size() >= 2)) {
            throw new IllegalArgumentException("Certificate path must at least include subject and issuing certificates".toString());
        }
        Certificate certificate = certificates.get(0);
        Intrinsics.checkNotNull(certificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        this.certificate = (X509Certificate) certificate;
        CertRole extract = CertRole.Companion.extract(this.certificate);
        if (!(extract != null ? extract.isIdentity() : false)) {
            throw new IllegalArgumentException(("Party certificate " + this.certificate.getSubjectX500Principal() + " does not have a well known or confidential identity role. Found: " + extract).toString());
        }
        this.party = Party.Companion.create(this.certificate);
    }

    @NotNull
    public final CertPath getCertPath() {
        return this.certPath;
    }

    @NotNull
    public final X509Certificate getCertificate() {
        return this.certificate;
    }

    @NotNull
    public final Party getParty() {
        return this.party;
    }

    @NotNull
    public final PublicKey getOwningKey() {
        return this.party.getOwningKey();
    }

    @NotNull
    public final CordaX500Name getName() {
        return this.party.getName();
    }

    @NotNull
    public final Party component1() {
        return this.party;
    }

    @NotNull
    public final X509Certificate component2() {
        return this.certificate;
    }

    public boolean equals(@Nullable Object obj) {
        return obj == this || ((obj instanceof PartyAndCertificate) && Intrinsics.areEqual(((PartyAndCertificate) obj).party, this.party));
    }

    public int hashCode() {
        return this.party.hashCode();
    }

    @NotNull
    public String toString() {
        return this.party.toString();
    }

    @NotNull
    public final PKIXCertPathValidatorResult verify(@NotNull TrustAnchor trustAnchor) {
        Intrinsics.checkNotNullParameter(trustAnchor, "trustAnchor");
        return verify(SetsKt.setOf(trustAnchor));
    }

    @NotNull
    public final PKIXCertPathValidatorResult verify(@NotNull Set<? extends TrustAnchor> trustAnchors) {
        Intrinsics.checkNotNullParameter(trustAnchors, "trustAnchors");
        PKIXCertPathValidatorResult validate$default = InternalUtils.validate$default(this.certPath, trustAnchors, false, 2, null);
        CertRole.Companion companion = CertRole.Companion;
        X509Certificate trustedCert = validate$default.getTrustAnchor().getTrustedCert();
        Intrinsics.checkNotNullExpressionValue(trustedCert, "getTrustedCert(...)");
        CertRole extract = companion.extract(trustedCert);
        List<? extends Certificate> certificates = this.certPath.getCertificates();
        Intrinsics.checkNotNull(certificates, "null cannot be cast to non-null type kotlin.collections.List<java.security.cert.X509Certificate>");
        IntProgression reversed = RangesKt.reversed(RangesKt.until(0, certificates.size()));
        int first = reversed.getFirst();
        int last = reversed.getLast();
        int step = reversed.getStep();
        if ((step > 0 && first <= last) || (step < 0 && last <= first)) {
            while (true) {
                X509Certificate x509Certificate = (X509Certificate) certificates.get(first);
                CertRole extract2 = CertRole.Companion.extract(x509Certificate);
                if (extract != null) {
                    if (extract2 == null) {
                        throw new CertPathValidatorException("Child certificate whose issuer includes a Corda role, must also specify Corda role");
                    }
                    if (!extract2.isValidParent(extract)) {
                        String x500Principal = x509Certificate.getSubjectX500Principal().toString();
                        Intrinsics.checkNotNullExpressionValue(x500Principal, "toString(...)");
                        throw new CertPathValidatorException("The issuing certificate for " + x500Principal + " has role " + extract + ", expected one of " + extract2.getValidParents());
                    }
                }
                extract = extract2;
                if (first == last) {
                    break;
                }
                first += step;
            }
        }
        return validate$default;
    }
}
