package net.corda.core.internal;

import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.crypto.CryptoUtils;
import net.corda.core.crypto.DigitalSignature;
import net.corda.core.serialization.DeprecatedConstructorForDeserialization;
import net.corda.core.utilities.OpaqueBytes;
import org.jetbrains.annotations.NotNull;

/* compiled from: DigitalSignatureWithCert.kt */
@Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��4\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n��\u0018��2\u00020\u0001B\u0017\b\u0017\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006B#\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\f\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\u00030\b\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\tJ\u000e\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0005J\u000e\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0017R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\n\u0010\u000bR\u0017\u0010\f\u001a\b\u0012\u0004\u0012\u00020\u00030\b8F¢\u0006\u0006\u001a\u0004\b\r\u0010\u000eR\u0011\u0010\u000f\u001a\u00020\u00108F¢\u0006\u0006\u001a\u0004\b\u0011\u0010\u0012R\u0017\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\u00030\b¢\u0006\b\n��\u001a\u0004\b\u0013\u0010\u000e¨\u0006\u0018"}, d2 = {"Lnet/corda/core/internal/DigitalSignatureWithCert;", "Lnet/corda/core/crypto/DigitalSignature;", "by", "Ljava/security/cert/X509Certificate;", "bytes", "", "(Ljava/security/cert/X509Certificate;[B)V", "parentCertsChain", "", "(Ljava/security/cert/X509Certificate;Ljava/util/List;[B)V", "getBy", "()Ljava/security/cert/X509Certificate;", "fullCertChain", "getFullCertChain", "()Ljava/util/List;", "fullCertPath", "Ljava/security/cert/CertPath;", "getFullCertPath", "()Ljava/security/cert/CertPath;", "getParentCertsChain", "verify", "", "content", "Lnet/corda/core/utilities/OpaqueBytes;", "core"})
/* loaded from: input_file:corda-core-4.9.3.jar:net/corda/core/internal/DigitalSignatureWithCert.class */
public final class DigitalSignatureWithCert extends DigitalSignature {

    @NotNull
    private final X509Certificate by;

    @NotNull
    private final List<X509Certificate> parentCertsChain;

    @NotNull
    public final List<X509Certificate> getFullCertChain() {
        return CollectionsKt.plus((Collection) CollectionsKt.listOf(this.by), (Iterable) this.parentCertsChain);
    }

    @NotNull
    public final CertPath getFullCertPath() {
        CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(getFullCertChain());
        Intrinsics.checkExpressionValueIsNotNull(generateCertPath, "CertificateFactory.getIn…teCertPath(fullCertChain)");
        return generateCertPath;
    }

    public final boolean verify(@NotNull byte[] content) {
        Intrinsics.checkParameterIsNotNull(content, "content");
        PublicKey publicKey = this.by.getPublicKey();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "by.publicKey");
        return CryptoUtils.verify(publicKey, content, this);
    }

    public final boolean verify(@NotNull OpaqueBytes content) {
        Intrinsics.checkParameterIsNotNull(content, "content");
        return verify(content.getBytes());
    }

    @NotNull
    public final X509Certificate getBy() {
        return this.by;
    }

    @NotNull
    public final List<X509Certificate> getParentCertsChain() {
        return this.parentCertsChain;
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    /* JADX WARN: Multi-variable type inference failed */
    public DigitalSignatureWithCert(@NotNull X509Certificate by, @NotNull List<? extends X509Certificate> parentCertsChain, @NotNull byte[] bytes) {
        super(bytes);
        Intrinsics.checkParameterIsNotNull(by, "by");
        Intrinsics.checkParameterIsNotNull(parentCertsChain, "parentCertsChain");
        Intrinsics.checkParameterIsNotNull(bytes, "bytes");
        this.by = by;
        this.parentCertsChain = parentCertsChain;
        if (!this.parentCertsChain.isEmpty()) {
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) SetsKt.setOf(new TrustAnchor((X509Certificate) CollectionsKt.last((List) this.parentCertsChain), null)));
            pKIXParameters.setRevocationEnabled(false);
            try {
                CertPathValidator.getInstance("PKIX").validate(getFullCertPath(), pKIXParameters);
            } catch (CertPathValidatorException e) {
                throw new IllegalArgumentException("Cert path failed to validate.\nReason: " + e.getReason() + "\nOffending cert index: " + e.getIndex() + "\nCert path: " + getFullCertPath() + '\n', e);
            }
        }
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    @DeprecatedConstructorForDeserialization(version = 1)
    public DigitalSignatureWithCert(@NotNull X509Certificate by, @NotNull byte[] bytes) {
        this(by, CollectionsKt.emptyList(), bytes);
        Intrinsics.checkParameterIsNotNull(by, "by");
        Intrinsics.checkParameterIsNotNull(bytes, "bytes");
    }
}
