package tech.relaycorp.relaynet.wrappers.cms;

import java.util.Hashtable;
import java.util.Map;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TuplesKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.OriginatorIdentifierOrKey;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.KeyAgreeRecipientId;
import org.bouncycastle.cms.KeyAgreeRecipientInformation;
import org.bouncycastle.cms.RecipientInfoGenerator;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;
import org.jetbrains.annotations.NotNull;
import tech.relaycorp.relaynet.CryptoUtils;
import tech.relaycorp.relaynet.HashingAlgorithm;
import tech.relaycorp.relaynet.OIDs;
import tech.relaycorp.relaynet.SessionKey;
import tech.relaycorp.relaynet.SessionKeyPair;
import tech.relaycorp.relaynet.SymmetricCipher;
import tech.relaycorp.relaynet.wrappers.Keys;
import tech.relaycorp.relaynet.wrappers.PRNGKt;

/* compiled from: EnvelopedData.kt */
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��&\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n\u0002\b\u0002\b��\u0018�� \u000b2\u00020\u0001:\u0001\u000bB\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0006\u0010\u0005\u001a\u00020\u0006J\b\u0010\u0007\u001a\u00020\bH\u0016J\b\u0010\t\u001a\u00020\nH\u0014¨\u0006\f"}, d2 = {"Ltech/relaycorp/relaynet/wrappers/cms/SessionEnvelopedData;", "Ltech/relaycorp/relaynet/wrappers/cms/EnvelopedData;", "bcEnvelopedData", "Lorg/bouncycastle/cms/CMSEnvelopedData;", "(Lorg/bouncycastle/cms/CMSEnvelopedData;)V", "getOriginatorKey", "Ltech/relaycorp/relaynet/SessionKey;", "getRecipientKeyId", "Ltech/relaycorp/relaynet/wrappers/cms/RecipientKeyIdentifier;", "validate", "", "Companion", "awala"})
/* loaded from: input_file:tech/relaycorp/relaynet/wrappers/cms/SessionEnvelopedData.class */
public final class SessionEnvelopedData extends EnvelopedData {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final Map<HashingAlgorithm, ASN1ObjectIdentifier> ecdhAlgorithmByHashingAlgorithm = MapsKt.mapOf(new Pair[]{TuplesKt.to(HashingAlgorithm.SHA256, CMSAlgorithm.ECDH_SHA256KDF), TuplesKt.to(HashingAlgorithm.SHA384, CMSAlgorithm.ECDH_SHA384KDF), TuplesKt.to(HashingAlgorithm.SHA512, CMSAlgorithm.ECDH_SHA512KDF)});

    /* compiled from: EnvelopedData.kt */
    @Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��D\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010$\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J2\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u00112\b\b\u0002\u0010\u0012\u001a\u00020\u00132\b\b\u0002\u0010\u0014\u001a\u00020\u0005J \u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0005H\u0002R%\u0010\u0003\u001a\u0016\u0012\u0004\u0012\u00020\u0005\u0012\f\u0012\n \u0007*\u0004\u0018\u00010\u00060\u00060\u0004¢\u0006\b\n��\u001a\u0004\b\b\u0010\t¨\u0006\u0018"}, d2 = {"Ltech/relaycorp/relaynet/wrappers/cms/SessionEnvelopedData$Companion;", "", "()V", "ecdhAlgorithmByHashingAlgorithm", "", "Ltech/relaycorp/relaynet/HashingAlgorithm;", "Lorg/bouncycastle/asn1/ASN1ObjectIdentifier;", "kotlin.jvm.PlatformType", "getEcdhAlgorithmByHashingAlgorithm", "()Ljava/util/Map;", "encrypt", "Ltech/relaycorp/relaynet/wrappers/cms/SessionEnvelopedData;", "plaintext", "", "recipientKey", "Ltech/relaycorp/relaynet/SessionKey;", "senderKeyPair", "Ltech/relaycorp/relaynet/SessionKeyPair;", "symmetricCipher", "Ltech/relaycorp/relaynet/SymmetricCipher;", "hashingAlgorithm", "makeRecipientInfoGenerator", "Lorg/bouncycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator;", "originatorKeyPair", "awala"})
    /* loaded from: input_file:tech/relaycorp/relaynet/wrappers/cms/SessionEnvelopedData$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        @NotNull
        public final Map<HashingAlgorithm, ASN1ObjectIdentifier> getEcdhAlgorithmByHashingAlgorithm() {
            return SessionEnvelopedData.ecdhAlgorithmByHashingAlgorithm;
        }

        @NotNull
        public final SessionEnvelopedData encrypt(@NotNull byte[] bArr, @NotNull SessionKey sessionKey, @NotNull SessionKeyPair sessionKeyPair, @NotNull SymmetricCipher symmetricCipher, @NotNull HashingAlgorithm hashingAlgorithm) {
            CMSEnvelopedData bcEncrypt;
            Intrinsics.checkNotNullParameter(bArr, "plaintext");
            Intrinsics.checkNotNullParameter(sessionKey, "recipientKey");
            Intrinsics.checkNotNullParameter(sessionKeyPair, "senderKeyPair");
            Intrinsics.checkNotNullParameter(symmetricCipher, "symmetricCipher");
            Intrinsics.checkNotNullParameter(hashingAlgorithm, "hashingAlgorithm");
            RecipientInfoGenerator makeRecipientInfoGenerator = makeRecipientInfoGenerator(sessionKeyPair, symmetricCipher, hashingAlgorithm);
            makeRecipientInfoGenerator.addRecipient(sessionKey.getKeyId(), sessionKey.getPublicKey());
            Hashtable hashtable = new Hashtable();
            hashtable.put(OIDs.INSTANCE.getORIGINATOR_EPHEMERAL_CERT_SERIAL_NUMBER(), new Attribute(OIDs.INSTANCE.getORIGINATOR_EPHEMERAL_CERT_SERIAL_NUMBER(), new DERSet(new DEROctetString(sessionKeyPair.getSessionKey().getKeyId()))));
            bcEncrypt = EnvelopedDataKt.bcEncrypt(bArr, symmetricCipher, makeRecipientInfoGenerator, new AttributeTable(hashtable));
            return new SessionEnvelopedData(bcEncrypt);
        }

        public static /* synthetic */ SessionEnvelopedData encrypt$default(Companion companion, byte[] bArr, SessionKey sessionKey, SessionKeyPair sessionKeyPair, SymmetricCipher symmetricCipher, HashingAlgorithm hashingAlgorithm, int i, Object obj) {
            if ((i & 8) != 0) {
                symmetricCipher = SymmetricCipher.AES_128;
            }
            if ((i & 16) != 0) {
                hashingAlgorithm = HashingAlgorithm.SHA256;
            }
            return companion.encrypt(bArr, sessionKey, sessionKeyPair, symmetricCipher, hashingAlgorithm);
        }

        private final JceKeyAgreeRecipientInfoGenerator makeRecipientInfoGenerator(SessionKeyPair sessionKeyPair, SymmetricCipher symmetricCipher, HashingAlgorithm hashingAlgorithm) {
            JceKeyAgreeRecipientInfoGenerator provider = new JceKeyAgreeRecipientInfoGenerator(getEcdhAlgorithmByHashingAlgorithm().get(hashingAlgorithm), sessionKeyPair.getPrivateKey(), sessionKeyPair.getSessionKey().getPublicKey(), EnvelopedDataKt.getCMS_KW_ALGORITHMS().get(symmetricCipher)).setUserKeyingMaterial(PRNGKt.generateRandomOctets(64)).setProvider(CryptoUtils.getBC_PROVIDER());
            Intrinsics.checkNotNullExpressionValue(provider, "setProvider(...)");
            return provider;
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public SessionEnvelopedData(@NotNull CMSEnvelopedData cMSEnvelopedData) {
        super(cMSEnvelopedData);
        Intrinsics.checkNotNullParameter(cMSEnvelopedData, "bcEnvelopedData");
    }

    @Override // tech.relaycorp.relaynet.wrappers.cms.EnvelopedData
    @NotNull
    public RecipientKeyIdentifier getRecipientKeyId() {
        Iterable recipientInfos = getBcEnvelopedData().getRecipientInfos();
        Intrinsics.checkNotNullExpressionValue(recipientInfos, "getRecipientInfos(...)");
        KeyAgreeRecipientId rid = ((RecipientInformation) CollectionsKt.first(recipientInfos)).getRID();
        Intrinsics.checkNotNull(rid, "null cannot be cast to non-null type org.bouncycastle.cms.KeyAgreeRecipientId");
        byte[] subjectKeyIdentifier = rid.getSubjectKeyIdentifier();
        Intrinsics.checkNotNullExpressionValue(subjectKeyIdentifier, "getSubjectKeyIdentifier(...)");
        return new RecipientKeyIdentifier(subjectKeyIdentifier);
    }

    @NotNull
    public final SessionKey getOriginatorKey() {
        DEROctetString objectAt = getBcEnvelopedData().getUnprotectedAttributes().get(OIDs.INSTANCE.getORIGINATOR_EPHEMERAL_CERT_SERIAL_NUMBER()).getAttrValues().getObjectAt(0);
        Intrinsics.checkNotNull(objectAt, "null cannot be cast to non-null type org.bouncycastle.asn1.DEROctetString");
        DEROctetString dEROctetString = objectAt;
        Iterable recipientInfos = getBcEnvelopedData().getRecipientInfos();
        Intrinsics.checkNotNullExpressionValue(recipientInfos, "getRecipientInfos(...)");
        Object first = CollectionsKt.first(recipientInfos);
        Intrinsics.checkNotNull(first, "null cannot be cast to non-null type org.bouncycastle.cms.KeyAgreeRecipientInformation");
        OriginatorIdentifierOrKey originator = ((KeyAgreeRecipientInformation) first).getOriginator();
        byte[] octets = dEROctetString.getOctets();
        Intrinsics.checkNotNullExpressionValue(octets, "getOctets(...)");
        byte[] encoded = originator.getOriginatorKey().getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "getEncoded(...)");
        return new SessionKey(octets, Keys.deserializeECPublicKey(encoded));
    }

    @Override // tech.relaycorp.relaynet.wrappers.cms.EnvelopedData
    protected void validate() {
        AttributeTable unprotectedAttributes = getBcEnvelopedData().getUnprotectedAttributes();
        if (unprotectedAttributes == null) {
            throw new EnvelopedDataException("unprotectedAttrs is missing", null, 2, null);
        }
        if (unprotectedAttributes.size() == 0) {
            throw new EnvelopedDataException("unprotectedAttrs is empty", null, 2, null);
        }
        Attribute attribute = unprotectedAttributes.get(OIDs.INSTANCE.getORIGINATOR_EPHEMERAL_CERT_SERIAL_NUMBER());
        if (attribute == null) {
            throw new EnvelopedDataException("Originator key id is missing from unprotectedAttrs", null, 2, null);
        }
        if (attribute.getAttrValues().size() == 0) {
            throw new EnvelopedDataException("Originator key id is empty", null, 2, null);
        }
        if (1 < attribute.getAttrValues().size()) {
            throw new EnvelopedDataException("Originator key id has multiple values", null, 2, null);
        }
        if (!(attribute.getAttrValues().getObjectAt(0) instanceof DEROctetString)) {
            throw new EnvelopedDataException("Originator key id is not an OCTET STRING", null, 2, null);
        }
    }
}
