package org.tokenscript.attestation;

import java.io.IOException;
import java.io.InvalidObjectException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.tokenscript.attestation.core.ASNEncodable;
import org.tokenscript.attestation.core.ExceptionUtil;
import org.tokenscript.attestation.core.SignatureUtility;
import org.tokenscript.attestation.core.Validateable;
import org.tokenscript.attestation.core.Verifiable;

/* loaded from: input_file:org/tokenscript/attestation/SignedIdentifierAttestation.class */
public class SignedIdentifierAttestation implements ASNEncodable, Verifiable, Validateable {
    private static final Logger logger = LogManager.getLogger((Class<?>) SignedIdentifierAttestation.class);
    public static final AlgorithmIdentifier ECDSA_WITH_SHA256 = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.10045.4.3.2"));
    private final IdentifierAttestation att;
    private final byte[] signature;
    private final AsymmetricKeyParameter attestationVerificationKey;

    public SignedIdentifierAttestation(IdentifierAttestation identifierAttestation, AsymmetricCipherKeyPair asymmetricCipherKeyPair) {
        this.att = identifierAttestation;
        this.signature = SignatureUtility.signWithEthereum(identifierAttestation.getPrehash(), asymmetricCipherKeyPair.getPrivate());
        this.attestationVerificationKey = asymmetricCipherKeyPair.getPublic();
        constructorCheck(asymmetricCipherKeyPair.getPublic());
    }

    public SignedIdentifierAttestation(byte[] bArr, AsymmetricKeyParameter asymmetricKeyParameter) throws IOException {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(new ASN1InputStream(bArr).readObject());
        ASN1Sequence aSN1Sequence2 = ASN1Sequence.getInstance(aSN1Sequence.getObjectAt(0));
        AlgorithmIdentifier algorithmIdentifier = AlgorithmIdentifier.getInstance(aSN1Sequence.getObjectAt(1));
        this.att = new IdentifierAttestation(aSN1Sequence2.getEncoded());
        this.signature = DERBitString.getInstance((Object) aSN1Sequence.getObjectAt(2)).getBytes();
        this.attestationVerificationKey = asymmetricKeyParameter;
        if (!algorithmIdentifier.equals(this.att.getSigningAlgorithm())) {
            throw ((IllegalArgumentException) ExceptionUtil.throwException(logger, new IllegalArgumentException("Algorithm specified is not consistent")));
        }
        constructorCheck(asymmetricKeyParameter);
    }

    void constructorCheck(AsymmetricKeyParameter asymmetricKeyParameter) {
        if (!(asymmetricKeyParameter instanceof ECPublicKeyParameters)) {
            throw ((UnsupportedOperationException) ExceptionUtil.throwException(logger, new UnsupportedOperationException("Attestations must be signed with ECDSA key")));
        }
        if (!verify()) {
            throw ((IllegalArgumentException) ExceptionUtil.throwException(logger, new IllegalArgumentException("Signature is not valid")));
        }
    }

    public IdentifierAttestation getUnsignedAttestation() {
        return this.att;
    }

    public byte[] getSignature() {
        return this.signature;
    }

    public AsymmetricKeyParameter getAttestationVerificationKey() {
        return this.attestationVerificationKey;
    }

    @Override // org.tokenscript.attestation.core.ASNEncodable
    public byte[] getDerEncoding() {
        return constructSignedAttestation(this.att, this.signature);
    }

    static byte[] constructSignedAttestation(Attestation attestation, byte[] bArr) {
        try {
            byte[] prehash = attestation.getPrehash();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(ASN1Primitive.fromByteArray(prehash));
            aSN1EncodableVector.add(attestation.getSigningAlgorithm());
            aSN1EncodableVector.add(new DERBitString(bArr));
            return new DERSequence(aSN1EncodableVector).getEncoded();
        } catch (Exception e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not encode asn1", e);
        }
    }

    @Override // org.tokenscript.attestation.core.Validateable
    public boolean checkValidity() {
        return getUnsignedAttestation().checkValidity();
    }

    @Override // org.tokenscript.attestation.core.Verifiable
    public boolean verify() {
        try {
            if (SignatureUtility.verifyEthereumSignature(this.att.getDerEncoding(), this.signature, this.attestationVerificationKey)) {
                return true;
            }
            logger.error("Could not verify signature");
            return false;
        } catch (InvalidObjectException e) {
            logger.error("Could not decode the signature");
            return false;
        }
    }
}
