package dev.sigstore.bundle;

import com.google.common.base.Preconditions;
import dev.sigstore.ImmutableKeylessSignature;
import dev.sigstore.KeylessSignature;
import dev.sigstore.rekor.client.RekorEntry;
import java.io.Reader;
import java.security.cert.CertPath;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import org.immutables.value.Value;

@Value.Immutable
/* loaded from: input_file:dev/sigstore/bundle/Bundle.class */
public abstract class Bundle {
    static final String BUNDLE_V_0_1 = "application/vnd.dev.sigstore.bundle+json;version=0.1";
    static final String BUNDLE_V_0_2 = "application/vnd.dev.sigstore.bundle+json;version=0.2";
    static final String BUNDLE_V_0_3 = "application/vnd.dev.sigstore.bundle+json;version=0.3";
    static final String BUNDLE_V_0_3_1 = "application/vnd.dev.sigstore.bundle.v0.3+json";
    static final List<String> SUPPORTED_MEDIA_TYPES = List.of(BUNDLE_V_0_1, BUNDLE_V_0_2, BUNDLE_V_0_3, BUNDLE_V_0_3_1);

    @Value.Immutable
    /* loaded from: input_file:dev/sigstore/bundle/Bundle$DSSESignature.class */
    public interface DSSESignature {
        String getPayload();

        String getPayloadType();

        byte[] getSignature();
    }

    /* loaded from: input_file:dev/sigstore/bundle/Bundle$HashAlgorithm.class */
    public enum HashAlgorithm {
        SHA2_256
    }

    @Value.Immutable
    /* loaded from: input_file:dev/sigstore/bundle/Bundle$MessageDigest.class */
    public interface MessageDigest {
        HashAlgorithm getHashAlgorithm();

        byte[] getDigest();
    }

    @Value.Immutable
    /* loaded from: input_file:dev/sigstore/bundle/Bundle$MessageSignature.class */
    public interface MessageSignature {
        Optional<MessageDigest> getMessageDigest();

        byte[] getSignature();

        static MessageSignature of(HashAlgorithm hashAlgorithm, byte[] bArr, byte[] bArr2) {
            return ImmutableMessageSignature.builder().signature(bArr2).messageDigest(ImmutableMessageDigest.builder().digest(bArr).hashAlgorithm(hashAlgorithm).build()).build();
        }
    }

    @Value.Immutable
    /* loaded from: input_file:dev/sigstore/bundle/Bundle$Timestamp.class */
    public interface Timestamp {
        byte[] getRfc3161Timestamp();
    }

    @Value.Default
    public String getMediaType() {
        return BUNDLE_V_0_3_1;
    }

    public abstract Optional<MessageSignature> getMessageSignature();

    public abstract Optional<DSSESignature> getDSSESignature();

    /* JADX INFO: Access modifiers changed from: protected */
    @Value.Check
    public void checkOnlyOneSignature() {
        Preconditions.checkState((getDSSESignature().isEmpty() && getMessageSignature().isPresent()) || (getDSSESignature().isPresent() && getMessageSignature().isEmpty()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Value.Check
    public void checkAtLeastOneTimestamp() {
        Iterator<RekorEntry> it = mo6294getEntries().iterator();
        while (it.hasNext()) {
            if (it.next().getVerification().getSignedEntryTimestamp() != null) {
                return;
            }
        }
        if (mo6293getTimestamps().size() <= 0) {
            throw new IllegalStateException("No timestamp verification (set, timestamp) was provided");
        }
    }

    public abstract CertPath getCertPath();

    /* renamed from: getEntries */
    public abstract List<RekorEntry> mo6294getEntries();

    /* renamed from: getTimestamps */
    public abstract List<Timestamp> mo6293getTimestamps();

    public static Bundle from(Reader reader) throws BundleParseException {
        return BundleReader.readBundle(reader);
    }

    @Value.Lazy
    public String toJson() {
        return BundleWriter.writeBundle(this);
    }

    public static Bundle from(KeylessSignature keylessSignature) {
        return ImmutableBundle.builder().messageSignature(ImmutableMessageSignature.builder().messageDigest(ImmutableMessageDigest.builder().hashAlgorithm(HashAlgorithm.SHA2_256).digest(keylessSignature.getDigest()).build()).signature(keylessSignature.getSignature()).build()).addEntries(keylessSignature.getEntry().get()).certPath(keylessSignature.getCertPath()).build();
    }

    @Value.Lazy
    public KeylessSignature toKeylessSignature() {
        if (getDSSESignature().isPresent()) {
            throw new IllegalStateException("This client can't process bundles with DSSE signatures.");
        }
        if (mo6293getTimestamps().size() >= 1) {
            throw new IllegalStateException("This client can't process bundles with RFC3161 Timestamps");
        }
        ImmutableKeylessSignature.Builder entry = KeylessSignature.builder().certPath(getCertPath()).signature(getMessageSignature().get().getSignature()).entry(mo6294getEntries().get(0));
        if (getMessageSignature().get().getMessageDigest().isPresent()) {
            entry.digest(getMessageSignature().get().getMessageDigest().get().getDigest());
        } else {
            entry.digest(new byte[0]);
        }
        return entry.build();
    }
}
