package fr.acinq.bitcoin;

import com.google.protobuf.ByteString;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.bitcoin.protocols.payments.Protos;
import scala.Predef$;
import scala.StringContext;
import scala.Tuple3;
import scala.collection.IterableLike;
import scala.collection.JavaConverters$;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableLike;
import scala.collection.mutable.Buffer;
import scala.collection.mutable.Buffer$;
import scala.runtime.BoxesRunTime;

/* compiled from: PaymentProtocol.scala */
/* loaded from: input_file:fr/acinq/bitcoin/PaymentProtocol$.class */
public final class PaymentProtocol$ {
    public static PaymentProtocol$ MODULE$;

    static {
        new PaymentProtocol$();
    }

    public String displayName(X509Certificate x509Certificate) {
        return (String) ((IterableLike) JavaConverters$.MODULE$.asScalaBufferConverter(new LdapName(x509Certificate.getSubjectX500Principal().getName()).getRdns()).asScala()).find(rdn -> {
            return BoxesRunTime.boxToBoolean($anonfun$displayName$1(rdn));
        }).map(rdn2 -> {
            return (String) rdn2.getValue();
        }).getOrElse(() -> {
            return "";
        });
    }

    public Tuple3<String, PublicKey, TrustAnchor> verifySignature(Protos.PaymentRequest paymentRequest, KeyStore keyStore) {
        String str;
        Protos.PaymentDetails.parseFrom(paymentRequest.getSerializedPaymentDetails());
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Buffer buffer = (Buffer) ((TraversableLike) JavaConverters$.MODULE$.asScalaBufferConverter(Protos.X509Certificates.parseFrom(paymentRequest.getPkiData()).getCertificateList()).asScala()).map(byteString -> {
            return (X509Certificate) certificateFactory.generateCertificate(byteString.newInput());
        }, Buffer$.MODULE$.canBuildFrom());
        CertPath generateCertPath = certificateFactory.generateCertPath((List<? extends Certificate>) JavaConverters$.MODULE$.bufferAsJavaListConverter(buffer).asJava());
        PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
        pKIXParameters.setRevocationEnabled(false);
        pKIXParameters.setExplicitPolicyRequired(false);
        PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        PublicKey publicKey = pKIXCertPathValidatorResult.getPublicKey();
        String pkiType = paymentRequest.getPkiType();
        if ("x509+sha256".equals(pkiType)) {
            str = "SHA256withRSA";
        } else {
            if (!"x509+sha1".equals(pkiType)) {
                throw new RuntimeException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"illegal pki type: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{pkiType})));
            }
            str = "SHA1withRSA";
        }
        Signature signature = Signature.getInstance(str);
        signature.initVerify(publicKey);
        signature.update(paymentRequest.toBuilder().setSignature(ByteString.EMPTY).build().toByteArray());
        if (signature.verify(paymentRequest.getSignature().toByteArray())) {
            return new Tuple3<>(displayName((X509Certificate) buffer.apply(0)), publicKey, pKIXCertPathValidatorResult.getTrustAnchor());
        }
        throw new RuntimeException("invalid signature");
    }

    public Protos.PaymentRequest sign(Protos.PaymentRequest paymentRequest, Seq<X509Certificate> seq, PrivateKey privateKey) {
        Protos.PaymentRequest build = paymentRequest.toBuilder().setPkiType("x509+sha256").setPkiData(Protos.X509Certificates.newBuilder().addAllCertificate((Iterable) JavaConverters$.MODULE$.seqAsJavaListConverter((Seq) seq.map(x509Certificate -> {
            return toByteString$1(x509Certificate);
        }, Seq$.MODULE$.canBuildFrom())).asJava()).build().toByteString()).setSignature(ByteString.EMPTY).build();
        String upperCase = privateKey.getAlgorithm().toUpperCase();
        if (!"RSA".equals(upperCase)) {
            throw new RuntimeException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"illegal algorithm: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{upperCase})));
        }
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(build.toByteArray());
        return build.toBuilder().setSignature(ByteString.copyFrom(signature.sign())).build();
    }

    public static final /* synthetic */ boolean $anonfun$displayName$1(Rdn rdn) {
        String type = rdn.getType();
        return type != null ? type.equals("CN") : "CN" == 0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final ByteString toByteString$1(X509Certificate x509Certificate) {
        return ByteString.copyFrom(x509Certificate.getEncoded());
    }

    private PaymentProtocol$() {
        MODULE$ = this;
    }
}
