package tbdex.sdk.protocol;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.jwk.JWK;
import foundation.identity.did.DIDDocument;
import foundation.identity.did.DIDURL;
import foundation.identity.did.VerificationMethod;
import java.security.MessageDigest;
import java.security.SignatureException;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TuplesKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import org.erdtman.jcs.JsonCanonicalizer;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import tbdex.sdk.protocol.models.Data;
import tbdex.sdk.protocol.serialization.Json;
import web5.sdk.common.Convert;
import web5.sdk.common.EncodingFormat;
import web5.sdk.crypto.Crypto;
import web5.sdk.crypto.KeyManager;
import web5.sdk.dids.Did;
import web5.sdk.dids.DidResolutionResult;
import web5.sdk.dids.DidResolvers;
import web5.sdk.dids.ResolveDidOptions;

/* compiled from: CryptoUtils.kt */
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��:\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u0012\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0002\b\u0003\bÆ\u0002\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0016\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\bJ\u0018\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\b\u0010\r\u001a\u0004\u0018\u00010\u000eJ\"\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u0010\u001a\u00020\u00042\n\b\u0002\u0010\r\u001a\u0004\u0018\u00010\u000eJ \u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00042\b\u0010\u0014\u001a\u0004\u0018\u00010\u000e2\u0006\u0010\u000b\u001a\u00020\u000e¨\u0006\u0015"}, d2 = {"Ltbdex/sdk/protocol/CryptoUtils;", "", "()V", "digestOf", "", "metadata", "Ltbdex/sdk/protocol/models/Metadata;", "data", "Ltbdex/sdk/protocol/models/Data;", "getAssertionMethod", "Lfoundation/identity/did/VerificationMethod;", "did", "Lweb5/sdk/dids/Did;", "assertionMethodId", "", "sign", "payload", "verify", "", "detachedPayload", "signature", "protocol"})
@SourceDebugExtension({"SMAP\nCryptoUtils.kt\nKotlin\n*S Kotlin\n*F\n+ 1 CryptoUtils.kt\ntbdex/sdk/protocol/CryptoUtils\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n+ 3 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,182:1\n288#2,2:183\n1#3:185\n*S KotlinDebug\n*F\n+ 1 CryptoUtils.kt\ntbdex/sdk/protocol/CryptoUtils\n*L\n82#1:183,2\n*E\n"})
/* loaded from: input_file:tbdex/sdk/protocol/CryptoUtils.class */
public final class CryptoUtils {

    @NotNull
    public static final CryptoUtils INSTANCE = new CryptoUtils();

    private CryptoUtils() {
    }

    @NotNull
    public final byte[] digestOf(@NotNull tbdex.sdk.protocol.models.Metadata metadata, @NotNull Data data) {
        Intrinsics.checkNotNullParameter(metadata, "metadata");
        Intrinsics.checkNotNullParameter(data, "data");
        byte[] digest = MessageDigest.getInstance("SHA-256").digest(new JsonCanonicalizer(Json.INSTANCE.stringify(MapsKt.mapOf(new Pair[]{TuplesKt.to("metadata", metadata), TuplesKt.to("data", data)}))).getEncodedUTF8());
        Intrinsics.checkNotNullExpressionValue(digest, "digest(...)");
        return digest;
    }

    public final void verify(@NotNull byte[] bArr, @Nullable String str, @NotNull String str2) {
        VerificationMethod verificationMethod;
        Object obj;
        Intrinsics.checkNotNullParameter(bArr, "detachedPayload");
        Intrinsics.checkNotNullParameter(str2, "did");
        if (!(str != null)) {
            throw new IllegalArgumentException("Signature verification failed: Expected signature property to exist");
        }
        JWSObject parse = JWSObject.parse(str, new Payload(bArr));
        if (!((parse.getHeader().getAlgorithm() == null || parse.getHeader().getKeyID() == null) ? false : true)) {
            throw new IllegalArgumentException("Signature verification failed: Expected JWS header to contain alg and kid".toString());
        }
        DIDURL fromString = DIDURL.fromString(parse.getHeader().getKeyID());
        String uri = fromString.getUriWithoutFragment().toString();
        Intrinsics.checkNotNullExpressionValue(uri, "toString(...)");
        if (!Intrinsics.areEqual(uri, str2)) {
            throw new SignatureException("Signature verification failed: Was not signed by the expected DID. Expected DID: " + str2 + ". Actual DID: " + uri);
        }
        DidResolvers didResolvers = DidResolvers.INSTANCE;
        String didString = fromString.getDid().getDidString();
        Intrinsics.checkNotNullExpressionValue(didString, "getDidString(...)");
        DidResolutionResult resolve$default = DidResolvers.resolve$default(didResolvers, didString, (ResolveDidOptions) null, 2, (Object) null);
        if (resolve$default.getDidResolutionMetadata().getError() != null) {
            throw new SignatureException("Signature verification failed: Failed to resolve DID " + fromString.getDid().getDidString() + ". Error: " + resolve$default.getDidResolutionMetadata().getError());
        }
        Set of = SetsKt.setOf(new String[]{fromString.getDidUrlString(), "#" + fromString.getFragment()});
        DIDDocument didDocument = resolve$default.getDidDocument();
        List assertionMethodVerificationMethodsDereferenced = didDocument != null ? didDocument.getAssertionMethodVerificationMethodsDereferenced() : null;
        if (assertionMethodVerificationMethodsDereferenced != null) {
            Iterator it = assertionMethodVerificationMethodsDereferenced.iterator();
            while (true) {
                if (!it.hasNext()) {
                    obj = null;
                    break;
                }
                Object next = it.next();
                String uri2 = ((VerificationMethod) next).getId().toString();
                Intrinsics.checkNotNullExpressionValue(uri2, "toString(...)");
                if (of.contains(uri2)) {
                    obj = next;
                    break;
                }
            }
            verificationMethod = (VerificationMethod) obj;
        } else {
            verificationMethod = null;
        }
        VerificationMethod verificationMethod2 = verificationMethod;
        if (!(verificationMethod2 != null)) {
            throw new SignatureException("Signature verification failed: Expected kid in JWS header to dereference a DID Document Verification Method with an Assertion verification relationship");
        }
        if (!((verificationMethod2.isType("JsonWebKey2020") || verificationMethod2.isType("JsonWebKey")) && verificationMethod2.getPublicKeyJwk() != null)) {
            throw new SignatureException("Signature verification failed: Expected kid in JWS header to dereference a DID Document Verification Method of type JsonWebKey2020 with a publicKeyJwk");
        }
        JWK parse2 = JWK.parse(verificationMethod2.getPublicKeyJwk());
        Crypto crypto = Crypto.INSTANCE;
        Intrinsics.checkNotNull(parse2);
        byte[] signingInput = parse.getSigningInput();
        Intrinsics.checkNotNullExpressionValue(signingInput, "getSigningInput(...)");
        byte[] decode = parse.getSignature().decode();
        Intrinsics.checkNotNullExpressionValue(decode, "decode(...)");
        crypto.verify(parse2, signingInput, decode, parse.getHeader().getAlgorithm());
    }

    @NotNull
    public final String sign(@NotNull Did did, @NotNull byte[] bArr, @Nullable String str) {
        Intrinsics.checkNotNullParameter(did, "did");
        Intrinsics.checkNotNullParameter(bArr, "payload");
        VerificationMethod assertionMethod = getAssertionMethod(did, str);
        JWK parse = JWK.parse(assertionMethod.getPublicKeyJwk());
        KeyManager keyManager = did.getKeyManager();
        Intrinsics.checkNotNull(parse);
        String deterministicAlias = keyManager.getDeterministicAlias(parse);
        JWSAlgorithm parse2 = JWSAlgorithm.parse(did.getKeyManager().getPublicKey(deterministicAlias).getAlgorithm().toString());
        String uri = assertionMethod.getId().isAbsolute() ? assertionMethod.getId().toString() : did.getUri() + assertionMethod.getId();
        Intrinsics.checkNotNull(uri);
        JWSHeader build = new JWSHeader.Builder(parse2).keyID(uri).build();
        byte[] signingInput = new JWSObject(build, new Payload(bArr)).getSigningInput();
        KeyManager keyManager2 = did.getKeyManager();
        Intrinsics.checkNotNull(signingInput);
        return build.toBase64URL() + ".." + new Convert(keyManager2.sign(deterministicAlias, signingInput), (EncodingFormat) null, 2, (DefaultConstructorMarker) null).toBase64Url(false);
    }

    public static /* synthetic */ String sign$default(CryptoUtils cryptoUtils, Did did, byte[] bArr, String str, int i, Object obj) {
        if ((i & 4) != 0) {
            str = null;
        }
        return cryptoUtils.sign(did, bArr, str);
    }

    @NotNull
    public final VerificationMethod getAssertionMethod(@NotNull Did did, @Nullable String str) {
        VerificationMethod verificationMethod;
        Object obj;
        Intrinsics.checkNotNullParameter(did, "did");
        DIDDocument didDocument = DidResolvers.resolve$default(DidResolvers.INSTANCE, did.getUri(), (ResolveDidOptions) null, 2, (Object) null).getDidDocument();
        List assertionMethodVerificationMethodsDereferenced = didDocument != null ? didDocument.getAssertionMethodVerificationMethodsDereferenced() : null;
        if (str == null) {
            verificationMethod = assertionMethodVerificationMethodsDereferenced != null ? (VerificationMethod) CollectionsKt.firstOrNull(assertionMethodVerificationMethodsDereferenced) : null;
        } else if (assertionMethodVerificationMethodsDereferenced != null) {
            Iterator it = assertionMethodVerificationMethodsDereferenced.iterator();
            while (true) {
                if (!it.hasNext()) {
                    obj = null;
                    break;
                }
                Object next = it.next();
                if (Intrinsics.areEqual(((VerificationMethod) next).getId().toString(), str)) {
                    obj = next;
                    break;
                }
            }
            verificationMethod = (VerificationMethod) obj;
        } else {
            verificationMethod = null;
        }
        if (verificationMethod == null) {
            throw new SignatureException("assertion method " + str + " not found");
        }
        return verificationMethod;
    }
}
