package org.bouncycastle.mls.TreeKEM;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.bouncycastle.mls.codec.Capabilities;
import org.bouncycastle.mls.codec.Credential;
import org.bouncycastle.mls.codec.CredentialType;
import org.bouncycastle.mls.codec.Extension;
import org.bouncycastle.mls.codec.MLSInputStream;
import org.bouncycastle.mls.codec.MLSOutputStream;
import org.bouncycastle.mls.crypto.MlsCipherSuite;
import org.bouncycastle.mls.protocol.Group;

/* loaded from: input_file:org/bouncycastle/mls/TreeKEM/LeafNode.class */
public class LeafNode implements MLSInputStream.Readable, MLSOutputStream.Writable {
    MlsCipherSuite suite;
    byte[] encryption_key;
    byte[] signature_key;
    Credential credential;
    Capabilities capabilities;
    LeafNodeSource leaf_node_source;
    LifeTime lifeTime;
    byte[] parent_hash;
    List<Extension> extensions;
    byte[] signature;

    public Capabilities getCapabilities() {
        return this.capabilities;
    }

    public CredentialType getCredentialType() {
        return this.credential.getCredentialType();
    }

    public MlsCipherSuite getSuite() {
        return this.suite;
    }

    public LifeTime getLifeTime() {
        return this.lifeTime;
    }

    public byte[] getEncryptionKey() {
        return this.encryption_key;
    }

    public byte[] getSignatureKey() {
        return this.signature_key;
    }

    public List<Extension> getExtensions() {
        return this.extensions;
    }

    public LeafNode(MlsCipherSuite mlsCipherSuite, byte[] bArr, byte[] bArr2, Credential credential, Capabilities capabilities, LifeTime lifeTime, List<Extension> list, byte[] bArr3) throws Exception {
        this.suite = mlsCipherSuite;
        this.encryption_key = bArr;
        this.signature_key = bArr2;
        this.credential = credential;
        this.capabilities = capabilities;
        this.lifeTime = lifeTime;
        this.extensions = new ArrayList(list);
        this.leaf_node_source = LeafNodeSource.KEY_PACKAGE;
        sign(mlsCipherSuite, bArr3, toBeSigned(null, -1));
    }

    public LeafNode() {
    }

    public LeafNode(MLSInputStream mLSInputStream) throws IOException {
        this.encryption_key = mLSInputStream.readOpaque();
        this.signature_key = mLSInputStream.readOpaque();
        this.credential = (Credential) mLSInputStream.read(Credential.class);
        this.capabilities = (Capabilities) mLSInputStream.read(Capabilities.class);
        this.leaf_node_source = LeafNodeSource.values()[((Byte) mLSInputStream.read(Byte.TYPE)).byteValue()];
        switch (this.leaf_node_source) {
            case KEY_PACKAGE:
                this.lifeTime = (LifeTime) mLSInputStream.read(LifeTime.class);
                break;
            case COMMIT:
                this.parent_hash = mLSInputStream.readOpaque();
                break;
        }
        this.extensions = new ArrayList();
        mLSInputStream.readList(this.extensions, Extension.class);
        this.signature = mLSInputStream.readOpaque();
    }

    @Override // org.bouncycastle.mls.codec.MLSOutputStream.Writable
    public void writeTo(MLSOutputStream mLSOutputStream) throws IOException {
        mLSOutputStream.writeOpaque(this.encryption_key);
        mLSOutputStream.writeOpaque(this.signature_key);
        mLSOutputStream.write(this.credential);
        mLSOutputStream.write(this.capabilities);
        mLSOutputStream.write(this.leaf_node_source);
        switch (this.leaf_node_source) {
            case KEY_PACKAGE:
                mLSOutputStream.write(this.lifeTime);
                break;
            case COMMIT:
                mLSOutputStream.writeOpaque(this.parent_hash);
                break;
        }
        mLSOutputStream.writeList(this.extensions);
        mLSOutputStream.writeOpaque(this.signature);
    }

    public LeafNodeSource getSource() {
        return this.leaf_node_source;
    }

    public Credential getCredential() {
        return this.credential;
    }

    public byte[] toBeSigned(byte[] bArr, int i) throws IOException {
        MLSOutputStream mLSOutputStream = new MLSOutputStream();
        mLSOutputStream.writeOpaque(this.encryption_key);
        mLSOutputStream.writeOpaque(this.signature_key);
        mLSOutputStream.write(this.credential);
        mLSOutputStream.write(this.capabilities);
        mLSOutputStream.write(this.leaf_node_source);
        switch (this.leaf_node_source) {
            case KEY_PACKAGE:
                mLSOutputStream.write(this.lifeTime);
                break;
            case COMMIT:
                mLSOutputStream.writeOpaque(this.parent_hash);
                break;
        }
        mLSOutputStream.writeList(this.extensions);
        switch (this.leaf_node_source) {
            case UPDATE:
            case COMMIT:
                mLSOutputStream.writeOpaque(bArr);
                mLSOutputStream.write(Integer.valueOf(i));
                break;
        }
        return mLSOutputStream.toByteArray();
    }

    public boolean verifyExtensionSupport(List<Extension> list) {
        return true;
    }

    public boolean verifyLifetime() {
        if (this.leaf_node_source != LeafNodeSource.KEY_PACKAGE) {
            return true;
        }
        return this.lifeTime.verify();
    }

    public boolean verify(MlsCipherSuite mlsCipherSuite, byte[] bArr) throws IOException {
        if (getCredentialType() == CredentialType.x509) {
        }
        return mlsCipherSuite.verifyWithLabel(this.signature_key, "LeafNodeTBS", bArr, this.signature);
    }

    public LeafNode forCommit(MlsCipherSuite mlsCipherSuite, byte[] bArr, LeafIndex leafIndex, byte[] bArr2, byte[] bArr3, Group.LeafNodeOptions leafNodeOptions, byte[] bArr4) throws Exception {
        LeafNode copyWithOptions = copyWithOptions(bArr2, leafNodeOptions);
        copyWithOptions.leaf_node_source = LeafNodeSource.COMMIT;
        copyWithOptions.parent_hash = (byte[]) bArr3.clone();
        copyWithOptions.sign(mlsCipherSuite, bArr4, copyWithOptions.toBeSigned(bArr, leafIndex.value));
        return copyWithOptions;
    }

    public LeafNode forUpdate(MlsCipherSuite mlsCipherSuite, byte[] bArr, LeafIndex leafIndex, byte[] bArr2, Group.LeafNodeOptions leafNodeOptions, byte[] bArr3) throws Exception {
        LeafNode copyWithOptions = copyWithOptions(bArr2, leafNodeOptions);
        copyWithOptions.leaf_node_source = LeafNodeSource.UPDATE;
        copyWithOptions.sign(mlsCipherSuite, bArr3, copyWithOptions.toBeSigned(bArr, leafIndex.value));
        return copyWithOptions;
    }

    private void sign(MlsCipherSuite mlsCipherSuite, byte[] bArr, byte[] bArr2) throws Exception {
        if (!Arrays.equals(mlsCipherSuite.serializeSignaturePublicKey(mlsCipherSuite.deserializeSignaturePrivateKey(bArr).getPublic()), this.signature_key)) {
            throw new Exception("Signature key mismatch");
        }
        this.signature = mlsCipherSuite.signWithLabel(bArr, "LeafNodeTBS", bArr2);
    }

    public LeafNode copyWithOptions(byte[] bArr, Group.LeafNodeOptions leafNodeOptions) {
        LeafNode copy = copy(bArr);
        if (leafNodeOptions.getCredential() != null) {
            copy.credential = leafNodeOptions.getCredential();
        }
        if (leafNodeOptions.getCapabilities() != null) {
            copy.capabilities = leafNodeOptions.getCapabilities();
        }
        if (leafNodeOptions.getExtensions() != null) {
            copy.extensions = leafNodeOptions.getExtensions();
        }
        return copy;
    }

    public LeafNode copy(byte[] bArr) {
        LeafNode leafNode = new LeafNode();
        leafNode.encryption_key = (byte[]) bArr.clone();
        leafNode.signature_key = (byte[]) this.signature_key.clone();
        leafNode.credential = this.credential;
        leafNode.capabilities = this.capabilities;
        leafNode.leaf_node_source = this.leaf_node_source;
        switch (leafNode.leaf_node_source) {
            case KEY_PACKAGE:
                leafNode.lifeTime = this.lifeTime;
                break;
            case COMMIT:
                leafNode.parent_hash = (byte[]) this.parent_hash.clone();
                break;
        }
        leafNode.extensions = new ArrayList(this.extensions);
        leafNode.signature = (byte[]) this.signature.clone();
        return leafNode;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        LeafNode leafNode = (LeafNode) obj;
        if (Arrays.equals(this.encryption_key, leafNode.encryption_key) && Arrays.equals(this.signature_key, leafNode.signature_key)) {
            return Arrays.equals(this.signature, leafNode.signature);
        }
        return false;
    }
}
