package org.bouncycastle.mls.codec;

import java.io.IOException;
import org.bouncycastle.mls.codec.MLSInputStream;
import org.bouncycastle.mls.codec.MLSOutputStream;
import org.bouncycastle.mls.crypto.MlsCipherSuite;

/* loaded from: input_file:org/bouncycastle/mls/codec/AuthenticatedContent.class */
public class AuthenticatedContent implements MLSInputStream.Readable, MLSOutputStream.Writable {
    WireFormat wireFormat;
    FramedContent content;
    FramedContentAuthData auth;

    public FramedContent getContent() {
        return this.content;
    }

    public WireFormat getWireFormat() {
        return this.wireFormat;
    }

    public void setConfirmationTag(byte[] bArr) {
        this.auth.confirmation_tag = bArr;
    }

    public byte[] getConfirmationTag() {
        return this.auth.confirmation_tag;
    }

    public byte[] getConfirmedTranscriptHashInput() throws IOException {
        return MLSOutputStream.encode(new ConfirmedTranscriptHashInput(this.wireFormat, this.content, this.auth.signature));
    }

    public byte[] getInterimTranscriptHashInput() throws IOException {
        return MLSOutputStream.encode(new InterimTranscriptHashInput(this.auth.confirmation_tag));
    }

    public AuthenticatedContent(WireFormat wireFormat, FramedContent framedContent, FramedContentAuthData framedContentAuthData) throws Exception {
        this.wireFormat = wireFormat;
        this.content = framedContent;
        this.auth = framedContentAuthData;
        if (framedContentAuthData.contentType == ContentType.APPLICATION) {
            if (wireFormat != WireFormat.mls_private_message) {
                throw new Exception("Unencrypted application message");
            }
            if (framedContent.sender.senderType != SenderType.MEMBER) {
                throw new Exception("sender must be a member");
            }
        }
    }

    public static AuthenticatedContent sign(WireFormat wireFormat, FramedContent framedContent, MlsCipherSuite mlsCipherSuite, byte[] bArr, byte[] bArr2) throws Exception {
        if (wireFormat == WireFormat.mls_public_message && framedContent.contentType == ContentType.APPLICATION) {
            throw new Exception("Application data cannot be sent as PublicMessage");
        }
        return new AuthenticatedContent(wireFormat, framedContent, new FramedContentAuthData(framedContent.contentType, mlsCipherSuite.signWithLabel(bArr, "FramedContentTBS", MLSOutputStream.encode(new FramedContentTBS(wireFormat, framedContent, bArr2))), null));
    }

    public boolean verify(MlsCipherSuite mlsCipherSuite, byte[] bArr, byte[] bArr2) throws IOException {
        if (this.wireFormat == WireFormat.mls_public_message && this.content.contentType == ContentType.APPLICATION) {
            return false;
        }
        return mlsCipherSuite.verifyWithLabel(bArr, "FramedContentTBS", MLSOutputStream.encode(new FramedContentTBS(this.wireFormat, this.content, bArr2)), this.auth.signature);
    }

    public AuthenticatedContent(MLSInputStream mLSInputStream) throws IOException {
        this.wireFormat = WireFormat.values()[((Short) mLSInputStream.read(Short.TYPE)).shortValue()];
        this.content = (FramedContent) mLSInputStream.read(FramedContent.class);
        this.auth = new FramedContentAuthData(mLSInputStream, this.content.contentType);
    }

    @Override // org.bouncycastle.mls.codec.MLSOutputStream.Writable
    public void writeTo(MLSOutputStream mLSOutputStream) throws IOException {
        mLSOutputStream.write(this.wireFormat);
        mLSOutputStream.write(this.content);
        mLSOutputStream.write(this.auth);
    }
}
