package org.bouncycastle.mls.codec;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.mls.TreeKEM.LeafIndex;
import org.bouncycastle.mls.TreeKEM.LeafNode;
import org.bouncycastle.mls.TreeKEM.TreeKEMPublicKey;
import org.bouncycastle.mls.codec.MLSInputStream;
import org.bouncycastle.mls.codec.MLSOutputStream;
import org.bouncycastle.mls.crypto.MlsCipherSuite;

/* loaded from: input_file:org/bouncycastle/mls/codec/GroupInfo.class */
public class GroupInfo implements MLSInputStream.Readable, MLSOutputStream.Writable {
    GroupContext groupContext;
    List<Extension> extensions;
    byte[] confirmationTag;
    LeafIndex signer;
    byte[] signature;

    public byte[] getConfirmationTag() {
        return this.confirmationTag;
    }

    public List<Extension> getExtensions() {
        return this.extensions;
    }

    public LeafIndex getSigner() {
        return this.signer;
    }

    public GroupContext getGroupContext() {
        return this.groupContext;
    }

    public byte[] getGroupID() {
        return this.groupContext.groupID;
    }

    public long getEpoch() {
        return this.groupContext.epoch;
    }

    public MlsCipherSuite getSuite() {
        return this.groupContext.suite;
    }

    public GroupInfo(GroupContext groupContext, List<Extension> list, byte[] bArr) {
        this.groupContext = groupContext;
        this.extensions = new ArrayList(list);
        this.confirmationTag = bArr;
    }

    private byte[] toBeSigned() throws IOException {
        MLSOutputStream mLSOutputStream = new MLSOutputStream();
        mLSOutputStream.write(this.groupContext);
        mLSOutputStream.writeList(this.extensions);
        mLSOutputStream.writeOpaque(this.confirmationTag);
        mLSOutputStream.write(this.signer);
        return mLSOutputStream.toByteArray();
    }

    public boolean verify(MlsCipherSuite mlsCipherSuite, TreeKEMPublicKey treeKEMPublicKey) throws Exception {
        LeafNode leafNode = treeKEMPublicKey.getLeafNode(this.signer);
        if (leafNode == null) {
            throw new Exception("Signer not found");
        }
        return verify(mlsCipherSuite, leafNode.getSignatureKey());
    }

    public boolean verify(MlsCipherSuite mlsCipherSuite, byte[] bArr) throws IOException {
        return mlsCipherSuite.verifyWithLabel(bArr, "GroupInfoTBS", toBeSigned(), this.signature);
    }

    GroupInfo(MLSInputStream mLSInputStream) throws IOException {
        this.groupContext = (GroupContext) mLSInputStream.read(GroupContext.class);
        this.extensions = new ArrayList();
        mLSInputStream.readList(this.extensions, Extension.class);
        this.confirmationTag = mLSInputStream.readOpaque();
        this.signer = new LeafIndex(((Integer) mLSInputStream.read(Integer.TYPE)).intValue());
        this.signature = mLSInputStream.readOpaque();
    }

    @Override // org.bouncycastle.mls.codec.MLSOutputStream.Writable
    public void writeTo(MLSOutputStream mLSOutputStream) throws IOException {
        mLSOutputStream.write(this.groupContext);
        mLSOutputStream.writeList(this.extensions);
        mLSOutputStream.writeOpaque(this.confirmationTag);
        mLSOutputStream.write(this.signer);
        mLSOutputStream.writeOpaque(this.signature);
    }

    public void sign(TreeKEMPublicKey treeKEMPublicKey, LeafIndex leafIndex, AsymmetricCipherKeyPair asymmetricCipherKeyPair) throws Exception {
        LeafNode leafNode = treeKEMPublicKey.getLeafNode(leafIndex);
        if (leafNode == null) {
            throw new Exception("Cannot sign from a blank leaf");
        }
        if (!Arrays.equals(treeKEMPublicKey.getSuite().serializeSignaturePublicKey(asymmetricCipherKeyPair.getPublic()), leafNode.getSignatureKey())) {
            throw new Exception("Bad key for index");
        }
        this.signer = leafIndex;
        this.signature = treeKEMPublicKey.getSuite().signWithLabel(treeKEMPublicKey.getSuite().serializeSignaturePrivateKey(asymmetricCipherKeyPair.getPrivate()), "GroupInfoTBS", toBeSigned());
    }
}
