package dgca.verifier.app.decoder.cose;

import com.upokecenter.cbor.CBORObject;
import dgca.verifier.app.decoder.SignatureExtKt;
import dgca.verifier.app.decoder.model.CertificateType;
import dgca.verifier.app.decoder.model.VerificationResult;
import dgca.verifier.app.decoder.services.X509;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.spec.RSAPublicKeySpec;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.pkcs.RSAPublicKey;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* compiled from: VerificationCryptoService.kt */
/* loaded from: classes.dex */
public final class VerificationCryptoService implements CryptoService {
    private final X509 x509;

    /* compiled from: VerificationCryptoService.kt */
    /* loaded from: classes.dex */
    public enum Algo {
        ALGO_ECDSA256("SHA256withECDSA"),
        ALGO_RSA256_PSS("SHA256withRSA/PSS");

        private final String value;

        Algo(String str) {
            this.value = str;
        }

        public final String getValue() {
            return this.value;
        }
    }

    public VerificationCryptoService(X509 x509) {
        Intrinsics.checkNotNullParameter(x509, "x509");
        this.x509 = x509;
        Security.addProvider(new BouncyCastleProvider());
    }

    private final int getAlgoFromHeader(byte[] bArr, CBORObject cBORObject) {
        if (!(!(bArr.length == 0))) {
            return cBORObject.get(1).AsInt32Value();
        }
        try {
            CBORObject cBORObject2 = CBORObject.DecodeFromBytes(bArr).get(1);
            Integer valueOf = cBORObject2 == null ? null : Integer.valueOf(cBORObject2.AsInt32Value());
            return valueOf == null ? cBORObject.get(1).AsInt32Value() : valueOf.intValue();
        } catch (Exception unused) {
            return cBORObject.get(1).AsInt32Value();
        }
    }

    private final byte[] getValidationData(byte[] bArr, byte[] bArr2) {
        CBORObject NewArray = CBORObject.NewArray();
        NewArray.Add("Signature1");
        NewArray.Add(bArr);
        NewArray.Add(new byte[0]);
        NewArray.Add(bArr2);
        byte[] EncodeToBytes = NewArray.EncodeToBytes();
        Intrinsics.checkNotNullExpressionValue(EncodeToBytes, "NewArray().apply {\n     …        }.EncodeToBytes()");
        return EncodeToBytes;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // dgca.verifier.app.decoder.cose.CryptoService
    public void validate(byte[] cose, Certificate certificate, VerificationResult verificationResult) {
        byte[] coseSignature;
        byte[] validationData;
        int algoFromHeader;
        boolean verify;
        Intrinsics.checkNotNullParameter(cose, "cose");
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        Intrinsics.checkNotNullParameter(verificationResult, "verificationResult");
        PublicKey verificationKey = certificate.getPublicKey();
        boolean z = false;
        try {
            CBORObject DecodeFromBytes = CBORObject.DecodeFromBytes(cose);
            coseSignature = DecodeFromBytes.get(3).GetByteString();
            byte[] protectedHeader = DecodeFromBytes.get(0).GetByteString();
            CBORObject unprotectedHeader = DecodeFromBytes.get(1);
            byte[] content = DecodeFromBytes.get(2).GetByteString();
            Intrinsics.checkNotNullExpressionValue(protectedHeader, "protectedHeader");
            Intrinsics.checkNotNullExpressionValue(content, "content");
            validationData = getValidationData(protectedHeader, content);
            Intrinsics.checkNotNullExpressionValue(unprotectedHeader, "unprotectedHeader");
            algoFromHeader = getAlgoFromHeader(protectedHeader, unprotectedHeader);
        } catch (Exception unused) {
        }
        if (algoFromHeader != -37) {
            if (algoFromHeader == -7) {
                Intrinsics.checkNotNullExpressionValue(coseSignature, "coseSignature");
                byte[] coseSignature2 = SignatureExtKt.convertToDer(coseSignature);
                Signature signature = Signature.getInstance(Algo.ALGO_ECDSA256.getValue());
                Intrinsics.checkNotNullExpressionValue(signature, "getInstance(Algo.ALGO_ECDSA256.value)");
                Intrinsics.checkNotNullExpressionValue(verificationKey, "verificationKey");
                Intrinsics.checkNotNullExpressionValue(coseSignature2, "coseSignature");
                verify = SignatureExtKt.verify(signature, verificationKey, validationData, coseSignature2);
            }
            verificationResult.setCoseVerified(z);
        }
        byte[] bytes = SubjectPublicKeyInfo.getInstance(certificate.getPublicKey().getEncoded()).keyData.getBytes();
        RSAPublicKey rSAPublicKey = bytes instanceof RSAPublicKey ? (RSAPublicKey) bytes : bytes != 0 ? new RSAPublicKey(ASN1Sequence.getInstance(bytes)) : null;
        PublicKey key = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPublicKey.modulus, rSAPublicKey.publicExponent));
        Signature signature2 = Signature.getInstance(Algo.ALGO_RSA256_PSS.getValue());
        Intrinsics.checkNotNullExpressionValue(signature2, "getInstance(Algo.ALGO_RSA256_PSS.value)");
        Intrinsics.checkNotNullExpressionValue(key, "key");
        Intrinsics.checkNotNullExpressionValue(coseSignature, "coseSignature");
        verify = SignatureExtKt.verify(signature2, key, validationData, coseSignature);
        z = verify;
        verificationResult.setCoseVerified(z);
    }

    @Override // dgca.verifier.app.decoder.cose.CryptoService
    public void validate(byte[] cose, Certificate certificate, VerificationResult verificationResult, CertificateType certificateType) {
        Intrinsics.checkNotNullParameter(cose, "cose");
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        Intrinsics.checkNotNullParameter(verificationResult, "verificationResult");
        Intrinsics.checkNotNullParameter(certificateType, "certificateType");
        validate(cose, certificate, verificationResult);
        verificationResult.setCoseVerified(verificationResult.getCoseVerified() && (certificateType == CertificateType.UNKNOWN || this.x509.isSuitable(certificate.getEncoded(), certificateType)));
    }
}
