package expo.modules.updates.codesigning;

import android.util.Base64;
import android.util.Log;
import com.nimbusds.jose.util.X509CertUtils;
import expo.modules.structuredheaders.BooleanItem;
import expo.modules.structuredheaders.Dictionary;
import expo.modules.structuredheaders.StringItem;
import expo.modules.updates.codesigning.CodeSigningAlgorithm;
import java.security.Signature;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.TuplesKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;

/* compiled from: CodeSigningConfiguration.kt */
/* loaded from: classes4.dex */
public final class CodeSigningConfiguration {
    public static final Companion Companion = new Companion(null);
    private final Lazy algorithmFromMetadata$delegate;
    private final boolean allowUnsignedManifests;
    private final Map codeSigningMetadata;
    private final String embeddedCertificateString;
    private final boolean includeManifestResponseCertificateChain;
    private final Lazy keyIdFromMetadata$delegate;

    /* compiled from: CodeSigningConfiguration.kt */
    /* loaded from: classes4.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final List separateCertificateChain(String certificateChainInManifestResponse) {
            Intrinsics.checkNotNullParameter(certificateChainInManifestResponse, "certificateChainInManifestResponse");
            ArrayList arrayList = new ArrayList();
            int i = 0;
            while (true) {
                int i2 = i;
                int indexOf$default = StringsKt.indexOf$default((CharSequence) certificateChainInManifestResponse, X509CertUtils.PEM_BEGIN_MARKER, i2, false, 4, (Object) null);
                int indexOf$default2 = StringsKt.indexOf$default((CharSequence) certificateChainInManifestResponse, X509CertUtils.PEM_END_MARKER, i2, false, 4, (Object) null);
                if (indexOf$default == -1 || indexOf$default2 == -1) {
                    break;
                }
                i = indexOf$default2 + 25;
                String substring = certificateChainInManifestResponse.substring(indexOf$default, i);
                Intrinsics.checkNotNullExpressionValue(substring, "substring(...)");
                arrayList.add(substring);
            }
            return arrayList;
        }
    }

    public CodeSigningConfiguration(String embeddedCertificateString, Map map, boolean z, boolean z2) {
        Intrinsics.checkNotNullParameter(embeddedCertificateString, "embeddedCertificateString");
        this.embeddedCertificateString = embeddedCertificateString;
        this.codeSigningMetadata = map;
        this.includeManifestResponseCertificateChain = z;
        this.allowUnsignedManifests = z2;
        this.algorithmFromMetadata$delegate = LazyKt.lazy(new Function0() { // from class: expo.modules.updates.codesigning.CodeSigningConfiguration$$ExternalSyntheticLambda0
            @Override // kotlin.jvm.functions.Function0
            public final Object invoke() {
                CodeSigningAlgorithm algorithmFromMetadata_delegate$lambda$0;
                algorithmFromMetadata_delegate$lambda$0 = CodeSigningConfiguration.algorithmFromMetadata_delegate$lambda$0(CodeSigningConfiguration.this);
                return algorithmFromMetadata_delegate$lambda$0;
            }
        });
        this.keyIdFromMetadata$delegate = LazyKt.lazy(new Function0() { // from class: expo.modules.updates.codesigning.CodeSigningConfiguration$$ExternalSyntheticLambda1
            @Override // kotlin.jvm.functions.Function0
            public final Object invoke() {
                String keyIdFromMetadata_delegate$lambda$1;
                keyIdFromMetadata_delegate$lambda$1 = CodeSigningConfiguration.keyIdFromMetadata_delegate$lambda$1(CodeSigningConfiguration.this);
                return keyIdFromMetadata_delegate$lambda$1;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final CodeSigningAlgorithm algorithmFromMetadata_delegate$lambda$0(CodeSigningConfiguration codeSigningConfiguration) {
        CodeSigningAlgorithm.Companion companion = CodeSigningAlgorithm.Companion;
        Map map = codeSigningConfiguration.codeSigningMetadata;
        return companion.parseFromString(map != null ? (String) map.get("alg") : null);
    }

    private final CodeSigningAlgorithm getAlgorithmFromMetadata() {
        return (CodeSigningAlgorithm) this.algorithmFromMetadata$delegate.getValue();
    }

    private final String getKeyIdFromMetadata() {
        return (String) this.keyIdFromMetadata$delegate.getValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final String keyIdFromMetadata_delegate$lambda$1(CodeSigningConfiguration codeSigningConfiguration) {
        String str;
        Map map = codeSigningConfiguration.codeSigningMetadata;
        return (map == null || (str = (String) map.get("keyid")) == null) ? "root" : str;
    }

    private final SignatureValidationResult validateSignatureInternal(SignatureHeaderInfo signatureHeaderInfo, byte[] bArr, String str) {
        CertificateChain certificateChain;
        if (this.includeManifestResponseCertificateChain) {
            Companion companion = Companion;
            if (str == null) {
                str = "";
            }
            certificateChain = new CertificateChain(CollectionsKt.plus((Collection) companion.separateCertificateChain(str), (Object) this.embeddedCertificateString));
        } else {
            if (!Intrinsics.areEqual(signatureHeaderInfo.getKeyId(), getKeyIdFromMetadata())) {
                throw new Exception("Key with keyid=" + signatureHeaderInfo.getKeyId() + " from signature not found in client configuration");
            }
            if (signatureHeaderInfo.getAlgorithm() != getAlgorithmFromMetadata()) {
                Log.i("CodeSigning", "Key with alg=" + signatureHeaderInfo.getAlgorithm() + " from signature does not match client configuration algorithm, continuing");
            }
            certificateChain = new CertificateChain(CollectionsKt.listOf(this.embeddedCertificateString));
        }
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(certificateChain.getCodeSigningCertificate().getPublicKey());
        signature.update(bArr);
        return new SignatureValidationResult(signature.verify(Base64.decode(signatureHeaderInfo.getSignature(), 0)) ? ValidationResult.VALID : ValidationResult.INVALID, CertificateChain.Companion.expoProjectInformation(certificateChain.getCodeSigningCertificate()));
    }

    public final String getAcceptSignatureHeader() {
        String serialize = Dictionary.valueOf(MapsKt.mapOf(TuplesKt.to("sig", BooleanItem.valueOf(true)), TuplesKt.to("keyid", StringItem.valueOf(getKeyIdFromMetadata())), TuplesKt.to("alg", StringItem.valueOf(getAlgorithmFromMetadata().getAlgorithmName())))).serialize();
        Intrinsics.checkNotNullExpressionValue(serialize, "serialize(...)");
        return serialize;
    }

    public final SignatureValidationResult validateSignature(String str, byte[] bodyBytes, String str2) {
        Intrinsics.checkNotNullParameter(bodyBytes, "bodyBytes");
        if (str != null) {
            return validateSignatureInternal(SignatureHeaderInfo.Companion.parseSignatureHeader(str), bodyBytes, str2);
        }
        if (this.allowUnsignedManifests) {
            return new SignatureValidationResult(ValidationResult.SKIPPED, null);
        }
        throw new Exception("No expo-signature header specified");
    }
}
