package com.android.identity.cose;

import com.android.identity.cbor.ArrayBuilder;
import com.android.identity.cbor.Cbor;
import com.android.identity.cbor.CborArray;
import com.android.identity.cbor.CborBuilder;
import com.android.identity.cbor.CborMap;
import com.android.identity.cbor.DataItem;
import com.android.identity.cbor.MapBuilder;
import com.android.identity.crypto.Algorithm;
import com.android.identity.crypto.Crypto;
import com.android.identity.crypto.EcPrivateKey;
import com.android.identity.crypto.EcPublicKey;
import com.android.identity.crypto.EcSignature;
import com.android.identity.securearea.KeyUnlockData;
import com.android.identity.securearea.SecureArea;
import com.microsoft.identity.common.java.constants.FidoConstants;
import java.util.Map;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: Cose.kt */
@Metadata(d1 = {"\u0000l\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0003\n\u0002\u0010\t\n\u0002\b\n\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010$\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\bÆ\u0002\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003J\u0018\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u00102\u0006\u0010\u0012\u001a\u00020\u0010H\u0002J(\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00162\b\u0010\u0017\u001a\u0004\u0018\u00010\u00102\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u001bJ`\u0010\u001c\u001a\u00020\u00192\u0006\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u001f\u001a\u00020 2\u0006\u0010!\u001a\u00020\u00102\u0006\u0010\"\u001a\u00020\u00142\u0006\u0010\u001a\u001a\u00020\u001b2\u0012\u0010#\u001a\u000e\u0012\u0004\u0012\u00020%\u0012\u0004\u0012\u00020&0$2\u0012\u0010'\u001a\u000e\u0012\u0004\u0012\u00020%\u0012\u0004\u0012\u00020&0$2\b\u0010(\u001a\u0004\u0018\u00010)JN\u0010\u001c\u001a\u00020\u00192\u0006\u0010*\u001a\u00020+2\u0006\u0010,\u001a\u00020\u00102\u0006\u0010-\u001a\u00020\u00142\u0006\u0010\u001a\u001a\u00020\u001b2\u0012\u0010#\u001a\u000e\u0012\u0004\u0012\u00020%\u0012\u0004\u0012\u00020&0$2\u0012\u0010'\u001a\u000e\u0012\u0004\u0012\u00020%\u0012\u0004\u0012\u00020&0$JN\u0010.\u001a\u00020/2\u0006\u00100\u001a\u00020\u001b2\u0006\u0010*\u001a\u00020\u00102\u0006\u0010!\u001a\u00020\u00102\u0006\u0010\"\u001a\u00020\u00142\u0012\u0010#\u001a\u000e\u0012\u0004\u0012\u00020%\u0012\u0004\u0012\u00020&0$2\u0012\u0010'\u001a\u000e\u0012\u0004\u0012\u00020%\u0012\u0004\u0012\u00020&0$J\u0018\u00101\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u00102\u0006\u00102\u001a\u00020\u0010H\u0002R\u000e\u0010\u0004\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\r\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u000e\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000¨\u00063"}, d2 = {"Lcom/android/identity/cose/Cose;", "", "<init>", "()V", "COSE_KEY_KTY", "", "COSE_KEY_KID", "COSE_KEY_PARAM_CRV", "COSE_KEY_PARAM_X", "COSE_KEY_PARAM_Y", "COSE_KEY_PARAM_D", "COSE_KEY_TYPE_OKP", "COSE_KEY_TYPE_EC2", "COSE_LABEL_ALG", "COSE_LABEL_X5CHAIN", "coseBuildToBeSigned", "", "encodedProtectedHeaders", "dataToBeSigned", "coseSign1Check", "", "publicKey", "Lcom/android/identity/crypto/EcPublicKey;", "detachedData", FidoConstants.WEBAUTHN_RESPONSE_SIGNATURE_JSON_KEY, "Lcom/android/identity/cose/CoseSign1;", "signatureAlgorithm", "Lcom/android/identity/crypto/Algorithm;", "coseSign1Sign", "secureArea", "Lcom/android/identity/securearea/SecureArea;", "alias", "", "message", "includeMessageInPayload", "protectedHeaders", "", "Lcom/android/identity/cose/CoseLabel;", "Lcom/android/identity/cbor/DataItem;", "unprotectedHeaders", "keyUnlockData", "Lcom/android/identity/securearea/KeyUnlockData;", "key", "Lcom/android/identity/crypto/EcPrivateKey;", "dataToSign", "includeDataInPayload", "coseMac0", "Lcom/android/identity/cose/CoseMac0;", "algorithm", "coseBuildToBeMACed", "data", "identity"}, k = 1, mv = {2, 0, 0}, xi = 48)
/* loaded from: classes.dex */
public final class Cose {
    public static final long COSE_KEY_KID = 2;
    public static final long COSE_KEY_KTY = 1;
    public static final long COSE_KEY_PARAM_CRV = -1;
    public static final long COSE_KEY_PARAM_D = -4;
    public static final long COSE_KEY_PARAM_X = -2;
    public static final long COSE_KEY_PARAM_Y = -3;
    public static final long COSE_KEY_TYPE_EC2 = 2;
    public static final long COSE_KEY_TYPE_OKP = 1;
    public static final long COSE_LABEL_ALG = 1;
    public static final long COSE_LABEL_X5CHAIN = 33;
    public static final Cose INSTANCE = new Cose();

    private Cose() {
    }

    private final byte[] coseBuildToBeMACed(byte[] encodedProtectedHeaders, byte[] data) {
        ArrayBuilder<CborBuilder> builder = CborArray.INSTANCE.builder();
        builder.add("MAC0");
        builder.add(encodedProtectedHeaders);
        builder.add(new byte[0]);
        builder.add(data);
        return Cbor.INSTANCE.encode(builder.end().getItem());
    }

    private final byte[] coseBuildToBeSigned(byte[] encodedProtectedHeaders, byte[] dataToBeSigned) {
        ArrayBuilder<CborBuilder> builder = CborArray.INSTANCE.builder();
        builder.add("Signature1");
        builder.add(encodedProtectedHeaders);
        builder.add(new byte[0]);
        builder.add(dataToBeSigned);
        builder.end();
        return Cbor.INSTANCE.encode(builder.end().getItem());
    }

    public final CoseMac0 coseMac0(Algorithm algorithm, byte[] key, byte[] message, boolean includeMessageInPayload, Map<CoseLabel, ? extends DataItem> protectedHeaders, Map<CoseLabel, ? extends DataItem> unprotectedHeaders) {
        byte[] bArr;
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(message, "message");
        Intrinsics.checkNotNullParameter(protectedHeaders, "protectedHeaders");
        Intrinsics.checkNotNullParameter(unprotectedHeaders, "unprotectedHeaders");
        if (protectedHeaders.size() > 0) {
            MapBuilder<CborBuilder> builder = CborMap.INSTANCE.builder();
            for (Map.Entry<CoseLabel, ? extends DataItem> entry : protectedHeaders.entrySet()) {
                CoseLabel key2 = entry.getKey();
                builder.put(key2.toDataItem(), entry.getValue());
            }
            bArr = Cbor.INSTANCE.encode(builder.end().getItem());
        } else {
            bArr = new byte[0];
        }
        byte[] mac = Crypto.INSTANCE.mac(algorithm, key, coseBuildToBeMACed(bArr, message));
        if (!includeMessageInPayload) {
            message = null;
        }
        return new CoseMac0(protectedHeaders, unprotectedHeaders, mac, message);
    }

    public final boolean coseSign1Check(EcPublicKey publicKey, byte[] detachedData, CoseSign1 signature, Algorithm signatureAlgorithm) {
        byte[] bArr;
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        Intrinsics.checkNotNullParameter(signature, "signature");
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        if ((detachedData == null || signature.getPayload() != null) && (detachedData != null || signature.getPayload() == null)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        if (signature.getProtectedHeaders().isEmpty()) {
            bArr = new byte[0];
        } else {
            MapBuilder<CborBuilder> builder = CborMap.INSTANCE.builder();
            for (Map.Entry<CoseLabel, DataItem> entry : signature.getProtectedHeaders().entrySet()) {
                CoseLabel key = entry.getKey();
                builder.put(key.toDataItem(), entry.getValue());
            }
            bArr = Cbor.INSTANCE.encode(builder.end().getItem());
        }
        if (detachedData == null) {
            detachedData = signature.getPayload();
            Intrinsics.checkNotNull(detachedData);
        }
        return Crypto.INSTANCE.checkSignature(publicKey, coseBuildToBeSigned(bArr, detachedData), signatureAlgorithm, EcSignature.INSTANCE.fromCoseEncoded(signature.getSignature()));
    }

    public final CoseSign1 coseSign1Sign(EcPrivateKey key, byte[] dataToSign, boolean includeDataInPayload, Algorithm signatureAlgorithm, Map<CoseLabel, ? extends DataItem> protectedHeaders, Map<CoseLabel, ? extends DataItem> unprotectedHeaders) {
        byte[] bArr;
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(dataToSign, "dataToSign");
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        Intrinsics.checkNotNullParameter(protectedHeaders, "protectedHeaders");
        Intrinsics.checkNotNullParameter(unprotectedHeaders, "unprotectedHeaders");
        if (protectedHeaders.size() > 0) {
            MapBuilder<CborBuilder> builder = CborMap.INSTANCE.builder();
            for (Map.Entry<CoseLabel, ? extends DataItem> entry : protectedHeaders.entrySet()) {
                CoseLabel key2 = entry.getKey();
                builder.put(key2.toDataItem(), entry.getValue());
            }
            bArr = Cbor.INSTANCE.encode(builder.end().getItem());
        } else {
            bArr = new byte[0];
        }
        byte[] coseEncoded = Crypto.INSTANCE.sign(key, signatureAlgorithm, coseBuildToBeSigned(bArr, dataToSign)).toCoseEncoded();
        if (!includeDataInPayload) {
            dataToSign = null;
        }
        return new CoseSign1(protectedHeaders, unprotectedHeaders, coseEncoded, dataToSign);
    }

    public final CoseSign1 coseSign1Sign(SecureArea secureArea, String alias, byte[] message, boolean includeMessageInPayload, Algorithm signatureAlgorithm, Map<CoseLabel, ? extends DataItem> protectedHeaders, Map<CoseLabel, ? extends DataItem> unprotectedHeaders, KeyUnlockData keyUnlockData) {
        byte[] bArr;
        Intrinsics.checkNotNullParameter(secureArea, "secureArea");
        Intrinsics.checkNotNullParameter(alias, "alias");
        Intrinsics.checkNotNullParameter(message, "message");
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        Intrinsics.checkNotNullParameter(protectedHeaders, "protectedHeaders");
        Intrinsics.checkNotNullParameter(unprotectedHeaders, "unprotectedHeaders");
        if (protectedHeaders.isEmpty()) {
            bArr = new byte[0];
        } else {
            MapBuilder<CborBuilder> builder = CborMap.INSTANCE.builder();
            for (Map.Entry<CoseLabel, ? extends DataItem> entry : protectedHeaders.entrySet()) {
                CoseLabel key = entry.getKey();
                builder.put(key.toDataItem(), entry.getValue());
            }
            bArr = Cbor.INSTANCE.encode(builder.end().getItem());
        }
        byte[] coseEncoded = secureArea.sign(alias, signatureAlgorithm, coseBuildToBeSigned(bArr, message), keyUnlockData).toCoseEncoded();
        if (!includeMessageInPayload) {
            message = null;
        }
        return new CoseSign1(protectedHeaders, unprotectedHeaders, coseEncoded, message);
    }
}
