package com.android.identity.mdoc.response;

import androidx.core.app.NotificationCompat;
import co.nstant.in.cbor.CborBuilder;
import co.nstant.in.cbor.model.ByteString;
import co.nstant.in.cbor.model.DataItem;
import co.nstant.in.cbor.model.Map;
import co.nstant.in.cbor.model.UnicodeString;
import com.android.identity.internal.Util;
import com.android.identity.mdoc.mso.MobileSecurityObjectParser;
import com.android.identity.util.Logger;
import com.android.identity.util.Timestamp;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Set;

/* loaded from: classes3.dex */
public final class DeviceResponseParser {
    private PrivateKey mEReaderKey;
    private byte[] mEncodedDeviceResponse;
    private byte[] mEncodedSessionTranscript;

    /* loaded from: classes3.dex */
    public static final class DeviceResponse {
        static final String TAG = "DeviceResponse";
        List<Document> mResultDocuments = null;
        private long mResultStatus = 0;
        private String mVersion;

        DeviceResponse() {
        }

        private void parseDeviceSigned(DataItem dataItem, String str, byte[] bArr, PublicKey publicKey, PrivateKey privateKey, Document.Builder builder) {
            boolean z;
            DataItem cborMapExtract = Util.cborMapExtract(dataItem, "nameSpaces");
            if (!cborMapExtract.hasTag() && cborMapExtract.getTag().getValue() == 24 && !(cborMapExtract instanceof ByteString)) {
                throw new IllegalArgumentException("nameSpaces isn't a tagged ByteString");
            }
            byte[] bytes = ((ByteString) cborMapExtract).getBytes();
            DataItem cborDecode = Util.cborDecode(bArr);
            Map map = (Map) Util.cborMapExtractMap(dataItem, "deviceAuth");
            DataItem dataItem2 = map.get(new UnicodeString("deviceSignature"));
            byte[] cborEncode = Util.cborEncode(new CborBuilder().addArray().add("DeviceAuthentication").add(cborDecode).add(str).add(Util.cborBuildTaggedByteString(bytes)).end().build().get(0));
            if (dataItem2 != null) {
                z = Util.coseSign1CheckSignature(dataItem2, Util.cborEncode(Util.cborBuildTaggedByteString(cborEncode)), publicKey);
                builder.setDeviceSignedAuthenticatedViaSignature(true);
            } else {
                DataItem dataItem3 = map.get(new UnicodeString("deviceMac"));
                if (dataItem3 == null) {
                    throw new IllegalArgumentException("Neither deviceSignature nor deviceMac in deviceAuth");
                }
                DataItem coseMac0 = Util.coseMac0(Util.calcEMacKeyForReader(publicKey, privateKey, bArr), new byte[0], Util.cborEncode(Util.cborBuildTaggedByteString(cborEncode)));
                byte[] coseMac0GetTag = Util.coseMac0GetTag(dataItem3);
                byte[] coseMac0GetTag2 = Util.coseMac0GetTag(coseMac0);
                boolean equals = Arrays.equals(coseMac0GetTag2, coseMac0GetTag);
                if (equals) {
                    Logger.d(TAG, "Verified DeviceSigned using MAC");
                } else {
                    Logger.d(TAG, "Device MAC mismatch, got " + Util.toHex(coseMac0GetTag) + " expected " + Util.toHex(coseMac0GetTag2));
                }
                z = equals;
            }
            builder.setDeviceSignedAuthenticated(z);
            DataItem cborDecode2 = Util.cborDecode(bytes);
            for (String str2 : Util.cborMapExtractMapStringKeys(cborDecode2)) {
                DataItem cborMapExtract2 = Util.cborMapExtract(cborDecode2, str2);
                for (String str3 : Util.cborMapExtractMapStringKeys(cborMapExtract2)) {
                    builder.addDeviceEntry(str2, str3, Util.cborEncode(Util.cborMapExtract(cborMapExtract2, str3)));
                }
            }
        }

        private PublicKey parseIssuerSigned(String str, DataItem dataItem, Document.Builder builder) {
            DataItem cborMapExtract = Util.cborMapExtract(dataItem, "issuerAuth");
            List<X509Certificate> coseSign1GetX5Chain = Util.coseSign1GetX5Chain(cborMapExtract);
            if (coseSign1GetX5Chain.size() < 1) {
                throw new IllegalArgumentException("No x5chain element in issuer signature");
            }
            boolean coseSign1CheckSignature = Util.coseSign1CheckSignature(cborMapExtract, null, coseSign1GetX5Chain.iterator().next().getPublicKey());
            Logger.d(TAG, "issuerSignedAuthenticated: " + coseSign1CheckSignature);
            builder.setIssuerSignedAuthenticated(coseSign1CheckSignature);
            builder.setIssuerCertificateChain(coseSign1GetX5Chain);
            MobileSecurityObjectParser.MobileSecurityObject parse = new MobileSecurityObjectParser().setMobileSecurityObject(Util.cborExtractTaggedCbor(Util.coseSign1GetData(cborMapExtract))).parse();
            builder.setValidityInfoSigned(parse.getSigned());
            builder.setValidityInfoValidFrom(parse.getValidFrom());
            builder.setValidityInfoValidUntil(parse.getValidUntil());
            if (parse.getExpectedUpdate() != null) {
                builder.setValidityInfoExpectedUpdate(parse.getExpectedUpdate());
            }
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(parse.getDigestAlgorithm());
                String docType = parse.getDocType();
                if (!docType.equals(str)) {
                    throw new IllegalArgumentException("docType in MSO '" + docType + "' does not match docType from Document");
                }
                Set<String> valueDigestNamespaces = parse.getValueDigestNamespaces();
                HashMap hashMap = new HashMap();
                for (String str2 : valueDigestNamespaces) {
                    hashMap.put(str2, parse.getDigestIDs(str2));
                }
                PublicKey deviceKey = parse.getDeviceKey();
                if (Util.cborMapHasKey(dataItem, "nameSpaces")) {
                    DataItem cborMapExtractMap = Util.cborMapExtractMap(dataItem, "nameSpaces");
                    for (String str3 : Util.cborMapExtractMapStringKeys(cborMapExtractMap)) {
                        java.util.Map map = (java.util.Map) hashMap.get(str3);
                        if (map == null) {
                            throw new IllegalArgumentException("No digestID MSO entry for namespace " + str3);
                        }
                        for (DataItem dataItem2 : Util.cborMapExtractArray(cborMapExtractMap, str3)) {
                            if (!dataItem2.hasTag() || dataItem2.getTag().getValue() != 24 || !(dataItem2 instanceof ByteString)) {
                                throw new IllegalArgumentException("issuerSignedItemBytes is not a tagged ByteString");
                            }
                            byte[] digest = messageDigest.digest(Util.cborEncode(Util.cborBuildTaggedByteString(((ByteString) dataItem2).getBytes())));
                            DataItem cborExtractTaggedAndEncodedCbor = Util.cborExtractTaggedAndEncodedCbor(dataItem2);
                            String cborMapExtractString = Util.cborMapExtractString(cborExtractTaggedAndEncodedCbor, "elementIdentifier");
                            DataItem cborMapExtract2 = Util.cborMapExtract(cborExtractTaggedAndEncodedCbor, "elementValue");
                            long cborMapExtractNumber = Util.cborMapExtractNumber(cborExtractTaggedAndEncodedCbor, "digestID");
                            byte[] bArr = (byte[]) map.get(Long.valueOf(cborMapExtractNumber));
                            if (bArr == null) {
                                throw new IllegalArgumentException("No digestID MSO entry for ID " + cborMapExtractNumber + " in namespace " + str3);
                            }
                            builder.addIssuerEntry(str3, cborMapExtractString, Util.cborEncode(cborMapExtract2), Arrays.equals(digest, bArr));
                        }
                    }
                }
                return deviceKey;
            } catch (NoSuchAlgorithmException unused) {
                throw new IllegalStateException("Failed creating digester");
            }
        }

        public List<Document> getDocuments() {
            return this.mResultDocuments;
        }

        public long getStatus() {
            return this.mResultStatus;
        }

        public String getVersion() {
            return this.mVersion;
        }

        void parse(byte[] bArr, byte[] bArr2, PrivateKey privateKey) {
            this.mResultDocuments = null;
            DataItem cborDecode = Util.cborDecode(bArr);
            ArrayList arrayList = new ArrayList();
            String cborMapExtractString = Util.cborMapExtractString(cborDecode, "version");
            this.mVersion = cborMapExtractString;
            if (cborMapExtractString.compareTo("1.0") < 0) {
                throw new IllegalArgumentException("Given version '" + this.mVersion + "' not >= '1.0'");
            }
            if (Util.cborMapHasKey(cborDecode, "documents")) {
                for (DataItem dataItem : Util.cborMapExtractArray(cborDecode, "documents")) {
                    String cborMapExtractString2 = Util.cborMapExtractString(dataItem, "docType");
                    Document.Builder builder = new Document.Builder(cborMapExtractString2);
                    PublicKey parseIssuerSigned = parseIssuerSigned(cborMapExtractString2, Util.cborMapExtractMap(dataItem, "issuerSigned"), builder);
                    builder.setDeviceKey(parseIssuerSigned);
                    parseDeviceSigned(Util.cborMapExtractMap(dataItem, "deviceSigned"), cborMapExtractString2, bArr2, parseIssuerSigned, privateKey, builder);
                    arrayList.add(builder.build());
                }
            }
            this.mResultStatus = Util.cborMapExtractNumber(cborDecode, NotificationCompat.CATEGORY_STATUS);
            this.mResultDocuments = arrayList;
        }
    }

    /* loaded from: classes3.dex */
    public static class Document {
        static final String TAG = "Document";
        PublicKey mDeviceKey;
        boolean mDeviceSignedAuthenticated;
        boolean mDeviceSignedAuthenticatedViaSignature;
        String mDocType;
        List<X509Certificate> mIssuerCertificateChain;
        boolean mIssuerSignedAuthenticated;
        int mNumIssuerEntryDigestMatchFailures;
        Timestamp mValidityInfoExpectedUpdate;
        Timestamp mValidityInfoSigned;
        Timestamp mValidityInfoValidFrom;
        Timestamp mValidityInfoValidUntil;
        java.util.Map<String, java.util.Map<String, EntryData>> mDeviceData = new LinkedHashMap();
        java.util.Map<String, java.util.Map<String, EntryData>> mIssuerData = new LinkedHashMap();

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes3.dex */
        public static class Builder {
            private final Document mResult;

            Builder(String str) {
                Document document = new Document();
                this.mResult = document;
                document.mDocType = str;
            }

            Builder addDeviceEntry(String str, String str2, byte[] bArr) {
                java.util.Map<String, EntryData> map = this.mResult.mDeviceData.get(str);
                if (map == null) {
                    map = new LinkedHashMap<>();
                    this.mResult.mDeviceData.put(str, map);
                }
                map.put(str2, new EntryData(bArr, true));
                return this;
            }

            Builder addIssuerEntry(String str, String str2, byte[] bArr, boolean z) {
                java.util.Map<String, EntryData> map = this.mResult.mIssuerData.get(str);
                if (map == null) {
                    map = new LinkedHashMap<>();
                    this.mResult.mIssuerData.put(str, map);
                }
                map.put(str2, new EntryData(bArr, z));
                if (!z) {
                    this.mResult.mNumIssuerEntryDigestMatchFailures++;
                }
                return this;
            }

            Document build() {
                return this.mResult;
            }

            Builder setDeviceKey(PublicKey publicKey) {
                this.mResult.mDeviceKey = publicKey;
                return this;
            }

            Builder setDeviceSignedAuthenticated(boolean z) {
                this.mResult.mDeviceSignedAuthenticated = z;
                return this;
            }

            Builder setDeviceSignedAuthenticatedViaSignature(boolean z) {
                this.mResult.mDeviceSignedAuthenticatedViaSignature = z;
                return this;
            }

            void setIssuerCertificateChain(List<X509Certificate> list) {
                this.mResult.mIssuerCertificateChain = list;
            }

            Builder setIssuerSignedAuthenticated(boolean z) {
                this.mResult.mIssuerSignedAuthenticated = z;
                return this;
            }

            Builder setValidityInfoExpectedUpdate(Timestamp timestamp) {
                this.mResult.mValidityInfoExpectedUpdate = timestamp;
                return this;
            }

            Builder setValidityInfoSigned(Timestamp timestamp) {
                this.mResult.mValidityInfoSigned = timestamp;
                return this;
            }

            Builder setValidityInfoValidFrom(Timestamp timestamp) {
                this.mResult.mValidityInfoValidFrom = timestamp;
                return this;
            }

            Builder setValidityInfoValidUntil(Timestamp timestamp) {
                this.mResult.mValidityInfoValidUntil = timestamp;
                return this;
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes3.dex */
        public static class EntryData {
            boolean mDigestMatch;
            byte[] mValue;

            EntryData(byte[] bArr, boolean z) {
                this.mValue = bArr;
                this.mDigestMatch = z;
            }
        }

        public boolean getDeviceEntryBoolean(String str, String str2) {
            return Util.cborDecodeBoolean(getDeviceEntryData(str, str2));
        }

        public byte[] getDeviceEntryByteString(String str, String str2) {
            return Util.cborDecodeByteString(getDeviceEntryData(str, str2));
        }

        public byte[] getDeviceEntryData(String str, String str2) {
            java.util.Map<String, EntryData> map = this.mDeviceData.get(str);
            if (map == null) {
                throw new IllegalArgumentException("Namespace not in data");
            }
            byte[] bArr = map.get(str2).mValue;
            if (bArr != null) {
                return bArr;
            }
            throw new IllegalArgumentException("Entry not in data");
        }

        public Timestamp getDeviceEntryDateTime(String str, String str2) {
            return Util.cborDecodeDateTime(getDeviceEntryData(str, str2));
        }

        public List<String> getDeviceEntryNames(String str) {
            java.util.Map<String, EntryData> map = this.mDeviceData.get(str);
            if (map != null) {
                return new ArrayList(map.keySet());
            }
            throw new IllegalArgumentException("Namespace not in data");
        }

        public long getDeviceEntryNumber(String str, String str2) {
            return Util.cborDecodeLong(getDeviceEntryData(str, str2));
        }

        public String getDeviceEntryString(String str, String str2) {
            return Util.cborDecodeString(getDeviceEntryData(str, str2));
        }

        public PublicKey getDeviceKey() {
            return this.mDeviceKey;
        }

        public List<String> getDeviceNamespaces() {
            return new ArrayList(this.mDeviceData.keySet());
        }

        public boolean getDeviceSignedAuthenticated() {
            return this.mDeviceSignedAuthenticated;
        }

        public boolean getDeviceSignedAuthenticatedViaSignature() {
            return this.mDeviceSignedAuthenticatedViaSignature;
        }

        public String getDocType() {
            return this.mDocType;
        }

        public List<X509Certificate> getIssuerCertificateChain() {
            return this.mIssuerCertificateChain;
        }

        public boolean getIssuerEntryBoolean(String str, String str2) {
            return Util.cborDecodeBoolean(getIssuerEntryData(str, str2));
        }

        public byte[] getIssuerEntryByteString(String str, String str2) {
            return Util.cborDecodeByteString(getIssuerEntryData(str, str2));
        }

        public byte[] getIssuerEntryData(String str, String str2) {
            java.util.Map<String, EntryData> map = this.mIssuerData.get(str);
            if (map == null) {
                throw new IllegalArgumentException("Namespace not in data");
            }
            EntryData entryData = map.get(str2);
            if (entryData == null || entryData.mValue == null) {
                throw new IllegalArgumentException("Entry not in data");
            }
            return entryData.mValue;
        }

        public Timestamp getIssuerEntryDateTime(String str, String str2) {
            return Util.cborDecodeDateTime(getIssuerEntryData(str, str2));
        }

        public boolean getIssuerEntryDigestMatch(String str, String str2) {
            java.util.Map<String, EntryData> map = this.mIssuerData.get(str);
            if (map == null) {
                throw new IllegalArgumentException("Namespace not in data");
            }
            EntryData entryData = map.get(str2);
            if (entryData == null || entryData.mValue == null) {
                throw new IllegalArgumentException("Entry not in data");
            }
            return entryData.mDigestMatch;
        }

        public List<String> getIssuerEntryNames(String str) {
            java.util.Map<String, EntryData> map = this.mIssuerData.get(str);
            if (map != null) {
                return new ArrayList(map.keySet());
            }
            throw new IllegalArgumentException("Namespace not in data");
        }

        public long getIssuerEntryNumber(String str, String str2) {
            return Util.cborDecodeLong(getIssuerEntryData(str, str2));
        }

        public String getIssuerEntryString(String str, String str2) {
            return Util.cborDecodeString(getIssuerEntryData(str, str2));
        }

        public List<String> getIssuerNamespaces() {
            return new ArrayList(this.mIssuerData.keySet());
        }

        public boolean getIssuerSignedAuthenticated() {
            return this.mIssuerSignedAuthenticated;
        }

        public int getNumIssuerEntryDigestMatchFailures() {
            return this.mNumIssuerEntryDigestMatchFailures;
        }

        public Timestamp getValidityInfoExpectedUpdate() {
            return this.mValidityInfoExpectedUpdate;
        }

        public Timestamp getValidityInfoSigned() {
            return this.mValidityInfoSigned;
        }

        public Timestamp getValidityInfoValidFrom() {
            return this.mValidityInfoValidFrom;
        }

        public Timestamp getValidityInfoValidUntil() {
            return this.mValidityInfoValidUntil;
        }
    }

    public DeviceResponse parse() {
        if (this.mEncodedDeviceResponse == null) {
            throw new IllegalStateException("deviceResponse has not been set");
        }
        if (this.mEncodedSessionTranscript == null) {
            throw new IllegalStateException("sessionTranscript has not been set");
        }
        DeviceResponse deviceResponse = new DeviceResponse();
        deviceResponse.parse(this.mEncodedDeviceResponse, this.mEncodedSessionTranscript, this.mEReaderKey);
        return deviceResponse;
    }

    public DeviceResponseParser setDeviceResponse(byte[] bArr) {
        this.mEncodedDeviceResponse = bArr;
        return this;
    }

    public DeviceResponseParser setEphemeralReaderKey(PrivateKey privateKey) {
        this.mEReaderKey = privateKey;
        return this;
    }

    public DeviceResponseParser setSessionTranscript(byte[] bArr) {
        this.mEncodedSessionTranscript = bArr;
        return this;
    }
}
