package dgca.verifier.app.decoder.cose;

import de.culture4life.luca.crypto.AsymmetricCipherProvider;
import dgca.verifier.app.decoder.SignatureExtKt;
import dgca.verifier.app.decoder.model.CertificateType;
import dgca.verifier.app.decoder.model.VerificationResult;
import dgca.verifier.app.decoder.services.X509;
import en.d;
import fo.a;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.spec.RSAPublicKeySpec;
import jj.c1;
import kotlin.Metadata;
import kotlin.jvm.internal.k;
import org.bouncycastle.asn1.pkcs.RSAPublicKey;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

@Metadata(d1 = {"\u0000<\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\u0018\u00002\u00020\u0001:\u0001\u0019B\u000f\u0012\u0006\u0010\u0015\u001a\u00020\u0014¢\u0006\u0004\b\u0017\u0010\u0018J\u0018\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u0004H\u0002J\u0018\u0010\n\u001a\u00020\u00022\u0006\u0010\b\u001a\u00020\u00022\u0006\u0010\t\u001a\u00020\u0002H\u0002J(\u0010\u0013\u001a\u00020\u00122\u0006\u0010\u000b\u001a\u00020\u00022\u0006\u0010\r\u001a\u00020\f2\u0006\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u0010H\u0016J \u0010\u0013\u001a\u00020\u00122\u0006\u0010\u000b\u001a\u00020\u00022\u0006\u0010\r\u001a\u00020\f2\u0006\u0010\u000f\u001a\u00020\u000eH\u0016R\u0014\u0010\u0015\u001a\u00020\u00148\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0015\u0010\u0016¨\u0006\u001a"}, d2 = {"Ldgca/verifier/app/decoder/cose/VerificationCryptoService;", "Ldgca/verifier/app/decoder/cose/CryptoService;", "", "protectedHeader", "Len/d;", "unprotectedHeader", "", "getAlgoFromHeader", "protected", "content", "getValidationData", "cose", "Ljava/security/cert/Certificate;", "certificate", "Ldgca/verifier/app/decoder/model/VerificationResult;", "verificationResult", "Ldgca/verifier/app/decoder/model/CertificateType;", "certificateType", "Lyn/v;", "validate", "Ldgca/verifier/app/decoder/services/X509;", "x509", "Ldgca/verifier/app/decoder/services/X509;", "<init>", "(Ldgca/verifier/app/decoder/services/X509;)V", "Algo", "decoder_release"}, k = 1, mv = {1, 9, 0})
/* loaded from: classes2.dex */
public final class VerificationCryptoService implements CryptoService {
    private final X509 x509;

    /* JADX WARN: Failed to restore enum class, 'enum' modifier and super class removed */
    /* JADX WARN: Unknown enum class pattern. Please report as an issue! */
    @Metadata(d1 = {"\u0000\u0012\n\u0002\u0018\u0002\n\u0002\u0010\u0010\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0006\b\u0086\u0081\u0002\u0018\u00002\b\u0012\u0004\u0012\u00020\u00000\u0001B\u000f\b\u0002\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u0005\u0010\u0006j\u0002\b\u0007j\u0002\b\b¨\u0006\t"}, d2 = {"Ldgca/verifier/app/decoder/cose/VerificationCryptoService$Algo;", "", "value", "", "(Ljava/lang/String;ILjava/lang/String;)V", "getValue", "()Ljava/lang/String;", "ALGO_ECDSA256", "ALGO_RSA256_PSS", "decoder_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes2.dex */
    public static final class Algo {
        private static final /* synthetic */ a $ENTRIES;
        private static final /* synthetic */ Algo[] $VALUES;
        public static final Algo ALGO_ECDSA256 = new Algo("ALGO_ECDSA256", 0, AsymmetricCipherProvider.SIGNATURE_ALGORITHM);
        public static final Algo ALGO_RSA256_PSS = new Algo("ALGO_RSA256_PSS", 1, "SHA256withRSA/PSS");
        private final String value;

        private static final /* synthetic */ Algo[] $values() {
            return new Algo[]{ALGO_ECDSA256, ALGO_RSA256_PSS};
        }

        static {
            Algo[] $values = $values();
            $VALUES = $values;
            $ENTRIES = c1.l($values);
        }

        private Algo(String str, int i10, String str2) {
            this.value = str2;
        }

        public static a<Algo> getEntries() {
            return $ENTRIES;
        }

        public static Algo valueOf(String str) {
            return (Algo) Enum.valueOf(Algo.class, str);
        }

        public static Algo[] values() {
            return (Algo[]) $VALUES.clone();
        }

        public final String getValue() {
            return this.value;
        }
    }

    public VerificationCryptoService(X509 x509) {
        k.f(x509, "x509");
        this.x509 = x509;
        Security.addProvider(new BouncyCastleProvider());
    }

    private final int getAlgoFromHeader(byte[] protectedHeader, d unprotectedHeader) {
        if (!(protectedHeader.length == 0)) {
            try {
                d j02 = d.A(protectedHeader).j0(1);
                if (j02 == null) {
                    j02 = unprotectedHeader.j0(1);
                }
                return j02.q();
            } catch (Exception unused) {
            }
        }
        return unprotectedHeader.j0(1).q();
    }

    private final byte[] getValidationData(byte[] r32, byte[] content) {
        d V = d.V();
        V.b("Signature1");
        V.b(r32);
        V.b(new byte[0]);
        V.b(content);
        byte[] B = V.B();
        k.e(B, "EncodeToBytes(...)");
        return B;
    }

    @Override // dgca.verifier.app.decoder.cose.CryptoService
    public void validate(byte[] cose, Certificate certificate, VerificationResult verificationResult) {
        k.f(cose, "cose");
        k.f(certificate, "certificate");
        k.f(verificationResult, "verificationResult");
        PublicKey publicKey = certificate.getPublicKey();
        boolean z10 = false;
        try {
            d A = d.A(cose);
            byte[] L = A.j0(3).L();
            byte[] L2 = A.j0(0).L();
            d j02 = A.j0(1);
            byte[] L3 = A.j0(2).L();
            k.c(L2);
            k.c(L3);
            byte[] validationData = getValidationData(L2, L3);
            k.c(j02);
            int algoFromHeader = getAlgoFromHeader(L2, j02);
            if (algoFromHeader == -37) {
                RSAPublicKey rSAPublicKey = RSAPublicKey.getInstance(SubjectPublicKeyInfo.getInstance(certificate.getPublicKey().getEncoded()).getPublicKeyData().getBytes());
                PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
                Signature signature = Signature.getInstance(Algo.ALGO_RSA256_PSS.getValue());
                k.e(signature, "getInstance(...)");
                k.c(generatePublic);
                k.c(L);
                z10 = SignatureExtKt.verify(signature, generatePublic, validationData, L);
            } else if (algoFromHeader == -7) {
                k.c(L);
                byte[] convertToDer = SignatureExtKt.convertToDer(L);
                Signature signature2 = Signature.getInstance(Algo.ALGO_ECDSA256.getValue());
                k.e(signature2, "getInstance(...)");
                k.c(publicKey);
                k.c(convertToDer);
                z10 = SignatureExtKt.verify(signature2, publicKey, validationData, convertToDer);
            }
        } catch (Exception unused) {
        }
        verificationResult.setCoseVerified(z10);
    }

    @Override // dgca.verifier.app.decoder.cose.CryptoService
    public void validate(byte[] cose, Certificate certificate, VerificationResult verificationResult, CertificateType certificateType) {
        k.f(cose, "cose");
        k.f(certificate, "certificate");
        k.f(verificationResult, "verificationResult");
        k.f(certificateType, "certificateType");
        validate(cose, certificate, verificationResult);
        verificationResult.setCoseVerified(verificationResult.getCoseVerified() && (certificateType == CertificateType.UNKNOWN || this.x509.isSuitable(certificate.getEncoded(), certificateType)));
    }
}
