package de.culture4life.luca.document.provider.eudcc;

import android.content.Context;
import androidx.lifecycle.t1;
import com.google.crypto.tink.shaded.protobuf.Reader;
import com.nexenio.rxpreferences.provider.m;
import de.culture4life.luca.LucaApplication;
import de.culture4life.luca.document.DocumentParsingException;
import de.culture4life.luca.document.DocumentVerificationException;
import de.culture4life.luca.document.provider.CovidDocumentProvider;
import de.culture4life.luca.network.NetworkManager;
import de.culture4life.luca.network.endpoints.LucaEndpointsV4;
import de.culture4life.luca.network.websocket.WebSocketEvent;
import de.culture4life.luca.util.SerializationUtilKt;
import dgca.verifier.app.decoder.ExtensionsKt;
import dgca.verifier.app.decoder.base45.Base45Decoder;
import dgca.verifier.app.decoder.cose.VerificationCryptoService;
import dgca.verifier.app.decoder.model.VerificationResult;
import dgca.verifier.app.decoder.services.X509;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.CompletableSource;
import io.reactivex.rxjava3.core.Flowable;
import io.reactivex.rxjava3.core.Observable;
import io.reactivex.rxjava3.core.ObservableSource;
import io.reactivex.rxjava3.core.Single;
import io.reactivex.rxjava3.core.SingleSource;
import io.reactivex.rxjava3.disposables.Disposable;
import io.reactivex.rxjava3.exceptions.CompositeException;
import io.reactivex.rxjava3.functions.Consumer;
import io.reactivex.rxjava3.functions.Function;
import io.reactivex.rxjava3.functions.Predicate;
import io.reactivex.rxjava3.internal.functions.Functions;
import io.reactivex.rxjava3.internal.observers.BlockingMultiObserver;
import io.reactivex.rxjava3.internal.operators.completable.CompletableFromSingle;
import io.reactivex.rxjava3.internal.operators.mixed.CompletableAndThenObservable;
import io.reactivex.rxjava3.internal.operators.observable.ObservableEmpty;
import io.reactivex.rxjava3.internal.operators.observable.ObservableError;
import io.reactivex.rxjava3.internal.operators.observable.ObservableFlatMap;
import io.reactivex.rxjava3.internal.operators.observable.ObservableMap;
import io.reactivex.rxjava3.internal.operators.observable.ObservableOnErrorNext;
import io.reactivex.rxjava3.internal.operators.single.SingleDefer;
import io.reactivex.rxjava3.internal.operators.single.SingleFromCallable;
import io.reactivex.rxjava3.internal.operators.single.SingleOnErrorReturn;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.NoSuchElementException;
import java.util.Objects;
import kotlin.Metadata;
import kotlin.jvm.internal.k;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERSequence;
import rk.i;
import rk.l;
import rk.o;
import rk.q;
import wr.e0;
import zn.j;
import zq.n;

@Metadata(d1 = {"\u0000V\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\b\u0016\u0018\u00002\b\u0012\u0004\u0012\u00020\u00020\u0001B\r\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005J\u0016\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u00100\u000f2\u0006\u0010\u0011\u001a\u00020\u0012H\u0016J\u000e\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\u00150\u0014H\u0016J\u0016\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\u00150\u00142\u0006\u0010\u0011\u001a\u00020\u0012H\u0002J\u0016\u0010\u0016\u001a\b\u0012\u0004\u0012\u00020\u00020\u000f2\u0006\u0010\u0011\u001a\u00020\u0012H\u0016J\u0010\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u0018H\u0002J\u0010\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u0011\u001a\u00020\u0012H\u0016J\u000e\u0010\u001c\u001a\u00020\u001b2\u0006\u0010\u0011\u001a\u00020\u0012J\u0018\u0010\u001c\u001a\u00020\u001b2\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u001d\u001a\u00020\u0015H\u0002J\u0018\u0010\u001e\u001a\u00020\u001b2\u0006\u0010\u001f\u001a\u00020\u00182\u0006\u0010 \u001a\u00020\u0018H\u0002R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u0011\u0010\u0003\u001a\u00020\u0004¢\u0006\b\n\u0000\u001a\u0004\b\b\u0010\tR\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006!"}, d2 = {"Lde/culture4life/luca/document/provider/eudcc/EudccDocumentProvider;", "Lde/culture4life/luca/document/provider/CovidDocumentProvider;", "Lde/culture4life/luca/document/provider/eudcc/EudccDocument;", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "base45Decoder", "Ldgca/verifier/app/decoder/base45/Base45Decoder;", "getContext", "()Landroid/content/Context;", "decoder", "Lde/culture4life/luca/document/provider/eudcc/EudccDecoder;", "verifier", "Ldgca/verifier/app/decoder/cose/VerificationCryptoService;", "canParse", "Lio/reactivex/rxjava3/core/Single;", "", "encodedData", "", "fetchSigningKeys", "Lio/reactivex/rxjava3/core/Observable;", "Lde/culture4life/luca/document/provider/eudcc/EudccSigningKey;", "parse", "toDERSignature", "", "tokenSignature", "verify", "Lio/reactivex/rxjava3/core/Completable;", "verifySignature", "signingKey", "verifySigningKeySignature", WebSocketEvent.EVENT_DATA, "signature", "app_production"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes2.dex */
public class EudccDocumentProvider extends CovidDocumentProvider<EudccDocument> {
    private final Base45Decoder base45Decoder;
    private final Context context;
    private final EudccDecoder decoder;
    private final VerificationCryptoService verifier;

    public EudccDocumentProvider(Context context) {
        k.f(context, "context");
        this.context = context;
        Base45Decoder base45Decoder = new Base45Decoder();
        this.base45Decoder = base45Decoder;
        this.decoder = new EudccDecoder(base45Decoder);
        this.verifier = new VerificationCryptoService(new X509());
    }

    public static final Boolean canParse$lambda$0(EudccDocumentProvider this$0, String encodedData) {
        k.f(this$0, "this$0");
        k.f(encodedData, "$encodedData");
        return Boolean.valueOf(new EudccSchemaValidator().validate(this$0.decoder.decodeCoseData(encodedData).getCbor()));
    }

    public static final Boolean canParse$lambda$1(Throwable it) {
        k.f(it, "it");
        return Boolean.FALSE;
    }

    private final Observable<EudccSigningKey> fetchSigningKeys(String encodedData) {
        return new SingleFromCallable(new a(0, this, encodedData)).n(new Function() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$fetchSigningKeys$2
            @Override // io.reactivex.rxjava3.functions.Function
            public final ObservableSource<? extends EudccSigningKey> apply(final String str) {
                return EudccDocumentProvider.this.fetchSigningKeys().j(new Predicate() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$fetchSigningKeys$2.1
                    @Override // io.reactivex.rxjava3.functions.Predicate
                    public final boolean test(EudccSigningKey it) {
                        k.f(it, "it");
                        return k.a(it.getKid(), str);
                    }
                });
            }
        });
    }

    public static final String fetchSigningKeys$lambda$4(EudccDocumentProvider this$0, String encodedData) {
        k.f(this$0, "this$0");
        k.f(encodedData, "$encodedData");
        byte[] kid = this$0.decoder.decodeCoseData(encodedData).getKid();
        String base64 = kid != null ? ExtensionsKt.toBase64(kid) : null;
        k.c(base64);
        return base64;
    }

    public static final SingleSource fetchSigningKeys$lambda$5(EudccDocumentProvider this$0) {
        k.f(this$0, "this$0");
        Context context = this$0.context;
        k.d(context, "null cannot be cast to non-null type de.culture4life.luca.LucaApplication");
        NetworkManager networkManager = ((LucaApplication) context).getNetworkManager();
        k.e(networkManager, "getNetworkManager(...)");
        return networkManager.initialize(this$0.context).g(networkManager.getLucaEndpointsV4()).k(new Function() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$fetchSigningKeys$3$1
            @Override // io.reactivex.rxjava3.functions.Function
            public final SingleSource<? extends e0> apply(LucaEndpointsV4 it) {
                k.f(it, "it");
                return it.getEudccSigningKeys();
            }
        }).p(new Function() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$fetchSigningKeys$3$2
            @Override // io.reactivex.rxjava3.functions.Function
            public final String apply(e0 it) {
                k.f(it, "it");
                return it.r();
            }
        });
    }

    public static final EudccDocument parse$lambda$2(String encodedData, EudccDocumentProvider this$0) {
        k.f(encodedData, "$encodedData");
        k.f(this$0, "this$0");
        return new EudccDocument(encodedData, this$0.decoder.decodeCertificate(encodedData));
    }

    public final byte[] toDERSignature(byte[] tokenSignature) {
        byte[] L = j.L(tokenSignature, 0, tokenSignature.length / 2);
        byte[] L2 = j.L(tokenSignature, tokenSignature.length / 2, tokenSignature.length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ASN1OutputStream create = ASN1OutputStream.create(byteArrayOutputStream, ASN1Encoding.DER);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new ASN1Integer(new BigInteger(1, L)));
        aSN1EncodableVector.add(new ASN1Integer(new BigInteger(1, L2)));
        create.writeObject((ASN1Primitive) new DERSequence(aSN1EncodableVector));
        create.close();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        k.e(byteArray, "toByteArray(...)");
        return byteArray;
    }

    public final Completable verifySignature(String encodedData, EudccSigningKey signingKey) {
        return Completable.n(new m(this, encodedData, signingKey, 1));
    }

    public static final void verifySignature$lambda$3(EudccDocumentProvider this$0, String encodedData, EudccSigningKey signingKey) {
        k.f(this$0, "this$0");
        k.f(encodedData, "$encodedData");
        k.f(signingKey, "$signingKey");
        byte[] encodedCoseData = this$0.decoder.getEncodedCoseData(encodedData);
        X509Certificate base64ToX509Certificate = ExtensionsKt.base64ToX509Certificate(signingKey.getRawData());
        k.c(base64ToX509Certificate);
        VerificationResult verificationResult = new VerificationResult(false, null, false, false, false, false, false, false, false, null, null, null, 4095, null);
        this$0.verifier.validate(encodedCoseData, base64ToX509Certificate, verificationResult);
        if (!verificationResult.getCoseVerified()) {
            throw new IllegalArgumentException("Unable to verify COSE data");
        }
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Object, java.util.concurrent.Callable] */
    public final Completable verifySigningKeySignature(byte[] r32, byte[] signature) {
        return new SingleFromCallable(new Object()).l(new EudccDocumentProvider$verifySigningKeySignature$2(this, r32, signature)).r(new Function() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$verifySigningKeySignature$3
            @Override // io.reactivex.rxjava3.functions.Function
            public final CompletableSource apply(Throwable it) {
                k.f(it, "it");
                return Completable.m(new Exception("Unable to verify signing key signature", it));
            }
        });
    }

    public static final PublicKey verifySigningKeySignature$lambda$6() {
        return KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(SerializationUtilKt.decodeFromBase64$default(n.b0(n.X("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETHfi8foQF4UtSNVxSFxeu7W+gMxd\nSGElhdo7825SD3Lyb+Sqh4G6Kra0ro1BdrM6Qx+hsUx4Qwdby7QY0pzxyA==\n-----END PUBLIC KEY-----\n", "-----BEGIN PUBLIC KEY-----", "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETHfi8foQF4UtSNVxSFxeu7W+gMxd\nSGElhdo7825SD3Lyb+Sqh4G6Kra0ro1BdrM6Qx+hsUx4Qwdby7QY0pzxyA==\n-----END PUBLIC KEY-----\n"), "-----END PUBLIC KEY-----"), 0, 1, null)));
    }

    @Override // de.culture4life.luca.document.provider.CovidDocumentProvider, de.culture4life.luca.document.provider.DocumentProvider
    public Single<Boolean> canParse(String encodedData) {
        k.f(encodedData, "encodedData");
        return new SingleOnErrorReturn(new SingleFromCallable(new c(0, this, encodedData)), new em.b(3), null);
    }

    public Observable<EudccSigningKey> fetchSigningKeys() {
        ObservableMap r10 = new SingleDefer(new com.nexenio.rxkeystore.provider.mac.b(this, 2)).n(new Function() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$fetchSigningKeys$4
            @Override // io.reactivex.rxjava3.functions.Function
            public final ObservableSource<? extends o> apply(String it) {
                byte[] dERSignature;
                Completable verifySigningKeySignature;
                k.f(it, "it");
                String str = n.N(it).get(0);
                String str2 = n.N(it).get(1);
                EudccDocumentProvider eudccDocumentProvider = EudccDocumentProvider.this;
                byte[] bytes = str2.getBytes(zq.a.f34831b);
                k.e(bytes, "getBytes(...)");
                dERSignature = EudccDocumentProvider.this.toDERSignature(SerializationUtilKt.decodeFromBase64$default(str, 0, 1, null));
                verifySigningKeySignature = eudccDocumentProvider.verifySigningKeySignature(bytes, dERSignature);
                verifySigningKeySignature.getClass();
                BlockingMultiObserver blockingMultiObserver = new BlockingMultiObserver();
                verifySigningKeySignature.subscribe(blockingMultiObserver);
                blockingMultiObserver.a();
                return Observable.o((l) ((q) t1.K(q.class).cast(new i().c(str2, new wk.a<>(q.class)))).f26168a.get("certificates"));
            }
        }).r(new Function() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$fetchSigningKeys$5
            @Override // io.reactivex.rxjava3.functions.Function
            public final EudccSigningKey apply(o oVar) {
                return (EudccSigningKey) t1.K(EudccSigningKey.class).cast(oVar == null ? null : new i().b(new com.google.gson.internal.bind.b(oVar), new wk.a<>(EudccSigningKey.class)));
            }
        });
        Function function = new Function() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$fetchSigningKeys$6
            @Override // io.reactivex.rxjava3.functions.Function
            public final ObservableSource<? extends EudccSigningKey> apply(Throwable it) {
                k.f(it, "it");
                return new ObservableError(Functions.e(new IllegalStateException("Unable fetch signing keys", it)));
            }
        };
        Objects.requireNonNull(function, "fallbackSupplier is null");
        return new ObservableOnErrorNext(r10, function);
    }

    public final Context getContext() {
        return this.context;
    }

    @Override // de.culture4life.luca.document.provider.CovidDocumentProvider, de.culture4life.luca.document.provider.DocumentProvider
    public Single<EudccDocument> parse(String encodedData) {
        k.f(encodedData, "encodedData");
        return new SingleFromCallable(new ic.i(this, encodedData)).p(new Function() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$parse$2
            @Override // io.reactivex.rxjava3.functions.Function
            public final EudccDocument apply(EudccDocument eudccDocument) {
                eudccDocument.getDocument().setProvider("EU Digital COVID Certificate");
                eudccDocument.getDocument().setVerified(true);
                return eudccDocument;
            }
        }).s(new Function() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$parse$3
            @Override // io.reactivex.rxjava3.functions.Function
            public final SingleSource<? extends EudccDocument> apply(Throwable throwable) {
                k.f(throwable, "throwable");
                if (throwable instanceof DocumentParsingException) {
                    Single.i(throwable);
                }
                return Single.i(new DocumentParsingException(throwable));
            }
        });
    }

    @Override // de.culture4life.luca.document.provider.CovidDocumentProvider, de.culture4life.luca.document.provider.DocumentProvider
    public Completable verify(String encodedData) {
        k.f(encodedData, "encodedData");
        return super.verify(encodedData).d(verifySignature(encodedData));
    }

    public final Completable verifySignature(final String encodedData) {
        k.f(encodedData, "encodedData");
        return new CompletableFromSingle(new ObservableFlatMap(fetchSigningKeys(encodedData).r(new Function() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$verifySignature$validations$1
            @Override // io.reactivex.rxjava3.functions.Function
            public final Observable<EudccSigningKey> apply(final EudccSigningKey signingKey) {
                Completable verifySignature;
                k.f(signingKey, "signingKey");
                verifySignature = EudccDocumentProvider.this.verifySignature(encodedData, signingKey);
                CompletableAndThenObservable f10 = verifySignature.l(new Consumer() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$verifySignature$validations$1.1
                    @Override // io.reactivex.rxjava3.functions.Consumer
                    public final void accept(Disposable it) {
                        k.f(it, "it");
                        xt.a.f33185a.b("Verifying signature using %s", EudccSigningKey.this);
                    }
                }).j(new Consumer() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$verifySignature$validations$1.2
                    @Override // io.reactivex.rxjava3.functions.Consumer
                    public final void accept(Throwable it) {
                        k.f(it, "it");
                        xt.a.f33185a.h("Signature verification failed: %s", it.toString());
                    }
                }).f(Observable.q(signingKey));
                AnonymousClass3<T, R> anonymousClass3 = new Function() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$verifySignature$validations$1.3
                    @Override // io.reactivex.rxjava3.functions.Function
                    public final ObservableSource<? extends EudccSigningKey> apply(Throwable it) {
                        k.f(it, "it");
                        return ObservableEmpty.f15715a;
                    }
                };
                Objects.requireNonNull(anonymousClass3, "fallbackSupplier is null");
                return new ObservableOnErrorNext(f10, anonymousClass3);
            }
        }), Functions.f14776a, true, Reader.READ_DONE, Flowable.f14745a).k()).r(new Function() { // from class: de.culture4life.luca.document.provider.eudcc.EudccDocumentProvider$verifySignature$1
            @Override // io.reactivex.rxjava3.functions.Function
            public final CompletableSource apply(Throwable it) {
                k.f(it, "it");
                if (it instanceof CompositeException) {
                    Throwable th2 = ((CompositeException) it).f14764a.get(0);
                    k.e(th2, "get(...)");
                    it = th2;
                }
                return it instanceof NoSuchElementException ? Completable.m(new DocumentVerificationException(DocumentVerificationException.Reason.INVALID_SIGNATURE, "Could not find a matching signing key")) : Completable.m(new DocumentVerificationException(DocumentVerificationException.Reason.INVALID_SIGNATURE, it));
            }
        });
    }
}
