package de.rki.covpass.sdk.cert;

import com.upokecenter.cbor.CBORObject;
import de.rki.covpass.sdk.cert.models.CBORWebToken;
import de.rki.covpass.sdk.cert.models.CovCertificate;
import de.rki.covpass.sdk.cert.models.DGCEntry;
import de.rki.covpass.sdk.cert.models.TestCert;
import de.rki.covpass.sdk.cert.models.Vaccination;
import de.rki.covpass.sdk.crypto.KeyIdentifier;
import de.rki.covpass.sdk.utils.CBORObjectUtilsKt;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Set;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt__CollectionsKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.collections.SetsKt__SetsKt;
import kotlin.collections.SetsKt___SetsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlinx.serialization.SerializersKt;
import kotlinx.serialization.cbor.Cbor;
import org.jetbrains.annotations.NotNull;

/* compiled from: CertValidator.kt */
@Metadata(d1 = {"\u0000l\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u001c\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\"\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010 \n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018\u0000 '2\u00020\u0001:\u0001'B\u001d\u0012\f\u0010\u0002\u001a\b\u0012\u0004\u0012\u00020\u00040\u0003\u0012\b\b\u0002\u0010\u0005\u001a\u00020\u0006¢\u0006\u0002\u0010\u0007J\u0018\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00042\u0006\u0010\u0013\u001a\u00020\u0014H\u0002J\u0018\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u00182\b\b\u0002\u0010\u0013\u001a\u00020\u0014J\u001d\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u0012\u001a\u00020\u001bH\u0000¢\u0006\u0002\b\u001cJ\u0015\u0010\u001d\u001a\u00020\u00162\u0006\u0010\u0019\u001a\u00020\u001aH\u0000¢\u0006\u0002\b\u001eJ\u0016\u0010\u001f\u001a\b\u0012\u0004\u0012\u00020\u00040 2\u0006\u0010!\u001a\u00020\"H\u0002J\u0014\u0010#\u001a\u00020\u00112\f\u0010\u0002\u001a\b\u0012\u0004\u0012\u00020\u00040\u0003J\u0014\u0010$\u001a\u00020\u0014*\u00020\u001b2\u0006\u0010%\u001a\u00020&H\u0002R\u0014\u0010\b\u001a\b\u0012\u0004\u0012\u00020\n0\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\u000b\u001a\b\u0012\u0004\u0012\u00020\n0\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\rX\u0082\u000e¢\u0006\u0002\n\u0000R\u0014\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\n0\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\u000f\u001a\b\u0012\u0004\u0012\u00020\n0\tX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006("}, d2 = {"Lde/rki/covpass/sdk/cert/CertValidator;", "", "trusted", "", "Lde/rki/covpass/sdk/cert/TrustedCert;", "cbor", "Lkotlinx/serialization/cbor/Cbor;", "(Ljava/lang/Iterable;Lkotlinx/serialization/cbor/Cbor;)V", "allCertOids", "", "", "recoveryCertOids", "state", "Lde/rki/covpass/sdk/cert/CertValidatorState;", "testCertOids", "vaccinationCertOids", "checkValidity", "", "cert", "allowExpiredCertificates", "", "decodeAndValidate", "Lde/rki/covpass/sdk/cert/models/CovCertificate;", "cose", "LCOSE/Sign1Message;", "cwt", "Lde/rki/covpass/sdk/cert/models/CBORWebToken;", "Ljava/security/cert/X509Certificate;", "decodeAndValidate$covpass_sdk_release", "decodeCovCert", "decodeCovCert$covpass_sdk_release", "findByKid", "", "kid", "Lde/rki/covpass/sdk/crypto/KeyIdentifier;", "updateTrustedCerts", "checkCertOid", "dgcEntry", "Lde/rki/covpass/sdk/cert/models/DGCEntry;", "Companion", "covpass-sdk_release"}, k = 1, mv = {1, 7, 1}, xi = 48)
/* loaded from: classes4.dex */
public final class CertValidator {

    @NotNull
    private static final Companion Companion = new Companion(null);

    @NotNull
    private final Set<String> allCertOids;

    @NotNull
    private final Cbor cbor;

    @NotNull
    private final Set<String> recoveryCertOids;

    @NotNull
    private CertValidatorState state;

    @NotNull
    private final Set<String> testCertOids;

    @NotNull
    private final Set<String> vaccinationCertOids;

    /* compiled from: CertValidator.kt */
    @Metadata(d1 = {"\u0000\u0014\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0003\b\u0082\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000¨\u0006\u0007"}, d2 = {"Lde/rki/covpass/sdk/cert/CertValidator$Companion;", "", "()V", "DIGITAL_GREEN_CERTIFICATE", "", "HEALTH_CERTIFICATE_CLAIM", "SIGNATURE_ALGORITHM_ECDSA", "covpass-sdk_release"}, k = 1, mv = {1, 7, 1}, xi = 48)
    /* loaded from: classes4.dex */
    private static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public CertValidator(@NotNull Iterable<TrustedCert> trusted, @NotNull Cbor cbor) {
        Set<String> of;
        Set<String> of2;
        Set<String> of3;
        Set plus;
        Set<String> plus2;
        Intrinsics.checkNotNullParameter(trusted, "trusted");
        Intrinsics.checkNotNullParameter(cbor, "cbor");
        this.cbor = cbor;
        this.state = new CertValidatorState(trusted);
        of = SetsKt__SetsKt.setOf((Object[]) new String[]{"1.3.6.1.4.1.1847.2021.1.2", "1.3.6.1.4.1.0.1847.2021.1.2"});
        this.vaccinationCertOids = of;
        of2 = SetsKt__SetsKt.setOf((Object[]) new String[]{"1.3.6.1.4.1.1847.2021.1.1", "1.3.6.1.4.1.0.1847.2021.1.1"});
        this.testCertOids = of2;
        of3 = SetsKt__SetsKt.setOf((Object[]) new String[]{"1.3.6.1.4.1.1847.2021.1.3", "1.3.6.1.4.1.0.1847.2021.1.3"});
        this.recoveryCertOids = of3;
        plus = SetsKt___SetsKt.plus((Set) of, (Iterable) of2);
        plus2 = SetsKt___SetsKt.plus(plus, (Iterable) of3);
        this.allCertOids = plus2;
    }

    private final boolean checkCertOid(X509Certificate x509Certificate, DGCEntry dGCEntry) {
        Set set;
        Set intersect;
        Set intersect2;
        List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
        if (extendedKeyUsage == null || extendedKeyUsage.isEmpty()) {
            intersect = SetsKt__SetsKt.emptySet();
        } else {
            List<String> extendedKeyUsage2 = x509Certificate.getExtendedKeyUsage();
            Intrinsics.checkNotNullExpressionValue(extendedKeyUsage2, "extendedKeyUsage");
            set = CollectionsKt___CollectionsKt.toSet(extendedKeyUsage2);
            intersect = CollectionsKt___CollectionsKt.intersect(set, this.allCertOids);
        }
        if (!intersect.isEmpty()) {
            intersect2 = CollectionsKt___CollectionsKt.intersect(dGCEntry instanceof Vaccination ? this.vaccinationCertOids : dGCEntry instanceof TestCert ? this.testCertOids : this.recoveryCertOids, intersect);
            if (!(!intersect2.isEmpty())) {
                return false;
            }
        }
        return true;
    }

    private final void checkValidity(TrustedCert cert, boolean allowExpiredCertificates) {
        try {
            cert.getCertificate().checkValidity();
        } catch (CertificateExpiredException e) {
            if (!allowExpiredCertificates) {
                throw e;
            }
        }
    }

    private final List<TrustedCert> findByKid(KeyIdentifier kid) {
        List<TrustedCert> emptyList;
        List<TrustedCert> list = this.state.getKidToCerts().get(kid);
        if (list != null) {
            return list;
        }
        emptyList = CollectionsKt__CollectionsKt.emptyList();
        return emptyList;
    }

    /* JADX WARN: Code restructure failed: missing block: B:13:0x004a, code lost:
    
        r7 = kotlin.collections.ArraysKt___ArraysKt.sliceArray(r7, new kotlin.ranges.IntRange(0, 7));
     */
    @org.jetbrains.annotations.NotNull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final de.rki.covpass.sdk.cert.models.CovCertificate decodeAndValidate(@org.jetbrains.annotations.NotNull COSE.Sign1Message r26, boolean r27) {
        /*
            Method dump skipped, instructions count: 297
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: de.rki.covpass.sdk.cert.CertValidator.decodeAndValidate(COSE.Sign1Message, boolean):de.rki.covpass.sdk.cert.models.CovCertificate");
    }

    @NotNull
    public final CovCertificate decodeAndValidate$covpass_sdk_release(@NotNull CBORWebToken cwt, @NotNull X509Certificate cert) {
        Intrinsics.checkNotNullParameter(cwt, "cwt");
        Intrinsics.checkNotNullParameter(cert, "cert");
        CovCertificate decodeCovCert$covpass_sdk_release = decodeCovCert$covpass_sdk_release(cwt);
        if (checkCertOid(cert, decodeCovCert$covpass_sdk_release.getDgcEntry())) {
            return CovCertificate.copy$default(decodeCovCert$covpass_sdk_release, cwt.getIssuer(), cwt.getValidFrom(), cwt.getValidUntil(), null, null, null, null, null, null, null, null, 2040, null);
        }
        throw new NoMatchingExtendedKeyUsageException(null, 1, null);
    }

    @NotNull
    public final CovCertificate decodeCovCert$covpass_sdk_release(@NotNull CBORWebToken cwt) {
        Intrinsics.checkNotNullParameter(cwt, "cwt");
        Cbor cbor = this.cbor;
        CBORObject cBORObject = cwt.getRawCbor().get(-260).get(1);
        Intrinsics.checkNotNullExpressionValue(cBORObject, "cwt.rawCbor[HEALTH_CERTI…IGITAL_GREEN_CERTIFICATE]");
        byte[] EncodeToBytes = CBORObjectUtilsKt.trimAllStrings(cBORObject).EncodeToBytes();
        Intrinsics.checkNotNullExpressionValue(EncodeToBytes, "cwt.rawCbor[HEALTH_CERTI…Strings().EncodeToBytes()");
        return (CovCertificate) cbor.decodeFromByteArray(SerializersKt.serializer(cbor.getSerializersModule(), Reflection.typeOf(CovCertificate.class)), EncodeToBytes);
    }

    public final void updateTrustedCerts(@NotNull Iterable<TrustedCert> trusted) {
        Intrinsics.checkNotNullParameter(trusted, "trusted");
        this.state = new CertValidatorState(trusted);
    }
}
