package g.a.a.d.b;

import c.u;
import de.rki.covpass.sdk.cert.models.CovCertificate;
import de.rki.covpass.sdk.cert.models.Test;
import de.rki.covpass.sdk.cert.models.Vaccination;
import de.rki.covpass.sdk.cert.models.a;
import f.h.a.o;
import j$.time.Instant;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Set;
import kotlin.g0.a0;
import kotlin.g0.v0;
import kotlin.g0.w0;
import kotlin.m0.e.h0;
import kotlin.m0.e.s;
import kotlinx.serialization.SerializersKt;

/* compiled from: CertValidator.kt */
/* loaded from: classes.dex */
public final class c {
    private static final a Companion = new a(null);
    private final kotlinx.serialization.m.b a;
    private d b;

    /* renamed from: c, reason: collision with root package name */
    private final Set<String> f4133c;

    /* renamed from: d, reason: collision with root package name */
    private final Set<String> f4134d;

    /* renamed from: e, reason: collision with root package name */
    private final Set<String> f4135e;

    /* renamed from: f, reason: collision with root package name */
    private final Set<String> f4136f;

    /* compiled from: CertValidator.kt */
    /* loaded from: classes.dex */
    private static final class a {
        private a() {
        }

        public /* synthetic */ a(kotlin.m0.e.l lVar) {
            this();
        }
    }

    public c(Iterable<l> iterable, kotlinx.serialization.m.b bVar) {
        Set<String> e2;
        Set<String> e3;
        Set<String> e4;
        Set g2;
        Set<String> g3;
        s.e(iterable, "trusted");
        s.e(bVar, "cbor");
        this.a = bVar;
        this.b = new d(iterable);
        e2 = v0.e("1.3.6.1.4.1.1847.2021.1.2", "1.3.6.1.4.1.0.1847.2021.1.2");
        this.f4133c = e2;
        e3 = v0.e("1.3.6.1.4.1.1847.2021.1.1", "1.3.6.1.4.1.0.1847.2021.1.1");
        this.f4134d = e3;
        e4 = v0.e("1.3.6.1.4.1.1847.2021.1.3", "1.3.6.1.4.1.0.1847.2021.1.3");
        this.f4135e = e4;
        g2 = w0.g(e2, e3);
        g3 = w0.g(g2, e4);
        this.f4136f = g3;
    }

    private final boolean a(X509Certificate x509Certificate, de.rki.covpass.sdk.cert.models.c cVar) {
        Set M0;
        Set b0;
        Set b02;
        List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
        if (extendedKeyUsage == null || extendedKeyUsage.isEmpty()) {
            b0 = v0.b();
        } else {
            List<String> extendedKeyUsage2 = x509Certificate.getExtendedKeyUsage();
            s.d(extendedKeyUsage2, "extendedKeyUsage");
            M0 = a0.M0(extendedKeyUsage2);
            b0 = a0.b0(M0, this.f4136f);
        }
        if (!b0.isEmpty()) {
            b02 = a0.b0(cVar instanceof Vaccination ? this.f4133c : cVar instanceof Test ? this.f4134d : this.f4135e, b0);
            if (!(!b02.isEmpty())) {
                return false;
            }
        }
        return true;
    }

    private final List<l> e(g.a.a.d.c.a aVar) {
        List<l> f2;
        List<l> list = this.b.a().get(aVar);
        if (list != null) {
            return list;
        }
        f2 = kotlin.g0.s.f();
        return f2;
    }

    public final CovCertificate b(u uVar) {
        byte[] p0;
        s.e(uVar, "cose");
        a.C0096a c0096a = de.rki.covpass.sdk.cert.models.a.Companion;
        byte[] i2 = uVar.i();
        s.d(i2, "cose.GetContent()");
        de.rki.covpass.sdk.cert.models.a a2 = c0096a.a(i2);
        if (a2.d().isBefore(Instant.now())) {
            throw new i(null, 1, null);
        }
        o d2 = uVar.d();
        o n1 = d2 == null ? null : d2.n1(4);
        byte[] P = (n1 == null || (p0 = n1.p0()) == null) ? null : kotlin.g0.m.P(p0, new kotlin.q0.g(0, 7));
        if (P == null) {
            byte[] p02 = uVar.e().n1(4).p0();
            s.d(p02, "cose.unprotectedAttributes.get(4).GetByteString()");
            P = kotlin.g0.m.P(p02, new kotlin.q0.g(0, 7));
        }
        List<l> e2 = e(new g.a.a.d.c.a(P));
        if (e2 == null || e2.isEmpty()) {
            e2 = a0.H0(this.b.b());
        }
        for (l lVar : e2) {
            try {
                lVar.a().checkValidity();
            } catch (c.f | GeneralSecurityException unused) {
            }
            if (uVar.n(new c.s(lVar.a().getPublicKey(), null))) {
                return c(a2, lVar.a());
            }
            continue;
        }
        throw new b(null, 1, null);
    }

    public final CovCertificate c(de.rki.covpass.sdk.cert.models.a aVar, X509Certificate x509Certificate) {
        CovCertificate d2;
        s.e(aVar, "cwt");
        s.e(x509Certificate, "cert");
        CovCertificate d3 = d(aVar);
        if (!a(x509Certificate, d3.g())) {
            throw new j(null, 1, null);
        }
        d2 = d3.d((r20 & 1) != 0 ? d3.issuer : aVar.a(), (r20 & 2) != 0 ? d3.validFrom : aVar.c(), (r20 & 4) != 0 ? d3.validUntil : aVar.d(), (r20 & 8) != 0 ? d3.name : null, (r20 & 16) != 0 ? d3.birthDate : null, (r20 & 32) != 0 ? d3.vaccinations : null, (r20 & 64) != 0 ? d3.tests : null, (r20 & 128) != 0 ? d3.recoveries : null, (r20 & 256) != 0 ? d3.version : null);
        return d2;
    }

    public final CovCertificate d(de.rki.covpass.sdk.cert.models.a aVar) {
        s.e(aVar, "cwt");
        kotlinx.serialization.m.b bVar = this.a;
        byte[] O = de.rki.covpass.sdk.utils.b.a(aVar.b()).n1(-260).n1(1).O();
        s.d(O, "cwt.rawCbor.untagAll()[HEALTH_CERTIFICATE_CLAIM][DIGITAL_GREEN_CERTIFICATE].EncodeToBytes()");
        return (CovCertificate) bVar.d(SerializersKt.serializer(bVar.a(), h0.i(CovCertificate.class)), O);
    }

    public final void f(Iterable<l> iterable) {
        s.e(iterable, "trusted");
        this.b = new d(iterable);
    }
}
