package com.authlete.cose;

import com.authlete.cbor.CBORBigInteger;
import com.authlete.cbor.CBORByteArray;
import com.authlete.cbor.CBORInteger;
import com.authlete.cbor.CBORItem;
import com.authlete.cbor.CBORItemList;
import com.authlete.cbor.CBORLong;
import com.authlete.cbor.CBORPair;
import com.authlete.cbor.CBORString;
import com.authlete.cbor.CBORValue;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/authlete/cose/HeaderValidator.class */
public class HeaderValidator {
    private static final String X509 = "X.509";

    HeaderValidator() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<Object, Object> validate(List<? extends CBORPair> list, boolean z) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (list == null) {
            return linkedHashMap;
        }
        Iterator<? extends CBORPair> it = list.iterator();
        while (it.hasNext()) {
            validateParameter(linkedHashMap, it.next(), z);
        }
        return linkedHashMap;
    }

    private static void validateParameter(Map<Object, Object> map, CBORPair cBORPair, boolean z) {
        CBORItem key = cBORPair.getKey();
        Object value = ((key instanceof CBORString) || isInteger(key)) ? ((CBORValue) key).getValue() : null;
        if (value == null) {
            throw new IllegalArgumentException("A COSE header label must be an integer or a text string.");
        }
        if (map.containsKey(value)) {
            throw new IllegalArgumentException(String.format("The label '%s' is contained in the COSE header more than once.", value.toString()));
        }
        map.put(value, value instanceof Integer ? validateKnownParameter(((Integer) value).intValue(), cBORPair.getValue(), z) : parseValue(cBORPair.getValue()));
    }

    private static Object validateKnownParameter(int i, CBORItem cBORItem, boolean z) {
        switch (i) {
            case 1:
                validateAlg(cBORItem);
                break;
            case 2:
                validateCrit(cBORItem, z);
                break;
            case 3:
                validateContentType(cBORItem);
                break;
            case 4:
                validateKid(cBORItem);
                break;
            case 5:
                validateIv(cBORItem);
                break;
            case 6:
                validatePartialIv(cBORItem);
                break;
            case 33:
                return validateX5Chain(cBORItem);
        }
        return parseValue(cBORItem);
    }

    private static Object parseValue(CBORItem cBORItem) {
        if (cBORItem != null) {
            return cBORItem.parse();
        }
        return null;
    }

    private static void validateAlg(CBORItem cBORItem) {
        if (!isInteger(cBORItem) && !(cBORItem instanceof CBORString)) {
            throw new IllegalArgumentException("alg (1) must be an integer or a text string.");
        }
    }

    private static void validateCrit(CBORItem cBORItem, boolean z) {
        if (z) {
            throw new IllegalArgumentException("crit (2) must not be present in an unprotected header.");
        }
        if (!(cBORItem instanceof CBORItemList)) {
            throw new IllegalArgumentException("crit (2) must be a CBOR array.");
        }
        List<? extends CBORItem> items = ((CBORItemList) cBORItem).getItems();
        if (items == null || items.size() == 0) {
            throw new IllegalArgumentException("crit (2) must have at least one element.");
        }
        for (CBORItem cBORItem2 : items) {
            if (!isInteger(cBORItem2) && !(cBORItem2 instanceof CBORString)) {
                throw new IllegalArgumentException("Elements of crit (2) must be an integer or a text string.");
            }
        }
    }

    private static void validateContentType(CBORItem cBORItem) {
        if (cBORItem instanceof CBORString) {
            return;
        }
        if (!isInteger(cBORItem)) {
            throw new IllegalArgumentException("content type (3) must be an integer or a text string.");
        }
        if (isNegativeInteger(cBORItem)) {
            throw new IllegalArgumentException("content type (3) must not be a negative integer.");
        }
    }

    private static void validateKid(CBORItem cBORItem) {
        if (!(cBORItem instanceof CBORByteArray)) {
            throw new IllegalArgumentException("kid (4) must be a byte string.");
        }
    }

    private static void validateIv(CBORItem cBORItem) {
        if (!(cBORItem instanceof CBORByteArray)) {
            throw new IllegalArgumentException("IV (5) must be a byte string.");
        }
    }

    private static void validatePartialIv(CBORItem cBORItem) {
        if (!(cBORItem instanceof CBORByteArray)) {
            throw new IllegalArgumentException("Partial IV (6) must be a byte string.");
        }
    }

    private static boolean isInteger(CBORItem cBORItem) {
        return (cBORItem instanceof CBORInteger) || (cBORItem instanceof CBORLong) || (cBORItem instanceof CBORBigInteger);
    }

    private static boolean isNegativeInteger(CBORItem cBORItem) {
        return cBORItem instanceof CBORInteger ? ((CBORInteger) cBORItem).getValue().intValue() < 0 : cBORItem instanceof CBORLong ? ((CBORLong) cBORItem).getValue().longValue() < 0 : (cBORItem instanceof CBORBigInteger) && ((CBORBigInteger) cBORItem).getValue().compareTo(BigInteger.ZERO) < 0;
    }

    private static List<X509Certificate> validateX5Chain(CBORItem cBORItem) {
        if (cBORItem instanceof CBORByteArray) {
            return validateX5ChainSingle(((CBORByteArray) cBORItem).getValue());
        }
        if (cBORItem instanceof CBORItemList) {
            return validateX5ChainArray(((CBORItemList) cBORItem).getItems());
        }
        throw new IllegalArgumentException("x5chain (33) must be either a byte string or an array of byte strings.");
    }

    private static List<X509Certificate> validateX5ChainSingle(byte[] bArr) {
        if (bArr == null) {
            throw new IllegalArgumentException("x5chain (33) must not be a byte string with an empty value.");
        }
        return Arrays.asList(buildCertificate(bArr));
    }

    private static List<X509Certificate> validateX5ChainArray(List<? extends CBORItem> list) {
        if (list == null || list.size() == 0) {
            throw new IllegalArgumentException("x5chain (33) must not be empty.");
        }
        ArrayList arrayList = new ArrayList();
        for (CBORItem cBORItem : list) {
            if (!(cBORItem instanceof CBORByteArray)) {
                throw new IllegalArgumentException("x5chain (33) contains an element that is not a byte string.");
            }
            byte[] value = ((CBORByteArray) cBORItem).getValue();
            if (value == null) {
                throw new IllegalArgumentException("x5chain (33) contains a byte string with an empty value.");
            }
            arrayList.add(buildCertificate(value));
        }
        return arrayList;
    }

    private static X509Certificate buildCertificate(byte[] bArr) {
        try {
            return (X509Certificate) CertificateFactory.getInstance(X509).generateCertificate(new ByteArrayInputStream(bArr));
        } catch (Exception e) {
            throw new IllegalArgumentException("x5chain (33) contains a malformed certificate.");
        }
    }
}
