package com.authlete.mdoc;

import com.authlete.cbor.CBORByteArray;
import com.authlete.cbor.CBORPair;
import com.authlete.cbor.CBORString;
import com.authlete.cbor.CBORizer;
import com.authlete.cose.COSEEC2Key;
import com.authlete.cose.COSEException;
import com.authlete.cose.COSEKey;
import com.authlete.cose.COSEProtectedHeader;
import com.authlete.cose.COSEProtectedHeaderBuilder;
import com.authlete.cose.COSESign1;
import com.authlete.cose.COSESign1Builder;
import com.authlete.cose.COSESigner;
import com.authlete.cose.COSEUnprotectedHeader;
import com.authlete.cose.COSEUnprotectedHeaderBuilder;
import com.authlete.cose.SigStructure;
import com.authlete.cose.SigStructureBuilder;
import com.authlete.cose.constants.COSEAlgorithms;
import com.authlete.cose.constants.COSEEllipticCurves;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;

/* loaded from: input_file:BOOT-INF/lib/cbor-1.18.jar:com/authlete/mdoc/IssuerSignedBuilder.class */
public class IssuerSignedBuilder {
    private static final SecureRandom RANDOM = new SecureRandom();
    private String mDocType;
    private Map<String, Object> mClaims;
    private ValidityInfo mValidityInfo;
    private COSEKey mDeviceKey;
    private COSEEC2Key mIssuerKey;
    private List<X509Certificate> mIssuerCertChain;
    private CBORizer mCBORizer;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/cbor-1.18.jar:com/authlete/mdoc/IssuerSignedBuilder$SequentialIntegerGenerator.class */
    public static class SequentialIntegerGenerator {
        private int number;

        private SequentialIntegerGenerator() {
        }

        public int next() {
            int i = this.number + 1;
            this.number = i;
            return i;
        }
    }

    public String getDocType() {
        return this.mDocType;
    }

    public IssuerSignedBuilder setDocType(String str) {
        this.mDocType = str;
        return this;
    }

    public Map<String, Object> getClaims() {
        return this.mClaims;
    }

    public IssuerSignedBuilder setClaims(Map<String, Object> map) {
        this.mClaims = map;
        return this;
    }

    public ValidityInfo getValidityInfo() {
        return this.mValidityInfo;
    }

    public IssuerSignedBuilder setValidityInfo(ValidityInfo validityInfo) {
        this.mValidityInfo = validityInfo;
        return this;
    }

    public COSEKey getDeviceKey() {
        return this.mDeviceKey;
    }

    public IssuerSignedBuilder setDeviceKey(COSEKey cOSEKey) {
        this.mDeviceKey = cOSEKey;
        return this;
    }

    public COSEEC2Key getIssuerKey() {
        return this.mIssuerKey;
    }

    public IssuerSignedBuilder setIssuerKey(COSEEC2Key cOSEEC2Key) {
        this.mIssuerKey = cOSEEC2Key;
        return this;
    }

    public List<X509Certificate> getIssuerCertChain() {
        return this.mIssuerCertChain;
    }

    public IssuerSignedBuilder setIssuerCertChain(List<X509Certificate> list) {
        this.mIssuerCertChain = list;
        return this;
    }

    public CBORizer getCBORizer() {
        return this.mCBORizer;
    }

    public IssuerSignedBuilder setCBORizer(CBORizer cBORizer) {
        this.mCBORizer = cBORizer;
        return this;
    }

    public IssuerSigned build() throws COSEException, CertificateEncodingException {
        checkInput();
        IssuerNameSpaces buildIssuerNameSpaces = buildIssuerNameSpaces();
        return new IssuerSigned(buildIssuerNameSpaces, buildIssuerAuth(buildIssuerNameSpaces));
    }

    private void checkInput() {
        if (getDocType() == null) {
            throw new IllegalStateException("Doc type is not set.");
        }
        if (getIssuerKey() == null) {
            throw new IllegalStateException("Issuer key is not set.");
        }
        if (getIssuerCertChain() == null) {
            throw new IllegalStateException("Issuer certificate chain is not set.");
        }
        if (getIssuerCertChain().size() == 0) {
            throw new IllegalStateException("Issuer certificate chain is empty.");
        }
    }

    private IssuerNameSpaces buildIssuerNameSpaces() {
        Map<String, Object> prepareClaims = prepareClaims();
        CBORizer prepareCBORizer = prepareCBORizer();
        SequentialIntegerGenerator sequentialIntegerGenerator = new SequentialIntegerGenerator();
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, Object> entry : prepareClaims.entrySet()) {
            String key = entry.getKey();
            arrayList.add(new IssuerNameSpacesEntry(key, buildItemBytesList(key, entry.getValue(), sequentialIntegerGenerator, prepareCBORizer)));
        }
        return new IssuerNameSpaces(arrayList);
    }

    private List<IssuerSignedItemBytes> buildItemBytesList(String str, Object obj, SequentialIntegerGenerator sequentialIntegerGenerator, CBORizer cBORizer) {
        if (!(obj instanceof Map)) {
            throw new IllegalArgumentException(String.format("The value for the name space '%s' is not a JSON object.", str));
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = ((Map) obj).entrySet().iterator();
        while (it.hasNext()) {
            arrayList.add(new IssuerSignedItemBytes(buildIssuerSignedItem((Map.Entry) it.next(), sequentialIntegerGenerator, cBORizer)));
        }
        return arrayList;
    }

    private IssuerSignedItem buildIssuerSignedItem(Map.Entry<String, Object> entry, SequentialIntegerGenerator sequentialIntegerGenerator, CBORizer cBORizer) {
        return new IssuerSignedItem(sequentialIntegerGenerator.next(), generateRandom(), entry.getKey(), cBORizer.cborize(entry.getValue()));
    }

    private COSESign1 buildIssuerAuth(IssuerNameSpaces issuerNameSpaces) throws COSEException, CertificateEncodingException {
        int determineIssuerAuthSigningAlgorithm = determineIssuerAuthSigningAlgorithm();
        COSEProtectedHeader prepareIssuerAuthProtectedHeader = prepareIssuerAuthProtectedHeader(determineIssuerAuthSigningAlgorithm);
        COSEUnprotectedHeader prepareIssuerAuthUnprotectedHeader = prepareIssuerAuthUnprotectedHeader();
        CBORByteArray prepareIssuerAuthPayload = prepareIssuerAuthPayload(issuerNameSpaces);
        return new COSESign1Builder().protectedHeader(prepareIssuerAuthProtectedHeader).unprotectedHeader(prepareIssuerAuthUnprotectedHeader).payload(prepareIssuerAuthPayload).signature(sign(prepareSigStructure(prepareIssuerAuthProtectedHeader, prepareIssuerAuthPayload), determineIssuerAuthSigningAlgorithm)).build();
    }

    private int determineIssuerAuthSigningAlgorithm() {
        Object alg = getIssuerKey().getAlg();
        if (alg != null) {
            return alg instanceof String ? COSEAlgorithms.getValueByName((String) alg) : ((Number) alg).intValue();
        }
        Object crv = getIssuerKey().getCrv();
        if (crv == null) {
            throw new IllegalArgumentException("The issuer key does not contain the 'crv' parameter.");
        }
        if (crv.equals(1) || crv.equals(COSEEllipticCurves.P_256_NAME)) {
            return -7;
        }
        if (crv.equals(2) || crv.equals(COSEEllipticCurves.P_384_NAME)) {
            return -35;
        }
        if (crv.equals(3) || crv.equals(COSEEllipticCurves.P_521_NAME)) {
            return -36;
        }
        if (crv.equals(6) || crv.equals("Ed25519") || crv.equals(7) || crv.equals("Ed448")) {
            return -8;
        }
        throw new IllegalArgumentException("The curve of the issuer key is not supported.");
    }

    private COSEProtectedHeader prepareIssuerAuthProtectedHeader(int i) {
        return new COSEProtectedHeaderBuilder().alg(i).build();
    }

    private COSEUnprotectedHeader prepareIssuerAuthUnprotectedHeader() throws CertificateEncodingException {
        return new COSEUnprotectedHeaderBuilder().x5chain(getIssuerCertChain()).build();
    }

    private CBORByteArray prepareIssuerAuthPayload(IssuerNameSpaces issuerNameSpaces) {
        MobileSecurityObjectBytes buildMobileSecurityObjectBytes = buildMobileSecurityObjectBytes(issuerNameSpaces);
        CBORByteArray cBORByteArray = new CBORByteArray(buildMobileSecurityObjectBytes.encode(), buildMobileSecurityObjectBytes);
        cBORByteArray.setComment("payload");
        return cBORByteArray;
    }

    private SigStructure prepareSigStructure(COSEProtectedHeader cOSEProtectedHeader, CBORByteArray cBORByteArray) {
        return new SigStructureBuilder().signature1().bodyAttributes(cOSEProtectedHeader).payload(cBORByteArray).build();
    }

    private byte[] sign(SigStructure sigStructure, int i) throws COSEException {
        return new COSESigner(getIssuerKey().toECPrivateKey()).sign(sigStructure, i);
    }

    private MobileSecurityObjectBytes buildMobileSecurityObjectBytes(IssuerNameSpaces issuerNameSpaces) {
        return new MobileSecurityObjectBytes(buildMobileSecurityObject(issuerNameSpaces));
    }

    private MobileSecurityObject buildMobileSecurityObject(IssuerNameSpaces issuerNameSpaces) {
        return new MobileSecurityObject(buildValueDigests(issuerNameSpaces), buildDeviceKeyInfo(issuerNameSpaces), getDocType(), getValidityInfo());
    }

    private ValueDigests buildValueDigests(IssuerNameSpaces issuerNameSpaces) {
        List<? extends CBORPair> pairs = issuerNameSpaces.getPairs();
        ArrayList arrayList = new ArrayList();
        Iterator<? extends CBORPair> it = pairs.iterator();
        while (it.hasNext()) {
            IssuerNameSpacesEntry issuerNameSpacesEntry = (IssuerNameSpacesEntry) it.next();
            arrayList.add(new ValueDigestsEntry(issuerNameSpacesEntry.getNameSpace(), buildDigestIDs(issuerNameSpacesEntry.getIssuerSignedItemBytesList())));
        }
        return new ValueDigests(arrayList);
    }

    private DigestIDs buildDigestIDs(List<? extends IssuerSignedItemBytes> list) {
        ArrayList arrayList = new ArrayList();
        for (IssuerSignedItemBytes issuerSignedItemBytes : list) {
            arrayList.add(new DigestIDsEntry(issuerSignedItemBytes.getIssuerSignedItem().getDigestID(), computeDigest(issuerSignedItemBytes.encode())));
        }
        return new DigestIDs(arrayList);
    }

    private DeviceKeyInfo buildDeviceKeyInfo(IssuerNameSpaces issuerNameSpaces) {
        COSEKey deviceKey = getDeviceKey();
        if (deviceKey == null) {
            return null;
        }
        return new DeviceKeyInfo(deviceKey, buildKeyAuthorizations(issuerNameSpaces), null);
    }

    private KeyAuthorizations buildKeyAuthorizations(IssuerNameSpaces issuerNameSpaces) {
        return new KeyAuthorizations(buildAuthorizedNameSpaces(issuerNameSpaces), null);
    }

    private AuthorizedNameSpaces buildAuthorizedNameSpaces(IssuerNameSpaces issuerNameSpaces) {
        return new AuthorizedNameSpaces((List<CBORString>) issuerNameSpaces.getPairs().stream().map(issuerNameSpacesEntry -> {
            return issuerNameSpacesEntry.getNameSpace();
        }).collect(Collectors.toList()));
    }

    private Map<String, Object> prepareClaims() {
        Map<String, Object> claims = getClaims();
        if (claims == null) {
            claims = Collections.emptyMap();
        }
        return claims;
    }

    private CBORizer prepareCBORizer() {
        CBORizer cBORizer = getCBORizer();
        if (cBORizer == null) {
            cBORizer = new CBORizer();
        }
        return cBORizer;
    }

    private static byte[] generateRandom() {
        return generateRandomBytes(16);
    }

    private static byte[] generateRandomBytes(int i) {
        byte[] bArr = new byte[i];
        RANDOM.nextBytes(bArr);
        return bArr;
    }

    private static byte[] computeDigest(byte[] bArr) {
        return computeDigest(bArr, "SHA-256");
    }

    private static byte[] computeDigest(byte[] bArr, String str) {
        try {
            return MessageDigest.getInstance(str).digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(String.format("The hash algorithm '%s' is not supported.", str), e);
        }
    }
}
