package com.android.identity.mdoc.response;

import com.android.identity.cbor.ArrayBuilder;
import com.android.identity.cbor.Bstr;
import com.android.identity.cbor.Cbor;
import com.android.identity.cbor.CborArray;
import com.android.identity.cbor.CborBuilder;
import com.android.identity.cbor.CborMap;
import com.android.identity.cbor.DataItem;
import com.android.identity.cbor.DataItemExtensionsKt;
import com.android.identity.cbor.MapBuilder;
import com.android.identity.cbor.RawCbor;
import com.android.identity.cbor.TaggedItem;
import com.android.identity.cose.Cose;
import com.android.identity.cose.CoseNumberLabel;
import com.android.identity.crypto.Algorithm;
import com.android.identity.crypto.Crypto;
import com.android.identity.crypto.EcPublicKey;
import com.android.identity.document.NameSpacedData;
import com.android.identity.securearea.KeyLockedException;
import com.android.identity.securearea.KeyUnlockData;
import com.android.identity.securearea.SecureArea;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.collections.MapsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

/* compiled from: DocumentGenerator.kt */
@Metadata(d1 = {"\u0000R\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010$\n\u0002\u0010\t\n\u0000\n\u0002\u0010 \n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\u0018\u00002\u00020\u0001B\u001d\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0005¢\u0006\u0002\u0010\u0007J\u0006\u0010\u000f\u001a\u00020\u0005J<\u0010\u0010\u001a\u00020\u00002\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00032\b\u0010\u0016\u001a\u0004\u0018\u00010\u00172\u0006\u0010\u0018\u001a\u00020\u00192\b\u0010\u001a\u001a\u0004\u0018\u00010\u001bH\u0002J0\u0010\u001c\u001a\u00020\u00002\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00032\b\u0010\u0016\u001a\u0004\u0018\u00010\u00172\u0006\u0010\u001a\u001a\u00020\u001bJ0\u0010\u001d\u001a\u00020\u00002\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00032\b\u0010\u0016\u001a\u0004\u0018\u00010\u00172\u0006\u0010\u0018\u001a\u00020\u0019J&\u0010\u001e\u001a\u00020\u00002\u001e\u0010\n\u001a\u001a\u0012\u0004\u0012\u00020\u0003\u0012\u0010\u0012\u000e\u0012\u0004\u0012\u00020\u0003\u0012\u0004\u0012\u00020\f0\u000b0\u000bJ\"\u0010\u001f\u001a\u00020\u00002\u001a\u0010 \u001a\u0016\u0012\u0004\u0012\u00020\u0003\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00050\u000e\u0018\u00010\u000bR\u0010\u0010\b\u001a\u0004\u0018\u00010\tX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R(\u0010\n\u001a\u001c\u0012\u0004\u0012\u00020\u0003\u0012\u0010\u0012\u000e\u0012\u0004\u0012\u00020\u0003\u0012\u0004\u0012\u00020\f0\u000b\u0018\u00010\u000bX\u0082\u000e¢\u0006\u0002\n\u0000R\"\u0010\r\u001a\u0016\u0012\u0004\u0012\u00020\u0003\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00050\u000e\u0018\u00010\u000bX\u0082\u000e¢\u0006\u0002\n\u0000¨\u0006!"}, d2 = {"Lcom/android/identity/mdoc/response/DocumentGenerator;", "", "docType", "", "encodedIssuerAuth", "", "encodedSessionTranscript", "(Ljava/lang/String;[B[B)V", "deviceSigned", "Lcom/android/identity/cbor/DataItem;", "errors", "", "", "issuerNamespaces", "", "generate", "setDeviceNamespaces", "dataElements", "Lcom/android/identity/document/NameSpacedData;", "secureArea", "Lcom/android/identity/securearea/SecureArea;", "keyAlias", "keyUnlockData", "Lcom/android/identity/securearea/KeyUnlockData;", "signatureAlgorithm", "Lcom/android/identity/crypto/Algorithm;", "eReaderKey", "Lcom/android/identity/crypto/EcPublicKey;", "setDeviceNamespacesMac", "setDeviceNamespacesSignature", "setErrors", "setIssuerNamespaces", "issuerNameSpaces", "identity-mdoc"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes2.dex */
public final class DocumentGenerator {
    private DataItem deviceSigned;
    private final String docType;
    private final byte[] encodedIssuerAuth;
    private final byte[] encodedSessionTranscript;
    private Map<String, ? extends Map<String, Long>> errors;
    private Map<String, ? extends List<byte[]>> issuerNamespaces;

    public DocumentGenerator(String docType, byte[] encodedIssuerAuth, byte[] encodedSessionTranscript) {
        Intrinsics.checkNotNullParameter(docType, "docType");
        Intrinsics.checkNotNullParameter(encodedIssuerAuth, "encodedIssuerAuth");
        Intrinsics.checkNotNullParameter(encodedSessionTranscript, "encodedSessionTranscript");
        this.docType = docType;
        this.encodedIssuerAuth = encodedIssuerAuth;
        this.encodedSessionTranscript = encodedSessionTranscript;
    }

    private final DocumentGenerator setDeviceNamespaces(NameSpacedData dataElements, SecureArea secureArea, String keyAlias, KeyUnlockData keyUnlockData, Algorithm signatureAlgorithm, EcPublicKey eReaderKey) throws KeyLockedException {
        byte[] bArr;
        String str;
        DataItem decode;
        DocumentGenerator documentGenerator = this;
        MapBuilder<CborBuilder> builder = CborMap.INSTANCE.builder();
        for (String str2 : dataElements.getNameSpaceNames()) {
            MapBuilder<MapBuilder<CborBuilder>> putMap = builder.putMap(str2);
            for (String str3 : dataElements.getDataElementNames(str2)) {
                putMap.put(str3, new RawCbor(dataElements.getDataElement(str2, str3)));
            }
        }
        builder.end();
        byte[] encode = Cbor.encode(builder.end().getItem());
        byte[] encode2 = Cbor.encode(new TaggedItem(24L, new Bstr(Cbor.encode(CborArray.INSTANCE.builder().add("DeviceAuthentication").add(new RawCbor(documentGenerator.encodedSessionTranscript)).add(documentGenerator.docType).addTaggedEncodedCbor(encode).end().getItem()))));
        byte[] bArr2 = null;
        if (signatureAlgorithm != Algorithm.UNSET) {
            bArr = Cbor.encode(Cose.coseSign1Sign(secureArea, keyAlias, encode2, false, signatureAlgorithm, MapsKt.mapOf(new Pair(new CoseNumberLabel(1L), DataItemExtensionsKt.getToDataItem(signatureAlgorithm.getCoseAlgorithmIdentifier()))), MapsKt.emptyMap(), keyUnlockData).getToDataItem());
        } else {
            Intrinsics.checkNotNull(eReaderKey);
            byte[] keyAgreement = secureArea.keyAgreement(keyAlias, eReaderKey, keyUnlockData);
            byte[] digest = Crypto.digest(Algorithm.SHA256, Cbor.encode(new TaggedItem(24L, new Bstr(documentGenerator.encodedSessionTranscript))));
            byte[] bytes = "EMacKey".getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
            bArr2 = Cbor.encode(Cose.coseMac0(Algorithm.HMAC_SHA256, Crypto.hkdf(Algorithm.HMAC_SHA256, keyAgreement, digest, bytes, 32), encode2, false, MapsKt.mapOf(new Pair(new CoseNumberLabel(1L), DataItemExtensionsKt.getToDataItem(Algorithm.HMAC_SHA256.getCoseAlgorithmIdentifier()))), MapsKt.emptyMap()).getToDataItem());
            bArr = null;
        }
        if (bArr != null) {
            str = "deviceSignature";
            decode = Cbor.decode(bArr);
        } else {
            str = "deviceMac";
            Intrinsics.checkNotNull(bArr2);
            decode = Cbor.decode(bArr2);
        }
        documentGenerator.deviceSigned = CborMap.INSTANCE.builder().putTaggedEncodedCbor("nameSpaces", encode).putMap("deviceAuth").put(str, decode).end().end().getItem();
        return this;
    }

    public final byte[] generate() {
        if (this.deviceSigned == null) {
            throw new IllegalStateException("DeviceSigned isn't set".toString());
        }
        MapBuilder<CborBuilder> builder = CborMap.INSTANCE.builder();
        if (this.issuerNamespaces != null) {
            MapBuilder<CborBuilder> builder2 = CborMap.INSTANCE.builder();
            Map<String, ? extends List<byte[]>> map = this.issuerNamespaces;
            Intrinsics.checkNotNull(map);
            for (String str : map.keySet()) {
                ArrayBuilder<MapBuilder<CborBuilder>> putArray = builder2.putArray(str);
                Map<String, ? extends List<byte[]>> map2 = this.issuerNamespaces;
                Intrinsics.checkNotNull(map2);
                List<byte[]> list = map2.get(str);
                Intrinsics.checkNotNull(list);
                Iterator<byte[]> it = list.iterator();
                while (it.hasNext()) {
                    putArray.add(new RawCbor(it.next()));
                }
                putArray.end();
            }
            builder2.end();
            builder.put("nameSpaces", builder2.end().getItem());
        }
        builder.put("issuerAuth", new RawCbor(this.encodedIssuerAuth));
        DataItem item = builder.end().getItem();
        MapBuilder<CborBuilder> builder3 = CborMap.INSTANCE.builder();
        builder3.put("docType", this.docType);
        builder3.put("issuerSigned", item);
        DataItem dataItem = this.deviceSigned;
        Intrinsics.checkNotNull(dataItem);
        builder3.put("deviceSigned", dataItem);
        Map<String, ? extends Map<String, Long>> map3 = this.errors;
        if (map3 != null) {
            MapBuilder<CborBuilder> builder4 = CborMap.INSTANCE.builder();
            for (Map.Entry<String, ? extends Map<String, Long>> entry : map3.entrySet()) {
                String key = entry.getKey();
                Map<String, Long> value = entry.getValue();
                MapBuilder<MapBuilder<CborBuilder>> putMap = builder4.putMap(key);
                for (String str2 : value.keySet()) {
                    Long l = value.get(str2);
                    Intrinsics.checkNotNull(l);
                    putMap.put(str2, l.longValue());
                }
            }
            builder3.put("errors", builder4.end().getItem());
        }
        return Cbor.encode(builder3.end().getItem());
    }

    public final DocumentGenerator setDeviceNamespacesMac(NameSpacedData dataElements, SecureArea secureArea, String keyAlias, KeyUnlockData keyUnlockData, EcPublicKey eReaderKey) throws KeyLockedException {
        Intrinsics.checkNotNullParameter(dataElements, "dataElements");
        Intrinsics.checkNotNullParameter(secureArea, "secureArea");
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        Intrinsics.checkNotNullParameter(eReaderKey, "eReaderKey");
        setDeviceNamespaces(dataElements, secureArea, keyAlias, keyUnlockData, Algorithm.UNSET, eReaderKey);
        return this;
    }

    public final DocumentGenerator setDeviceNamespacesSignature(NameSpacedData dataElements, SecureArea secureArea, String keyAlias, KeyUnlockData keyUnlockData, Algorithm signatureAlgorithm) throws KeyLockedException {
        Intrinsics.checkNotNullParameter(dataElements, "dataElements");
        Intrinsics.checkNotNullParameter(secureArea, "secureArea");
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        setDeviceNamespaces(dataElements, secureArea, keyAlias, keyUnlockData, signatureAlgorithm, null);
        return this;
    }

    public final DocumentGenerator setErrors(Map<String, ? extends Map<String, Long>> errors) {
        Intrinsics.checkNotNullParameter(errors, "errors");
        this.errors = errors;
        return this;
    }

    public final DocumentGenerator setIssuerNamespaces(Map<String, ? extends List<byte[]>> issuerNameSpaces) {
        this.issuerNamespaces = issuerNameSpaces;
        return this;
    }
}
