package com.android.identity.cose;

import com.android.identity.cbor.ArrayBuilder;
import com.android.identity.cbor.Cbor;
import com.android.identity.cbor.CborArray;
import com.android.identity.cbor.CborBuilder;
import com.android.identity.cbor.CborMap;
import com.android.identity.cbor.DataItem;
import com.android.identity.cbor.MapBuilder;
import com.android.identity.crypto.Algorithm;
import com.android.identity.crypto.Crypto;
import com.android.identity.crypto.EcCurve;
import com.android.identity.crypto.EcPrivateKey;
import com.android.identity.crypto.EcPublicKey;
import com.android.identity.securearea.KeyUnlockData;
import com.android.identity.securearea.SecureArea;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Map;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.ArraysKt;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequenceGenerator;

/* compiled from: Cose.kt */
@Metadata(d1 = {"\u0000z\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\t\n\u0002\b\n\n\u0002\u0010\u0012\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010$\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\b\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0018\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u000f2\u0006\u0010\u0011\u001a\u00020\u000fH\u0002J\u0018\u0010\u0012\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u000f2\u0006\u0010\u0013\u001a\u00020\u000fH\u0002JP\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u000f2\u0006\u0010\u0019\u001a\u00020\u000f2\u0006\u0010\u001a\u001a\u00020\u001b2\u0012\u0010\u001c\u001a\u000e\u0012\u0004\u0012\u00020\u001e\u0012\u0004\u0012\u00020\u001f0\u001d2\u0012\u0010 \u001a\u000e\u0012\u0004\u0012\u00020\u001e\u0012\u0004\u0012\u00020\u001f0\u001dH\u0007J*\u0010!\u001a\u00020\u001b2\u0006\u0010\"\u001a\u00020#2\b\u0010$\u001a\u0004\u0018\u00010\u000f2\u0006\u0010%\u001a\u00020&2\u0006\u0010'\u001a\u00020\u0017H\u0007JP\u0010(\u001a\u00020&2\u0006\u0010\u0018\u001a\u00020)2\u0006\u0010*\u001a\u00020\u000f2\u0006\u0010+\u001a\u00020\u001b2\u0006\u0010'\u001a\u00020\u00172\u0012\u0010\u001c\u001a\u000e\u0012\u0004\u0012\u00020\u001e\u0012\u0004\u0012\u00020\u001f0\u001d2\u0012\u0010 \u001a\u000e\u0012\u0004\u0012\u00020\u001e\u0012\u0004\u0012\u00020\u001f0\u001dH\u0007Jb\u0010(\u001a\u00020&2\u0006\u0010,\u001a\u00020-2\u0006\u0010.\u001a\u00020/2\u0006\u0010\u0019\u001a\u00020\u000f2\u0006\u0010\u001a\u001a\u00020\u001b2\u0006\u0010'\u001a\u00020\u00172\u0012\u0010\u001c\u001a\u000e\u0012\u0004\u0012\u00020\u001e\u0012\u0004\u0012\u00020\u001f0\u001d2\u0012\u0010 \u001a\u000e\u0012\u0004\u0012\u00020\u001e\u0012\u0004\u0012\u00020\u001f0\u001d2\b\u00100\u001a\u0004\u0018\u000101H\u0007J\u0010\u00102\u001a\u00020\u000f2\u0006\u0010%\u001a\u00020\u000fH\u0002J\u0018\u00103\u001a\u00020\u000f2\u0006\u0010%\u001a\u00020\u000f2\u0006\u00104\u001a\u000205H\u0002J\u0010\u00106\u001a\u00020\u000f2\u0006\u00107\u001a\u00020\u000fH\u0002J\u0018\u00108\u001a\u00020\u000f2\u0006\u00109\u001a\u00020:2\u0006\u0010%\u001a\u00020\u000fH\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\r\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000¨\u0006;"}, d2 = {"Lcom/android/identity/cose/Cose;", "", "()V", "COSE_KEY_KID", "", "COSE_KEY_KTY", "COSE_KEY_PARAM_CRV", "COSE_KEY_PARAM_D", "COSE_KEY_PARAM_X", "COSE_KEY_PARAM_Y", "COSE_KEY_TYPE_EC2", "COSE_KEY_TYPE_OKP", "COSE_LABEL_ALG", "COSE_LABEL_X5CHAIN", "coseBuildToBeMACed", "", "encodedProtectedHeaders", "data", "coseBuildToBeSigned", "dataToBeSigned", "coseMac0", "Lcom/android/identity/cose/CoseMac0;", "algorithm", "Lcom/android/identity/crypto/Algorithm;", "key", "message", "includeMessageInPayload", "", "protectedHeaders", "", "Lcom/android/identity/cose/CoseLabel;", "Lcom/android/identity/cbor/DataItem;", "unprotectedHeaders", "coseSign1Check", "publicKey", "Lcom/android/identity/crypto/EcPublicKey;", "detachedData", "signature", "Lcom/android/identity/cose/CoseSign1;", "signatureAlgorithm", "coseSign1Sign", "Lcom/android/identity/crypto/EcPrivateKey;", "dataToSign", "includeDataInPayload", "secureArea", "Lcom/android/identity/securearea/SecureArea;", "alias", "", "keyUnlockData", "Lcom/android/identity/securearea/KeyUnlockData;", "signatureCoseToDer", "signatureDerToCose", "keySize", "", "stripLeadingZeroes", "array", "toCoseSignatureFormat", "curve", "Lcom/android/identity/crypto/EcCurve;", "identity"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes14.dex */
public final class Cose {
    public static final long COSE_KEY_KID = 2;
    public static final long COSE_KEY_KTY = 1;
    public static final long COSE_KEY_PARAM_CRV = -1;
    public static final long COSE_KEY_PARAM_D = -4;
    public static final long COSE_KEY_PARAM_X = -2;
    public static final long COSE_KEY_PARAM_Y = -3;
    public static final long COSE_KEY_TYPE_EC2 = 2;
    public static final long COSE_KEY_TYPE_OKP = 1;
    public static final long COSE_LABEL_ALG = 1;
    public static final long COSE_LABEL_X5CHAIN = 33;
    public static final Cose INSTANCE = new Cose();

    /* compiled from: Cose.kt */
    @Metadata(k = 3, mv = {1, 8, 0}, xi = 48)
    /* loaded from: classes14.dex */
    public /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;

        static {
            int[] iArr = new int[EcCurve.values().length];
            try {
                iArr[EcCurve.P256.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                iArr[EcCurve.P384.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                iArr[EcCurve.P521.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                iArr[EcCurve.BRAINPOOLP256R1.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                iArr[EcCurve.BRAINPOOLP320R1.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                iArr[EcCurve.BRAINPOOLP384R1.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                iArr[EcCurve.BRAINPOOLP512R1.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                iArr[EcCurve.ED25519.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                iArr[EcCurve.ED448.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                iArr[EcCurve.X25519.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                iArr[EcCurve.X448.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            $EnumSwitchMapping$0 = iArr;
        }
    }

    private Cose() {
    }

    private final byte[] coseBuildToBeMACed(byte[] encodedProtectedHeaders, byte[] data) {
        ArrayBuilder<CborBuilder> builder = CborArray.INSTANCE.builder();
        builder.add("MAC0");
        builder.add(encodedProtectedHeaders);
        builder.add(new byte[0]);
        builder.add(data);
        return Cbor.encode(builder.end().getItem());
    }

    private final byte[] coseBuildToBeSigned(byte[] encodedProtectedHeaders, byte[] dataToBeSigned) {
        ArrayBuilder<CborBuilder> builder = CborArray.INSTANCE.builder();
        builder.add("Signature1");
        builder.add(encodedProtectedHeaders);
        builder.add(new byte[0]);
        builder.add(dataToBeSigned);
        builder.end();
        return Cbor.encode(builder.end().getItem());
    }

    @JvmStatic
    public static final CoseMac0 coseMac0(Algorithm algorithm, byte[] key, byte[] message, boolean includeMessageInPayload, Map<CoseLabel, ? extends DataItem> protectedHeaders, Map<CoseLabel, ? extends DataItem> unprotectedHeaders) {
        byte[] bArr;
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(message, "message");
        Intrinsics.checkNotNullParameter(protectedHeaders, "protectedHeaders");
        Intrinsics.checkNotNullParameter(unprotectedHeaders, "unprotectedHeaders");
        if (protectedHeaders.size() > 0) {
            MapBuilder<CborBuilder> builder = CborMap.INSTANCE.builder();
            for (Map.Entry<CoseLabel, ? extends DataItem> entry : protectedHeaders.entrySet()) {
                builder.put(entry.getKey().getToDataItem(), entry.getValue());
            }
            bArr = Cbor.encode(builder.end().getItem());
        } else {
            bArr = new byte[0];
        }
        return new CoseMac0(protectedHeaders, unprotectedHeaders, Crypto.mac(algorithm, key, INSTANCE.coseBuildToBeMACed(bArr, message)), includeMessageInPayload ? message : null);
    }

    @JvmStatic
    public static final boolean coseSign1Check(EcPublicKey publicKey, byte[] detachedData, CoseSign1 signature, Algorithm signatureAlgorithm) {
        byte[] bArr;
        byte[] bArr2;
        byte[] signatureCoseToDer;
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        Intrinsics.checkNotNullParameter(signature, "signature");
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        if (!signature.getProtectedHeaders().isEmpty()) {
            MapBuilder<CborBuilder> builder = CborMap.INSTANCE.builder();
            for (Map.Entry<CoseLabel, DataItem> entry : signature.getProtectedHeaders().entrySet()) {
                builder.put(entry.getKey().getToDataItem(), entry.getValue());
            }
            bArr = Cbor.encode(builder.end().getItem());
        } else {
            bArr = new byte[0];
        }
        Cose cose = INSTANCE;
        if (detachedData == null) {
            bArr2 = signature.getPayload();
            Intrinsics.checkNotNull(bArr2);
        } else {
            bArr2 = detachedData;
        }
        byte[] coseBuildToBeSigned = cose.coseBuildToBeSigned(bArr, bArr2);
        switch (WhenMappings.$EnumSwitchMapping$0[publicKey.getCurve().ordinal()]) {
            case 1:
            case 2:
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
                signatureCoseToDer = cose.signatureCoseToDer(signature.getSignature());
                break;
            case 8:
            case 9:
                signatureCoseToDer = signature.getSignature();
                break;
            case 10:
            case 11:
                throw new IllegalStateException("Cannot sign with this curve");
            default:
                throw new NoWhenBranchMatchedException();
        }
        return Crypto.checkSignature(publicKey, coseBuildToBeSigned, signatureAlgorithm, signatureCoseToDer);
    }

    @JvmStatic
    public static final CoseSign1 coseSign1Sign(EcPrivateKey key, byte[] dataToSign, boolean includeDataInPayload, Algorithm signatureAlgorithm, Map<CoseLabel, ? extends DataItem> protectedHeaders, Map<CoseLabel, ? extends DataItem> unprotectedHeaders) {
        byte[] bArr;
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(dataToSign, "dataToSign");
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        Intrinsics.checkNotNullParameter(protectedHeaders, "protectedHeaders");
        Intrinsics.checkNotNullParameter(unprotectedHeaders, "unprotectedHeaders");
        if (protectedHeaders.size() > 0) {
            MapBuilder<CborBuilder> builder = CborMap.INSTANCE.builder();
            for (Map.Entry<CoseLabel, ? extends DataItem> entry : protectedHeaders.entrySet()) {
                builder.put(entry.getKey().getToDataItem(), entry.getValue());
            }
            bArr = Cbor.encode(builder.end().getItem());
        } else {
            bArr = new byte[0];
        }
        Cose cose = INSTANCE;
        return new CoseSign1(protectedHeaders, unprotectedHeaders, cose.toCoseSignatureFormat(key.getCurve(), Crypto.sign(key, signatureAlgorithm, cose.coseBuildToBeSigned(bArr, dataToSign))), includeDataInPayload ? dataToSign : null);
    }

    @JvmStatic
    public static final CoseSign1 coseSign1Sign(SecureArea secureArea, String alias, byte[] message, boolean includeMessageInPayload, Algorithm signatureAlgorithm, Map<CoseLabel, ? extends DataItem> protectedHeaders, Map<CoseLabel, ? extends DataItem> unprotectedHeaders, KeyUnlockData keyUnlockData) {
        byte[] bArr;
        Intrinsics.checkNotNullParameter(secureArea, "secureArea");
        Intrinsics.checkNotNullParameter(alias, "alias");
        Intrinsics.checkNotNullParameter(message, "message");
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        Intrinsics.checkNotNullParameter(protectedHeaders, "protectedHeaders");
        Intrinsics.checkNotNullParameter(unprotectedHeaders, "unprotectedHeaders");
        if (!protectedHeaders.isEmpty()) {
            MapBuilder<CborBuilder> builder = CborMap.INSTANCE.builder();
            for (Map.Entry<CoseLabel, ? extends DataItem> entry : protectedHeaders.entrySet()) {
                builder.put(entry.getKey().getToDataItem(), entry.getValue());
            }
            bArr = Cbor.encode(builder.end().getItem());
        } else {
            bArr = new byte[0];
        }
        Cose cose = INSTANCE;
        return new CoseSign1(protectedHeaders, unprotectedHeaders, cose.toCoseSignatureFormat(secureArea.getKeyInfo(alias).getPublicKey().getCurve(), secureArea.sign(alias, signatureAlgorithm, cose.coseBuildToBeSigned(bArr, message), keyUnlockData)), includeMessageInPayload ? message : null);
    }

    private final byte[] signatureCoseToDer(byte[] signature) {
        BigInteger bigInteger = new BigInteger(1, ArraysKt.copyOfRange(signature, 0, signature.length / 2));
        BigInteger bigInteger2 = new BigInteger(1, ArraysKt.copyOfRange(signature, signature.length / 2, signature.length));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            DERSequenceGenerator dERSequenceGenerator = new DERSequenceGenerator(byteArrayOutputStream);
            dERSequenceGenerator.addObject((ASN1Primitive) new ASN1Integer(bigInteger.toByteArray()));
            dERSequenceGenerator.addObject((ASN1Primitive) new ASN1Integer(bigInteger2.toByteArray()));
            dERSequenceGenerator.close();
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            Intrinsics.checkNotNullExpressionValue(byteArray, "baos.toByteArray()");
            return byteArray;
        } catch (IOException e) {
            throw new IllegalStateException("Error generating DER signature", e);
        }
    }

    private final byte[] signatureDerToCose(byte[] signature, int keySize) {
        try {
            ASN1Primitive readObject = new ASN1InputStream(new ByteArrayInputStream(signature)).readObject();
            Intrinsics.checkNotNull(readObject, "null cannot be cast to non-null type org.bouncycastle.asn1.ASN1Sequence");
            ASN1Encodable[] array = ((ASN1Sequence) readObject).toArray();
            if (!(array.length == 2)) {
                throw new IllegalArgumentException("Expected two items in sequence".toString());
            }
            ASN1Primitive aSN1Primitive = array[0].toASN1Primitive();
            Intrinsics.checkNotNull(aSN1Primitive, "null cannot be cast to non-null type org.bouncycastle.asn1.ASN1Integer");
            BigInteger value = ((ASN1Integer) aSN1Primitive).getValue();
            ASN1Primitive aSN1Primitive2 = array[1].toASN1Primitive();
            Intrinsics.checkNotNull(aSN1Primitive2, "null cannot be cast to non-null type org.bouncycastle.asn1.ASN1Integer");
            BigInteger value2 = ((ASN1Integer) aSN1Primitive2).getValue();
            byte[] byteArray = value.toByteArray();
            Intrinsics.checkNotNullExpressionValue(byteArray, "r.toByteArray()");
            byte[] stripLeadingZeroes = stripLeadingZeroes(byteArray);
            byte[] byteArray2 = value2.toByteArray();
            Intrinsics.checkNotNullExpressionValue(byteArray2, "s.toByteArray()");
            byte[] stripLeadingZeroes2 = stripLeadingZeroes(byteArray2);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                int length = keySize - stripLeadingZeroes.length;
                for (int i = 0; i < length; i++) {
                    byteArrayOutputStream.write(0);
                }
                byteArrayOutputStream.write(stripLeadingZeroes);
                int length2 = keySize - stripLeadingZeroes2.length;
                for (int i2 = 0; i2 < length2; i2++) {
                    byteArrayOutputStream.write(0);
                }
                byteArrayOutputStream.write(stripLeadingZeroes2);
                byte[] byteArray3 = byteArrayOutputStream.toByteArray();
                Intrinsics.checkNotNullExpressionValue(byteArray3, "baos.toByteArray()");
                return byteArray3;
            } catch (IOException e) {
                throw new IllegalStateException(e);
            }
        } catch (IOException e2) {
            throw new IllegalArgumentException("Error decoding DER signature", e2);
        }
    }

    private final byte[] stripLeadingZeroes(byte[] array) {
        int i = 0;
        int length = array.length;
        while (true) {
            if (i >= length) {
                i = -1;
                break;
            }
            if (array[i] != 0) {
                break;
            }
            i++;
        }
        int i2 = i;
        return i2 == -1 ? array : ArraysKt.copyOfRange(array, i2, array.length);
    }

    private final byte[] toCoseSignatureFormat(EcCurve curve, byte[] signature) {
        switch (WhenMappings.$EnumSwitchMapping$0[curve.ordinal()]) {
            case 1:
            case 2:
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
                return signatureDerToCose(signature, (curve.getBitSize() + 7) / 8);
            case 8:
            case 9:
                return signature;
            case 10:
            case 11:
                throw new IllegalStateException("Cannot sign with this curve");
            default:
                throw new NoWhenBranchMatchedException();
        }
    }
}
