package at.asitplus.attestation.android;

import at.asitplus.attestation.android.exceptions.AttestationException;
import at.asitplus.attestation.android.exceptions.CertificateInvalidException;
import at.asitplus.attestation.android.exceptions.RevocationException;
import com.google.android.attestation.AttestationApplicationId;
import com.google.android.attestation.ParsedAttestationRecord;
import com.google.android.attestation.RootOfTrust;
import io.ktor.client.HttpClient;
import io.ktor.client.engine.HttpClientEngineFactory;
import io.ktor.client.engine.cio.CIO;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.coroutines.CoroutineContext;
import kotlin.jvm.JvmOverloads;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.MagicApiIntrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.reflect.KType;
import kotlinx.coroutines.BuildersKt;
import kotlinx.serialization.SerializersKt;
import kotlinx.serialization.json.Json;
import kotlinx.serialization.json.JsonElement;
import kotlinx.serialization.json.JsonElementKt;
import kotlinx.serialization.json.JsonObject;
import kotlinx.serialization.json.JvmStreamsKt;
import kotlinx.serialization.modules.SerializersModule;
import org.jetbrains.annotations.NotNull;

/* compiled from: AndroidAttestationChecker.kt */
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��P\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0010\u0012\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010 \n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\t\u0018��2\u00020\u0001:\u0001\"BI\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u00128\b\u0002\u0010\u0004\u001a2\u0012\u0013\u0012\u00110\u0006¢\u0006\f\b\u0007\u0012\b\b\b\u0012\u0004\b\b(\t\u0012\u0013\u0012\u00110\u0006¢\u0006\f\b\u0007\u0012\b\b\b\u0012\u0004\b\b(\n\u0012\u0004\u0012\u00020\u000b0\u0005¢\u0006\u0002\u0010\fJ&\u0010\r\u001a\u00020\u000e2\f\u0010\u000f\u001a\b\u0012\u0004\u0012\u00020\u00110\u00102\b\b\u0002\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0006J(\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u00112\u0006\u0010\u0018\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0019\u001a\u00020\u001aH\u0002J\f\u0010\u001b\u001a\u00020\u0016*\u00020\u000eH\u0002J\f\u0010\u001c\u001a\u00020\u0016*\u00020\u000eH\u0002J\f\u0010\u001d\u001a\u00020\u0016*\u00020\u000eH\u0002J\u001a\u0010\u001e\u001a\u00020\u0016*\b\u0012\u0004\u0012\u00020\u00110\u00102\u0006\u0010\u0012\u001a\u00020\u0013H\u0002J\f\u0010\u001f\u001a\u00020\u0016*\u00020\u000eH\u0002J\u001a\u0010 \u001a\u00020\u0016*\b\u0012\u0004\u0012\u00020\u00110\u00102\u0006\u0010\u0012\u001a\u00020\u0013H\u0002J\f\u0010!\u001a\u00020\u0016*\u00020\u000eH\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R>\u0010\u0004\u001a2\u0012\u0013\u0012\u00110\u0006¢\u0006\f\b\u0007\u0012\b\b\b\u0012\u0004\b\b(\t\u0012\u0013\u0012\u00110\u0006¢\u0006\f\b\u0007\u0012\b\b\b\u0012\u0004\b\b(\n\u0012\u0004\u0012\u00020\u000b0\u0005X\u0082\u0004¢\u0006\u0002\n��¨\u0006#"}, d2 = {"Lat/asitplus/attestation/android/AndroidAttestationChecker;", "", "attestationConfiguration", "Lat/asitplus/attestation/android/AndroidAttestationConfiguration;", "verifyChallenge", "Lkotlin/Function2;", "", "Lkotlin/ParameterName;", "name", "expected", "actual", "", "(Lat/asitplus/attestation/android/AndroidAttestationConfiguration;Lkotlin/jvm/functions/Function2;)V", "verifyAttestation", "Lcom/google/android/attestation/ParsedAttestationRecord;", "certificates", "", "Ljava/security/cert/X509Certificate;", "verificationDate", "Ljava/util/Date;", "expectedChallenge", "verifyCertificatePair", "", "certificate", "parent", "statusList", "Lat/asitplus/attestation/android/AndroidAttestationChecker$RevocationList;", "verifyAndroidVersion", "verifyApplicationPackageNameAndSignatureDigest", "verifyBootStateAndSystemImage", "verifyCertificateChain", "verifyRollbackResistance", "verifyRootCertificate", "verifyTeeEnforcedAttestation", "RevocationList", "android-attestation"})
@SourceDebugExtension({"SMAP\nAndroidAttestationChecker.kt\nKotlin\n*S Kotlin\n*F\n+ 1 AndroidAttestationChecker.kt\nat/asitplus/attestation/android/AndroidAttestationChecker\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n+ 3 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n*L\n1#1,303:1\n1#2:304\n1559#3:305\n1590#3,4:306\n3464#3,10:310\n288#3,2:320\n1747#3,2:322\n1747#3,3:324\n1749#3:327\n*S KotlinDebug\n*F\n+ 1 AndroidAttestationChecker.kt\nat/asitplus/attestation/android/AndroidAttestationChecker\n*L\n43#1:305\n43#1:306,4\n46#1:310,10\n78#1:320,2\n95#1:322,2\n96#1:324,3\n95#1:327\n*E\n"})
/* loaded from: input_file:at/asitplus/attestation/android/AndroidAttestationChecker.class */
public final class AndroidAttestationChecker {

    @NotNull
    private final AndroidAttestationConfiguration attestationConfiguration;

    @NotNull
    private final Function2<byte[], byte[], Boolean> verifyChallenge;

    /* compiled from: AndroidAttestationChecker.kt */
    @Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"�� \n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018�� \u000e2\u00020\u0001:\u0001\u000eB\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u000e\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rR\u001b\u0010\u0005\u001a\u00020\u00038BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\b\u0010\t\u001a\u0004\b\u0006\u0010\u0007¨\u0006\u000f"}, d2 = {"Lat/asitplus/attestation/android/AndroidAttestationChecker$RevocationList;", "", "json", "Lkotlinx/serialization/json/JsonObject;", "(Lkotlinx/serialization/json/JsonObject;)V", "entries", "getEntries", "()Lkotlinx/serialization/json/JsonObject;", "entries$delegate", "Lkotlin/Lazy;", "isRevoked", "", "serialNumber", "Ljava/math/BigInteger;", "Companion", "android-attestation"})
    /* loaded from: input_file:at/asitplus/attestation/android/AndroidAttestationChecker$RevocationList.class */
    public static final class RevocationList {

        @NotNull
        private final Lazy entries$delegate;

        @NotNull
        public static final Companion Companion = new Companion(null);

        @NotNull
        private static final Lazy<HttpClient> client$delegate = LazyKt.lazy(new Function0<HttpClient>() { // from class: at.asitplus.attestation.android.AndroidAttestationChecker$RevocationList$Companion$client$2
            @NotNull
            /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
            public final HttpClient m3invoke() {
                return AndroidAttestationCheckerKt.setup(HttpClientEngineFactory.DefaultImpls.create$default(CIO.INSTANCE, (Function1) null, 1, (Object) null));
            }
        });

        /* compiled from: AndroidAttestationChecker.kt */
        @Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��\"\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0010\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rH\u0007J\u0012\u0010\u000e\u001a\u00020\u000b2\b\b\u0002\u0010\u0003\u001a\u00020\u0004H\u0007R!\u0010\u0003\u001a\u00020\u00048BX\u0083\u0084\u0002¢\u0006\u0012\n\u0004\b\b\u0010\t\u0012\u0004\b\u0005\u0010\u0002\u001a\u0004\b\u0006\u0010\u0007¨\u0006\u000f"}, d2 = {"Lat/asitplus/attestation/android/AndroidAttestationChecker$RevocationList$Companion;", "", "()V", "client", "Lio/ktor/client/HttpClient;", "getClient$annotations", "getClient", "()Lio/ktor/client/HttpClient;", "client$delegate", "Lkotlin/Lazy;", "from", "Lat/asitplus/attestation/android/AndroidAttestationChecker$RevocationList;", "source", "Ljava/io/InputStream;", "fromGoogleServer", "android-attestation"})
        @SourceDebugExtension({"SMAP\nAndroidAttestationChecker.kt\nKotlin\n*S Kotlin\n*F\n+ 1 AndroidAttestationChecker.kt\nat/asitplus/attestation/android/AndroidAttestationChecker$RevocationList$Companion\n+ 2 JvmStreams.kt\nkotlinx/serialization/json/JvmStreamsKt\n*L\n1#1,303:1\n80#2:304\n*S KotlinDebug\n*F\n+ 1 AndroidAttestationChecker.kt\nat/asitplus/attestation/android/AndroidAttestationChecker$RevocationList$Companion\n*L\n221#1:304\n*E\n"})
        /* loaded from: input_file:at/asitplus/attestation/android/AndroidAttestationChecker$RevocationList$Companion.class */
        public static final class Companion {
            private Companion() {
            }

            /* JADX INFO: Access modifiers changed from: private */
            public final HttpClient getClient() {
                return (HttpClient) RevocationList.client$delegate.getValue();
            }

            @JvmStatic
            private static /* synthetic */ void getClient$annotations() {
            }

            @JvmStatic
            @NotNull
            public final RevocationList from(@NotNull InputStream inputStream) {
                Json json;
                Intrinsics.checkNotNullParameter(inputStream, "source");
                json = AndroidAttestationCheckerKt.json;
                SerializersModule serializersModule = json.getSerializersModule();
                KType typeOf = Reflection.typeOf(JsonObject.class);
                MagicApiIntrinsics.voidMagicApiCall("kotlinx.serialization.serializer.withModule");
                return new RevocationList((JsonObject) JvmStreamsKt.decodeFromStream(json, SerializersKt.serializer(serializersModule, typeOf), inputStream));
            }

            @JvmStatic
            @JvmOverloads
            @NotNull
            public final RevocationList fromGoogleServer(@NotNull HttpClient httpClient) throws Throwable {
                Intrinsics.checkNotNullParameter(httpClient, "client");
                return (RevocationList) BuildersKt.runBlocking$default((CoroutineContext) null, new AndroidAttestationChecker$RevocationList$Companion$fromGoogleServer$1(httpClient, null), 1, (Object) null);
            }

            public static /* synthetic */ RevocationList fromGoogleServer$default(Companion companion, HttpClient httpClient, int i, Object obj) throws Throwable {
                if ((i & 1) != 0) {
                    httpClient = companion.getClient();
                }
                return companion.fromGoogleServer(httpClient);
            }

            @JvmStatic
            @JvmOverloads
            @NotNull
            public final RevocationList fromGoogleServer() throws Throwable {
                return fromGoogleServer$default(this, null, 1, null);
            }

            public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
                this();
            }
        }

        public RevocationList(@NotNull final JsonObject jsonObject) {
            Intrinsics.checkNotNullParameter(jsonObject, "json");
            this.entries$delegate = LazyKt.lazy(new Function0<JsonObject>() { // from class: at.asitplus.attestation.android.AndroidAttestationChecker$RevocationList$entries$2
                /* JADX INFO: Access modifiers changed from: package-private */
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                @NotNull
                /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
                public final JsonObject m4invoke() {
                    JsonElement jsonElement = (JsonElement) jsonObject.get("entries");
                    if (jsonElement != null) {
                        JsonObject jsonObject2 = JsonElementKt.getJsonObject(jsonElement);
                        if (jsonObject2 != null) {
                            return jsonObject2;
                        }
                    }
                    throw new IOException();
                }
            });
        }

        private final JsonObject getEntries() {
            return (JsonObject) this.entries$delegate.getValue();
        }

        public final boolean isRevoked(@NotNull BigInteger bigInteger) {
            Intrinsics.checkNotNullParameter(bigInteger, "serialNumber");
            String bigInteger2 = bigInteger.toString(16);
            Intrinsics.checkNotNullExpressionValue(bigInteger2, "toString(...)");
            Locale locale = Locale.getDefault();
            Intrinsics.checkNotNullExpressionValue(locale, "getDefault(...)");
            String lowerCase = bigInteger2.toLowerCase(locale);
            Intrinsics.checkNotNullExpressionValue(lowerCase, "this as java.lang.String).toLowerCase(locale)");
            return getEntries().get(lowerCase) != null;
        }

        private static final HttpClient getClient() {
            return Companion.getClient();
        }

        @JvmStatic
        @NotNull
        public static final RevocationList from(@NotNull InputStream inputStream) {
            return Companion.from(inputStream);
        }

        @JvmStatic
        @JvmOverloads
        @NotNull
        public static final RevocationList fromGoogleServer(@NotNull HttpClient httpClient) throws Throwable {
            return Companion.fromGoogleServer(httpClient);
        }

        @JvmStatic
        @JvmOverloads
        @NotNull
        public static final RevocationList fromGoogleServer() throws Throwable {
            return Companion.fromGoogleServer();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @JvmOverloads
    public AndroidAttestationChecker(@NotNull AndroidAttestationConfiguration androidAttestationConfiguration, @NotNull Function2<? super byte[], ? super byte[], Boolean> function2) {
        Intrinsics.checkNotNullParameter(androidAttestationConfiguration, "attestationConfiguration");
        Intrinsics.checkNotNullParameter(function2, "verifyChallenge");
        this.attestationConfiguration = androidAttestationConfiguration;
        this.verifyChallenge = function2;
    }

    public /* synthetic */ AndroidAttestationChecker(AndroidAttestationConfiguration androidAttestationConfiguration, Function2 function2, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(androidAttestationConfiguration, (i & 2) != 0 ? new Function2<byte[], byte[], Boolean>() { // from class: at.asitplus.attestation.android.AndroidAttestationChecker.1
            @NotNull
            public final Boolean invoke(@NotNull byte[] bArr, @NotNull byte[] bArr2) {
                Intrinsics.checkNotNullParameter(bArr, "expected");
                Intrinsics.checkNotNullParameter(bArr2, "actual");
                return Boolean.valueOf(Arrays.equals(bArr, bArr2));
            }
        } : function2);
    }

    private final void verifyCertificateChain(List<? extends X509Certificate> list, Date date) throws CertificateInvalidException, RevocationException {
        Object obj;
        Object obj2;
        ArrayList arrayList;
        try {
            Result.Companion companion = Result.Companion;
            verifyRootCertificate(list, date);
            obj = Result.constructor-impl(Unit.INSTANCE);
        } catch (Throwable th) {
            Result.Companion companion2 = Result.Companion;
            obj = Result.constructor-impl(ResultKt.createFailure(th));
        }
        Throwable th2 = Result.exceptionOrNull-impl(obj);
        if (th2 != null) {
            throw new CertificateInvalidException("could not verify root certificate", th2);
        }
        try {
            Result.Companion companion3 = Result.Companion;
            obj2 = Result.constructor-impl(RevocationList.Companion.fromGoogleServer$default(RevocationList.Companion, null, 1, null));
        } catch (Throwable th3) {
            Result.Companion companion4 = Result.Companion;
            obj2 = Result.constructor-impl(ResultKt.createFailure(th3));
        }
        Object obj3 = obj2;
        Throwable th4 = Result.exceptionOrNull-impl(obj3);
        if (th4 != null) {
            throw new RevocationException("could not download revocation information", th4);
        }
        RevocationList revocationList = (RevocationList) obj3;
        if (this.attestationConfiguration.getIgnoreLeafValidity()) {
            List<? extends X509Certificate> list2 = list;
            ArrayList arrayList2 = new ArrayList(CollectionsKt.collectionSizeOrDefault(list2, 10));
            int i = 0;
            for (Object obj4 : list2) {
                int i2 = i;
                i++;
                if (i2 < 0) {
                    CollectionsKt.throwIndexOverflow();
                }
                X509Certificate x509Certificate = (X509Certificate) obj4;
                arrayList2.add(i2 == 0 ? new EternalX509Certificate(x509Certificate) : x509Certificate);
            }
            arrayList = arrayList2;
        } else {
            arrayList = list;
        }
        Iterator it = CollectionsKt.reversed(arrayList).iterator();
        if (!it.hasNext()) {
            CollectionsKt.emptyList();
            return;
        }
        ArrayList arrayList3 = new ArrayList();
        Object obj5 = it.next();
        while (true) {
            Object obj6 = obj5;
            if (!it.hasNext()) {
                return;
            }
            Object next = it.next();
            verifyCertificatePair((X509Certificate) next, (X509Certificate) obj6, date, revocationList);
            arrayList3.add(Unit.INSTANCE);
            obj5 = next;
        }
    }

    private final void verifyCertificatePair(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date, RevocationList revocationList) throws RevocationException, CertificateInvalidException {
        Object obj;
        Object obj2;
        try {
            Result.Companion companion = Result.Companion;
            AndroidAttestationChecker androidAttestationChecker = this;
            x509Certificate.checkValidity(date);
            x509Certificate.verify(x509Certificate2.getPublicKey());
            obj = Result.constructor-impl(Unit.INSTANCE);
        } catch (Throwable th) {
            Result.Companion companion2 = Result.Companion;
            obj = Result.constructor-impl(ResultKt.createFailure(th));
        }
        Throwable th2 = Result.exceptionOrNull-impl(obj);
        if (th2 != null) {
            String message = th2.getMessage();
            if (message == null) {
                message = "Certificate invalid";
            }
            throw new CertificateInvalidException(message, th2);
        }
        try {
            Result.Companion companion3 = Result.Companion;
            AndroidAttestationChecker androidAttestationChecker2 = this;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            Intrinsics.checkNotNullExpressionValue(serialNumber, "getSerialNumber(...)");
            obj2 = Result.constructor-impl(Boolean.valueOf(revocationList.isRevoked(serialNumber)));
        } catch (Throwable th3) {
            Result.Companion companion4 = Result.Companion;
            obj2 = Result.constructor-impl(ResultKt.createFailure(th3));
        }
        Object obj3 = obj2;
        if (Result.isSuccess-impl(obj3) && ((Boolean) obj3).booleanValue()) {
            throw new RevocationException("Certificate revoked", null, 2, null);
        }
        Throwable th4 = Result.exceptionOrNull-impl(obj3);
        if (th4 != null) {
            throw new RevocationException("Could not get revocation list", th4);
        }
    }

    private final void verifyRootCertificate(List<? extends X509Certificate> list, Date date) {
        Object obj;
        X509Certificate x509Certificate = (X509Certificate) CollectionsKt.last(list);
        x509Certificate.checkValidity(date);
        Iterator<T> it = this.attestationConfiguration.getTrustAnchors().iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            Object next = it.next();
            if (Arrays.equals(x509Certificate.getPublicKey().getEncoded(), ((PublicKey) next).getEncoded())) {
                obj = next;
                break;
            }
        }
        PublicKey publicKey = (PublicKey) obj;
        if (publicKey == null) {
            throw new CertificateInvalidException("No matching root certificate", null, 2, null);
        }
        x509Certificate.verify(publicKey);
    }

    private final void verifyApplicationPackageNameAndSignatureDigest(ParsedAttestationRecord parsedAttestationRecord) throws AttestationException {
        Object obj;
        List<AttestationApplicationId.AttestationPackageInfo> list;
        boolean z;
        boolean z2;
        try {
            Result.Companion companion = Result.Companion;
            list = parsedAttestationRecord.softwareEnforced.attestationApplicationId.get().packageInfos;
            Intrinsics.checkNotNullExpressionValue(list, "packageInfos");
        } catch (Throwable th) {
            Result.Companion companion2 = Result.Companion;
            obj = Result.constructor-impl(ResultKt.createFailure(th));
        }
        if (!Intrinsics.areEqual(((AttestationApplicationId.AttestationPackageInfo) CollectionsKt.first(list)).packageName, this.attestationConfiguration.getPackageName())) {
            throw new AttestationException("Invalid Application Package", null, 2, null);
        }
        Integer appVersion = this.attestationConfiguration.getAppVersion();
        if (appVersion != null) {
            int intValue = appVersion.intValue();
            List<AttestationApplicationId.AttestationPackageInfo> list2 = parsedAttestationRecord.softwareEnforced.attestationApplicationId.get().packageInfos;
            Intrinsics.checkNotNullExpressionValue(list2, "packageInfos");
            if (((AttestationApplicationId.AttestationPackageInfo) CollectionsKt.first(list2)).version < intValue) {
                throw new AttestationException("Application Version not supported", null, 2, null);
            }
        }
        List<byte[]> list3 = parsedAttestationRecord.softwareEnforced.attestationApplicationId.get().signatureDigests;
        Intrinsics.checkNotNullExpressionValue(list3, "signatureDigests");
        List<byte[]> list4 = list3;
        if (!(list4 instanceof Collection) || !list4.isEmpty()) {
            Iterator<T> it = list4.iterator();
            while (true) {
                if (!it.hasNext()) {
                    z = false;
                    break;
                }
                byte[] bArr = (byte[]) it.next();
                List<byte[]> signatureDigests = this.attestationConfiguration.getSignatureDigests();
                if (!(signatureDigests instanceof Collection) || !signatureDigests.isEmpty()) {
                    Iterator<T> it2 = signatureDigests.iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            z2 = false;
                            break;
                        } else if (Arrays.equals((byte[]) it2.next(), bArr)) {
                            z2 = true;
                            break;
                        }
                    }
                } else {
                    z2 = false;
                }
                if (z2) {
                    z = true;
                    break;
                }
            }
        } else {
            z = false;
        }
        if (!z) {
            throw new AttestationException("Invalid Application Signature Digest", null, 2, null);
        }
        obj = Result.constructor-impl(Unit.INSTANCE);
        Throwable th2 = Result.exceptionOrNull-impl(obj);
        if (th2 != null) {
            if (!(th2 instanceof AttestationException)) {
                throw new AttestationException("Could not verify Client Application", th2);
            }
        }
    }

    private final void verifyAndroidVersion(ParsedAttestationRecord parsedAttestationRecord) throws AttestationException {
        Object obj;
        Unit unit;
        try {
            Result.Companion companion = Result.Companion;
            Integer androidVersion = this.attestationConfiguration.getAndroidVersion();
            if (androidVersion != null) {
                int intValue = androidVersion.intValue();
                Integer num = parsedAttestationRecord.teeEnforced.osVersion.get();
                Intrinsics.checkNotNullExpressionValue(num, "get(...)");
                if (num.intValue() < intValue) {
                    throw new AttestationException("Android version not supported", null, 2, null);
                }
            }
            Integer osPatchLevel = this.attestationConfiguration.getOsPatchLevel();
            if (osPatchLevel != null) {
                int intValue2 = osPatchLevel.intValue();
                Integer num2 = parsedAttestationRecord.teeEnforced.osPatchLevel.get();
                Intrinsics.checkNotNullExpressionValue(num2, "get(...)");
                if (num2.intValue() < intValue2) {
                    throw new AttestationException("Patch level not supported", null, 2, null);
                }
                unit = Unit.INSTANCE;
            } else {
                unit = null;
            }
            obj = Result.constructor-impl(unit);
        } catch (Throwable th) {
            Result.Companion companion2 = Result.Companion;
            obj = Result.constructor-impl(ResultKt.createFailure(th));
        }
        Throwable th2 = Result.exceptionOrNull-impl(obj);
        if (th2 != null) {
            if (!(th2 instanceof AttestationException)) {
                throw new AttestationException("Could not verify Android Version", th2);
            }
        }
    }

    private final void verifyTeeEnforcedAttestation(ParsedAttestationRecord parsedAttestationRecord) throws AttestationException {
        if (this.attestationConfiguration.getRequireStrongBox()) {
            if (parsedAttestationRecord.attestationSecurityLevel != ParsedAttestationRecord.SecurityLevel.STRONG_BOX) {
                throw new AttestationException("Attestation security level not StrongBox", null, 2, null);
            }
            if (parsedAttestationRecord.keymasterSecurityLevel != ParsedAttestationRecord.SecurityLevel.STRONG_BOX) {
                throw new AttestationException("Keymaster security level not StrongBox", null, 2, null);
            }
            return;
        }
        if (parsedAttestationRecord.attestationSecurityLevel == ParsedAttestationRecord.SecurityLevel.SOFTWARE) {
            throw new AttestationException("Attestation security level software", null, 2, null);
        }
        if (parsedAttestationRecord.keymasterSecurityLevel == ParsedAttestationRecord.SecurityLevel.SOFTWARE) {
            throw new AttestationException("Keymaster security level software", null, 2, null);
        }
    }

    private final void verifyBootStateAndSystemImage(ParsedAttestationRecord parsedAttestationRecord) throws AttestationException {
        if (this.attestationConfiguration.getBootloaderUnlockAllowed()) {
            return;
        }
        if (parsedAttestationRecord.teeEnforced.rootOfTrust == null) {
            throw new AttestationException("Root of Trust not present", null, 2, null);
        }
        if (!parsedAttestationRecord.teeEnforced.rootOfTrust.get().deviceLocked) {
            throw new AttestationException("Bootloader not locked", null, 2, null);
        }
        RootOfTrust.VerifiedBootState verifiedBootState = parsedAttestationRecord.teeEnforced.rootOfTrust.get().verifiedBootState;
        if ((verifiedBootState == null ? RootOfTrust.VerifiedBootState.FAILED : verifiedBootState) != RootOfTrust.VerifiedBootState.VERIFIED) {
            throw new AttestationException("System image not verified", null, 2, null);
        }
    }

    private final void verifyRollbackResistance(ParsedAttestationRecord parsedAttestationRecord) throws AttestationException {
        if (this.attestationConfiguration.getRequireRollbackResistance() && !parsedAttestationRecord.teeEnforced.rollbackResistant) {
            throw new AttestationException("No rollback resistance", null, 2, null);
        }
    }

    @NotNull
    public final ParsedAttestationRecord verifyAttestation(@NotNull List<? extends X509Certificate> list, @NotNull Date date, @NotNull byte[] bArr) throws AttestationException, CertificateInvalidException, RevocationException {
        Intrinsics.checkNotNullParameter(list, "certificates");
        Intrinsics.checkNotNullParameter(date, "verificationDate");
        Intrinsics.checkNotNullParameter(bArr, "expectedChallenge");
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(13, this.attestationConfiguration.getVerificationSecondsOffset());
        Date time = calendar.getTime();
        Intrinsics.checkNotNullExpressionValue(time, "getTime(...)");
        verifyCertificateChain(list, time);
        ParsedAttestationRecord createParsedAttestationRecord = ParsedAttestationRecord.createParsedAttestationRecord(list);
        Function2<byte[], byte[], Boolean> function2 = this.verifyChallenge;
        byte[] bArr2 = createParsedAttestationRecord.attestationChallenge;
        Intrinsics.checkNotNullExpressionValue(bArr2, "attestationChallenge");
        if (!((Boolean) function2.invoke(bArr, bArr2)).booleanValue()) {
            throw new AttestationException("verification of attestation challenge failed", null, 2, null);
        }
        Intrinsics.checkNotNull(createParsedAttestationRecord);
        verifyTeeEnforcedAttestation(createParsedAttestationRecord);
        verifyBootStateAndSystemImage(createParsedAttestationRecord);
        verifyRollbackResistance(createParsedAttestationRecord);
        verifyAndroidVersion(createParsedAttestationRecord);
        verifyApplicationPackageNameAndSignatureDigest(createParsedAttestationRecord);
        return createParsedAttestationRecord;
    }

    public static /* synthetic */ ParsedAttestationRecord verifyAttestation$default(AndroidAttestationChecker androidAttestationChecker, List list, Date date, byte[] bArr, int i, Object obj) throws AttestationException, CertificateInvalidException, RevocationException {
        if ((i & 2) != 0) {
            date = new Date();
        }
        return androidAttestationChecker.verifyAttestation(list, date, bArr);
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    @JvmOverloads
    public AndroidAttestationChecker(@NotNull AndroidAttestationConfiguration androidAttestationConfiguration) {
        this(androidAttestationConfiguration, null, 2, null);
        Intrinsics.checkNotNullParameter(androidAttestationConfiguration, "attestationConfiguration");
    }
}
