package at.asitplus.wallet.lib.jws;

import at.asitplus.KmmResult;
import at.asitplus.signum.indispensable.CryptoPublicKey;
import at.asitplus.signum.indispensable.X509SignatureAlgorithm;
import at.asitplus.signum.indispensable.X509SignatureAlgorithmKt;
import at.asitplus.signum.indispensable.josef.ConfirmationClaim;
import at.asitplus.signum.indispensable.josef.JsonWebKey;
import at.asitplus.signum.indispensable.josef.JsonWebKeySet;
import at.asitplus.signum.indispensable.josef.JwsAlgorithm;
import at.asitplus.signum.indispensable.josef.JwsAlgorithmKt;
import at.asitplus.signum.indispensable.josef.JwsSigned;
import at.asitplus.wallet.lib.agent.DefaultVerifierCryptoService;
import at.asitplus.wallet.lib.agent.VerifierCryptoService;
import com.nimbusds.jose.HeaderParameterNames;
import io.github.aakira.napier.Napier;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CancellationException;
import kotlin.Metadata;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: JwsService.kt */
@Metadata(d1 = {"\u0000Z\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018\u00002\u00020\u0001BS\u0012\b\b\u0002\u0010\u0002\u001a\u00020\u0003\u0012\u001a\b\u0002\u0010\u0004\u001a\u0014\u0012\u0004\u0012\u00020\u0006\u0012\u0006\u0012\u0004\u0018\u00010\u00070\u0005j\u0002`\b\u0012$\b\u0002\u0010\t\u001a\u001e\u0012\b\u0012\u0006\u0012\u0002\b\u00030\n\u0012\f\u0012\n\u0012\u0004\u0012\u00020\f\u0018\u00010\u000b0\u0005j\u0002`\r¢\u0006\u0004\b\u000e\u0010\u000fJ\u0014\u0010\u0015\u001a\u00020\u00162\n\u0010\u0017\u001a\u0006\u0012\u0002\b\u00030\nH\u0016J\u001c\u0010\u0018\u001a\u0004\u0018\u00010\u00192\u0006\u0010\u001a\u001a\u00020\u00062\b\u0010\u001b\u001a\u0004\u0018\u00010\u0006H\u0002J\u001c\u0010\u001c\u001a\u0004\u0018\u00010\f2\u0006\u0010\u001a\u001a\u00020\u00062\b\u0010\u001b\u001a\u0004\u0018\u00010\u0006H\u0002J\u001c\u0010\u001d\u001a\u00020\u00162\n\u0010\u0017\u001a\u0006\u0012\u0002\b\u00030\n2\u0006\u0010\u001e\u001a\u00020\fH\u0016J\u001c\u0010\u001d\u001a\u00020\u00162\n\u0010\u0017\u001a\u0006\u0012\u0002\b\u00030\n2\u0006\u0010\u001f\u001a\u00020 H\u0016J\u0014\u0010!\u001a\b\u0012\u0004\u0012\u00020\u00190\u000b*\u0006\u0012\u0002\b\u00030\nJ\u0010\u0010!\u001a\b\u0012\u0004\u0012\u00020\u00190\u000b*\u00020 J\u001c\u0010\"\u001a\u00020\u00162\n\u0010\u0017\u001a\u0006\u0012\u0002\b\u00030\n2\u0006\u0010#\u001a\u00020\u0019H\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R \u0010\u0004\u001a\u0014\u0012\u0004\u0012\u00020\u0006\u0012\u0006\u0012\u0004\u0018\u00010\u00070\u0005j\u0002`\bX\u0082\u0004¢\u0006\u0002\n\u0000R*\u0010\t\u001a\u001e\u0012\b\u0012\u0006\u0012\u0002\b\u00030\n\u0012\f\u0012\n\u0012\u0004\u0012\u00020\f\u0018\u00010\u000b0\u0005j\u0002`\rX\u0082\u0004¢\u0006\u0002\n\u0000R\u001a\u0010\u0010\u001a\b\u0012\u0004\u0012\u00020\u00120\u0011X\u0096\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0013\u0010\u0014¨\u0006$"}, d2 = {"Lat/asitplus/wallet/lib/jws/DefaultVerifierJwsService;", "Lat/asitplus/wallet/lib/jws/VerifierJwsService;", "cryptoService", "Lat/asitplus/wallet/lib/agent/VerifierCryptoService;", "jwkSetRetriever", "Lkotlin/Function1;", "", "Lat/asitplus/signum/indispensable/josef/JsonWebKeySet;", "Lat/asitplus/wallet/lib/jws/JwkSetRetrieverFunction;", "publicKeyLookup", "Lat/asitplus/signum/indispensable/josef/JwsSigned;", "", "Lat/asitplus/signum/indispensable/josef/JsonWebKey;", "Lat/asitplus/wallet/lib/jws/PublicJsonWebKeyLookup;", "<init>", "(Lat/asitplus/wallet/lib/agent/VerifierCryptoService;Lkotlin/jvm/functions/Function1;Lkotlin/jvm/functions/Function1;)V", "supportedAlgorithms", "", "Lat/asitplus/signum/indispensable/josef/JwsAlgorithm;", "getSupportedAlgorithms", "()Ljava/util/List;", "verifyJwsObject", "", "jwsObject", "retrieveJwkFromKeySetUrl", "Lat/asitplus/signum/indispensable/CryptoPublicKey;", HeaderParameterNames.JWK_SET_URL, "keyId", "retrieveFromKeySetUrl", "verifyJws", "signer", "cnf", "Lat/asitplus/signum/indispensable/josef/ConfirmationClaim;", "loadPublicKeys", "verify", "publicKey", "vck_release"}, k = 1, mv = {2, 1, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class DefaultVerifierJwsService implements VerifierJwsService {
    private final VerifierCryptoService cryptoService;
    private final Function1<String, JsonWebKeySet> jwkSetRetriever;
    private final Function1<JwsSigned<?>, Set<JsonWebKey>> publicKeyLookup;
    private final List<JwsAlgorithm> supportedAlgorithms;

    public DefaultVerifierJwsService() {
        this(null, null, null, 7, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public DefaultVerifierJwsService(VerifierCryptoService cryptoService, Function1<? super String, JsonWebKeySet> jwkSetRetriever, Function1<? super JwsSigned<?>, ? extends Set<JsonWebKey>> publicKeyLookup) {
        Intrinsics.checkNotNullParameter(cryptoService, "cryptoService");
        Intrinsics.checkNotNullParameter(jwkSetRetriever, "jwkSetRetriever");
        Intrinsics.checkNotNullParameter(publicKeyLookup, "publicKeyLookup");
        this.cryptoService = cryptoService;
        this.jwkSetRetriever = jwkSetRetriever;
        this.publicKeyLookup = publicKeyLookup;
        List<X509SignatureAlgorithm> supportedAlgorithms = cryptoService.getSupportedAlgorithms();
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(supportedAlgorithms, 10));
        Iterator<T> it = supportedAlgorithms.iterator();
        while (it.hasNext()) {
            arrayList.add(JwsAlgorithmKt.toJwsAlgorithm((X509SignatureAlgorithm) it.next()).getOrThrow());
        }
        this.supportedAlgorithms = arrayList;
    }

    public /* synthetic */ DefaultVerifierJwsService(DefaultVerifierCryptoService defaultVerifierCryptoService, AnonymousClass1 anonymousClass1, AnonymousClass2 anonymousClass2, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this((i & 1) != 0 ? new DefaultVerifierCryptoService() : defaultVerifierCryptoService, (i & 2) != 0 ? new Function1() { // from class: at.asitplus.wallet.lib.jws.DefaultVerifierJwsService.1
            @Override // kotlin.jvm.functions.Function1
            public final Void invoke(String it) {
                Intrinsics.checkNotNullParameter(it, "it");
                return null;
            }
        } : anonymousClass1, (i & 4) != 0 ? new Function1() { // from class: at.asitplus.wallet.lib.jws.DefaultVerifierJwsService.2
            @Override // kotlin.jvm.functions.Function1
            public final Void invoke(JwsSigned<?> it) {
                Intrinsics.checkNotNullParameter(it, "it");
                return null;
            }
        } : anonymousClass2);
    }

    private final JsonWebKey retrieveFromKeySetUrl(String jku, String keyId) {
        Collection<JsonWebKey> keys;
        JsonWebKeySet invoke = this.jwkSetRetriever.invoke(jku);
        Object obj = null;
        if (invoke == null || (keys = invoke.getKeys()) == null) {
            return null;
        }
        Collection<JsonWebKey> collection = keys;
        Iterator<T> it = collection.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (Intrinsics.areEqual(((JsonWebKey) next).getKeyId(), keyId)) {
                obj = next;
                break;
            }
        }
        JsonWebKey jsonWebKey = (JsonWebKey) obj;
        return jsonWebKey == null ? (JsonWebKey) CollectionsKt.singleOrNull(collection) : jsonWebKey;
    }

    private final CryptoPublicKey retrieveJwkFromKeySetUrl(String jku, String keyId) {
        KmmResult<CryptoPublicKey> cryptoPublicKey;
        JsonWebKey retrieveFromKeySetUrl = retrieveFromKeySetUrl(jku, keyId);
        if (retrieveFromKeySetUrl == null || (cryptoPublicKey = retrieveFromKeySetUrl.toCryptoPublicKey()) == null) {
            return null;
        }
        return cryptoPublicKey.getOrNull();
    }

    private final boolean verify(JwsSigned<?> jwsObject, CryptoPublicKey publicKey) {
        Object m8739constructorimpl;
        KmmResult.Companion companion = KmmResult.INSTANCE;
        try {
            Result.Companion companion2 = Result.INSTANCE;
            DefaultVerifierJwsService defaultVerifierJwsService = this;
            m8739constructorimpl = Result.m8739constructorimpl(this.cryptoService.verify(jwsObject.getPlainSignatureInput(), jwsObject.getSignature(), X509SignatureAlgorithmKt.toX509SignatureAlgorithm(jwsObject.getHeader().getAlgorithm()).getOrThrow(), publicKey).getOrThrow());
        } catch (Throwable th) {
            Result.Companion companion3 = Result.INSTANCE;
            if ((th instanceof VirtualMachineError) || (th instanceof ThreadDeath) || (th instanceof InterruptedException) || (th instanceof LinkageError) || (th instanceof CancellationException)) {
                throw th;
            }
            m8739constructorimpl = Result.m8739constructorimpl(ResultKt.createFailure(th));
        }
        KmmResult wrap = companion.wrap(m8739constructorimpl);
        if (wrap.isSuccess()) {
            return true;
        }
        Throwable exceptionOrNull = wrap.exceptionOrNull();
        Intrinsics.checkNotNull(exceptionOrNull);
        Napier.w$default(Napier.INSTANCE, "No verification from native code", exceptionOrNull, (String) null, 4, (Object) null);
        return false;
    }

    @Override // at.asitplus.wallet.lib.jws.VerifierJwsService
    public List<JwsAlgorithm> getSupportedAlgorithms() {
        return this.supportedAlgorithms;
    }

    public final Set<CryptoPublicKey> loadPublicKeys(ConfirmationClaim confirmationClaim) {
        KmmResult<CryptoPublicKey> cryptoPublicKey;
        Intrinsics.checkNotNullParameter(confirmationClaim, "<this>");
        CryptoPublicKey[] cryptoPublicKeyArr = new CryptoPublicKey[2];
        JsonWebKey jsonWebKey = confirmationClaim.getJsonWebKey();
        cryptoPublicKeyArr[0] = (jsonWebKey == null || (cryptoPublicKey = jsonWebKey.toCryptoPublicKey()) == null) ? null : cryptoPublicKey.getOrNull();
        String jsonWebKeySetUrl = confirmationClaim.getJsonWebKeySetUrl();
        cryptoPublicKeyArr[1] = jsonWebKeySetUrl != null ? retrieveJwkFromKeySetUrl(jsonWebKeySetUrl, confirmationClaim.getKeyId()) : null;
        return SetsKt.setOfNotNull((Object[]) cryptoPublicKeyArr);
    }

    public final Set<CryptoPublicKey> loadPublicKeys(JwsSigned<?> jwsSigned) {
        Set<CryptoPublicKey> set;
        CryptoPublicKey retrieveJwkFromKeySetUrl;
        Set<CryptoPublicKey> of;
        Intrinsics.checkNotNullParameter(jwsSigned, "<this>");
        CryptoPublicKey publicKey = jwsSigned.getHeader().getPublicKey();
        if (publicKey != null && (of = SetsKt.setOf(publicKey)) != null) {
            return of;
        }
        String jsonWebKeySetUrl = jwsSigned.getHeader().getJsonWebKeySetUrl();
        Set<CryptoPublicKey> of2 = (jsonWebKeySetUrl == null || (retrieveJwkFromKeySetUrl = retrieveJwkFromKeySetUrl(jsonWebKeySetUrl, jwsSigned.getHeader().getKeyId())) == null) ? null : SetsKt.setOf(retrieveJwkFromKeySetUrl);
        if (of2 != null) {
            return of2;
        }
        Set<JsonWebKey> invoke = this.publicKeyLookup.invoke(jwsSigned);
        if (invoke != null) {
            ArrayList arrayList = new ArrayList();
            Iterator<T> it = invoke.iterator();
            while (it.hasNext()) {
                CryptoPublicKey orNull = ((JsonWebKey) it.next()).toCryptoPublicKey().getOrNull();
                if (orNull != null) {
                    arrayList.add(orNull);
                }
            }
            set = CollectionsKt.toSet(arrayList);
        } else {
            set = null;
        }
        return set == null ? SetsKt.emptySet() : set;
    }

    @Override // at.asitplus.wallet.lib.jws.VerifierJwsService
    public boolean verifyJws(JwsSigned<?> jwsObject, ConfirmationClaim cnf) {
        Intrinsics.checkNotNullParameter(jwsObject, "jwsObject");
        Intrinsics.checkNotNullParameter(cnf, "cnf");
        Set<CryptoPublicKey> loadPublicKeys = loadPublicKeys(cnf);
        if ((loadPublicKeys instanceof Collection) && loadPublicKeys.isEmpty()) {
            return false;
        }
        Iterator<T> it = loadPublicKeys.iterator();
        while (it.hasNext()) {
            if (verify(jwsObject, (CryptoPublicKey) it.next())) {
                return true;
            }
        }
        return false;
    }

    @Override // at.asitplus.wallet.lib.jws.VerifierJwsService
    public boolean verifyJws(JwsSigned<?> jwsObject, JsonWebKey signer) {
        Intrinsics.checkNotNullParameter(jwsObject, "jwsObject");
        Intrinsics.checkNotNullParameter(signer, "signer");
        CryptoPublicKey orNull = signer.toCryptoPublicKey().getOrNull();
        if (orNull != null) {
            return verify(jwsObject, orNull);
        }
        Napier.w$default(Napier.INSTANCE, "Could not convert signer to public key: " + signer, (Throwable) null, (String) null, 6, (Object) null);
        return false;
    }

    @Override // at.asitplus.wallet.lib.jws.VerifierJwsService
    public boolean verifyJwsObject(JwsSigned<?> jwsObject) {
        Intrinsics.checkNotNullParameter(jwsObject, "jwsObject");
        Set<CryptoPublicKey> loadPublicKeys = loadPublicKeys(jwsObject);
        if ((loadPublicKeys instanceof Collection) && loadPublicKeys.isEmpty()) {
            return false;
        }
        Iterator<T> it = loadPublicKeys.iterator();
        while (it.hasNext()) {
            if (verify(jwsObject, (CryptoPublicKey) it.next())) {
                return true;
            }
        }
        return false;
    }
}
