package at.asitplus.wallet.lib.oauth2;

import at.asitplus.signum.indispensable.josef.JsonWebKey;
import at.asitplus.signum.indispensable.josef.JsonWebToken;
import at.asitplus.signum.indispensable.josef.JwsSigned;
import at.asitplus.wallet.lib.agent.DefaultCryptoService;
import at.asitplus.wallet.lib.agent.EphemeralKeyWithoutCert;
import at.asitplus.wallet.lib.jws.DefaultJwsService;
import at.asitplus.wallet.lib.jws.DefaultVerifierJwsService;
import at.asitplus.wallet.lib.jws.JwsContentTypeConstants;
import at.asitplus.wallet.lib.jws.JwsService;
import at.asitplus.wallet.lib.jws.VerifierJwsService;
import at.asitplus.wallet.lib.oidvci.DefaultNonceService;
import at.asitplus.wallet.lib.oidvci.NonceService;
import at.asitplus.wallet.lib.oidvci.OAuth2Exception;
import io.github.aakira.napier.Napier;
import java.util.Locale;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import kotlinx.datetime.Clock;

/* compiled from: TokenGenerationService.kt */
@Metadata(d1 = {"\u0000`\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u000b\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018\u00002\u00020\u0001BC\u0012\b\b\u0002\u0010\u0002\u001a\u00020\u0003\u0012\b\b\u0002\u0010\u0004\u001a\u00020\u0005\u0012\b\b\u0002\u0010\u0006\u001a\u00020\u0007\u0012\b\b\u0002\u0010\b\u001a\u00020\t\u0012\b\b\u0002\u0010\n\u001a\u00020\u000b\u0012\b\b\u0002\u0010\f\u001a\u00020\r¢\u0006\u0004\b\u000e\u0010\u000fJ<\u0010\u0018\u001a\u00020\u00192\b\u0010\u001a\u001a\u0004\u0018\u00010\u001b2\b\u0010\u001c\u001a\u0004\u0018\u00010\u001d2\u000e\u0010\u001e\u001a\n\u0012\u0004\u0012\u00020 \u0018\u00010\u001f2\b\u0010!\u001a\u0004\u0018\u00010\u0005H\u0096@¢\u0006\u0002\u0010\"J\u0010\u0010#\u001a\u00020$2\u0006\u0010\u001a\u001a\u00020\u001bH\u0002J\u0012\u0010%\u001a\b\u0012\u0004\u0012\u00020'0&*\u00020\u0005H\u0002R\u0014\u0010\u0002\u001a\u00020\u0003X\u0080\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0010\u0010\u0011R\u0014\u0010\u0004\u001a\u00020\u0005X\u0080\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0012\u0010\u0013R\u0014\u0010\u0006\u001a\u00020\u0007X\u0080\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0014\u0010\u0015R\u0014\u0010\b\u001a\u00020\tX\u0080\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0016\u0010\u0017R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n\u0000R\u0018\u0010(\u001a\u00020\u0005*\u00020$8BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b)\u0010*¨\u0006+"}, d2 = {"Lat/asitplus/wallet/lib/oauth2/JwtTokenGenerationService;", "Lat/asitplus/wallet/lib/oauth2/TokenGenerationService;", "nonceService", "Lat/asitplus/wallet/lib/oidvci/NonceService;", "publicContext", "", "verifierJwsService", "Lat/asitplus/wallet/lib/jws/VerifierJwsService;", "jwsService", "Lat/asitplus/wallet/lib/jws/JwsService;", "clock", "Lkotlinx/datetime/Clock;", "issueRefreshToken", "", "<init>", "(Lat/asitplus/wallet/lib/oidvci/NonceService;Ljava/lang/String;Lat/asitplus/wallet/lib/jws/VerifierJwsService;Lat/asitplus/wallet/lib/jws/JwsService;Lkotlinx/datetime/Clock;Z)V", "getNonceService$vck_openid_release", "()Lat/asitplus/wallet/lib/oidvci/NonceService;", "getPublicContext$vck_openid_release", "()Ljava/lang/String;", "getVerifierJwsService$vck_openid_release", "()Lat/asitplus/wallet/lib/jws/VerifierJwsService;", "getJwsService$vck_openid_release", "()Lat/asitplus/wallet/lib/jws/JwsService;", "buildToken", "Lat/asitplus/openid/TokenResponseParameters;", "httpRequest", "Lat/asitplus/wallet/lib/oauth2/RequestInfo;", "userInfo", "Lat/asitplus/openid/OidcUserInfoExtended;", "authorizationDetails", "", "Lat/asitplus/openid/AuthorizationDetails;", "scope", "(Lat/asitplus/wallet/lib/oauth2/RequestInfo;Lat/asitplus/openid/OidcUserInfoExtended;Ljava/util/Set;Ljava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "validateDpopJwtForToken", "Lat/asitplus/signum/indispensable/josef/JsonWebKey;", "parseAndValidate", "Lat/asitplus/signum/indispensable/josef/JwsSigned;", "Lat/asitplus/signum/indispensable/josef/JsonWebToken;", "jwkThumbprintPlain", "getJwkThumbprintPlain", "(Lat/asitplus/signum/indispensable/josef/JsonWebKey;)Ljava/lang/String;", "vck-openid_release"}, k = 1, mv = {2, 1, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class JwtTokenGenerationService implements TokenGenerationService {
    private final Clock clock;
    private final boolean issueRefreshToken;
    private final JwsService jwsService;
    private final NonceService nonceService;
    private final String publicContext;
    private final VerifierJwsService verifierJwsService;

    public JwtTokenGenerationService() {
        this(null, null, null, null, null, false, 63, null);
    }

    public JwtTokenGenerationService(NonceService nonceService, String publicContext, VerifierJwsService verifierJwsService, JwsService jwsService, Clock clock, boolean z) {
        Intrinsics.checkNotNullParameter(nonceService, "nonceService");
        Intrinsics.checkNotNullParameter(publicContext, "publicContext");
        Intrinsics.checkNotNullParameter(verifierJwsService, "verifierJwsService");
        Intrinsics.checkNotNullParameter(jwsService, "jwsService");
        Intrinsics.checkNotNullParameter(clock, "clock");
        this.nonceService = nonceService;
        this.publicContext = publicContext;
        this.verifierJwsService = verifierJwsService;
        this.jwsService = jwsService;
        this.clock = clock;
        this.issueRefreshToken = z;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public /* synthetic */ JwtTokenGenerationService(DefaultNonceService defaultNonceService, String str, DefaultVerifierJwsService defaultVerifierJwsService, DefaultJwsService defaultJwsService, Clock.System system, boolean z, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this((i & 1) != 0 ? new DefaultNonceService() : defaultNonceService, (i & 2) != 0 ? "https://wallet.a-sit.at/authorization-server" : str, (i & 4) != 0 ? new DefaultVerifierJwsService(null, null, null, 7, null) : defaultVerifierJwsService, (i & 8) != 0 ? new DefaultJwsService(new DefaultCryptoService(new EphemeralKeyWithoutCert(null, 0 == true ? 1 : 0, 3, 0 == true ? 1 : 0))) : defaultJwsService, (i & 16) != 0 ? Clock.System.INSTANCE : system, (i & 32) != 0 ? false : z);
    }

    private final String getJwkThumbprintPlain(JsonWebKey jsonWebKey) {
        return StringsKt.removePrefix(jsonWebKey.getJwkThumbprint(), (CharSequence) "urn:ietf:params:oauth:jwk-thumbprint:sha256:");
    }

    /* JADX WARN: Removed duplicated region for block: B:20:0x0138  */
    /* JADX WARN: Removed duplicated region for block: B:26:0x0198  */
    /* JADX WARN: Removed duplicated region for block: B:32:0x01bb  */
    /* JADX WARN: Removed duplicated region for block: B:48:0x018b  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private final at.asitplus.signum.indispensable.josef.JwsSigned<at.asitplus.signum.indispensable.josef.JsonWebToken> parseAndValidate(java.lang.String r15) {
        /*
            Method dump skipped, instructions count: 476
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: at.asitplus.wallet.lib.oauth2.JwtTokenGenerationService.parseAndValidate(java.lang.String):at.asitplus.signum.indispensable.josef.JwsSigned");
    }

    private final JsonWebKey validateDpopJwtForToken(RequestInfo httpRequest) {
        JwsSigned<JsonWebToken> parseAndValidate;
        String dpop = httpRequest.getDpop();
        if (dpop == null || (parseAndValidate = parseAndValidate(dpop)) == null) {
            throw new OAuth2Exception.InvalidDpopProof("no DPoP header value", null, 2, null);
        }
        if (!Intrinsics.areEqual(parseAndValidate.getHeader().getType(), JwsContentTypeConstants.DPOP_JWT)) {
            Napier.w$default(Napier.INSTANCE, "validateDpopJwtForToken: invalid header type " + parseAndValidate.getHeader().getType() + ' ', (Throwable) null, (String) null, 6, (Object) null);
            throw new OAuth2Exception.InvalidDpopProof("invalid type", null, 2, null);
        }
        if (!Intrinsics.areEqual(parseAndValidate.getPayload().getHttpTargetUrl(), httpRequest.getUrl())) {
            Napier.w$default(Napier.INSTANCE, "validateDpopJwt: htu " + parseAndValidate.getPayload().getHttpTargetUrl() + " not matching requestUrl " + httpRequest.getUrl(), (Throwable) null, (String) null, 6, (Object) null);
            throw new OAuth2Exception.InvalidDpopProof("DPoP JWT htu incorrect", null, 2, null);
        }
        String httpMethod = parseAndValidate.getPayload().getHttpMethod();
        String upperCase = httpRequest.getMethod().getValue().toUpperCase(Locale.ROOT);
        Intrinsics.checkNotNullExpressionValue(upperCase, "toUpperCase(...)");
        if (!Intrinsics.areEqual(httpMethod, upperCase)) {
            Napier.w$default(Napier.INSTANCE, "validateDpopJwt: htm " + parseAndValidate.getPayload().getHttpMethod() + " not matching requestMethod " + httpRequest.getMethod(), (Throwable) null, (String) null, 6, (Object) null);
            throw new OAuth2Exception.InvalidDpopProof("DPoP JWT htm incorrect", null, 2, null);
        }
        JsonWebKey jsonWebKey = parseAndValidate.getHeader().getJsonWebKey();
        if (jsonWebKey != null) {
            return jsonWebKey;
        }
        Napier.w$default(Napier.INSTANCE, "validateDpopJwtForToken: no client key in " + parseAndValidate, (Throwable) null, (String) null, 6, (Object) null);
        throw new OAuth2Exception.InvalidDpopProof("DPoP JWT contains no public key", null, 2, null);
    }

    /* JADX WARN: Removed duplicated region for block: B:21:0x0278  */
    /* JADX WARN: Removed duplicated region for block: B:24:0x02bd A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:25:0x02be  */
    /* JADX WARN: Removed duplicated region for block: B:26:0x027f  */
    /* JADX WARN: Removed duplicated region for block: B:31:0x0238 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:32:0x0239  */
    /* JADX WARN: Removed duplicated region for block: B:36:0x0185  */
    /* JADX WARN: Removed duplicated region for block: B:39:0x01d0 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:40:0x01d1  */
    /* JADX WARN: Removed duplicated region for block: B:41:0x018c  */
    /* JADX WARN: Removed duplicated region for block: B:42:0x00d4  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x002d  */
    @Override // at.asitplus.wallet.lib.oauth2.TokenGenerationService
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.Object buildToken(at.asitplus.wallet.lib.oauth2.RequestInfo r40, at.asitplus.openid.OidcUserInfoExtended r41, java.util.Set<? extends at.asitplus.openid.AuthorizationDetails> r42, java.lang.String r43, kotlin.coroutines.Continuation<? super at.asitplus.openid.TokenResponseParameters> r44) {
        /*
            Method dump skipped, instructions count: 780
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: at.asitplus.wallet.lib.oauth2.JwtTokenGenerationService.buildToken(at.asitplus.wallet.lib.oauth2.RequestInfo, at.asitplus.openid.OidcUserInfoExtended, java.util.Set, java.lang.String, kotlin.coroutines.Continuation):java.lang.Object");
    }

    /* renamed from: getJwsService$vck_openid_release, reason: from getter */
    public final JwsService getJwsService() {
        return this.jwsService;
    }

    /* renamed from: getNonceService$vck_openid_release, reason: from getter */
    public final NonceService getNonceService() {
        return this.nonceService;
    }

    /* renamed from: getPublicContext$vck_openid_release, reason: from getter */
    public final String getPublicContext() {
        return this.publicContext;
    }

    /* renamed from: getVerifierJwsService$vck_openid_release, reason: from getter */
    public final VerifierJwsService getVerifierJwsService() {
        return this.verifierJwsService;
    }
}
