package at.asitplus.signum.supreme.os;

import android.os.Build;
import android.security.keystore.KeyInfo;
import at.asitplus.KmmResult;
import at.asitplus.signum.indispensable.AndroidKeystoreAttestation;
import at.asitplus.signum.indispensable.CryptoPublicKey;
import at.asitplus.signum.indispensable.Digest;
import at.asitplus.signum.indispensable.JcaExtensionsKt;
import at.asitplus.signum.indispensable.RSAPadding;
import at.asitplus.signum.indispensable.SignatureAlgorithm;
import at.asitplus.signum.indispensable.asn1.Asn1Decodable;
import at.asitplus.signum.indispensable.asn1.Asn1StructuralException;
import at.asitplus.signum.indispensable.pki.X509Certificate;
import at.asitplus.signum.indispensable.pki.X509CertificateKt;
import at.asitplus.signum.supreme.UnsupportedCryptoException;
import at.asitplus.signum.supreme.dsl.DSL;
import at.asitplus.signum.supreme.os.AndroidKeystoreSigner;
import io.github.aakira.napier.Napier;
import io.ktor.sse.ServerSentEventKt;
import java.io.ByteArrayInputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.concurrent.CancellationException;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.coroutines.Continuation;
import kotlin.coroutines.intrinsics.IntrinsicsKt;
import kotlin.coroutines.jvm.internal.Boxing;
import kotlin.coroutines.jvm.internal.DebugMetadata;
import kotlin.coroutines.jvm.internal.SuspendLambda;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Ref;
import kotlin.sequences.Sequence;
import kotlin.sequences.SequencesKt;
import kotlin.text.StringsKt;
import kotlinx.coroutines.CoroutineScope;
import org.bouncycastle.cms.CMSAttributeTableGenerator;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: AndroidKeyStoreProvider.kt */
@Metadata(d1 = {"\u0000\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\u0010\u0000\u001a\b\u0012\u0004\u0012\u00020\u00020\u0001*\u00020\u0003H\n"}, d2 = {"<anonymous>", "Lat/asitplus/KmmResult;", "Lat/asitplus/signum/supreme/os/AndroidKeystoreSigner;", "Lkotlinx/coroutines/CoroutineScope;"}, k = 3, mv = {2, 1, 0}, xi = 48)
@DebugMetadata(c = "at.asitplus.signum.supreme.os.AndroidKeyStoreProvider$getSignerForKey$2", f = "AndroidKeyStoreProvider.kt", i = {}, l = {}, m = "invokeSuspend", n = {}, s = {})
/* loaded from: classes3.dex */
public final class AndroidKeyStoreProvider$getSignerForKey$2 extends SuspendLambda implements Function2<CoroutineScope, Continuation<? super KmmResult<? extends AndroidKeystoreSigner>>, Object> {
    final /* synthetic */ String $alias;
    final /* synthetic */ Function1<AndroidSignerConfiguration, Unit> $configure;
    private /* synthetic */ Object L$0;
    int label;

    /* compiled from: AndroidKeyStoreProvider.kt */
    @Metadata(k = 3, mv = {2, 1, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;

        static {
            int[] iArr = new int[RSAPadding.values().length];
            try {
                iArr[RSAPadding.PKCS1.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                iArr[RSAPadding.PSS.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            $EnumSwitchMapping$0 = iArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    /* JADX WARN: Multi-variable type inference failed */
    public AndroidKeyStoreProvider$getSignerForKey$2(Function1<? super AndroidSignerConfiguration, Unit> function1, String str, Continuation<? super AndroidKeyStoreProvider$getSignerForKey$2> continuation) {
        super(2, continuation);
        this.$configure = function1;
        this.$alias = str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final String invokeSuspend$lambda$14$lambda$7$lambda$6$lambda$5$lambda$3() {
        return "Correcting Android 10 AKS signature bug";
    }

    @Override // kotlin.coroutines.jvm.internal.BaseContinuationImpl
    public final Continuation<Unit> create(Object obj, Continuation<?> continuation) {
        AndroidKeyStoreProvider$getSignerForKey$2 androidKeyStoreProvider$getSignerForKey$2 = new AndroidKeyStoreProvider$getSignerForKey$2(this.$configure, this.$alias, continuation);
        androidKeyStoreProvider$getSignerForKey$2.L$0 = obj;
        return androidKeyStoreProvider$getSignerForKey$2;
    }

    @Override // kotlin.jvm.functions.Function2
    public final Object invoke(CoroutineScope coroutineScope, Continuation<? super KmmResult<? extends AndroidKeystoreSigner>> continuation) {
        return ((AndroidKeyStoreProvider$getSignerForKey$2) create(coroutineScope, continuation)).invokeSuspend(Unit.INSTANCE);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v29, types: [T, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r1v58, types: [T, at.asitplus.signum.indispensable.CryptoPublicKey] */
    @Override // kotlin.coroutines.jvm.internal.BaseContinuationImpl
    public final Object invokeSuspend(Object obj) {
        KmmResult.Companion companion;
        Object m8566constructorimpl;
        AndroidSignerConfiguration androidSignerConfiguration;
        KeyStore ks;
        PrivateKey privateKey;
        KeyStore ks2;
        Object m8566constructorimpl2;
        Ref.ObjectRef objectRef;
        KeyInfo keyInfo;
        String str;
        String str2;
        Digest digest;
        Digest digest2;
        RSAPadding rSAPadding;
        RSAPadding rSAPadding2;
        String str3;
        SignatureAlgorithm rsa;
        String str4;
        AndroidKeystoreSigner rsa2;
        Digest digest3;
        Digest digest4;
        String str5;
        String str6;
        IntrinsicsKt.getCOROUTINE_SUSPENDED();
        if (this.label != 0) {
            throw new IllegalStateException("call to 'resume' before 'invoke' with coroutine");
        }
        ResultKt.throwOnFailure(obj);
        Function1<AndroidSignerConfiguration, Unit> function1 = this.$configure;
        String str7 = this.$alias;
        KmmResult.Companion companion2 = KmmResult.INSTANCE;
        try {
            Result.Companion companion3 = Result.INSTANCE;
            androidSignerConfiguration = (AndroidSignerConfiguration) DSL.INSTANCE.resolve(AndroidKeyStoreProvider$getSignerForKey$2$1$config$1.INSTANCE, function1);
            ks = AndroidKeyStoreProvider.INSTANCE.getKs();
            Key key = ks.getKey(str7, null);
            privateKey = key instanceof PrivateKey ? (PrivateKey) key : null;
            try {
            } catch (Throwable th) {
                th = th;
                Result.Companion companion4 = Result.INSTANCE;
                if ((th instanceof VirtualMachineError) || (th instanceof ThreadDeath) || (th instanceof InterruptedException) || (th instanceof LinkageError) || (th instanceof CancellationException)) {
                    throw th;
                }
                m8566constructorimpl = Result.m8566constructorimpl(ResultKt.createFailure(th));
                return companion.wrap(m8566constructorimpl);
            }
        } catch (Throwable th2) {
            th = th2;
            companion = companion2;
        }
        if (privateKey == null) {
            throw new NoSuchElementException("No key for alias " + str7 + " exists");
        }
        Ref.ObjectRef objectRef2 = new Ref.ObjectRef();
        Ref.ObjectRef objectRef3 = new Ref.ObjectRef();
        ks2 = AndroidKeyStoreProvider.INSTANCE.getKs();
        Certificate[] certificateChain = ks2.getCertificateChain(str7);
        KmmResult.Companion companion5 = KmmResult.INSTANCE;
        try {
            Result.Companion companion6 = Result.INSTANCE;
            Intrinsics.checkNotNull(certificateChain);
            ArrayList arrayList = new ArrayList(certificateChain.length);
            for (Certificate certificate : certificateChain) {
                X509Certificate.Companion companion7 = X509Certificate.INSTANCE;
                byte[] encoded = certificate.getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded, "getEncoded(...)");
                arrayList.add((X509Certificate) Asn1Decodable.DefaultImpls.decodeFromDer$default(companion7, encoded, null, 2, null));
            }
            m8566constructorimpl2 = Result.m8566constructorimpl(arrayList);
        } catch (Throwable th3) {
            Result.Companion companion8 = Result.INSTANCE;
            if ((th3 instanceof VirtualMachineError) || (th3 instanceof ThreadDeath) || (th3 instanceof InterruptedException) || (th3 instanceof LinkageError) || (th3 instanceof CancellationException)) {
                throw th3;
            }
            m8566constructorimpl2 = Result.m8566constructorimpl(ResultKt.createFailure(th3));
        }
        KmmResult wrap = companion5.wrap(m8566constructorimpl2);
        if (!wrap.isSuccess()) {
            Throwable exceptionOrNull = wrap.exceptionOrNull();
            Intrinsics.checkNotNull(exceptionOrNull);
            if ((exceptionOrNull instanceof Asn1StructuralException) && Build.VERSION.SDK_INT <= 30 && certificateChain.length == 1) {
                Intrinsics.checkNotNull(certificateChain);
                byte[] encoded2 = ((Certificate) ArraysKt.first(certificateChain)).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded2, "getEncoded(...)");
                List<Byte> takeLast = ArraysKt.takeLast(encoded2, 5);
                List listOf = CollectionsKt.listOf((Object[]) new Integer[]{Boxing.boxInt(3), Boxing.boxInt(3), Boxing.boxInt(0), Boxing.boxInt(48), Boxing.boxInt(0)});
                ArrayList arrayList2 = new ArrayList(CollectionsKt.collectionSizeOrDefault(listOf, 10));
                Iterator it = listOf.iterator();
                while (it.hasNext()) {
                    arrayList2.add(Boxing.boxByte((byte) ((Number) it.next()).intValue()));
                }
                if (Intrinsics.areEqual(takeLast, arrayList2)) {
                    Napier.v$default(Napier.INSTANCE, (Throwable) null, (String) null, new Function0() { // from class: at.asitplus.signum.supreme.os.AndroidKeyStoreProvider$getSignerForKey$2$$ExternalSyntheticLambda0
                        @Override // kotlin.jvm.functions.Function0
                        public final Object invoke() {
                            String invokeSuspend$lambda$14$lambda$7$lambda$6$lambda$5$lambda$3;
                            invokeSuspend$lambda$14$lambda$7$lambda$6$lambda$5$lambda$3 = AndroidKeyStoreProvider$getSignerForKey$2.invokeSuspend$lambda$14$lambda$7$lambda$6$lambda$5$lambda$3();
                            return invokeSuspend$lambda$14$lambda$7$lambda$6$lambda$5$lambda$3;
                        }
                    }, 3, (Object) null);
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    byte[] encoded3 = ((Certificate) ArraysKt.first(certificateChain)).getEncoded();
                    Intrinsics.checkNotNullExpressionValue(encoded3, "getEncoded(...)");
                    objectRef2.element = JcaExtensionsKt.fromJcaPublicKey(CryptoPublicKey.INSTANCE, certificateFactory.generateCertificate(new ByteArrayInputStream(encoded3)).getPublicKey()).getOrThrow();
                    objectRef3.element = null;
                }
            }
            throw exceptionOrNull;
        }
        List list = (List) wrap.getOrThrow();
        objectRef2.element = X509CertificateKt.getLeaf(list).getPublicKey();
        objectRef3.element = list.size() > 1 ? new AndroidKeystoreAttestation(list) : 0;
        KeyInfo keyInfo2 = (KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm()).getKeySpec(privateKey, KeyInfo.class);
        CryptoPublicKey cryptoPublicKey = (CryptoPublicKey) objectRef2.element;
        String str8 = "). You need to specify ";
        companion = companion2;
        PrivateKey privateKey2 = privateKey;
        if (cryptoPublicKey instanceof CryptoPublicKey.EC) {
            ECSignerConfiguration v = androidSignerConfiguration.getEc().getV();
            String[] digests = keyInfo2.getDigests();
            Intrinsics.checkNotNullExpressionValue(digests, "getDigests(...)");
            objectRef = objectRef3;
            keyInfo = keyInfo2;
            Sequence plus = SequencesKt.plus(CollectionsKt.asSequence(Digest.getEntries()), SequencesKt.sequenceOf(null));
            boolean digestSpecified = v.getDigestSpecified();
            if (digestSpecified) {
                digest4 = v.getDigest();
                if (digest4 == null || (str6 = JcaExtensionsKt.getJcaName(digest4)) == null) {
                    str6 = "NONE";
                }
                for (String str9 : digests) {
                    if (!StringsKt.equals(str9, str6, true)) {
                    }
                }
                throw new IllegalArgumentException("Key does not support " + CMSAttributeTableGenerator.DIGEST + ServerSentEventKt.SPACE + digest4 + "; supported: " + ArraysKt.joinToString$default(digests, ", ", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null));
            }
            if (digestSpecified) {
                throw new NoWhenBranchMatchedException();
            }
            if (digests.length != 1) {
                throw new IllegalArgumentException("Key supports multiple " + CMSAttributeTableGenerator.DIGEST + "s (" + ArraysKt.joinToString$default(digests, ", ", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null) + "). You need to specify " + CMSAttributeTableGenerator.DIGEST + " in signer configuration.");
            }
            String str10 = (String) ArraysKt.first(digests);
            Iterator it2 = plus.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    digest3 = null;
                    break;
                }
                Object next = it2.next();
                Digest digest5 = (Digest) next;
                if (digest5 == null || (str5 = JcaExtensionsKt.getJcaName(digest5)) == null) {
                    str5 = "NONE";
                }
                if (StringsKt.equals(str5, str10, true)) {
                    digest3 = next;
                    break;
                }
            }
            if (digest3 == null) {
                throw new UnsupportedCryptoException("Unsupported " + CMSAttributeTableGenerator.DIGEST + ServerSentEventKt.SPACE + str10, null, 2, null);
            }
            digest4 = digest3;
            rsa = new SignatureAlgorithm.ECDSA(digest4, ((CryptoPublicKey.EC) objectRef2.element).getCurve());
        } else {
            objectRef = objectRef3;
            keyInfo = keyInfo2;
            if (!(cryptoPublicKey instanceof CryptoPublicKey.RSA)) {
                throw new NoWhenBranchMatchedException();
            }
            RSASignerConfiguration v2 = androidSignerConfiguration.getRsa().getV();
            String[] digests2 = keyInfo.getDigests();
            Intrinsics.checkNotNullExpressionValue(digests2, "getDigests(...)");
            Sequence asSequence = CollectionsKt.asSequence(Digest.getEntries());
            boolean digestSpecified$supreme_release = v2.getDigestSpecified$supreme_release();
            if (digestSpecified$supreme_release) {
                digest2 = v2.getDigest();
                String jcaName = JcaExtensionsKt.getJcaName(digest2);
                int length = digests2.length;
                str2 = " in signer configuration.";
                int i = 0;
                while (i < length) {
                    int i2 = length;
                    str = str8;
                    if (!StringsKt.equals(digests2[i], jcaName, true)) {
                        i++;
                        length = i2;
                        str8 = str;
                    }
                }
                throw new IllegalArgumentException("Key does not support " + CMSAttributeTableGenerator.DIGEST + ServerSentEventKt.SPACE + digest2 + "; supported: " + ArraysKt.joinToString$default(digests2, ", ", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null));
            }
            str = "). You need to specify ";
            str2 = " in signer configuration.";
            if (digestSpecified$supreme_release) {
                throw new NoWhenBranchMatchedException();
            }
            if (digests2.length != 1) {
                throw new IllegalArgumentException("Key supports multiple " + CMSAttributeTableGenerator.DIGEST + "s (" + ArraysKt.joinToString$default(digests2, ", ", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null) + str + CMSAttributeTableGenerator.DIGEST + str2);
            }
            String str11 = (String) ArraysKt.first(digests2);
            Iterator it3 = asSequence.iterator();
            while (true) {
                if (!it3.hasNext()) {
                    digest = null;
                    break;
                }
                Object next2 = it3.next();
                if (StringsKt.equals(JcaExtensionsKt.getJcaName((Digest) next2), str11, true)) {
                    digest = next2;
                    break;
                }
            }
            if (digest == null) {
                throw new UnsupportedCryptoException("Unsupported " + CMSAttributeTableGenerator.DIGEST + ServerSentEventKt.SPACE + str11, null, 2, null);
            }
            digest2 = digest;
            Digest digest6 = digest2;
            String[] signaturePaddings = keyInfo.getSignaturePaddings();
            Intrinsics.checkNotNullExpressionValue(signaturePaddings, "getSignaturePaddings(...)");
            Sequence asSequence2 = CollectionsKt.asSequence(RSAPadding.getEntries());
            boolean paddingSpecified$supreme_release = v2.getPaddingSpecified$supreme_release();
            if (paddingSpecified$supreme_release) {
                rSAPadding2 = v2.getPadding();
                int i3 = WhenMappings.$EnumSwitchMapping$0[rSAPadding2.ordinal()];
                if (i3 == 1) {
                    str4 = "PKCS1";
                } else {
                    if (i3 != 2) {
                        throw new NoWhenBranchMatchedException();
                    }
                    str4 = "PSS";
                }
                for (String str12 : signaturePaddings) {
                    if (!StringsKt.equals(str12, str4, true)) {
                    }
                }
                throw new IllegalArgumentException("Key does not support padding" + ServerSentEventKt.SPACE + rSAPadding2 + "; supported: " + ArraysKt.joinToString$default(signaturePaddings, ", ", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null));
            }
            if (paddingSpecified$supreme_release) {
                throw new NoWhenBranchMatchedException();
            }
            if (signaturePaddings.length != 1) {
                throw new IllegalArgumentException("Key supports multiple paddings (" + ArraysKt.joinToString$default(signaturePaddings, ", ", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null) + str + "padding" + str2);
            }
            String str13 = (String) ArraysKt.first(signaturePaddings);
            Iterator it4 = asSequence2.iterator();
            while (true) {
                if (!it4.hasNext()) {
                    rSAPadding = null;
                    break;
                }
                Object next3 = it4.next();
                int i4 = WhenMappings.$EnumSwitchMapping$0[((RSAPadding) next3).ordinal()];
                boolean z = true;
                if (i4 == 1) {
                    str3 = "PKCS1";
                } else {
                    if (i4 != 2) {
                        throw new NoWhenBranchMatchedException();
                    }
                    str3 = "PSS";
                    z = true;
                }
                if (StringsKt.equals(str3, str13, z)) {
                    rSAPadding = next3;
                    break;
                }
            }
            if (rSAPadding == null) {
                throw new UnsupportedCryptoException("Unsupported padding" + ServerSentEventKt.SPACE + str13, null, 2, null);
            }
            rSAPadding2 = rSAPadding;
            rsa = new SignatureAlgorithm.RSA(digest6, rSAPadding2);
        }
        CryptoPublicKey cryptoPublicKey2 = (CryptoPublicKey) objectRef2.element;
        if (cryptoPublicKey2 instanceof CryptoPublicKey.EC) {
            Intrinsics.checkNotNull(keyInfo);
            rsa2 = new AndroidKeystoreSigner.ECDSA(privateKey2, str7, keyInfo, androidSignerConfiguration, (CryptoPublicKey.EC) objectRef2.element, (AndroidKeystoreAttestation) objectRef.element, (SignatureAlgorithm.ECDSA) rsa);
        } else {
            Ref.ObjectRef objectRef4 = objectRef;
            if (!(cryptoPublicKey2 instanceof CryptoPublicKey.RSA)) {
                throw new NoWhenBranchMatchedException();
            }
            Intrinsics.checkNotNull(keyInfo);
            rsa2 = new AndroidKeystoreSigner.RSA(privateKey2, str7, keyInfo, androidSignerConfiguration, (CryptoPublicKey.RSA) objectRef2.element, (AndroidKeystoreAttestation) objectRef4.element, (SignatureAlgorithm.RSA) rsa);
        }
        m8566constructorimpl = Result.m8566constructorimpl(rsa2);
        return companion.wrap(m8566constructorimpl);
    }
}
