package com.android.identity.mdoc.vical;

import com.android.identity.cbor.ArrayBuilder;
import com.android.identity.cbor.Bstr;
import com.android.identity.cbor.Cbor;
import com.android.identity.cbor.CborArray;
import com.android.identity.cbor.CborBuilder;
import com.android.identity.cbor.CborMap;
import com.android.identity.cbor.DataItemExtensionsKt;
import com.android.identity.cbor.MapBuilder;
import com.android.identity.cbor.Tagged;
import com.android.identity.cose.Cose;
import com.android.identity.cose.CoseNumberLabel;
import com.android.identity.crypto.Algorithm;
import com.android.identity.crypto.EcPrivateKey;
import com.android.identity.crypto.X509Cert;
import com.android.identity.crypto.X509CertJvmKt;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.collections.MapsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.datetime.Instant;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;

/* compiled from: SignedVicalJvm.kt */
@Metadata(d1 = {"\u0000 \n\u0000\n\u0002\u0010\u0012\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\u001a\u001a\u0010\u0000\u001a\u00020\u0001*\u00020\u00022\u0006\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u0006\"\u0018\u0010\u0007\u001a\u00020\u0001*\u00020\b8BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\t\u0010\n¨\u0006\u000b"}, d2 = {"generate", "", "Lcom/android/identity/mdoc/vical/SignedVical;", "signingKey", "Lcom/android/identity/crypto/EcPrivateKey;", "signingAlgorithm", "Lcom/android/identity/crypto/Algorithm;", "subjectKeyIdentifier", "Ljava/security/cert/X509Certificate;", "getSubjectKeyIdentifier", "(Ljava/security/cert/X509Certificate;)[B", "identity-mdoc"}, k = 2, mv = {2, 0, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class SignedVicalJvmKt {
    public static final byte[] generate(SignedVical signedVical, EcPrivateKey signingKey, Algorithm signingAlgorithm) {
        Intrinsics.checkNotNullParameter(signedVical, "<this>");
        Intrinsics.checkNotNullParameter(signingKey, "signingKey");
        Intrinsics.checkNotNullParameter(signingAlgorithm, "signingAlgorithm");
        ArrayBuilder<CborBuilder> builder = CborArray.INSTANCE.builder();
        for (VicalCertificateInfo vicalCertificateInfo : signedVical.getVical().getCertificateInfos()) {
            X509Certificate javaX509Certificate = X509CertJvmKt.getJavaX509Certificate(new X509Cert(vicalCertificateInfo.getCertificate()));
            ArrayBuilder<CborBuilder> builder2 = CborArray.INSTANCE.builder();
            Iterator<T> it = vicalCertificateInfo.getDocType().iterator();
            while (it.hasNext()) {
                builder2.add((String) it.next());
            }
            MapBuilder<ArrayBuilder<CborBuilder>> put = builder.addMap().put("certificate", vicalCertificateInfo.getCertificate());
            byte[] byteArray = javaX509Certificate.getSerialNumber().toByteArray();
            Intrinsics.checkNotNullExpressionValue(byteArray, "toByteArray(...)");
            put.put("serialNumber", new Tagged(2L, new Bstr(byteArray))).put("ski", getSubjectKeyIdentifier(javaX509Certificate)).put("docType", builder2.end().getItem()).end();
        }
        MapBuilder<CborBuilder> put2 = CborMap.INSTANCE.builder().put("version", signedVical.getVical().getVersion()).put("vicalProvider", signedVical.getVical().getVicalProvider()).put("date", DataItemExtensionsKt.toDataItemDateTimeString(signedVical.getVical().getDate()));
        Instant nextUpdate = signedVical.getVical().getNextUpdate();
        if (nextUpdate != null) {
            put2.put("nextUpdate", DataItemExtensionsKt.toDataItemDateTimeString(nextUpdate));
        }
        Long vicalIssueID = signedVical.getVical().getVicalIssueID();
        if (vicalIssueID != null) {
            put2.put("vicalIssueID", DataItemExtensionsKt.toDataItem(vicalIssueID.longValue()));
        }
        put2.put("certificateInfos", builder.end().getItem());
        return Cbor.INSTANCE.encode(Cose.INSTANCE.coseSign1Sign(signingKey, Cbor.INSTANCE.encode(put2.end().getItem()), true, signingAlgorithm, MapsKt.mapOf(new Pair(new CoseNumberLabel(1L), DataItemExtensionsKt.toDataItem(signingAlgorithm.getCoseAlgorithmIdentifier()))), MapsKt.mapOf(new Pair(new CoseNumberLabel(33L), signedVical.getVicalProviderCertificateChain().toDataItem()))).toDataItem());
    }

    private static final byte[] getSubjectKeyIdentifier(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
        if (extensionValue == null) {
            throw new IllegalArgumentException("No SubjectKeyIdentifier extension");
        }
        byte[] keyIdentifier = SubjectKeyIdentifier.getInstance(DEROctetString.getInstance(extensionValue).getOctets()).getKeyIdentifier();
        Intrinsics.checkNotNullExpressionValue(keyIdentifier, "getKeyIdentifier(...)");
        return keyIdentifier;
    }
}
