package com.uid2.shared.secure.nitro;

import co.nstant.in.cbor.CborDecoder;
import co.nstant.in.cbor.CborEncoder;
import co.nstant.in.cbor.CborException;
import co.nstant.in.cbor.model.Array;
import co.nstant.in.cbor.model.ByteString;
import co.nstant.in.cbor.model.UnicodeString;
import com.uid2.shared.secure.AttestationClientException;
import com.uid2.shared.secure.AttestationFailure;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:com/uid2/shared/secure/nitro/AttestationRequest.class */
public class AttestationRequest {
    private AttestationDocument attestationDocument;
    private byte[] attestationDocumentRaw;
    private byte[] protectedHeader;
    private byte[] signature;

    public static AttestationRequest createFrom(byte[] bArr) throws AttestationClientException {
        try {
            AttestationRequest attestationRequest = new AttestationRequest();
            List dataItems = ((Array) new CborDecoder(new ByteArrayInputStream(bArr)).decode().get(0)).getDataItems();
            attestationRequest.protectedHeader = ((ByteString) dataItems.get(0)).getBytes();
            attestationRequest.attestationDocumentRaw = ((ByteString) dataItems.get(2)).getBytes();
            attestationRequest.attestationDocument = AttestationDocument.createFrom(attestationRequest.attestationDocumentRaw);
            attestationRequest.signature = ((ByteString) dataItems.get(3)).getBytes();
            return attestationRequest;
        } catch (CborException e) {
            throw new AttestationClientException(e.getMessage(), AttestationFailure.BAD_FORMAT);
        }
    }

    public static AttestationRequest createFrom(String str) throws AttestationClientException {
        return createFrom(Base64.getDecoder().decode(str));
    }

    private AttestationRequest() {
    }

    public AttestationDocument getAttestationDocument() {
        return this.attestationDocument;
    }

    public byte[] getProtectedHeader() {
        return this.protectedHeader;
    }

    public byte[] getAttestationDocumentRaw() {
        return this.attestationDocumentRaw;
    }

    public byte[] getSignature() {
        return this.signature;
    }

    public boolean verifyCertChain(X509Certificate x509Certificate) {
        try {
            CertPath certPath = this.attestationDocument.getCertPath();
            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
            PKIXParameters pKIXParameters = new PKIXParameters(createTrustAnchors(x509Certificate));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidator.validate(certPath, pKIXParameters);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public boolean verifyData() {
        try {
            ECPublicKey eCPublicKey = (ECPublicKey) ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(this.attestationDocument.getCertificate()))).getPublicKey();
            Signature signature = Signature.getInstance("SHA384withECDSA");
            signature.initVerify(eCPublicKey);
            signature.update(toCoseSign1());
            return signature.verify(ecRawSignatureToDer(this.signature));
        } catch (Exception e) {
            System.out.println(e);
            e.printStackTrace();
            return false;
        }
    }

    private byte[] toCoseSign1() throws CborException {
        Array array = new Array();
        array.add(new UnicodeString("Signature1"));
        array.add(new ByteString(getProtectedHeader()));
        array.add(new ByteString(new byte[0]));
        array.add(new ByteString(this.attestationDocumentRaw));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new CborEncoder(byteArrayOutputStream).encode(array);
        return byteArrayOutputStream.toByteArray();
    }

    private static byte[] ecRawSignatureToDer(byte[] bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] unsignedBigIntToDerBytes = unsignedBigIntToDerBytes(Arrays.copyOfRange(bArr, 0, 48));
        byte[] unsignedBigIntToDerBytes2 = unsignedBigIntToDerBytes(Arrays.copyOfRange(bArr, 48, 96));
        int length = unsignedBigIntToDerBytes.length + unsignedBigIntToDerBytes2.length + 4;
        byteArrayOutputStream.write(48);
        byteArrayOutputStream.write(length);
        byteArrayOutputStream.write(2);
        byteArrayOutputStream.write(unsignedBigIntToDerBytes.length);
        byteArrayOutputStream.write(unsignedBigIntToDerBytes, 0, unsignedBigIntToDerBytes.length);
        byteArrayOutputStream.write(2);
        byteArrayOutputStream.write(unsignedBigIntToDerBytes2.length);
        byteArrayOutputStream.write(unsignedBigIntToDerBytes2, 0, unsignedBigIntToDerBytes2.length);
        return byteArrayOutputStream.toByteArray();
    }

    private static byte[] unsignedBigIntToDerBytes(byte[] bArr) {
        int i = 0;
        int i2 = 0;
        while (i2 < bArr.length && bArr[i2] == 0) {
            i2++;
            i++;
        }
        if (i2 == bArr.length) {
            return new byte[]{0};
        }
        if (bArr[i2] < 0) {
            i--;
        }
        if (i != -1) {
            return Arrays.copyOfRange(bArr, i, bArr.length);
        }
        byte[] bArr2 = new byte[bArr.length + 1];
        for (int i3 = 0; i3 < bArr.length; i3++) {
            bArr2[i3 + 1] = bArr[i3];
        }
        return bArr2;
    }

    private Set<TrustAnchor> createTrustAnchors(X509Certificate... x509CertificateArr) {
        HashSet hashSet = new HashSet();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            hashSet.add(new TrustAnchor(x509Certificate, null));
        }
        return hashSet;
    }
}
