package io.mosip.vercred.vcverifier.credentialverifier.verifier;

import co.nstant.in.cbor.CborDecoder;
import co.nstant.in.cbor.CborEncoder;
import co.nstant.in.cbor.model.Array;
import co.nstant.in.cbor.model.ByteString;
import co.nstant.in.cbor.model.DataItem;
import co.nstant.in.cbor.model.MajorType;
import co.nstant.in.cbor.model.Map;
import co.nstant.in.cbor.model.UnicodeString;
import co.nstant.in.cbor.model.UnsignedInteger;
import io.mosip.vercred.vcverifier.constants.CredentialValidatorConstants;
import io.mosip.vercred.vcverifier.constants.CredentialVerifierConstants;
import io.mosip.vercred.vcverifier.credentialverifier.types.msomdoc.MsoMdocCredentialData;
import io.mosip.vercred.vcverifier.credentialverifier.types.msomdoc.MsoMdocCredentialDataKt;
import io.mosip.vercred.vcverifier.credentialverifier.types.msomdoc.MsoMdocVerifiableCredential;
import io.mosip.vercred.vcverifier.exception.InvalidPropertyException;
import io.mosip.vercred.vcverifier.exception.LikelyTamperedException;
import io.mosip.vercred.vcverifier.exception.SignatureVerificationException;
import io.mosip.vercred.vcverifier.exception.UnknownException;
import io.mosip.vercred.vcverifier.signature.impl.CoseSignatureVerifierImpl;
import io.mosip.vercred.vcverifier.utils.CborDataItemUtils;
import io.mosip.vercred.vcverifier.utils.Util;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;

/* compiled from: MsoMdocVerifier.kt */
@Metadata(mv = {CredentialVerifierConstants.PSS_PARAM_TF, 9, 0}, k = CredentialVerifierConstants.PSS_PARAM_TF, xi = 48, d1 = {"��R\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0002\b\u0003\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\b\n\u0002\b\u0002\u0018��2\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0012\u0010\b\u001a\u0004\u0018\u00010\t2\u0006\u0010\n\u001a\u00020\u000bH\u0002J\u0012\u0010\f\u001a\u00020\t2\b\u0010\r\u001a\u0004\u0018\u00010\u000bH\u0002J\u0010\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u000bH\u0002J\u000e\u0010\u0011\u001a\u00020\u000f2\u0006\u0010\u0012\u001a\u00020\u0013J\u0010\u0010\u0014\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u0015H\u0002J\u001c\u0010\u0016\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u000b2\n\u0010\u0017\u001a\u00060\u0018j\u0002`\u0019H\u0002J\u001a\u0010\u001a\u001a\u00020\u000f2\u0006\u0010\u001b\u001a\u00020\u00182\b\u0010\u001c\u001a\u0004\u0018\u00010\u000bH\u0002J\u0018\u0010\u001d\u001a\u00020\u000f2\u0006\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u001b\u001a\u00020\u0018H\u0002J\u0015\u0010\u001e\u001a\u00020\u000b*\u00020\u000b2\u0006\u0010\u001f\u001a\u00020 H\u0086\u0002J\u0015\u0010\u001e\u001a\u00020\u000b*\u00020\u000b2\u0006\u0010!\u001a\u00020\u0013H\u0086\u0002R\u0016\u0010\u0003\u001a\n \u0005*\u0004\u0018\u00010\u00040\u0004X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��¨\u0006\""}, d2 = {"Lio/mosip/vercred/vcverifier/credentialverifier/verifier/MsoMdocVerifier;", "", "()V", "logger", "Ljava/util/logging/Logger;", "kotlin.jvm.PlatformType", "util", "Lio/mosip/vercred/vcverifier/utils/Util;", "extractCertificate", "Ljava/security/cert/X509Certificate;", "coseSignature", "Lco/nstant/in/cbor/model/DataItem;", "toX509Certificate", "certificateString", "verificationOfCoseSignature", "", "issuerAuth", "verify", "base64EncodedMdoc", "", "verifyCertificateChain", "Lco/nstant/in/cbor/model/Array;", "verifyCountryName", "issuerSignedNamespaces", "Lco/nstant/in/cbor/model/Map;", "Lio/mosip/vercred/vcverifier/credentialverifier/types/msomdoc/IssuerSignedNamespaces;", "verifyDocType", "mso", "docTypeInDocuments", "verifyValueDigests", "get", "index", "", CredentialValidatorConstants.NAME, "vcverifier_release"})
@SourceDebugExtension({"SMAP\nMsoMdocVerifier.kt\nKotlin\n*S Kotlin\n*F\n+ 1 MsoMdocVerifier.kt\nio/mosip/vercred/vcverifier/credentialverifier/verifier/MsoMdocVerifier\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n*L\n1#1,215:1\n1855#2:216\n1855#2,2:217\n1855#2,2:219\n1856#2:221\n*S KotlinDebug\n*F\n+ 1 MsoMdocVerifier.kt\nio/mosip/vercred/vcverifier/credentialverifier/verifier/MsoMdocVerifier\n*L\n156#1:216\n164#1:217,2\n185#1:219,2\n156#1:221\n*E\n"})
/* loaded from: input_file:io/mosip/vercred/vcverifier/credentialverifier/verifier/MsoMdocVerifier.class */
public final class MsoMdocVerifier {
    private final Logger logger = Logger.getLogger(MsoMdocVerifier.class.getName());

    @NotNull
    private final Util util = new Util();

    public final boolean verify(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "base64EncodedMdoc");
        try {
            MsoMdocCredentialData parse = new MsoMdocVerifiableCredential().parse(str);
            DataItem component1 = parse.component1();
            MsoMdocCredentialData.IssuerSigned component2 = parse.component2();
            Map extractMso = MsoMdocCredentialDataKt.extractMso(component2.getIssuerAuth());
            Array issuerAuth = component2.getIssuerAuth();
            Intrinsics.checkNotNull(issuerAuth);
            if (verifyCertificateChain(issuerAuth) && verifyCountryName((DataItem) component2.getIssuerAuth(), component2.getNamespaces()) && verificationOfCoseSignature((DataItem) component2.getIssuerAuth()) && verifyValueDigests(component2.getNamespaces(), extractMso)) {
                if (verifyDocType(extractMso, component1)) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            if (e instanceof SignatureVerificationException ? true : e instanceof LikelyTamperedException ? true : e instanceof InvalidPropertyException) {
                throw e;
            }
            throw new UnknownException("Error while doing verification of credential - " + e.getMessage());
        }
    }

    private final boolean verifyCertificateChain(Array array) {
        return true;
    }

    private final boolean verifyCountryName(DataItem dataItem, Map map) {
        X509Certificate extractCertificate = extractCertificate(dataItem);
        if (extractCertificate == null) {
            throw new SignatureVerificationException("certificate chain is empty");
        }
        String name = extractCertificate.getSubjectX500Principal().getName();
        Intrinsics.checkNotNullExpressionValue(name, "getName(...)");
        Pattern compile = Pattern.compile("C=([^,]+)");
        Intrinsics.checkNotNullExpressionValue(compile, "compile(...)");
        Matcher matcher = compile.matcher(name);
        Intrinsics.checkNotNullExpressionValue(matcher, "matcher(...)");
        if (!matcher.find()) {
            throw new RuntimeException("CN not found in Subject DN of DS certificate");
        }
        String group = matcher.group(1);
        String extractFieldValue = MsoMdocCredentialDataKt.extractFieldValue(map, "issuing_country");
        if (group == null || !extractFieldValue.equals(group)) {
            throw new InvalidPropertyException("Issuing country is not valid in the credential - Mismatch in credential data and DS certificate country name dound");
        }
        return true;
    }

    private final boolean verifyDocType(Map map, DataItem dataItem) {
        DataItem dataItem2 = get((DataItem) map, "docType");
        if (dataItem == null) {
            this.logger.severe("Error while doing docType property verification - docType property not found in the credential");
            throw new InvalidPropertyException("Property docType not found in the credential");
        }
        if (Intrinsics.areEqual(dataItem2, dataItem)) {
            return true;
        }
        this.logger.severe("Error while doing docType property verification - Property mismatch with docType in the credential");
        throw new InvalidPropertyException("Property mismatch with docType in the credential");
    }

    private final boolean verificationOfCoseSignature(DataItem dataItem) {
        X509Certificate extractCertificate = extractCertificate(dataItem);
        if (extractCertificate == null) {
            throw new SignatureVerificationException("Error while doing COSE signature verification - certificate chain is empty");
        }
        CoseSignatureVerifierImpl coseSignatureVerifierImpl = new CoseSignatureVerifierImpl();
        PublicKey publicKey = extractCertificate.getPublicKey();
        Intrinsics.checkNotNullExpressionValue(publicKey, "getPublicKey(...)");
        return coseSignatureVerifierImpl.verify(publicKey, CborDataItemUtils.INSTANCE.toByteArray(dataItem), null, null);
    }

    private final X509Certificate extractCertificate(DataItem dataItem) {
        DataItem dataItem2;
        Intrinsics.checkNotNull(dataItem, "null cannot be cast to non-null type co.nstant.in.cbor.model.Array");
        Map map = get((DataItem) ((Array) dataItem), 1);
        Intrinsics.checkNotNull(map, "null cannot be cast to non-null type co.nstant.in.cbor.model.Map");
        Collection values = map.getValues();
        Integer valueOf = values != null ? Integer.valueOf(values.size()) : null;
        Intrinsics.checkNotNull(valueOf);
        if (valueOf.intValue() > 1) {
            dataItem2 = get((DataItem) CollectionsKt.elementAt(values, 0), 1);
        } else {
            if (values.size() != 1) {
                return null;
            }
            dataItem2 = ((DataItem) CollectionsKt.elementAt(values, 0)).getMajorType() == MajorType.ARRAY ? get((DataItem) CollectionsKt.elementAt(values, 0), 1) : (DataItem) CollectionsKt.elementAt(values, 0);
        }
        return toX509Certificate(dataItem2);
    }

    private final X509Certificate toX509Certificate(DataItem dataItem) {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Intrinsics.checkNotNullExpressionValue(certificateFactory, "getInstance(...)");
        Intrinsics.checkNotNull(dataItem, "null cannot be cast to non-null type co.nstant.in.cbor.model.ByteString");
        Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(((ByteString) dataItem).getBytes()));
        Intrinsics.checkNotNull(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        return (X509Certificate) generateCertificate;
    }

    private final boolean verifyValueDigests(Map map, Map map2) {
        Map map3;
        Collection<DataItem> keys = map.getKeys();
        Intrinsics.checkNotNullExpressionValue(keys, "getKeys(...)");
        for (DataItem dataItem : keys) {
            MsoMdocVerifier msoMdocVerifier = this;
            Array array = map.get(dataItem);
            Intrinsics.checkNotNull(array, "null cannot be cast to non-null type co.nstant.in.cbor.model.Array");
            List<ByteString> dataItems = array.getDataItems();
            Intrinsics.checkNotNullExpressionValue(dataItems, "getDataItems(...)");
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            LinkedHashMap linkedHashMap2 = new LinkedHashMap();
            for (ByteString byteString : dataItems) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                new CborEncoder(byteArrayOutputStream).encode(byteString);
                byte[] calculateDigest = msoMdocVerifier.util.calculateDigest(msoMdocVerifier.get((DataItem) map2, "digestAlgorithm").toString(), byteArrayOutputStream);
                Intrinsics.checkNotNull(byteString, "null cannot be cast to non-null type co.nstant.in.cbor.model.ByteString");
                Map map4 = (DataItem) new CborDecoder(new ByteArrayInputStream(byteString.getBytes())).decode().get(0);
                Intrinsics.checkNotNull(map4, "null cannot be cast to non-null type co.nstant.in.cbor.model.Map");
                UnsignedInteger unsignedInteger = msoMdocVerifier.get((DataItem) map4, "digestID");
                Intrinsics.checkNotNull(unsignedInteger, "null cannot be cast to non-null type co.nstant.in.cbor.model.UnsignedInteger");
                BigInteger value = unsignedInteger.getValue();
                Intrinsics.checkNotNullExpressionValue(value, "getValue(...)");
                linkedHashMap.put(value, calculateDigest);
            }
            Map map5 = msoMdocVerifier.get((DataItem) map2, "valueDigests");
            Intrinsics.checkNotNull(map5, "null cannot be cast to non-null type co.nstant.in.cbor.model.Map");
            if (StringsKt.contains$default(map5.getKeys().toString(), "nameSpaces", false, 2, (Object) null)) {
                Map map6 = msoMdocVerifier.get(msoMdocVerifier.get((DataItem) map2, "valueDigests"), "nameSpaces");
                Intrinsics.checkNotNull(map6, "null cannot be cast to non-null type co.nstant.in.cbor.model.Map");
                DataItem dataItem2 = map6.get(dataItem);
                Intrinsics.checkNotNull(dataItem2, "null cannot be cast to non-null type co.nstant.in.cbor.model.Map");
                map3 = (Map) dataItem2;
            } else {
                Map map7 = msoMdocVerifier.get((DataItem) map2, "valueDigests");
                Intrinsics.checkNotNull(map7, "null cannot be cast to non-null type co.nstant.in.cbor.model.Map");
                Map map8 = map7.get(dataItem);
                Intrinsics.checkNotNull(map8, "null cannot be cast to non-null type co.nstant.in.cbor.model.Map");
                map3 = map8;
            }
            Map map9 = map3;
            Collection<UnsignedInteger> keys2 = map9.getKeys();
            Intrinsics.checkNotNullExpressionValue(keys2, "getKeys(...)");
            for (UnsignedInteger unsignedInteger2 : keys2) {
                ByteString byteString2 = map9.get(unsignedInteger2);
                Intrinsics.checkNotNull(byteString2, "null cannot be cast to non-null type co.nstant.in.cbor.model.ByteString");
                byte[] bytes = byteString2.getBytes();
                Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
                Intrinsics.checkNotNull(unsignedInteger2, "null cannot be cast to non-null type co.nstant.in.cbor.model.UnsignedInteger");
                BigInteger value2 = unsignedInteger2.getValue();
                Intrinsics.checkNotNullExpressionValue(value2, "getValue(...)");
                linkedHashMap2.put(value2, bytes);
            }
            for (Map.Entry entry : linkedHashMap2.entrySet()) {
                Number number = (Number) entry.getKey();
                if (!Arrays.equals((byte[]) entry.getValue(), (byte[]) linkedHashMap.get(number))) {
                    msoMdocVerifier.logger.severe("Error while doing valueDigests verification - mismatch in digests found");
                    throw new LikelyTamperedException("valueDigests verification failed - mismatch in digests with " + number);
                }
            }
        }
        return true;
    }

    @NotNull
    public final DataItem get(@NotNull DataItem dataItem, @NotNull String str) {
        Intrinsics.checkNotNullParameter(dataItem, "<this>");
        Intrinsics.checkNotNullParameter(str, CredentialValidatorConstants.NAME);
        if (!(dataItem.getMajorType() == MajorType.MAP)) {
            throw new IllegalStateException("Check failed.".toString());
        }
        DataItem dataItem2 = ((co.nstant.in.cbor.model.Map) dataItem).get(new UnicodeString(str));
        Intrinsics.checkNotNullExpressionValue(dataItem2, "get(...)");
        return dataItem2;
    }

    @NotNull
    public final DataItem get(@NotNull DataItem dataItem, int i) {
        Intrinsics.checkNotNullParameter(dataItem, "<this>");
        if (!(dataItem.getMajorType() == MajorType.ARRAY)) {
            throw new IllegalStateException("Check failed.".toString());
        }
        Object obj = ((Array) dataItem).getDataItems().get(i);
        Intrinsics.checkNotNullExpressionValue(obj, "get(...)");
        return (DataItem) obj;
    }
}
