package at.asitplus.attestation;

import at.asitplus.attestation.AttestationException;
import at.asitplus.attestation.AttestationResult;
import at.asitplus.attestation.AttestationService;
import at.asitplus.attestation.android.AndroidAttestationChecker;
import at.asitplus.attestation.android.AndroidAttestationConfiguration;
import at.asitplus.attestation.android.exceptions.CertificateInvalidException;
import ch.veehait.devicecheck.appattest.AppleAppAttest;
import ch.veehait.devicecheck.appattest.assertion.Assertion;
import ch.veehait.devicecheck.appattest.assertion.AssertionChallengeValidator;
import ch.veehait.devicecheck.appattest.assertion.AssertionValidator;
import ch.veehait.devicecheck.appattest.attestation.AttestationException;
import ch.veehait.devicecheck.appattest.attestation.AttestationValidator;
import ch.veehait.devicecheck.appattest.attestation.ValidatedAttestation;
import ch.veehait.devicecheck.appattest.common.App;
import ch.veehait.devicecheck.appattest.common.AppleAppAttestEnvironment;
import ch.veehait.devicecheck.appattest.receipt.ReceiptException;
import ch.veehait.devicecheck.appattest.receipt.ReceiptValidator;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectReader;
import com.fasterxml.jackson.dataformat.cbor.CBORFactory;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.TuplesKt;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.JvmOverloads;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.time.DurationKt;
import kotlin.time.DurationUnit;
import kotlinx.datetime.Clock;
import net.swiftzer.semver.SemVer;
import org.bouncycastle.cert.X509CertificateHolder;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: AttestationService.kt */
@Metadata(mv = {1, 8, 0}, k = 1, xi = 48, d1 = {"��\u0084\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010 \n\u0002\u0010\u0012\n\u0002\b\b\n\u0002\u0018\u0002\n��\n\u0002\u0010\t\n\u0002\b\u0003\u0018��2\u00020\u0001B+\b\u0017\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\b\b\u0002\u0010\u0006\u001a\u00020\u0007\u0012\b\b\u0002\u0010\b\u001a\u00020\t¢\u0006\u0002\u0010\nB,\u0012\u0006\u0010\u000b\u001a\u00020\u0003\u0012\u0006\u0010\f\u001a\u00020\u0005\u0012\b\b\u0002\u0010\r\u001a\u00020\u000e\u0012\b\b\u0002\u0010\u000f\u001a\u00020\u0010ø\u0001��¢\u0006\u0002\u0010\u0011J(\u0010'\u001a\u00020(2\f\u0010)\u001a\b\u0012\u0004\u0012\u00020+0*2\u0006\u0010,\u001a\u00020+2\b\u0010-\u001a\u0004\u0018\u00010+H\u0016J\u001e\u0010.\u001a\u00020(2\f\u0010/\u001a\b\u0012\u0004\u0012\u00020+0*2\u0006\u00100\u001a\u00020+H\u0002J7\u00101\u001a\u00020(2\u0006\u00102\u001a\u00020+2\u0006\u00100\u001a\u00020+2\b\u00103\u001a\u0004\u0018\u0001042\u0006\u00105\u001a\u000206H\u0002ø\u0001\u0001ø\u0001��¢\u0006\u0004\b7\u00108R\u0014\u0010\u0012\u001a\u00020\u0013X\u0096\u0004¢\u0006\b\n��\u001a\u0004\b\u0014\u0010\u0015R\u000e\u0010\u0016\u001a\u00020\u0017X\u0082\u0004¢\u0006\u0002\n��R\u0016\u0010\u0018\u001a\n \u0019*\u0004\u0018\u00010\t0\tX\u0082\u0004¢\u0006\u0002\n��R\u0016\u0010\u001a\u001a\n \u0019*\u0004\u0018\u00010\u001b0\u001bX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u001c\u001a\u00020\u001dX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u001e\u001a\u00020\u001fX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\r\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u0014\u0010 \u001a\u00020!X\u0096\u0004¢\u0006\b\n��\u001a\u0004\b\"\u0010#R\u000e\u0010\f\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u0016\u0010$\u001a\n \u0019*\u0004\u0018\u00010%0%X\u0082\u0004¢\u0006\u0002\n��R\u0019\u0010\u000f\u001a\u00020\u0010X\u0082\u0004ø\u0001��ø\u0001\u0001ø\u0001\u0002¢\u0006\u0004\n\u0002\u0010&\u0082\u0002\u000f\n\u0002\b\u0019\n\u0005\b¡\u001e0\u0001\n\u0002\b!¨\u00069"}, d2 = {"Lat/asitplus/attestation/DefaultAttestationService;", "Lat/asitplus/attestation/AttestationService;", "androidAttestationConfigurationJ", "Lat/asitplus/attestation/android/AndroidAttestationConfiguration;", "iosAttestationConfigurationJ", "Lat/asitplus/attestation/IOSAttestationConfiguration;", "verificationTimeOffsetJ", "Ljava/time/Duration;", "javaClock", "Ljava/time/Clock;", "(Lat/asitplus/attestation/android/AndroidAttestationConfiguration;Lat/asitplus/attestation/IOSAttestationConfiguration;Ljava/time/Duration;Ljava/time/Clock;)V", "androidAttestationConfiguration", "iosAttestationConfiguration", "clock", "Lkotlinx/datetime/Clock;", "verificationTimeOffset", "Lkotlin/time/Duration;", "(Lat/asitplus/attestation/android/AndroidAttestationConfiguration;Lat/asitplus/attestation/IOSAttestationConfiguration;Lkotlinx/datetime/Clock;JLkotlin/jvm/internal/DefaultConstructorMarker;)V", "android", "Lat/asitplus/attestation/AttestationService$Android;", "getAndroid", "()Lat/asitplus/attestation/AttestationService$Android;", "androidAttestationChecker", "Lat/asitplus/attestation/android/AndroidAttestationChecker;", "appAttestClock", "kotlin.jvm.PlatformType", "appAttestReader", "Lcom/fasterxml/jackson/databind/ObjectReader;", "appleAppAttest", "Lch/veehait/devicecheck/appattest/AppleAppAttest;", "attestationValidator", "Lch/veehait/devicecheck/appattest/attestation/AttestationValidator;", "ios", "Lat/asitplus/attestation/AttestationService$IOS;", "getIos", "()Lat/asitplus/attestation/AttestationService$IOS;", "log", "Lorg/slf4j/Logger;", "J", "verifyAttestation", "Lat/asitplus/attestation/AttestationResult;", "attestationProof", "", "", "challenge", "clientData", "verifyAttestationAndroid", "attestationCerts", "expectedChallenge", "verifyAttestationApple", "attestationObject", "assertionData", "Lat/asitplus/attestation/AssertionData;", "counter", "", "verifyAttestationApple-t-mv6J0", "([B[BLkotlin/Pair;J)Lat/asitplus/attestation/AttestationResult;", "attestation-service"})
@SourceDebugExtension({"SMAP\nAttestationService.kt\nKotlin\n*S Kotlin\n*F\n+ 1 AttestationService.kt\nat/asitplus/attestation/DefaultAttestationService\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n+ 3 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n*L\n1#1,616:1\n1#2:617\n1#2:632\n1549#3:618\n1620#3,3:619\n1603#3,9:622\n1855#3:631\n1856#3:633\n1612#3:634\n*S KotlinDebug\n*F\n+ 1 AttestationService.kt\nat/asitplus/attestation/DefaultAttestationService\n*L\n491#1:632\n460#1:618\n460#1:619,3\n491#1:622,9\n491#1:631\n491#1:633\n491#1:634\n*E\n"})
/* loaded from: input_file:at/asitplus/attestation/DefaultAttestationService.class */
public final class DefaultAttestationService implements AttestationService {

    @NotNull
    private final IOSAttestationConfiguration iosAttestationConfiguration;

    @NotNull
    private final Clock clock;
    private final long verificationTimeOffset;
    private final Logger log;

    @NotNull
    private final AndroidAttestationChecker androidAttestationChecker;

    @NotNull
    private final AppleAppAttest appleAppAttest;
    private final ObjectReader appAttestReader;
    private final java.time.Clock appAttestClock;

    @NotNull
    private final AttestationValidator attestationValidator;

    @NotNull
    private final AttestationService.IOS ios;

    @NotNull
    private final AttestationService.Android android;

    private DefaultAttestationService(AndroidAttestationConfiguration androidAttestationConfiguration, IOSAttestationConfiguration iOSAttestationConfiguration, Clock clock, long j) {
        Intrinsics.checkNotNullParameter(androidAttestationConfiguration, "androidAttestationConfiguration");
        Intrinsics.checkNotNullParameter(iOSAttestationConfiguration, "iosAttestationConfiguration");
        Intrinsics.checkNotNullParameter(clock, "clock");
        this.iosAttestationConfiguration = iOSAttestationConfiguration;
        this.clock = clock;
        this.verificationTimeOffset = j;
        this.log = LoggerFactory.getLogger(getClass());
        this.androidAttestationChecker = new AndroidAttestationChecker(androidAttestationConfiguration, new Function2<byte[], byte[], Boolean>() { // from class: at.asitplus.attestation.DefaultAttestationService$androidAttestationChecker$1
            @NotNull
            public final Boolean invoke(@NotNull byte[] bArr, @NotNull byte[] bArr2) {
                Intrinsics.checkNotNullParameter(bArr, "expected");
                Intrinsics.checkNotNullParameter(bArr2, "actual");
                return Boolean.valueOf(Arrays.equals(bArr, bArr2));
            }
        });
        this.appleAppAttest = new AppleAppAttest(new App(this.iosAttestationConfiguration.getTeamIdentifier(), this.iosAttestationConfiguration.getBundleIdentifier()), this.iosAttestationConfiguration.getSandbox() ? AppleAppAttestEnvironment.DEVELOPMENT : AppleAppAttestEnvironment.PRODUCTION);
        this.appAttestReader = com.fasterxml.jackson.module.kotlin.ExtensionsKt.registerKotlinModule(new ObjectMapper(new CBORFactory())).readerFor(AttestationObject.class);
        java.time.Clock javaClock = ExtensionsKt.toJavaClock(this.clock);
        Duration ofSeconds = Duration.ofSeconds(kotlin.time.Duration.getInWholeSeconds-impl(this.verificationTimeOffset), kotlin.time.Duration.getNanosecondsComponent-impl(r2));
        Intrinsics.checkNotNullExpressionValue(ofSeconds, "toJavaDuration-LRDsOJo");
        this.appAttestClock = java.time.Clock.offset(javaClock, ofSeconds);
        AppleAppAttest appleAppAttest = this.appleAppAttest;
        java.time.Clock clock2 = this.appAttestClock;
        Intrinsics.checkNotNullExpressionValue(clock2, "appAttestClock");
        AppleAppAttest appleAppAttest2 = this.appleAppAttest;
        java.time.Clock clock3 = this.appAttestClock;
        Intrinsics.checkNotNullExpressionValue(clock3, "appAttestClock");
        Duration ofSeconds2 = Duration.ofSeconds(kotlin.time.Duration.getInWholeSeconds-impl(kotlin.time.Duration.times-UwyO8pc(kotlin.time.Duration.getAbsoluteValue-UwyO8pc(this.verificationTimeOffset), 2)), kotlin.time.Duration.getNanosecondsComponent-impl(r7));
        Intrinsics.checkNotNullExpressionValue(ofSeconds2, "toJavaDuration-LRDsOJo");
        Duration plus = ofSeconds2.plus(ReceiptValidator.APPLE_RECOMMENDED_MAX_AGE);
        Intrinsics.checkNotNullExpressionValue(plus, "verificationTimeOffset.a…PPLE_RECOMMENDED_MAX_AGE)");
        this.attestationValidator = AppleAppAttest.createAttestationValidator$default(appleAppAttest, (TrustAnchor) null, clock2, AppleAppAttest.createReceiptValidator$default(appleAppAttest2, (TrustAnchor) null, clock3, plus, 1, (Object) null), 1, (Object) null);
        this.ios = new AttestationService.IOS() { // from class: at.asitplus.attestation.DefaultAttestationService$ios$1
            @Override // at.asitplus.attestation.AttestationService.IOS
            @NotNull
            public AttestationResult verifyAppAttestation(@NotNull byte[] bArr, @NotNull byte[] bArr2) {
                AttestationResult m12verifyAttestationAppletmv6J0;
                Intrinsics.checkNotNullParameter(bArr, "attestationObject");
                Intrinsics.checkNotNullParameter(bArr2, "challenge");
                m12verifyAttestationAppletmv6J0 = DefaultAttestationService.this.m12verifyAttestationAppletmv6J0(bArr, bArr2, null, 0L);
                return m12verifyAttestationAppletmv6J0;
            }

            @Override // at.asitplus.attestation.AttestationService.IOS
            @NotNull
            public AttestationResult verifyAssertion(@NotNull byte[] bArr, @NotNull byte[] bArr2, @NotNull byte[] bArr3, @NotNull byte[] bArr4, long j2) {
                AttestationResult m12verifyAttestationAppletmv6J0;
                Intrinsics.checkNotNullParameter(bArr, "attestationObject");
                Intrinsics.checkNotNullParameter(bArr2, "assertionFromDevice");
                Intrinsics.checkNotNullParameter(bArr3, "referenceClientData");
                Intrinsics.checkNotNullParameter(bArr4, "challenge");
                m12verifyAttestationAppletmv6J0 = DefaultAttestationService.this.m12verifyAttestationAppletmv6J0(bArr, bArr4, AssertionData.m0constructorimpl(bArr2, bArr3), j2);
                return m12verifyAttestationAppletmv6J0;
            }
        };
        this.android = new AttestationService.Android() { // from class: at.asitplus.attestation.DefaultAttestationService$android$1
            @Override // at.asitplus.attestation.AttestationService.Android
            @NotNull
            public KeyAttestation<PublicKey> verifyKeyAttestation(@NotNull List<? extends X509Certificate> list, @NotNull byte[] bArr) {
                Intrinsics.checkNotNullParameter(list, "attestationCerts");
                Intrinsics.checkNotNullParameter(bArr, "expectedChallenge");
                DefaultAttestationService defaultAttestationService = DefaultAttestationService.this;
                List<? extends X509Certificate> list2 = list;
                ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(list2, 10));
                Iterator<T> it = list2.iterator();
                while (it.hasNext()) {
                    arrayList.add(((X509Certificate) it.next()).getEncoded());
                }
                PublicKey publicKey = ((X509Certificate) CollectionsKt.first(list)).getPublicKey();
                Intrinsics.checkNotNullExpressionValue(publicKey, "attestationCerts.first().publicKey");
                return defaultAttestationService.verifyKeyAttestation(arrayList, bArr, publicKey);
            }
        };
    }

    public /* synthetic */ DefaultAttestationService(AndroidAttestationConfiguration androidAttestationConfiguration, IOSAttestationConfiguration iOSAttestationConfiguration, Clock clock, long j, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(androidAttestationConfiguration, iOSAttestationConfiguration, (i & 4) != 0 ? (Clock) Clock.System.INSTANCE : clock, (i & 8) != 0 ? kotlin.time.Duration.Companion.getZERO-UwyO8pc() : j, null);
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    @JvmOverloads
    public DefaultAttestationService(@NotNull AndroidAttestationConfiguration androidAttestationConfiguration, @NotNull IOSAttestationConfiguration iOSAttestationConfiguration, @NotNull Duration duration, @NotNull java.time.Clock clock) {
        this(androidAttestationConfiguration, iOSAttestationConfiguration, ExtensionsKt.toKotlinClock(clock), kotlin.time.Duration.plus-LRDsOJo(DurationKt.toDuration(duration.getSeconds(), DurationUnit.SECONDS), DurationKt.toDuration(duration.getNano(), DurationUnit.NANOSECONDS)), null);
        Intrinsics.checkNotNullParameter(androidAttestationConfiguration, "androidAttestationConfigurationJ");
        Intrinsics.checkNotNullParameter(iOSAttestationConfiguration, "iosAttestationConfigurationJ");
        Intrinsics.checkNotNullParameter(duration, "verificationTimeOffsetJ");
        Intrinsics.checkNotNullParameter(clock, "javaClock");
    }

    /* JADX WARN: Illegal instructions before constructor call */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public /* synthetic */ DefaultAttestationService(at.asitplus.attestation.android.AndroidAttestationConfiguration r7, at.asitplus.attestation.IOSAttestationConfiguration r8, java.time.Duration r9, java.time.Clock r10, int r11, kotlin.jvm.internal.DefaultConstructorMarker r12) {
        /*
            r6 = this;
            r0 = r11
            r1 = 4
            r0 = r0 & r1
            if (r0 == 0) goto L12
            java.time.Duration r0 = java.time.Duration.ZERO
            r1 = r0
            java.lang.String r2 = "ZERO"
            kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r1, r2)
            r9 = r0
        L12:
            r0 = r11
            r1 = 8
            r0 = r0 & r1
            if (r0 == 0) goto L26
            java.time.Clock r0 = java.time.Clock.systemUTC()
            r1 = r0
            java.lang.String r2 = "systemUTC()"
            kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r1, r2)
            r10 = r0
        L26:
            r0 = r6
            r1 = r7
            r2 = r8
            r3 = r9
            r4 = r10
            r0.<init>(r1, r2, r3, r4)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: at.asitplus.attestation.DefaultAttestationService.<init>(at.asitplus.attestation.android.AndroidAttestationConfiguration, at.asitplus.attestation.IOSAttestationConfiguration, java.time.Duration, java.time.Clock, int, kotlin.jvm.internal.DefaultConstructorMarker):void");
    }

    @Override // at.asitplus.attestation.AttestationService
    @NotNull
    public AttestationService.IOS getIos() {
        return this.ios;
    }

    @Override // at.asitplus.attestation.AttestationService
    @NotNull
    public AttestationService.Android getAndroid() {
        return this.android;
    }

    @Override // at.asitplus.attestation.AttestationService
    @NotNull
    public AttestationResult verifyAttestation(@NotNull List<byte[]> list, @NotNull byte[] bArr, @Nullable byte[] bArr2) {
        Object obj;
        String str;
        Pair<? extends byte[], ? extends byte[]> pair;
        Intrinsics.checkNotNullParameter(list, "attestationProof");
        Intrinsics.checkNotNullParameter(bArr, "challenge");
        this.log.debug("attestation proof length: " + list.size());
        if (list.isEmpty()) {
            return new AttestationResult.Error("Attestation proof is empty", null, 2, null);
        }
        if (list.size() > 2) {
            return verifyAttestationAndroid(list, bArr);
        }
        try {
            Result.Companion companion = Result.Companion;
            DefaultAttestationService defaultAttestationService = this;
            byte[] bArr3 = (byte[]) CollectionsKt.first(list);
            byte[] bArr4 = bArr;
            if (bArr2 != null) {
                defaultAttestationService = defaultAttestationService;
                bArr3 = bArr3;
                bArr4 = bArr4;
                pair = AssertionData.m0constructorimpl(list.get(1), bArr2);
            } else {
                pair = null;
            }
            obj = Result.constructor-impl(defaultAttestationService.m12verifyAttestationAppletmv6J0(bArr3, bArr4, pair, 0L));
        } catch (Throwable th) {
            Result.Companion companion2 = Result.Companion;
            obj = Result.constructor-impl(ResultKt.createFailure(th));
        }
        Object obj2 = obj;
        Throwable th2 = Result.exceptionOrNull-impl(obj2);
        if (th2 == null) {
            return (AttestationResult) obj2;
        }
        Logger logger = this.log;
        List<byte[]> list2 = list;
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(list2, 10));
        Iterator<T> it = list2.iterator();
        while (it.hasNext()) {
            arrayList.add(ExtensionsKt.encodeBase64((byte[]) it.next()));
        }
        logger.warn("Could not verify attestation proof: {}", arrayList);
        if (th2 instanceof IndexOutOfBoundsException) {
            return new AttestationResult.Error("Invalid length of attestation proof: " + th2.getMessage() + ". Possible reason: passed 'clientData' but no assertion", null, 2, null);
        }
        String simpleName = Reflection.getOrCreateKotlinClass(th2.getClass()).getSimpleName();
        String message = th2.getMessage();
        if (message != null) {
            simpleName = simpleName;
            str = ". " + message;
        } else {
            str = null;
        }
        return new AttestationResult.Error("Could not verify client integrity due to internal error: " + simpleName + str, null, 2, null);
    }

    private final AttestationResult verifyAttestationAndroid(List<byte[]> list, byte[] bArr) {
        Object obj;
        AttestationResult.Error error;
        DefaultAttestationService defaultAttestationService;
        try {
            Result.Companion companion = Result.Companion;
            defaultAttestationService = this;
            defaultAttestationService.log.debug("Verifying Android attestation");
        } catch (Throwable th) {
            Result.Companion companion2 = Result.Companion;
            obj = Result.constructor-impl(ResultKt.createFailure(th));
        }
        if (list.isEmpty()) {
            return new AttestationResult.Error("Attestation proof is empty", null, 2, null);
        }
        ArrayList arrayList = new ArrayList();
        Iterator<T> it = list.iterator();
        while (it.hasNext()) {
            X509Certificate parseToCertificate = ExtensionsKt.parseToCertificate((byte[]) it.next());
            if (parseToCertificate != null) {
                arrayList.add(parseToCertificate);
            }
        }
        ArrayList arrayList2 = arrayList;
        if (arrayList2.size() != list.size()) {
            return new AttestationResult.Error("Could not parse Android attestation certificate chain", null, 2, null);
        }
        AndroidAttestationChecker androidAttestationChecker = defaultAttestationService.androidAttestationChecker;
        Date javaDate = ExtensionsKt.toJavaDate(defaultAttestationService.clock.now().plus-LRDsOJo(defaultAttestationService.verificationTimeOffset));
        Intrinsics.checkNotNullExpressionValue(javaDate, "clock.now() + verificationTimeOffset).toJavaDate()");
        androidAttestationChecker.verifyAttestation(arrayList2, javaDate, bArr);
        obj = Result.constructor-impl(new AttestationResult.Android.Verified(arrayList2));
        Object obj2 = obj;
        Throwable th2 = Result.exceptionOrNull-impl(obj2);
        if (th2 == null) {
            error = obj2;
        } else {
            String message = th2.getMessage();
            if (message == null) {
                message = Reflection.getOrCreateKotlinClass(th2.getClass()).getSimpleName();
            }
            error = new AttestationResult.Error("Android Attestation Error: " + message, ((th2 instanceof CertificateException) || (th2 instanceof CertificateInvalidException)) ? new AttestationException.Certificate(Platform.ANDROID, null, th2, 2, null) : new AttestationException.Content(Platform.ANDROID, null, th2, 2, null));
        }
        return (AttestationResult) error;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: verifyAttestationApple-t-mv6J0, reason: not valid java name */
    public final AttestationResult m12verifyAttestationAppletmv6J0(byte[] bArr, final byte[] bArr2, Pair<? extends byte[], ? extends byte[]> pair, long j) {
        Object error;
        Object error2;
        try {
            Result.Companion companion = Result.Companion;
            DefaultAttestationService defaultAttestationService = this;
            defaultAttestationService.log.debug("Verifying iOS attestation");
            X509CertificateHolder x509CertificateHolder = new X509CertificateHolder((byte[]) CollectionsKt.first(((AttestationObject) defaultAttestationService.appAttestReader.readValue(bArr)).getAttStmt().getX5c()));
            AttestationValidator attestationValidator = defaultAttestationService.attestationValidator;
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(x509CertificateHolder.getSubjectPublicKeyInfo().getPublicKeyData().getBytes());
            Intrinsics.checkNotNullExpressionValue(digest, "getInstance(\"SHA-256\")\n …Info.publicKeyData.bytes)");
            String encodeBase64 = ExtensionsKt.encodeBase64(digest);
            Intrinsics.checkNotNullExpressionValue(encodeBase64, "getInstance(\"SHA-256\")\n …          .encodeBase64()");
            ValidatedAttestation validate = attestationValidator.validate(bArr, encodeBase64, bArr2);
            String iosVersion = defaultAttestationService.iosAttestationConfiguration.getIosVersion();
            if (iosVersion != null) {
                SemVer.Companion companion2 = SemVer.Companion;
                String iOSVersion = validate.getIOSVersion();
                if (iOSVersion == null) {
                    return new AttestationResult.Error("Could not parse iOS version from AppAttest", new AttestationException.Content(Platform.IOS, null, null, 6, null));
                }
                SemVer parse = companion2.parse(iOSVersion);
                SemVer parse2 = SemVer.Companion.parse(iosVersion);
                if (parse.compareTo(parse2) < 0) {
                    return new AttestationResult.Error("iOS version  " + parse + " <" + parse2, new AttestationException.Content(Platform.IOS, null, null, 6, null));
                }
            }
            if (pair != null) {
                try {
                    Result.Companion companion3 = Result.Companion;
                    AssertionValidator createAssertionValidator = defaultAttestationService.appleAppAttest.createAssertionValidator(new AssertionChallengeValidator() { // from class: at.asitplus.attestation.DefaultAttestationService$verifyAttestationApple$1$2$1$assertion$1
                        public boolean validate(@NotNull Assertion assertion, @NotNull byte[] bArr3, @NotNull ECPublicKey eCPublicKey, @NotNull byte[] bArr4) {
                            Intrinsics.checkNotNullParameter(assertion, "assertionObj");
                            Intrinsics.checkNotNullParameter(bArr3, "clientData");
                            Intrinsics.checkNotNullParameter(eCPublicKey, "attestationPublicKey");
                            Intrinsics.checkNotNullParameter(bArr4, "challenge");
                            return Arrays.equals(bArr4, bArr2);
                        }
                    });
                    byte[] m1getAssertionimpl = AssertionData.m1getAssertionimpl(pair);
                    byte[] m2getClientDataimpl = AssertionData.m2getClientDataimpl(pair);
                    PublicKey publicKey = validate.getCertificate().getPublicKey();
                    Intrinsics.checkNotNull(publicKey, "null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
                    Assertion validate2 = createAssertionValidator.validate(m1getAssertionimpl, m2getClientDataimpl, (ECPublicKey) publicKey, j, bArr2);
                    return validate2.getAuthenticatorData().getSignCount() != 1 ? new AttestationResult.Error("iOS Assertion counter is " + validate2.getAuthenticatorData().getSignCount() + ", but should be 1", new AttestationException.Content(Platform.IOS, null, null, 6, null)) : new AttestationResult.IOS.Verbose(validate, TuplesKt.to(AssertionData.m2getClientDataimpl(pair), validate2));
                } catch (Throwable th) {
                    Result.Companion companion4 = Result.Companion;
                    Object obj = Result.constructor-impl(ResultKt.createFailure(th));
                    Throwable th2 = Result.exceptionOrNull-impl(obj);
                    if (th2 == null) {
                        error2 = obj;
                    } else {
                        String message = th2.getMessage();
                        if (message == null) {
                            message = "iOS Assertion validation error due to " + Reflection.getOrCreateKotlinClass(th2.getClass()).getSimpleName();
                        }
                        error2 = new AttestationResult.Error(message, ((th2 instanceof AttestationException.InvalidCertificateChain) || (th2 instanceof ReceiptException.InvalidCertificateChain)) ? new AttestationException.Certificate(Platform.IOS, null, th2, 2, null) : new AttestationException.Content(Platform.IOS, null, th2, 2, null));
                    }
                    AttestationResult.Error error3 = (AttestationResult.Error) error2;
                    if (error3 != null) {
                        return error3;
                    }
                }
            }
            return new AttestationResult.IOS(null);
        } catch (Throwable th3) {
            Result.Companion companion5 = Result.Companion;
            Object obj2 = Result.constructor-impl(ResultKt.createFailure(th3));
            Throwable th4 = Result.exceptionOrNull-impl(obj2);
            if (th4 == null) {
                error = obj2;
            } else {
                String message2 = th4.getMessage();
                if (message2 == null) {
                    message2 = "iOS Attestation failed due to " + Reflection.getOrCreateKotlinClass(th4.getClass()).getSimpleName();
                }
                error = new AttestationResult.Error(message2, ((th4 instanceof AttestationException.InvalidCertificateChain) || (th4 instanceof ReceiptException.InvalidCertificateChain)) ? new AttestationException.Certificate(Platform.IOS, null, th4, 2, null) : new AttestationException.Content(Platform.IOS, null, th4, 2, null));
            }
            return (AttestationResult) error;
        }
    }

    @Override // at.asitplus.attestation.AttestationService
    @NotNull
    public <T extends PublicKey> KeyAttestation<T> verifyKeyAttestation(@NotNull List<byte[]> list, @NotNull byte[] bArr, @NotNull T t) {
        return AttestationService.DefaultImpls.verifyKeyAttestation(this, list, bArr, t);
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    @JvmOverloads
    public DefaultAttestationService(@NotNull AndroidAttestationConfiguration androidAttestationConfiguration, @NotNull IOSAttestationConfiguration iOSAttestationConfiguration, @NotNull Duration duration) {
        this(androidAttestationConfiguration, iOSAttestationConfiguration, duration, (java.time.Clock) null, 8, (DefaultConstructorMarker) null);
        Intrinsics.checkNotNullParameter(androidAttestationConfiguration, "androidAttestationConfigurationJ");
        Intrinsics.checkNotNullParameter(iOSAttestationConfiguration, "iosAttestationConfigurationJ");
        Intrinsics.checkNotNullParameter(duration, "verificationTimeOffsetJ");
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    @JvmOverloads
    public DefaultAttestationService(@NotNull AndroidAttestationConfiguration androidAttestationConfiguration, @NotNull IOSAttestationConfiguration iOSAttestationConfiguration) {
        this(androidAttestationConfiguration, iOSAttestationConfiguration, (Duration) null, (java.time.Clock) null, 12, (DefaultConstructorMarker) null);
        Intrinsics.checkNotNullParameter(androidAttestationConfiguration, "androidAttestationConfigurationJ");
        Intrinsics.checkNotNullParameter(iOSAttestationConfiguration, "iosAttestationConfigurationJ");
    }

    public /* synthetic */ DefaultAttestationService(AndroidAttestationConfiguration androidAttestationConfiguration, IOSAttestationConfiguration iOSAttestationConfiguration, Clock clock, long j, DefaultConstructorMarker defaultConstructorMarker) {
        this(androidAttestationConfiguration, iOSAttestationConfiguration, clock, j);
    }
}
