package com.okta.devices.util;

import android.text.TextUtils;
import android.util.Base64;
import androidx.biometric.BiometricPrompt;
import com.google.gson.Gson;
import com.okta.android.auth.data.Constants;
import com.okta.devices.data.RepositoryManager;
import com.okta.devices.encrypt.KeyManager;
import com.okta.devices.event.UserVerificationResult;
import com.okta.devices.log.Log;
import com.okta.devices.model.DeviceEnrollment;
import com.okta.devices.model.EnrolledMethods;
import com.okta.devices.model.Jwk;
import com.okta.devices.model.MethodType;
import com.okta.devices.model.SigningKeys;
import com.okta.devices.model.User;
import com.okta.devices.model.local.DeviceInfo;
import com.okta.devices.model.local.UserAuthenticatorInfo;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.InvalidKeyException;
import io.jsonwebtoken.security.SignatureException;
import java.nio.charset.Charset;
import java.security.PublicKey;
import java.security.Signature;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import org.jose4j.jwk.JsonWebKeySet;

/* compiled from: JwsHelper.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000n\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010 \n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0003\n\u0002\u0010%\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\bÀ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J*\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\b\b\u0002\u0010\u000b\u001a\u00020\fH\u0002J\u000e\u0010\r\u001a\u00020\f2\u0006\u0010\u000e\u001a\u00020\fJ4\u0010\u000f\u001a\u00020\u00102\f\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u00130\u00122\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\fJ.\u0010\u0019\u001a\u00020\f2\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u001a\u001a\u00020\f2\f\u0010\u001b\u001a\b\u0012\u0004\u0012\u00020\n0\u001c2\b\b\u0002\u0010\u001d\u001a\u00020\u001eJ.\u0010\u001f\u001a\u0004\u0018\u00010\f2\u0006\u0010 \u001a\u00020\f2\u0006\u0010!\u001a\u00020\f2\u0014\b\u0002\u0010\u0011\u001a\u000e\u0012\u0004\u0012\u00020\f\u0012\u0004\u0012\u00020\f0\"J,\u0010#\u001a\b\u0012\u0004\u0012\u00020\u00130\u00122\u0006\u0010\u000e\u001a\u00020\f2\u0006\u0010\u0005\u001a\u00020\u00062\u000e\u0010$\u001a\n\u0012\u0004\u0012\u00020%\u0018\u00010\u001cJ\"\u0010#\u001a\b\u0012\u0004\u0012\u00020\u00130\u00122\u0006\u0010\u000e\u001a\u00020\f2\f\u0010&\u001a\b\u0012\u0004\u0012\u00020%0\u001cJ\u001a\u0010'\u001a\u0004\u0018\u00010\f2\u0006\u0010(\u001a\u00020)2\u0006\u0010\u000e\u001a\u00020\fH\u0002¨\u0006*"}, d2 = {"Lcom/okta/devices/util/JwsHelper;", "", "()V", "buildBaseJwt", "Lio/jsonwebtoken/JwtBuilder;", "authInfo", "Lcom/okta/devices/model/local/UserAuthenticatorInfo;", "deviceEnrollment", "Lcom/okta/devices/model/DeviceEnrollment;", "methodType", "Lcom/okta/devices/model/MethodType;", "jti", "", "convertJwsToJwt", "jws", "getVerificationParameters", "Lcom/okta/devices/util/VerificationParameters;", "claims", "Lio/jsonwebtoken/Jws;", "Lio/jsonwebtoken/Claims;", "authenticator", "Lcom/okta/devices/Authenticator;", "signals", "Lcom/okta/devices/model/DeviceSignal;", "requestOrigin", "issueAuthorizationJws", "issuer", "methods", "", "disableUv", "", "issueClientAttestationJws", "oktaOrgId", "orgUrl", "", "parseJws", "signingKeys", "Ljava/security/PublicKey;", JsonWebKeySet.JWK_SET_MEMBER_NAME, "withCryptoObject", Constants.USER_RESPONSE_ACCEPTED_KEY, "Lcom/okta/devices/event/UserVerificationResult;", "devices_release"}, k = 1, mv = {1, 4, 1})
/* loaded from: classes2.dex */
public final class JwsHelper {
    public static final JwsHelper INSTANCE = new JwsHelper();

    private JwsHelper() {
    }

    private final JwtBuilder buildBaseJwt(UserAuthenticatorInfo authInfo, DeviceEnrollment deviceEnrollment, MethodType methodType, String jti) {
        if (authInfo.getUser() == null) {
            throw new IllegalStateException("Unable to generate Jwt. No user found");
        }
        if (TextUtils.isEmpty(authInfo.getOrgUrl())) {
            throw new IllegalStateException("Unable to generate Jwt. No Org info found");
        }
        boolean z = false;
        Object obj = null;
        for (Object obj2 : deviceEnrollment.getMethods()) {
            if (((EnrolledMethods) obj2).getType() == methodType) {
                if (z) {
                    throw new IllegalArgumentException("Collection contains more than one matching element.");
                }
                obj = obj2;
                z = true;
            }
        }
        if (!z) {
            throw new NoSuchElementException("Collection contains no element matching the predicate.");
        }
        String id = ((EnrolledMethods) obj).getId();
        JwtBuilder issuer = Jwts.builder().setHeaderParam(JwtParams.TYP.getValue(), TypHeader.DEVICE_BIND.getValue()).setIssuer(deviceEnrollment.getEnrollmentId());
        User user = authInfo.getUser();
        JwtBuilder audience = issuer.setSubject(user != null ? user.getId() : null).setAudience(authInfo.getOrgUrl());
        Intrinsics.checkNotNullExpressionValue(audience, "Jwts.builder()\n         …Audience(authInfo.orgUrl)");
        JwtBuilder claim = JwsHelperKt.setExpAndJti$default(audience, jti, 0L, 2, null).claim(JwtParams.METHOD_ENROLLMENT_ID.getValue(), id);
        Intrinsics.checkNotNullExpressionValue(claim, "Jwts.builder()\n         …alue, methodEnrollmentId)");
        return claim;
    }

    static /* synthetic */ JwtBuilder buildBaseJwt$default(JwsHelper jwsHelper, UserAuthenticatorInfo userAuthenticatorInfo, DeviceEnrollment deviceEnrollment, MethodType methodType, String str, int i, Object obj) {
        if ((i & 8) != 0) {
            str = UUID.randomUUID().toString();
            Intrinsics.checkNotNullExpressionValue(str, "UUID.randomUUID().toString()");
        }
        return jwsHelper.buildBaseJwt(userAuthenticatorInfo, deviceEnrollment, methodType, str);
    }

    public static /* synthetic */ String issueAuthorizationJws$default(JwsHelper jwsHelper, UserAuthenticatorInfo userAuthenticatorInfo, String str, List list, boolean z, int i, Object obj) throws SignatureException, IllegalArgumentException, IllegalStateException {
        if ((i & 8) != 0) {
            z = false;
        }
        return jwsHelper.issueAuthorizationJws(userAuthenticatorInfo, str, list, z);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static /* synthetic */ String issueClientAttestationJws$default(JwsHelper jwsHelper, String str, String str2, Map map, int i, Object obj) {
        if ((i & 4) != 0) {
            map = new LinkedHashMap();
        }
        return jwsHelper.issueClientAttestationJws(str, str2, map);
    }

    public final String withCryptoObject(UserVerificationResult r3, String jws) {
        BiometricPrompt.CryptoObject cryptoObject;
        Signature signature;
        BiometricPrompt.AuthenticationResult authenticationResult = r3.getAuthenticationResult();
        if (authenticationResult == null || (cryptoObject = authenticationResult.getCryptoObject()) == null || (signature = cryptoObject.getSignature()) == null) {
            return null;
        }
        String dropLast = StringsKt.dropLast(INSTANCE.convertJwsToJwt(jws), 1);
        Charset charset = Charsets.UTF_8;
        Objects.requireNonNull(dropLast, "null cannot be cast to non-null type java.lang.String");
        byte[] bytes = dropLast.getBytes(charset);
        Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
        signature.update(bytes);
        return dropLast + JwtParser.SEPARATOR_CHAR + Base64.encodeToString(signature.sign(), 11);
    }

    public final String convertJwsToJwt(String jws) {
        Intrinsics.checkNotNullParameter(jws, "jws");
        return StringsKt.substringBeforeLast$default(jws, JwtParser.SEPARATOR_CHAR, (String) null, 2, (Object) null) + JwtParser.SEPARATOR_CHAR;
    }

    /* JADX WARN: Code restructure failed: missing block: B:20:0x00ee, code lost:
    
        r13 = null;
     */
    /* JADX WARN: Code restructure failed: missing block: B:3:0x0074, code lost:
    
        r9 = com.okta.devices.util.JwsHelperKt.toArray(new com.google.gson.Gson(), r9);
     */
    /* JADX WARN: Code restructure failed: missing block: B:46:0x01c9, code lost:
    
        r1 = com.okta.devices.util.JwsHelperKt.asMap(r1);
     */
    /* JADX WARN: Code restructure failed: missing block: B:91:0x00ec, code lost:
    
        if (r12 == false) goto L123;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final com.okta.devices.util.VerificationParameters getVerificationParameters(io.jsonwebtoken.Jws<io.jsonwebtoken.Claims> r33, com.okta.devices.model.local.UserAuthenticatorInfo r34, com.okta.devices.Authenticator r35, com.okta.devices.model.DeviceSignal r36, java.lang.String r37) throws io.jsonwebtoken.UnsupportedJwtException, io.jsonwebtoken.MalformedJwtException, java.security.GeneralSecurityException, java.lang.IllegalStateException, io.jsonwebtoken.security.SignatureException, java.lang.IllegalArgumentException, com.google.gson.JsonSyntaxException {
        /*
            Method dump skipped, instructions count: 751
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.okta.devices.util.JwsHelper.getVerificationParameters(io.jsonwebtoken.Jws, com.okta.devices.model.local.UserAuthenticatorInfo, com.okta.devices.Authenticator, com.okta.devices.model.DeviceSignal, java.lang.String):com.okta.devices.util.VerificationParameters");
    }

    /* JADX WARN: Code restructure failed: missing block: B:19:0x008e, code lost:
    
        r6 = null;
     */
    /* JADX WARN: Code restructure failed: missing block: B:56:0x008c, code lost:
    
        if (r3 == false) goto L125;
     */
    /* JADX WARN: Code restructure failed: missing block: B:73:0x0198, code lost:
    
        r10 = null;
     */
    /* JADX WARN: Code restructure failed: missing block: B:99:0x0196, code lost:
    
        if (r9 == false) goto L171;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.String issueAuthorizationJws(com.okta.devices.model.local.UserAuthenticatorInfo r19, java.lang.String r20, java.util.List<? extends com.okta.devices.model.MethodType> r21, boolean r22) throws io.jsonwebtoken.security.SignatureException, java.lang.IllegalArgumentException, java.lang.IllegalStateException {
        /*
            Method dump skipped, instructions count: 503
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.okta.devices.util.JwsHelper.issueAuthorizationJws(com.okta.devices.model.local.UserAuthenticatorInfo, java.lang.String, java.util.List, boolean):java.lang.String");
    }

    public final String issueClientAttestationJws(String oktaOrgId, String orgUrl, Map<String, String> claims) {
        Intrinsics.checkNotNullParameter(oktaOrgId, "oktaOrgId");
        Intrinsics.checkNotNullParameter(orgUrl, "orgUrl");
        Intrinsics.checkNotNullParameter(claims, "claims");
        try {
            if (TextUtils.isEmpty(oktaOrgId)) {
                throw new IllegalArgumentException("Unable to generate Jwt. No OktaOrgId provided");
            }
            if (!KeyManager.digitalSignature$default(KeyManager.INSTANCE, null, 1, null).containsAlias(oktaOrgId)) {
                return null;
            }
            DeviceInfo deviceInfo = RepositoryManager.INSTANCE.getAuthenticatorRepository().getDeviceInfo(oktaOrgId);
            if ((deviceInfo != null ? deviceInfo.getClientInstanceId() : null) == null) {
                return null;
            }
            claims.put(JwtParams.SUBJECT_TYPE.getValue(), SubjectTypes.DEVICE.name());
            long currentTimeMillis = System.currentTimeMillis();
            return Jwts.builder().setHeaderParam(JwtParams.KID.getValue(), oktaOrgId).setIssuer(deviceInfo.getClientInstanceId()).setSubject(deviceInfo.getId()).setAudience(orgUrl).addClaims(claims).setId(UUID.randomUUID().toString()).setIssuedAt(new Date(currentTimeMillis)).setExpiration(new Date(TimeUnit.MINUTES.toMillis(5L) + currentTimeMillis)).setNotBefore(new Date(currentTimeMillis - TimeUnit.MINUTES.toMillis(5L))).signWith(KeyManager.digitalSignature$default(KeyManager.INSTANCE, null, 1, null).getPrivateKey(oktaOrgId)).compact();
        } catch (InvalidKeyException e) {
            Log.INSTANCE.e(DevicesExtensionsKt.getTAG(this), "Unable to create client attestation jws. Invalid key", e);
            return null;
        } catch (Exception e2) {
            Log.INSTANCE.e(DevicesExtensionsKt.getTAG(this), "Unable to create client attestation jws. No private key", e2);
            return null;
        }
    }

    public final Jws<Claims> parseJws(String jws, UserAuthenticatorInfo authInfo, List<? extends PublicKey> signingKeys) {
        Intrinsics.checkNotNullParameter(jws, "jws");
        Intrinsics.checkNotNullParameter(authInfo, "authInfo");
        if (signingKeys == null) {
            List<Jwk> keys = ((SigningKeys) new Gson().fromJson(authInfo.getVerificationJwks(), SigningKeys.class)).getKeys();
            ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(keys, 10));
            Iterator<T> it = keys.iterator();
            while (it.hasNext()) {
                arrayList.add(((Jwk) it.next()).asPublicKey());
            }
            signingKeys = arrayList;
        }
        return parseJws(jws, signingKeys);
    }

    public final Jws<Claims> parseJws(String jws, List<? extends PublicKey> r4) throws IllegalArgumentException {
        Intrinsics.checkNotNullParameter(jws, "jws");
        Intrinsics.checkNotNullParameter(r4, "keys");
        JwtException e = new JwtException("Jws Parsing exception");
        Iterator<T> it = r4.iterator();
        while (it.hasNext()) {
            try {
                Jws<Claims> parseClaimsJws = Jwts.parserBuilder().setSigningKey((PublicKey) it.next()).build().parseClaimsJws(jws);
                Intrinsics.checkNotNullExpressionValue(parseClaimsJws, "Jwts.parserBuilder().set…ild().parseClaimsJws(jws)");
                return parseClaimsJws;
            } catch (JwtException e2) {
                e = e2;
            }
        }
        throw e;
    }
}
