package eu.europa.ec.eudi.openid4vp.internal.request;

import com.nimbusds.jose.HeaderParameterNames;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.jwk.AsymmetricJWK;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.shaded.gson.Gson;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.ciba.CIBASignedRequestClaimsSet;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import eu.europa.ec.eudi.openid4vci.internal.http.AuthorizationEndpointParams;
import eu.europa.ec.eudi.openid4vci.internal.http.TokenEndpointForm;
import eu.europa.ec.eudi.openid4vp.AuthorizationRequestException;
import eu.europa.ec.eudi.openid4vp.AuthorizationRequestResolverKt;
import eu.europa.ec.eudi.openid4vp.LookupPublicKeyByDIDUrl;
import eu.europa.ec.eudi.openid4vp.RequestValidationError;
import eu.europa.ec.eudi.openid4vp.SupportedClientIdScheme;
import eu.europa.ec.eudi.openid4vp.internal.request.FetchedRequest;
import java.net.URI;
import java.security.PublicKey;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.util.Date;
import java.util.List;
import java.util.Map;
import kotlin.Metadata;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.collections.CollectionsKt;
import kotlin.coroutines.Continuation;
import kotlin.jvm.internal.Intrinsics;
import kotlin.time.DurationKt;
import kotlin.time.DurationUnit;
import kotlinx.coroutines.BuildersKt;
import kotlinx.coroutines.Dispatchers;
import kotlinx.serialization.json.Json;
import kotlinx.serialization.json.JsonElementKt;
import kotlinx.serialization.json.JsonObject;

/* compiled from: RequestAuthenticator.kt */
@Metadata(d1 = {"\u0000F\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\u001a(\u0010\u0000\u001a\u00020\u00012\u0006\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u0007H\u0082@¢\u0006\u0004\b\b\u0010\t\u001a(\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u0004\u001a\u00020\u0010H\u0002\u001a\u0010\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u0010H\u0002\u001a\u0010\u0010\u0014\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u0010H\u0002\u001a\f\u0010\u0015\u001a\u00020\u0016*\u00020\u0017H\u0002\u001a\f\u0010\u0018\u001a\u00020\u000b*\u00020\u0017H\u0002¨\u0006\u0019"}, d2 = {"lookupKeyByDID", "Ljava/security/PublicKey;", CIBASignedRequestClaimsSet.REQUEST_CLAIM_NAME, "Leu/europa/ec/eudi/openid4vp/internal/request/FetchedRequest$JwtSecured;", "clientId", "Leu/europa/ec/eudi/openid4vp/internal/DID;", "lookupPublicKeyByDIDUrl", "Leu/europa/ec/eudi/openid4vp/LookupPublicKeyByDIDUrl;", "lookupKeyByDID-N7EJtrs", "(Leu/europa/ec/eudi/openid4vp/internal/request/FetchedRequest$JwtSecured;Ljava/net/URI;Leu/europa/ec/eudi/openid4vp/LookupPublicKeyByDIDUrl;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "verifierAttestation", "Leu/europa/ec/eudi/openid4vp/internal/request/VerifierAttestationClaims;", "clock", "Ljava/time/Clock;", "supportedScheme", "Leu/europa/ec/eudi/openid4vp/SupportedClientIdScheme$VerifierAttestation;", "", "invalidScheme", "Leu/europa/ec/eudi/openid4vp/AuthorizationRequestException;", "cause", "invalidJarJwt", "requestObject", "Leu/europa/ec/eudi/openid4vp/internal/request/UnvalidatedRequestObject;", "Lcom/nimbusds/jwt/SignedJWT;", "verifierAttestationClaims", "siop-openid4vp"}, k = 2, mv = {2, 0, 0}, xi = 48)
/* loaded from: classes6.dex */
public final class RequestAuthenticatorKt {
    /* JADX INFO: Access modifiers changed from: private */
    public static final AuthorizationRequestException invalidJarJwt(String str) {
        return AuthorizationRequestResolverKt.asException(new RequestValidationError.InvalidJarJwt(str));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final AuthorizationRequestException invalidScheme(String str) {
        return AuthorizationRequestResolverKt.asException(new RequestValidationError.InvalidClientIdScheme(str));
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: lookupKeyByDID-N7EJtrs, reason: not valid java name */
    public static final Object m8400lookupKeyByDIDN7EJtrs(FetchedRequest.JwtSecured jwtSecured, URI uri, LookupPublicKeyByDIDUrl lookupPublicKeyByDIDUrl, Continuation<? super PublicKey> continuation) {
        return BuildersKt.withContext(Dispatchers.getIO(), new RequestAuthenticatorKt$lookupKeyByDID$2(uri, jwtSecured, lookupPublicKeyByDIDUrl, null), continuation);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final UnvalidatedRequestObject requestObject(SignedJWT signedJWT) {
        JWTClaimsSet jWTClaimsSet = signedJWT.getJWTClaimsSet();
        String stringClaim = jWTClaimsSet.getStringClaim("response_type");
        Map<String, Object> jSONObjectClaim = jWTClaimsSet.getJSONObjectClaim("presentation_definition");
        JsonObject requestObject$asJsonObject = jSONObjectClaim != null ? requestObject$asJsonObject(jSONObjectClaim) : null;
        String stringClaim2 = jWTClaimsSet.getStringClaim("presentation_definition_uri");
        String stringClaim3 = jWTClaimsSet.getStringClaim("scope");
        String stringClaim4 = jWTClaimsSet.getStringClaim(IDTokenClaimsSet.NONCE_CLAIM_NAME);
        String stringClaim5 = jWTClaimsSet.getStringClaim("response_mode");
        String stringClaim6 = jWTClaimsSet.getStringClaim("client_id_scheme");
        Map<String, Object> jSONObjectClaim2 = jWTClaimsSet.getJSONObjectClaim("client_metadata");
        return new UnvalidatedRequestObject(jSONObjectClaim2 != null ? requestObject$asJsonObject(jSONObjectClaim2) : null, stringClaim6, stringClaim4, jWTClaimsSet.getStringClaim("client_id"), stringClaim, stringClaim5, jWTClaimsSet.getStringClaim("response_uri"), requestObject$asJsonObject, stringClaim2, jWTClaimsSet.getStringClaim(TokenEndpointForm.REDIRECT_URI_PARAM), stringClaim3, jWTClaimsSet.getStringClaim("supported_algorithm"), jWTClaimsSet.getStringClaim(AuthorizationEndpointParams.PARAM_STATE), jWTClaimsSet.getStringClaim("id_token_type"), jWTClaimsSet.getStringListClaim("transaction_data"));
    }

    private static final JsonObject requestObject$asJsonObject(Map<String, ? extends Object> map) {
        String json = new Gson().toJson(map);
        Json.Companion companion = Json.INSTANCE;
        Intrinsics.checkNotNull(json);
        return JsonElementKt.getJsonObject(companion.parseToJsonElement(json));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final VerifierAttestationClaims verifierAttestation(Clock clock, SupportedClientIdScheme.VerifierAttestation verifierAttestation, FetchedRequest.JwtSecured jwtSecured, String str) {
        Object m9197constructorimpl;
        Object m9197constructorimpl2;
        JWSVerifier trust = verifierAttestation.getTrust();
        Duration clockSkew = verifierAttestation.getClockSkew();
        Object obj = jwtSecured.getJwt().getHeader().getCustomParams().get("jwt");
        if (obj == null) {
            throw invalidJarJwt("Missing jwt JOSE Header");
        }
        if (!(obj instanceof String)) {
            throw invalidJarJwt("jwt JOSE Header doesn't contain a JWT");
        }
        try {
            Result.Companion companion = Result.INSTANCE;
            m9197constructorimpl = Result.m9197constructorimpl(SignedJWT.parse((String) obj));
        } catch (Throwable th) {
            Result.Companion companion2 = Result.INSTANCE;
            m9197constructorimpl = Result.m9197constructorimpl(ResultKt.createFailure(th));
        }
        Throwable m9200exceptionOrNullimpl = Result.m9200exceptionOrNullimpl(m9197constructorimpl);
        if (m9200exceptionOrNullimpl != null) {
            throw verifierAttestation$invalidVerifierAttestationJwt("Cannot be parsed  " + m9200exceptionOrNullimpl);
        }
        SignedJWT signedJWT = (SignedJWT) m9197constructorimpl;
        if (!Intrinsics.areEqual(signedJWT.getHeader().getType(), new JOSEObjectType("verifier-attestation+jwt"))) {
            throw verifierAttestation$invalidVerifierAttestationJwt("typ is not verifier-attestation+jwt ");
        }
        try {
            Result.Companion companion3 = Result.INSTANCE;
            m9197constructorimpl2 = Result.m9197constructorimpl(Boolean.valueOf(signedJWT.verify(trust)));
        } catch (Throwable th2) {
            Result.Companion companion4 = Result.INSTANCE;
            m9197constructorimpl2 = Result.m9197constructorimpl(ResultKt.createFailure(th2));
        }
        Throwable m9200exceptionOrNullimpl2 = Result.m9200exceptionOrNullimpl(m9197constructorimpl2);
        if (m9200exceptionOrNullimpl2 != null) {
            throw verifierAttestation$invalidVerifierAttestationJwt("Not trusted. " + m9200exceptionOrNullimpl2);
        }
        try {
            TimeChecks timeChecks = new TimeChecks(clock, kotlin.time.Duration.m10575plusLRDsOJo(DurationKt.toDuration(clockSkew.getSeconds(), DurationUnit.SECONDS), DurationKt.toDuration(clockSkew.getNano(), DurationUnit.NANOSECONDS)), null);
            JWTClaimsSet jWTClaimsSet = signedJWT.getJWTClaimsSet();
            Intrinsics.checkNotNullExpressionValue(jWTClaimsSet, "getJWTClaimsSet(...)");
            timeChecks.verify(jWTClaimsSet, null);
            Intrinsics.checkNotNull(signedJWT);
            VerifierAttestationClaims verifierAttestationClaims = verifierAttestationClaims(signedJWT);
            if (Intrinsics.areEqual(verifierAttestationClaims.getSub(), str)) {
                return verifierAttestationClaims;
            }
            throw verifierAttestation$invalidVerifierAttestationJwt("sub claim and authorization's request client_id don't match");
        } catch (Throwable th3) {
            throw verifierAttestation$invalidVerifierAttestationJwt(th3.getMessage());
        }
    }

    private static final AuthorizationRequestException verifierAttestation$invalidVerifierAttestationJwt(String str) {
        return invalidJarJwt("Invalid VerifierAttestation JWT. Details: " + str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static final VerifierAttestationClaims verifierAttestationClaims(SignedJWT signedJWT) {
        Object m9197constructorimpl;
        Object obj;
        JWTClaimsSet jWTClaimsSet = signedJWT.getJWTClaimsSet();
        String issuer = jWTClaimsSet.getIssuer();
        if (issuer == null) {
            throw new IllegalArgumentException("Missing iss".toString());
        }
        String subject = jWTClaimsSet.getSubject();
        if (subject == null) {
            throw new IllegalArgumentException("Missing sub".toString());
        }
        Date issueTime = jWTClaimsSet.getIssueTime();
        Instant instant = issueTime != null ? issueTime.toInstant() : null;
        Date expirationTime = jWTClaimsSet.getExpirationTime();
        Instant instant2 = expirationTime != null ? expirationTime.toInstant() : null;
        if (instant2 == null) {
            throw new IllegalArgumentException("Missing exp".toString());
        }
        Date notBeforeTime = jWTClaimsSet.getNotBeforeTime();
        Instant instant3 = notBeforeTime != null ? notBeforeTime.toInstant() : null;
        Map<String, Object> jSONObjectClaim = jWTClaimsSet.getJSONObjectClaim("cnf");
        if (jSONObjectClaim == null) {
            throw new IllegalArgumentException("Missing cnf".toString());
        }
        try {
            Result.Companion companion = Result.INSTANCE;
            obj = jSONObjectClaim.get(HeaderParameterNames.JWK);
        } catch (Throwable th) {
            Result.Companion companion2 = Result.INSTANCE;
            m9197constructorimpl = Result.m9197constructorimpl(ResultKt.createFailure(th));
        }
        if (obj == null) {
            throw new IllegalArgumentException("Missing jwk".toString());
        }
        m9197constructorimpl = Result.m9197constructorimpl(JWK.parse(new Gson().toJson(obj)));
        if (Result.m9203isFailureimpl(m9197constructorimpl)) {
            m9197constructorimpl = null;
        }
        JWK jwk = (JWK) m9197constructorimpl;
        if (jwk == 0) {
            throw new IllegalArgumentException("Missing jwk".toString());
        }
        if (!(!jwk.isPrivate())) {
            throw new IllegalArgumentException("Not a public JWK".toString());
        }
        if (!(jwk instanceof AsymmetricJWK)) {
            throw new IllegalArgumentException("Not a valid JWK".toString());
        }
        AsymmetricJWK asymmetricJWK = (AsymmetricJWK) jwk;
        List<String> stringListClaim = jWTClaimsSet.getStringListClaim("redirect_uris");
        List list = stringListClaim != null ? CollectionsKt.toList(stringListClaim) : null;
        List<String> stringListClaim2 = jWTClaimsSet.getStringListClaim("response_uris");
        return new VerifierAttestationClaims(issuer, subject, instant, instant2, instant3, asymmetricJWK, list, stringListClaim2 != null ? CollectionsKt.toList(stringListClaim2) : null);
    }
}
