package eu.europa.ec.eudi.openid4vp.internal.request;

import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.X509CertUtils;
import com.nimbusds.oauth2.sdk.ciba.CIBASignedRequestClaimsSet;
import eu.europa.ec.eudi.openid4vp.AuthorizationRequestException;
import eu.europa.ec.eudi.openid4vp.AuthorizationRequestResolverKt;
import eu.europa.ec.eudi.openid4vp.ClientIdScheme;
import eu.europa.ec.eudi.openid4vp.ConfigKt;
import eu.europa.ec.eudi.openid4vp.RequestValidationError;
import eu.europa.ec.eudi.openid4vp.SiopOpenId4VPConfig;
import eu.europa.ec.eudi.openid4vp.SupportedClientIdScheme;
import eu.europa.ec.eudi.openid4vp.X509CertificateTrust;
import eu.europa.ec.eudi.openid4vp.internal.X509SubjectAlternativeNameKt;
import eu.europa.ec.eudi.openid4vp.internal.request.FetchedRequest;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.TuplesKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: RequestAuthenticator.kt */
@Metadata(d1 = {"\u0000R\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\b\u0000\u0018\u00002\u00020\u0001B\u000f\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0004\b\u0004\u0010\u0005J\u0016\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\tH\u0086@¢\u0006\u0002\u0010\nJ\u001c\u0010\u000b\u001a\u000e\u0012\u0004\u0012\u00020\r\u0012\u0004\u0012\u00020\u000e0\f2\u0006\u0010\u000f\u001a\u00020\u0010H\u0002J=\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u00130\u00122\u0006\u0010\b\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00162\u001d\u0010\u0017\u001a\u0019\u0012\u0004\u0012\u00020\u0013\u0012\n\u0012\b\u0012\u0004\u0012\u00020\r0\u00120\u0018¢\u0006\u0002\b\u0019H\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u001a"}, d2 = {"Leu/europa/ec/eudi/openid4vp/internal/request/ClientAuthenticator;", "", "siopOpenId4VPConfig", "Leu/europa/ec/eudi/openid4vp/SiopOpenId4VPConfig;", "<init>", "(Leu/europa/ec/eudi/openid4vp/SiopOpenId4VPConfig;)V", "authenticateClient", "Leu/europa/ec/eudi/openid4vp/internal/request/AuthenticatedClient;", CIBASignedRequestClaimsSet.REQUEST_CLAIM_NAME, "Leu/europa/ec/eudi/openid4vp/internal/request/FetchedRequest;", "(Leu/europa/ec/eudi/openid4vp/internal/request/FetchedRequest;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "clientIdAndScheme", "Lkotlin/Pair;", "", "Leu/europa/ec/eudi/openid4vp/SupportedClientIdScheme;", "requestObject", "Leu/europa/ec/eudi/openid4vp/internal/request/UnvalidatedRequestObject;", "x5c", "", "Ljava/security/cert/X509Certificate;", "Leu/europa/ec/eudi/openid4vp/internal/request/FetchedRequest$JwtSecured;", "trust", "Leu/europa/ec/eudi/openid4vp/X509CertificateTrust;", "subjectAlternativeNames", "Lkotlin/Function1;", "Lkotlin/ExtensionFunctionType;", "siop-openid4vp"}, k = 1, mv = {2, 0, 0}, xi = 48)
/* loaded from: classes6.dex */
public final class ClientAuthenticator {
    private final SiopOpenId4VPConfig siopOpenId4VPConfig;

    public ClientAuthenticator(SiopOpenId4VPConfig siopOpenId4VPConfig) {
        Intrinsics.checkNotNullParameter(siopOpenId4VPConfig, "siopOpenId4VPConfig");
        this.siopOpenId4VPConfig = siopOpenId4VPConfig;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final Throwable authenticateClient$lambda$10(Throwable it) {
        Intrinsics.checkNotNullParameter(it, "it");
        return AuthorizationRequestResolverKt.asException(RequestValidationError.InvalidClientId.INSTANCE);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final Throwable authenticateClient$lambda$3(Throwable it) {
        Intrinsics.checkNotNullParameter(it, "it");
        return AuthorizationRequestResolverKt.asException(RequestValidationError.InvalidClientId.INSTANCE);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final List authenticateClient$lambda$6(X509Certificate x5c) {
        AuthorizationRequestException invalidJarJwt;
        Intrinsics.checkNotNullParameter(x5c, "$this$x5c");
        Object sanOfDNSName = X509SubjectAlternativeNameKt.sanOfDNSName(x5c);
        if (Result.m9203isFailureimpl(sanOfDNSName)) {
            sanOfDNSName = null;
        }
        List list = (List) sanOfDNSName;
        if (list != null) {
            return list;
        }
        invalidJarJwt = RequestAuthenticatorKt.invalidJarJwt("Certificates misses DNS names");
        throw invalidJarJwt;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final List authenticateClient$lambda$9(X509Certificate x5c) {
        AuthorizationRequestException invalidJarJwt;
        Intrinsics.checkNotNullParameter(x5c, "$this$x5c");
        Object sanOfUniformResourceIdentifier = X509SubjectAlternativeNameKt.sanOfUniformResourceIdentifier(x5c);
        if (Result.m9203isFailureimpl(sanOfUniformResourceIdentifier)) {
            sanOfUniformResourceIdentifier = null;
        }
        List list = (List) sanOfUniformResourceIdentifier;
        if (list != null) {
            return list;
        }
        invalidJarJwt = RequestAuthenticatorKt.invalidJarJwt("Certificates misses URI names");
        throw invalidJarJwt;
    }

    private final Pair<String, SupportedClientIdScheme> clientIdAndScheme(UnvalidatedRequestObject requestObject) {
        AuthorizationRequestException invalidScheme;
        String clientId = requestObject.getClientId();
        if (clientId == null) {
            throw AuthorizationRequestResolverKt.asException(RequestValidationError.MissingClientId.INSTANCE);
        }
        String clientIdScheme = requestObject.getClientIdScheme();
        ClientIdScheme make = clientIdScheme != null ? ClientIdScheme.INSTANCE.make(clientIdScheme) : null;
        if (make == null) {
            invalidScheme = RequestAuthenticatorKt.invalidScheme("Missing or invalid client_id_scheme");
            throw invalidScheme;
        }
        SupportedClientIdScheme supportedClientIdScheme = ConfigKt.supportedClientIdScheme(this.siopOpenId4VPConfig, make);
        if (supportedClientIdScheme != null) {
            return TuplesKt.to(clientId, supportedClientIdScheme);
        }
        throw AuthorizationRequestResolverKt.asException(RequestValidationError.UnsupportedClientIdScheme.INSTANCE);
    }

    private final List<X509Certificate> x5c(FetchedRequest.JwtSecured request, X509CertificateTrust trust, Function1<? super X509Certificate, ? extends List<String>> subjectAlternativeNames) {
        AuthorizationRequestException invalidJarJwt;
        AuthorizationRequestException invalidJarJwt2;
        AuthorizationRequestException invalidJarJwt3;
        AuthorizationRequestException invalidJarJwt4;
        Object m9197constructorimpl;
        JWSHeader header = request.getJwt().getHeader();
        List<Base64> x509CertChain = header != null ? header.getX509CertChain() : null;
        if (x509CertChain == null) {
            invalidJarJwt = RequestAuthenticatorKt.invalidJarJwt("Missing x5c");
            throw invalidJarJwt;
        }
        ArrayList arrayList = new ArrayList();
        for (Base64 base64 : x509CertChain) {
            try {
                Result.Companion companion = Result.INSTANCE;
                ClientAuthenticator clientAuthenticator = this;
                m9197constructorimpl = Result.m9197constructorimpl(X509CertUtils.parse(base64.decode()));
            } catch (Throwable th) {
                Result.Companion companion2 = Result.INSTANCE;
                m9197constructorimpl = Result.m9197constructorimpl(ResultKt.createFailure(th));
            }
            if (Result.m9203isFailureimpl(m9197constructorimpl)) {
                m9197constructorimpl = null;
            }
            X509Certificate x509Certificate = (X509Certificate) m9197constructorimpl;
            if (x509Certificate != null) {
                arrayList.add(x509Certificate);
            }
        }
        ArrayList arrayList2 = arrayList;
        if (!(!arrayList2.isEmpty())) {
            invalidJarJwt2 = RequestAuthenticatorKt.invalidJarJwt("Invalid x5c");
            throw invalidJarJwt2;
        }
        if (!subjectAlternativeNames.invoke(arrayList2.get(0)).contains(request.getClientId())) {
            invalidJarJwt3 = RequestAuthenticatorKt.invalidJarJwt("ClientId not found in certificate's subject alternative names");
            throw invalidJarJwt3;
        }
        if (trust.isTrusted(arrayList2)) {
            return arrayList2;
        }
        invalidJarJwt4 = RequestAuthenticatorKt.invalidJarJwt("Untrusted x5c");
        throw invalidJarJwt4;
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x0038  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0025  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.Object authenticateClient(eu.europa.ec.eudi.openid4vp.internal.request.FetchedRequest r10, kotlin.coroutines.Continuation<? super eu.europa.ec.eudi.openid4vp.internal.request.AuthenticatedClient> r11) {
        /*
            Method dump skipped, instructions count: 537
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: eu.europa.ec.eudi.openid4vp.internal.request.ClientAuthenticator.authenticateClient(eu.europa.ec.eudi.openid4vp.internal.request.FetchedRequest, kotlin.coroutines.Continuation):java.lang.Object");
    }
}
