package de.rki.coronawarnapp.util.security;

import android.util.Base64;
import com.google.protobuf.GeneratedMessageLite;
import com.google.protobuf.Internal;
import de.rki.coronawarnapp.environment.EnvironmentSetup;
import de.rki.coronawarnapp.exception.CwaSecurityException;
import de.rki.coronawarnapp.server.protocols.external.exposurenotification.TemporaryExposureKeySignatureList$TEKSignature;
import de.rki.coronawarnapp.server.protocols.external.exposurenotification.TemporaryExposureKeySignatureList$TEKSignatureList;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.SynchronizedLazyImpl;
import kotlin.Unit;
import kotlin.collections.CollectionsKt__IteratorsJVMKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.collections.CollectionsKt___CollectionsKt$asSequence$$inlined$Sequence$1;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.sequences.FilteringSequence;
import kotlin.sequences.FilteringSequence$iterator$1;
import kotlin.sequences.SequencesKt___SequencesKt;
import kotlin.text.StringsKt__StringsKt;
import timber.log.Timber;

/* compiled from: SignatureValidation.kt */
/* loaded from: classes3.dex */
public final class SignatureValidation {
    public final EnvironmentSetup environmentSetup;
    public final SynchronizedLazyImpl keyFactory$delegate;
    public final SynchronizedLazyImpl publicKeys$delegate;
    public final SynchronizedLazyImpl signature$delegate;

    /* compiled from: SignatureValidation.kt */
    /* loaded from: classes3.dex */
    public static final class Companion {
        public static FilteringSequence parseTEKStyleSignature(byte[] bArr) {
            try {
                Internal.ProtobufList<TemporaryExposureKeySignatureList$TEKSignature> protobufList = ((TemporaryExposureKeySignatureList$TEKSignatureList) GeneratedMessageLite.parseFrom(TemporaryExposureKeySignatureList$TEKSignatureList.DEFAULT_INSTANCE, bArr)).signatures_;
                Intrinsics.checkNotNullExpressionValue(protobufList, "parseFrom(signatureListP…          .signaturesList");
                CollectionsKt___CollectionsKt$asSequence$$inlined$Sequence$1 asSequence = CollectionsKt___CollectionsKt.asSequence(protobufList);
                final SignatureValidation$Companion$parseTEKStyleSignature$1 action = new Function1<TemporaryExposureKeySignatureList$TEKSignature, Unit>() { // from class: de.rki.coronawarnapp.util.security.SignatureValidation$Companion$parseTEKStyleSignature$1
                    @Override // kotlin.jvm.functions.Function1
                    public final Unit invoke(TemporaryExposureKeySignatureList$TEKSignature temporaryExposureKeySignatureList$TEKSignature) {
                        Timber.Forest forest = Timber.Forest;
                        forest.tag("SignatureValidation");
                        forest.v(temporaryExposureKeySignatureList$TEKSignature.toString(), new Object[0]);
                        return Unit.INSTANCE;
                    }
                };
                Intrinsics.checkNotNullParameter(action, "action");
                return SequencesKt___SequencesKt.mapNotNull(SequencesKt___SequencesKt.map(asSequence, new Function1<Object, Object>() { // from class: kotlin.sequences.SequencesKt___SequencesKt$onEach$1
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super(1);
                    }

                    @Override // kotlin.jvm.functions.Function1
                    public final Object invoke(Object obj) {
                        action.invoke(obj);
                        return obj;
                    }
                }), new Function1<TemporaryExposureKeySignatureList$TEKSignature, byte[]>() { // from class: de.rki.coronawarnapp.util.security.SignatureValidation$Companion$parseTEKStyleSignature$2
                    @Override // kotlin.jvm.functions.Function1
                    public final byte[] invoke(TemporaryExposureKeySignatureList$TEKSignature temporaryExposureKeySignatureList$TEKSignature) {
                        return temporaryExposureKeySignatureList$TEKSignature.signature_.toByteArray();
                    }
                });
            } catch (Exception e) {
                Timber.Forest.w("%s is not a valid TEKSignatureList", bArr);
                throw new CwaSecurityException(e);
            }
        }
    }

    public SignatureValidation(EnvironmentSetup environmentSetup) {
        Intrinsics.checkNotNullParameter(environmentSetup, "environmentSetup");
        this.environmentSetup = environmentSetup;
        this.keyFactory$delegate = LazyKt__LazyJVMKt.lazy(new Function0<KeyFactory>() { // from class: de.rki.coronawarnapp.util.security.SignatureValidation$keyFactory$2
            @Override // kotlin.jvm.functions.Function0
            public final KeyFactory invoke() {
                return KeyFactory.getInstance("EC");
            }
        });
        this.signature$delegate = LazyKt__LazyJVMKt.lazy(new Function0<Signature>() { // from class: de.rki.coronawarnapp.util.security.SignatureValidation$signature$2
            @Override // kotlin.jvm.functions.Function0
            public final Signature invoke() {
                return Signature.getInstance("SHA256withECDSA");
            }
        });
        this.publicKeys$delegate = LazyKt__LazyJVMKt.lazy(new Function0<List<? extends PublicKey>>() { // from class: de.rki.coronawarnapp.util.security.SignatureValidation$publicKeys$2
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final List<? extends PublicKey> invoke() {
                SignatureValidation signatureValidation = SignatureValidation.this;
                String asText = signatureValidation.environmentSetup.getEnvironmentValue(EnvironmentSetup.EnvKey.VERIFICATION_KEYS).asText();
                Intrinsics.checkNotNullExpressionValue(asText, "getEnvironmentValue(VERIFICATION_KEYS).asText()");
                List split$default = StringsKt__StringsKt.split$default(asText, new String[]{","});
                ArrayList arrayList = new ArrayList();
                Iterator it = split$default.iterator();
                while (it.hasNext()) {
                    byte[] decode = Base64.decode((String) it.next(), 0);
                    if (decode != null) {
                        arrayList.add(decode);
                    }
                }
                ArrayList arrayList2 = new ArrayList(CollectionsKt__IteratorsJVMKt.collectionSizeOrDefault(arrayList, 10));
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    arrayList2.add(((KeyFactory) signatureValidation.keyFactory$delegate.getValue()).generatePublic(new X509EncodedKeySpec((byte[]) it2.next())));
                }
                Iterator it3 = arrayList2.iterator();
                while (it3.hasNext()) {
                    PublicKey publicKey = (PublicKey) it3.next();
                    Timber.Forest forest = Timber.Forest;
                    forest.tag("SignatureValidation");
                    forest.v("ENV PubKey: %s", publicKey);
                }
                return arrayList2;
            }
        });
    }

    public final ArrayList findMatchingPublicKeys(Signature signature, byte[] bArr, FilteringSequence filteringSequence) {
        boolean z;
        List list = (List) this.publicKeys$delegate.getValue();
        ArrayList arrayList = new ArrayList();
        for (Object obj : list) {
            PublicKey publicKey = (PublicKey) obj;
            FilteringSequence$iterator$1 filteringSequence$iterator$1 = new FilteringSequence$iterator$1(filteringSequence);
            while (true) {
                if (!filteringSequence$iterator$1.hasNext()) {
                    z = false;
                    break;
                }
                byte[] bArr2 = (byte[]) filteringSequence$iterator$1.next();
                signature.initVerify(publicKey);
                signature.update(bArr);
                if (signature.verify(bArr2)) {
                    z = true;
                    break;
                }
            }
            if (z) {
                arrayList.add(obj);
            }
        }
        return arrayList;
    }

    public final boolean hasValidSignature(byte[] bArr, FilteringSequence filteringSequence) {
        try {
            Signature signature = (Signature) this.signature$delegate.getValue();
            Intrinsics.checkNotNullExpressionValue(signature, "signature");
            ArrayList findMatchingPublicKeys = findMatchingPublicKeys(signature, bArr, filteringSequence);
            Timber.Forest forest = Timber.Forest;
            forest.tag("SignatureValidation");
            forest.v(findMatchingPublicKeys.size() + " valid signatures found", new Object[0]);
            boolean isEmpty = findMatchingPublicKeys.isEmpty() ^ true;
            if (isEmpty) {
                forest.tag("SignatureValidation");
                forest.d("Valid signatures found.", new Object[0]);
            } else {
                forest.tag("SignatureValidation");
                forest.w("No valid signature found.", new Object[0]);
            }
            return isEmpty;
        } catch (Exception e) {
            throw new CwaSecurityException(e);
        }
    }
}
