package de.authada.eid.core.authentication.paos.steps;

import androidx.camera.camera2.internal.V1;
import androidx.camera.camera2.internal.W1;
import androidx.compose.ui.text.android.LayoutCompat;
import de.authada.eid.card.api.ByteArray;
import de.authada.eid.card.api.Card;
import de.authada.eid.card.asn1.CVCertificate;
import de.authada.eid.card.asn1.CertificateHolderAuthorizationTemplate;
import de.authada.eid.card.asn1.ca.EphemeralPublicKey;
import de.authada.eid.card.asn1.ta.CompressedEphemeralPublicKey;
import de.authada.eid.card.ca.ChipAuthentication;
import de.authada.eid.card.ca.ChipAuthenticationException;
import de.authada.eid.card.ca.ChipAuthenticationResult;
import de.authada.eid.card.ta.TerminalAuthenticationException;
import de.authada.eid.core.api.callbacks.AuthenticationCallback;
import de.authada.eid.core.authentication.paos.PAOSException;
import de.authada.eid.core.authentication.paos.steps.EAC1Step;
import de.authada.eid.core.authentication.paos.steps.ImmutableEAC2Context;
import de.authada.eid.core.support.Optional;
import de.authada.eid.core.support.Supplier;
import de.authada.eid.paos.models.output.EAC2OutputTypeBuilder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.immutables.value.Value;

/* loaded from: classes2.dex */
public class EAC2Step {
    private static final km.b LOGGER = km.d.b(EAC2Step.class);

    @Value.Style(builderVisibility = Value.Style.BuilderVisibility.PACKAGE, strictBuilder = LayoutCompat.DEFAULT_FALLBACK_LINE_SPACING)
    @Value.Immutable
    /* loaded from: classes2.dex */
    public interface EAC2Context {
        Optional<Integer> getCertificateSerialNumber();

        EAC2OutputTypeBuilder getEac2OutputTypeBuilder();
    }

    public static /* synthetic */ PAOSException c() {
        return lambda$getFilteredCertificateChain$3();
    }

    private CVCertificate findCertificateWithCAR(Iterable<CVCertificate> iterable, ByteArray byteArray) {
        for (CVCertificate cVCertificate : iterable) {
            if (Arrays.equals(cVCertificate.getCvCertificateBody().getCAR().getBytes(), byteArray.getBytes())) {
                return cVCertificate;
            }
        }
        throw new PAOSException("CAR not found in certificate list");
    }

    private List<CVCertificate> getCVCertificates(EAC1Step.EAC1Context eAC1Context, Iterable<CVCertificate> iterable) {
        ArrayList arrayList = new ArrayList(eAC1Context.getCvCertificates());
        for (CVCertificate cVCertificate : iterable) {
            if (cVCertificate.getCvCertificateBody().getCHAT().getRole() != CertificateHolderAuthorizationTemplate.Role.TERMINAL) {
                arrayList.add(cVCertificate);
            }
        }
        arrayList.add(eAC1Context.getTerminalCertificate());
        return arrayList;
    }

    private List<CVCertificate> getTrustedChain(List<CVCertificate> list, ByteArray byteArray) {
        ArrayList arrayList = new ArrayList();
        CVCertificate findCertificateWithCAR = findCertificateWithCAR(list, byteArray);
        while (findCertificateWithCAR != null) {
            arrayList.add(findCertificateWithCAR);
            findCertificateWithCAR = nextInChain(list, findCertificateWithCAR);
        }
        return arrayList;
    }

    public /* synthetic */ List lambda$getFilteredCertificateChain$0(List list, ByteArray byteArray) {
        try {
            return getTrustedChain(list, byteArray);
        } catch (PAOSException unused) {
            LOGGER.s("Could not build trustedChain for NewCAR");
            return null;
        }
    }

    public /* synthetic */ List lambda$getFilteredCertificateChain$1(List list, ByteArray byteArray) {
        try {
            return getTrustedChain(list, byteArray);
        } catch (PAOSException unused) {
            LOGGER.s("Could not build trustedChain for OldCAR");
            return null;
        }
    }

    public /* synthetic */ List lambda$getFilteredCertificateChain$2(EAC1Step.EAC1Context eAC1Context, List list) {
        return (List) eAC1Context.getOldCAR().map(new V1(this, list)).orElse(null);
    }

    public static /* synthetic */ PAOSException lambda$getFilteredCertificateChain$3() {
        return new PAOSException("Certificate chain is invalid");
    }

    private CVCertificate nextInChain(Iterable<CVCertificate> iterable, CVCertificate cVCertificate) {
        if (cVCertificate.getCvCertificateBody().getCHAT().getRole() == CertificateHolderAuthorizationTemplate.Role.TERMINAL) {
            return null;
        }
        for (CVCertificate cVCertificate2 : iterable) {
            if (Arrays.equals(cVCertificate.getCvCertificateBody().getCHR().getBytes(), cVCertificate2.getCvCertificateBody().getCAR().getBytes())) {
                return cVCertificate2;
            }
        }
        throw new PAOSException("Certificate chain is invalid");
    }

    public List<CVCertificate> getFilteredCertificateChain(final EAC1Step.EAC1Context eAC1Context, Iterable<CVCertificate> iterable) {
        final List<CVCertificate> cVCertificates = getCVCertificates(eAC1Context, iterable);
        return (List) Optional.ofNullable((List) eAC1Context.getNewCAR().map(new W1(this, cVCertificates)).orElseGet(new Supplier() { // from class: de.authada.eid.core.authentication.paos.steps.f
            @Override // de.authada.eid.core.support.Supplier
            public final Object get() {
                List lambda$getFilteredCertificateChain$2;
                lambda$getFilteredCertificateChain$2 = EAC2Step.this.lambda$getFilteredCertificateChain$2(eAC1Context, cVCertificates);
                return lambda$getFilteredCertificateChain$2;
            }
        })).orElseThrow(new Object());
    }

    public ChipAuthenticationResult performChipAuthentication(Card card, EphemeralPublicKey ephemeralPublicKey) {
        return new ChipAuthentication(card, ephemeralPublicKey).process();
    }

    public EAC2Context processStep(EAC1Step.EAC1Context eAC1Context, Iterable<CVCertificate> iterable, ByteArray byteArray, EphemeralPublicKey ephemeralPublicKey) {
        km.b bVar = LOGGER;
        bVar.s("Check CVCertificate list from EAC1Context");
        List<CVCertificate> filteredCertificateChain = getFilteredCertificateChain(eAC1Context, iterable);
        try {
            ImmutableEAC2Context.Builder builder = ImmutableEAC2Context.builder();
            bVar.s("Continue Terminal Authenticatin");
            eAC1Context.getTaStep().resume(new CompressedEphemeralPublicKey(ephemeralPublicKey.getBytes()), byteArray, filteredCertificateChain);
            eAC1Context.getCallbackHelper().fireStateChanged(AuthenticationCallback.State.TA_COMPLETED);
            bVar.s("Perform Chip Authentication");
            ChipAuthenticationResult performChipAuthentication = performChipAuthentication(eAC1Context.getCard(builder), ephemeralPublicKey);
            eAC1Context.getCallbackHelper().fireStateChanged(AuthenticationCallback.State.CA_COMPLETED);
            Optional<Integer> certificateSerialNumber = performChipAuthentication.getEFCardSecurity().getCertificateSerialNumber();
            bVar.v(certificateSerialNumber.orElse(null), "Acquired Certificate Serial Number {}");
            builder.certificateSerialNumber(certificateSerialNumber);
            bVar.s("Build eac2outputtype");
            builder.eac2OutputTypeBuilder(new EAC2OutputTypeBuilder().efCardSecurity(Optional.of(performChipAuthentication.getEFCardSecurity())).authenticationToken(Optional.of(performChipAuthentication.getAuthenticationToken())).nonce(Optional.of(performChipAuthentication.getNonce())).challenge(Optional.empty()));
            return builder.build();
        } catch (ChipAuthenticationException e10) {
            throw new PAOSException("Failed to perform Chip Authentication", e10);
        } catch (TerminalAuthenticationException e11) {
            throw new PAOSException("Failed to perform Terminal Authentication", e11);
        }
    }
}
