package org.forgerock.android.auth.devicebind;

import Kb.a;
import android.content.Context;
import android.os.Build;
import com.contentsquare.android.api.Currencies;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.Map;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.C3265p;
import kotlin.collections.CollectionsKt;
import kotlin.collections.H;
import kotlin.coroutines.Continuation;
import kotlin.jvm.internal.Intrinsics;
import org.forgerock.android.auth.CryptoKey;
import org.forgerock.android.auth.Logger;
import org.forgerock.android.auth.callback.Attestation;
import org.forgerock.android.auth.callback.DeviceBindingAuthenticationType;
import org.forgerock.android.auth.webauthn.WebAuthn;
import org.jetbrains.annotations.NotNull;
import tb.C4006j;
import tb.k;
import ub.C4066a;
import zb.C4607h;
import zb.C4611l;

@Metadata(d1 = {"\u0000x\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010$\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u000b\bf\u0018\u0000 52\u00020\u0001:\u00015J\u001d\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00050\u00042\u0006\u0010\u0003\u001a\u00020\u0002H\u0002¢\u0006\u0004\b\u0006\u0010\u0007J \u0010\r\u001a\u00020\f2\u0006\u0010\t\u001a\u00020\b2\u0006\u0010\u000b\u001a\u00020\nH¦@¢\u0006\u0004\b\r\u0010\u000eJ\u0018\u0010\u0010\u001a\u00020\u000f2\u0006\u0010\t\u001a\u00020\bH¦@¢\u0006\u0004\b\u0010\u0010\u0011J\u0017\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0013\u001a\u00020\u0012H\u0016¢\u0006\u0004\b\u0013\u0010\u0015J\u000f\u0010\u0016\u001a\u00020\u0002H\u0016¢\u0006\u0004\b\u0016\u0010\u0017JS\u0010\u001f\u001a\u00020\u00022\u0006\u0010\t\u001a\u00020\b2\u0006\u0010\u0018\u001a\u00020\f2\b\u0010\u001a\u001a\u0004\u0018\u00010\u00192\u0006\u0010\u001b\u001a\u00020\u00022\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u001c\u001a\u00020\u00022\u0006\u0010\u001e\u001a\u00020\u001d2\b\b\u0002\u0010\u000b\u001a\u00020\nH\u0016¢\u0006\u0004\b\u001f\u0010 JW\u0010\u001f\u001a\u00020\u00022\u0006\u0010\t\u001a\u00020\b2\u0006\u0010\"\u001a\u00020!2\u0006\u0010$\u001a\u00020#2\b\u0010\u001a\u001a\u0004\u0018\u00010\u00192\u0006\u0010\u001c\u001a\u00020\u00022\u0006\u0010\u001e\u001a\u00020\u001d2\u0014\b\u0002\u0010&\u001a\u000e\u0012\u0004\u0012\u00020\u0002\u0012\u0004\u0012\u00020\u00010%H\u0016¢\u0006\u0004\b\u001f\u0010'J!\u0010)\u001a\u00020(2\u0006\u0010\t\u001a\u00020\b2\b\b\u0002\u0010\u000b\u001a\u00020\nH\u0016¢\u0006\u0004\b)\u0010*J\u000f\u0010,\u001a\u00020+H&¢\u0006\u0004\b,\u0010-J\u0017\u0010.\u001a\u00020\u00142\u0006\u0010\t\u001a\u00020\bH&¢\u0006\u0004\b.\u0010/J\u000f\u00100\u001a\u00020\u001dH\u0016¢\u0006\u0004\b0\u00101J\u000f\u00102\u001a\u00020\u001dH\u0016¢\u0006\u0004\b2\u00101J#\u00103\u001a\u00020(2\u0012\u0010&\u001a\u000e\u0012\u0004\u0012\u00020\u0002\u0012\u0004\u0012\u00020\u00010%H\u0016¢\u0006\u0004\b3\u00104ø\u0001\u0000\u0082\u0002\u0006\n\u0004\b!0\u0001¨\u00066À\u0006\u0001"}, d2 = {"Lorg/forgerock/android/auth/devicebind/DeviceAuthenticator;", "", "", "userId", "", "LJb/a;", "getCertificateChain", "(Ljava/lang/String;)Ljava/util/List;", "Landroid/content/Context;", "context", "Lorg/forgerock/android/auth/callback/Attestation;", "attestation", "Lorg/forgerock/android/auth/devicebind/KeyPair;", "generateKeys", "(Landroid/content/Context;Lorg/forgerock/android/auth/callback/Attestation;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "Lorg/forgerock/android/auth/devicebind/DeviceBindingStatus;", "authenticate", "(Landroid/content/Context;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "Lorg/forgerock/android/auth/devicebind/Prompt;", "prompt", "", "(Lorg/forgerock/android/auth/devicebind/Prompt;)V", "getAlgorithm", "()Ljava/lang/String;", "keyPair", "Ljava/security/Signature;", "signature", LocalDeviceBindingRepositoryKt.kidKey, WebAuthn.CHALLENGE, "Ljava/util/Date;", "expiration", "sign", "(Landroid/content/Context;Lorg/forgerock/android/auth/devicebind/KeyPair;Ljava/security/Signature;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/util/Date;Lorg/forgerock/android/auth/callback/Attestation;)Ljava/lang/String;", "Lorg/forgerock/android/auth/devicebind/UserKey;", "userKey", "Ljava/security/PrivateKey;", "privateKey", "", "customClaims", "(Landroid/content/Context;Lorg/forgerock/android/auth/devicebind/UserKey;Ljava/security/PrivateKey;Ljava/security/Signature;Ljava/lang/String;Ljava/util/Date;Ljava/util/Map;)Ljava/lang/String;", "", "isSupported", "(Landroid/content/Context;Lorg/forgerock/android/auth/callback/Attestation;)Z", "Lorg/forgerock/android/auth/callback/DeviceBindingAuthenticationType;", "type", "()Lorg/forgerock/android/auth/callback/DeviceBindingAuthenticationType;", "deleteKeys", "(Landroid/content/Context;)V", "getIssueTime", "()Ljava/util/Date;", "getNotBeforeTime", "validateCustomClaims", "(Ljava/util/Map;)Z", "Companion", "forgerock-auth_release"}, k = 1, mv = {1, 9, 0}, xi = Currencies.BHD)
/* loaded from: classes3.dex */
public interface DeviceAuthenticator {

    /* renamed from: Companion, reason: from kotlin metadata */
    @NotNull
    public static final Companion INSTANCE = Companion.$$INSTANCE;

    @Metadata(d1 = {"\u0000\u0018\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0010\u000e\n\u0002\b\u0003\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u0017\u0010\u0003\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0006\u0010\u0007¨\u0006\b"}, d2 = {"Lorg/forgerock/android/auth/devicebind/DeviceAuthenticator$Companion;", "", "()V", "registeredKeys", "", "", "getRegisteredKeys", "()Ljava/util/List;", "forgerock-auth_release"}, k = 1, mv = {1, 9, 0}, xi = Currencies.BHD)
    /* loaded from: classes3.dex */
    public static final class Companion {
        static final /* synthetic */ Companion $$INSTANCE = new Companion();

        @NotNull
        private static final List<String> registeredKeys = C3265p.n("sub", "exp", "iat", "nbf", "iss", WebAuthn.CHALLENGE);

        private Companion() {
        }

        @NotNull
        public final List<String> getRegisteredKeys() {
            return registeredKeys;
        }
    }

    private default List<Jb.a> getCertificateChain(String userId) {
        Certificate[] certificateChain = new CryptoKey(userId).getCertificateChain();
        ArrayList arrayList = new ArrayList(certificateChain.length);
        for (Certificate certificate : certificateChain) {
            arrayList.add(Jb.a.d(certificate.getEncoded()));
        }
        return CollectionsKt.a1(arrayList);
    }

    static /* synthetic */ boolean isSupported$default(DeviceAuthenticator deviceAuthenticator, Context context, Attestation attestation, int i10, Object obj) {
        if (obj != null) {
            throw new UnsupportedOperationException("Super calls with default arguments not supported in this target, function: isSupported");
        }
        if ((i10 & 2) != 0) {
            attestation = Attestation.None.INSTANCE;
        }
        return deviceAuthenticator.isSupported(context, attestation);
    }

    static /* synthetic */ String sign$default(DeviceAuthenticator deviceAuthenticator, Context context, KeyPair keyPair, Signature signature, String str, String str2, String str3, Date date, Attestation attestation, int i10, Object obj) {
        if (obj == null) {
            return deviceAuthenticator.sign(context, keyPair, signature, str, str2, str3, date, (i10 & 128) != 0 ? Attestation.None.INSTANCE : attestation);
        }
        throw new UnsupportedOperationException("Super calls with default arguments not supported in this target, function: sign");
    }

    static /* synthetic */ String sign$default(DeviceAuthenticator deviceAuthenticator, Context context, UserKey userKey, PrivateKey privateKey, Signature signature, String str, Date date, Map map, int i10, Object obj) {
        if (obj == null) {
            return deviceAuthenticator.sign(context, userKey, privateKey, signature, str, date, (i10 & 64) != 0 ? H.h() : map);
        }
        throw new UnsupportedOperationException("Super calls with default arguments not supported in this target, function: sign");
    }

    Object authenticate(@NotNull Context context, @NotNull Continuation continuation);

    void deleteKeys(@NotNull Context context);

    Object generateKeys(@NotNull Context context, @NotNull Attestation attestation, @NotNull Continuation continuation);

    @NotNull
    default String getAlgorithm() {
        return "RS512";
    }

    @NotNull
    default Date getIssueTime() {
        Date time = Calendar.getInstance().getTime();
        Intrinsics.checkNotNullExpressionValue(time, "getTime(...)");
        return time;
    }

    @NotNull
    default Date getNotBeforeTime() {
        Date time = Calendar.getInstance().getTime();
        Intrinsics.checkNotNullExpressionValue(time, "getTime(...)");
        return time;
    }

    default boolean isSupported(@NotNull Context context, @NotNull Attestation attestation) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(attestation, "attestation");
        boolean z10 = attestation instanceof Attestation.None;
        return true;
    }

    default void prompt(@NotNull Prompt prompt) {
        Intrinsics.checkNotNullParameter(prompt, "prompt");
    }

    @NotNull
    default String sign(@NotNull Context context, @NotNull KeyPair keyPair, Signature signature, @NotNull String kid, @NotNull String userId, @NotNull String challenge, @NotNull Date expiration, @NotNull Attestation attestation) {
        Unit unit;
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(keyPair, "keyPair");
        Intrinsics.checkNotNullParameter(kid, "kid");
        Intrinsics.checkNotNullParameter(userId, "userId");
        Intrinsics.checkNotNullParameter(challenge, "challenge");
        Intrinsics.checkNotNullParameter(expiration, "expiration");
        Intrinsics.checkNotNullParameter(attestation, "attestation");
        C4611l.a a10 = new C4611l.a(keyPair.getPublicKey()).d(C4607h.f44652b).c(kid).a(C4006j.c(getAlgorithm()));
        if (!(attestation instanceof Attestation.None)) {
            a10.e(getCertificateChain(userId));
        }
        Kb.b bVar = new Kb.b(new k.a(C4006j.c(getAlgorithm())).h(kid).f(a10.b()).b(), new a.b().j(userId).g(context.getPackageName()).e(expiration).f(getIssueTime()).i(getNotBeforeTime()).d("platform", "android").d("android-version", Integer.valueOf(Build.VERSION.SDK_INT)).d(WebAuthn.CHALLENGE, challenge).c());
        if (signature != null) {
            Logger.INSTANCE.info(DeviceBindAuthenticatorsKt.access$getTAG$p(), "Use CryptObject signature for Signing", new Object[0]);
            bVar.o(new RSASASignatureSigner(signature));
            unit = Unit.f35398a;
        } else {
            unit = null;
        }
        if (unit == null) {
            Logger.INSTANCE.info(DeviceBindAuthenticatorsKt.access$getTAG$p(), "Use Private Key for Signing", new Object[0]);
            bVar.o(new C4066a(keyPair.getPrivateKey()));
        }
        String m10 = bVar.m();
        Intrinsics.checkNotNullExpressionValue(m10, "serialize(...)");
        return m10;
    }

    @NotNull
    default String sign(@NotNull Context context, @NotNull UserKey userKey, @NotNull PrivateKey privateKey, Signature signature, @NotNull String challenge, @NotNull Date expiration, @NotNull Map<String, ? extends Object> customClaims) {
        Unit unit;
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(userKey, "userKey");
        Intrinsics.checkNotNullParameter(privateKey, "privateKey");
        Intrinsics.checkNotNullParameter(challenge, "challenge");
        Intrinsics.checkNotNullParameter(expiration, "expiration");
        Intrinsics.checkNotNullParameter(customClaims, "customClaims");
        a.b e10 = new a.b().j(userKey.getUserId()).g(context.getPackageName()).d(WebAuthn.CHALLENGE, challenge).f(getIssueTime()).i(getNotBeforeTime()).e(expiration);
        for (Map.Entry<String, ? extends Object> entry : customClaims.entrySet()) {
            e10.d(entry.getKey(), entry.getValue());
        }
        Kb.b bVar = new Kb.b(new k.a(C4006j.c(getAlgorithm())).h(userKey.getKid()).b(), e10.c());
        if (signature != null) {
            Logger.INSTANCE.info(DeviceBindAuthenticatorsKt.access$getTAG$p(), "Use CryptObject signature for Signing", new Object[0]);
            bVar.o(new RSASASignatureSigner(signature));
            unit = Unit.f35398a;
        } else {
            unit = null;
        }
        if (unit == null) {
            Logger.INSTANCE.info(DeviceBindAuthenticatorsKt.access$getTAG$p(), "Use Private Key for Signing", new Object[0]);
            bVar.o(new C4066a(privateKey));
        }
        String m10 = bVar.m();
        Intrinsics.checkNotNullExpressionValue(m10, "serialize(...)");
        return m10;
    }

    @NotNull
    DeviceBindingAuthenticationType type();

    default boolean validateCustomClaims(@NotNull Map<String, ? extends Object> customClaims) {
        Intrinsics.checkNotNullParameter(customClaims, "customClaims");
        return CollectionsKt.p0(customClaims.keySet(), INSTANCE.getRegisteredKeys()).isEmpty();
    }
}
