package com.microsoft.vienna.rpa.cloud.components.jwt;

import com.microsoft.vienna.rpa.BuildConfig;
import com.microsoft.vienna.rpa.cloud.components.jwt.validators.CommonNameCertificateValidator;
import com.microsoft.vienna.rpa.cloud.components.jwt.validators.FingerprintCertificateValidator;
import com.microsoft.vienna.rpa.cloud.components.jwt.validators.ICertificateStatusValidator;
import com.microsoft.vienna.rpa.cloud.components.jwt.validators.ICertificateValidator;
import com.microsoft.vienna.rpa.cloud.components.jwt.validators.SimpleAppListCertificateStatusValidator;
import com.microsoft.vienna.vienna_utils_lib.Logcat;
import com.microsoft.vienna.vienna_utils_lib.logging.ILogger;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.SigningKeyResolverAdapter;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt__CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: X509SigningKeyResolver.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000H\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018\u0000 \u00162\u00020\u0001:\u0001\u0016B3\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\b0\u0007\u0012\u0006\u0010\t\u001a\u00020\n\u0012\u0006\u0010\u000b\u001a\u00020\f¢\u0006\u0002\u0010\rJ\u0014\u0010\u000e\u001a\u00020\u000f2\n\u0010\u0010\u001a\u0006\u0012\u0002\b\u00030\u0011H\u0002J\u001e\u0010\u0012\u001a\u0004\u0018\u00010\u00132\n\u0010\u0010\u001a\u0006\u0012\u0002\b\u00030\u00112\u0006\u0010\u0014\u001a\u00020\u0015H\u0016R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\b0\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\fX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0017"}, d2 = {"Lcom/microsoft/vienna/rpa/cloud/components/jwt/X509SigningKeyResolver;", "Lio/jsonwebtoken/SigningKeyResolverAdapter;", "trustManager", "Ljavax/net/ssl/X509TrustManager;", "certificateParser", "Lcom/microsoft/vienna/rpa/cloud/components/jwt/X509CertificateParser;", "certificateValidators", "", "Lcom/microsoft/vienna/rpa/cloud/components/jwt/validators/ICertificateValidator;", "statusValidator", "Lcom/microsoft/vienna/rpa/cloud/components/jwt/validators/ICertificateStatusValidator;", "log", "Lcom/microsoft/vienna/rpa/cloud/components/jwt/X509SigningKeyResolverLog;", "(Ljavax/net/ssl/X509TrustManager;Lcom/microsoft/vienna/rpa/cloud/components/jwt/X509CertificateParser;Ljava/util/List;Lcom/microsoft/vienna/rpa/cloud/components/jwt/validators/ICertificateStatusValidator;Lcom/microsoft/vienna/rpa/cloud/components/jwt/X509SigningKeyResolverLog;)V", "headersAreValid", "", "jwsHeader", "Lio/jsonwebtoken/JwsHeader;", "resolveSigningKey", "Ljava/security/Key;", "claims", "Lio/jsonwebtoken/Claims;", "Companion", "vienna-rpa-lib_release"}, k = 1, mv = {1, 4, 1})
/* loaded from: classes5.dex */
public final class X509SigningKeyResolver extends SigningKeyResolverAdapter {
    private static final String ALG_RS512 = "RS512";

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static final int LEAF_CERT_INDEX = 0;
    private static final String TRUST_MANAGER_ALGO = "PKIX";
    private static final String TRUST_MANAGER_KEY_TYPE = "RSA";
    private static final String X5C_HEADER = "x5c";
    private final X509CertificateParser certificateParser;
    private final List<ICertificateValidator> certificateValidators;
    private final X509SigningKeyResolverLog log;
    private final ICertificateStatusValidator statusValidator;
    private final X509TrustManager trustManager;

    /* compiled from: X509SigningKeyResolver.kt */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000,\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\b\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\b\u0010\n\u001a\u00020\u000bH\u0002J\u0010\u0010\f\u001a\u00020\r2\b\b\u0002\u0010\u000e\u001a\u00020\u000fR\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000¨\u0006\u0010"}, d2 = {"Lcom/microsoft/vienna/rpa/cloud/components/jwt/X509SigningKeyResolver$Companion;", "", "()V", "ALG_RS512", "", "LEAF_CERT_INDEX", "", "TRUST_MANAGER_ALGO", "TRUST_MANAGER_KEY_TYPE", "X5C_HEADER", "getTrustManager", "Ljavax/net/ssl/X509TrustManager;", "withDefaults", "Lcom/microsoft/vienna/rpa/cloud/components/jwt/X509SigningKeyResolver;", "logger", "Lcom/microsoft/vienna/vienna_utils_lib/logging/ILogger;", "vienna-rpa-lib_release"}, k = 1, mv = {1, 4, 1})
    /* loaded from: classes5.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        private final X509TrustManager getTrustManager() throws KeyStoreException, NoSuchAlgorithmException {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(X509SigningKeyResolver.TRUST_MANAGER_ALGO);
            trustManagerFactory.init((KeyStore) null);
            Intrinsics.checkNotNullExpressionValue(trustManagerFactory, "trustManagerFactory");
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (!(trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager))) {
                throw new IllegalStateException("Unexpected default trust managers".toString());
            }
            TrustManager trustManager = trustManagers[0];
            if (trustManager != null) {
                return (X509TrustManager) trustManager;
            }
            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        }

        public static /* synthetic */ X509SigningKeyResolver withDefaults$default(Companion companion, ILogger iLogger, int i, Object obj) {
            if ((i & 1) != 0) {
                iLogger = Logcat.getAsILogger();
                Intrinsics.checkNotNullExpressionValue(iLogger, "Logcat.getAsILogger()");
            }
            return companion.withDefaults(iLogger);
        }

        public final X509SigningKeyResolver withDefaults(ILogger logger) {
            List listOf;
            Intrinsics.checkNotNullParameter(logger, "logger");
            X509TrustManager trustManager = getTrustManager();
            X509CertificateParser x509CertificateParser = new X509CertificateParser(logger);
            listOf = CollectionsKt__CollectionsKt.listOf((Object[]) new ICertificateValidator[]{new CommonNameCertificateValidator(BuildConfig.AG_X509_LEAF_CN), new FingerprintCertificateValidator(BuildConfig.AG_X509_MS_CA_FINGERPRINT, logger)});
            return new X509SigningKeyResolver(trustManager, x509CertificateParser, listOf, new SimpleAppListCertificateStatusValidator(logger, null, 2, null), new X509SigningKeyResolverLog(logger));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public X509SigningKeyResolver(X509TrustManager trustManager, X509CertificateParser certificateParser, List<? extends ICertificateValidator> certificateValidators, ICertificateStatusValidator statusValidator, X509SigningKeyResolverLog log) {
        Intrinsics.checkNotNullParameter(trustManager, "trustManager");
        Intrinsics.checkNotNullParameter(certificateParser, "certificateParser");
        Intrinsics.checkNotNullParameter(certificateValidators, "certificateValidators");
        Intrinsics.checkNotNullParameter(statusValidator, "statusValidator");
        Intrinsics.checkNotNullParameter(log, "log");
        this.trustManager = trustManager;
        this.certificateParser = certificateParser;
        this.certificateValidators = certificateValidators;
        this.statusValidator = statusValidator;
        this.log = log;
    }

    private final boolean headersAreValid(JwsHeader<?> jwsHeader) {
        if (Intrinsics.areEqual(jwsHeader.getAlgorithm(), ALG_RS512) && jwsHeader.containsKey("x5c") && (jwsHeader.get("x5c") instanceof List) && ((List) jwsHeader.get("x5c")) != null) {
            Intrinsics.checkNotNull((List) jwsHeader.get("x5c"));
            if (!r4.isEmpty()) {
                return true;
            }
        }
        return false;
    }

    @Override // io.jsonwebtoken.SigningKeyResolverAdapter, io.jsonwebtoken.SigningKeyResolver
    public Key resolveSigningKey(JwsHeader<?> jwsHeader, Claims claims) {
        Intrinsics.checkNotNullParameter(jwsHeader, "jwsHeader");
        Intrinsics.checkNotNullParameter(claims, "claims");
        if (!headersAreValid(jwsHeader)) {
            this.log.invalidHeaders();
            return null;
        }
        try {
            X509CertificateParser x509CertificateParser = this.certificateParser;
            Object obj = jwsHeader.get("x5c");
            if (obj == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.collections.List<kotlin.String>");
            }
            List<X509Certificate> parseChain = x509CertificateParser.parseChain((List) obj);
            if (parseChain.isEmpty()) {
                this.log.chainParseFailure();
                return null;
            }
            try {
                X509TrustManager x509TrustManager = this.trustManager;
                Object[] array = parseChain.toArray(new X509Certificate[0]);
                if (array == null) {
                    throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T>");
                }
                x509TrustManager.checkClientTrusted((X509Certificate[]) array, "RSA");
                Iterator<ICertificateValidator> it = this.certificateValidators.iterator();
                for (X509Certificate x509Certificate : parseChain) {
                    if (it.hasNext() && !it.next().isValid(x509Certificate)) {
                        this.log.certValidationFailure();
                        return null;
                    }
                    if (this.statusValidator.isRevoked(x509Certificate)) {
                        this.log.certRevoked();
                        return null;
                    }
                }
                return parseChain.get(0).getPublicKey();
            } catch (CertificateException unused) {
                this.log.invalidChain();
                return null;
            }
        } catch (ClassCastException unused2) {
            this.log.chainParseFailure();
            return null;
        }
    }
}
