package E0;

import O0.b;
import com.exantech.custody.apiRest.ResponseData;
import com.exantech.custody.apiRest.items.EncodedQuote;
import com.exantech.custody.apiRest.items.IasReportInfo;
import com.exantech.custody.apiRest.items.VerifyQuoteReport;
import f3.C0459b;
import f3.C0462e;
import java.io.ByteArrayInputStream;
import java.net.URLDecoder;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import r1.C0838g;
import u1.o;
import u1.r;
import u1.x;
import v3.C0938a;

/* loaded from: classes.dex */
public final class m extends b<VerifyQuoteReport, EncodedQuote, D0.e> {

    /* renamed from: b1, reason: collision with root package name */
    public final String f443b1;

    /* renamed from: c1, reason: collision with root package name */
    public final Class<VerifyQuoteReport> f444c1;

    /* renamed from: d1, reason: collision with root package name */
    public final C0462e f445d1;

    /* renamed from: e1, reason: collision with root package name */
    public final int f446e1;

    /* renamed from: x, reason: collision with root package name */
    public final byte[] f447x;

    /* renamed from: y, reason: collision with root package name */
    public final byte[] f448y;

    public m(byte[] bArr, C0838g c0838g) {
        super(c0838g);
        this.f447x = bArr;
        byte[] bArr2 = new byte[16];
        SecureRandom instanceStrong = SecureRandom.getInstanceStrong();
        p3.k.d("getInstanceStrong(...)", instanceStrong);
        instanceStrong.nextBytes(bArr2);
        this.f448y = bArr2;
        this.f443b1 = "https://api.trustedservices.intel.com:443/sgx/attestation/v4/report";
        this.f444c1 = VerifyQuoteReport.class;
        this.f445d1 = new C0462e(new l(this));
        this.f446e1 = 1;
    }

    public static void p(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) {
        PublicKey publicKey = x509Certificate.getPublicKey();
        RSAPublicKey rSAPublicKey = publicKey instanceof RSAPublicKey ? (RSAPublicKey) publicKey : null;
        if (rSAPublicKey == null) {
            new Throwable("certificate doesn't contain RSA public key");
            return;
        }
        byte[] digest = MessageDigest.getInstance("SHA-256").digest(bArr);
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(rSAPublicKey);
        signature.update(digest);
        if (signature.verify(bArr2)) {
            return;
        }
        new Throwable("invalid signature");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // Z.c
    public final void e(W0.c cVar) {
        byte[] bArr;
        String body;
        F0.a aVar = (F0.a) cVar;
        ResponseData responseData = (ResponseData) aVar.f2418a;
        if (responseData == null || (body = responseData.getBody()) == null) {
            bArr = null;
        } else {
            bArr = body.getBytes(C0938a.f10833a);
            p3.k.d("getBytes(...)", bArr);
        }
        VerifyQuoteReport verifyQuoteReport = (VerifyQuoteReport) x.f10623a.b(this.f444c1, responseData != null ? responseData.getBody() : null);
        L l5 = this.f430d;
        Map<String, String> map = aVar.f527d;
        if (map == null || bArr == null || verifyQuoteReport == null) {
            o.a("VerifyQuoteOperation", "Either report or headers are missing");
            ((D0.e) l5).c(new O0.b(null, b.a.f1581q, 1));
            return;
        }
        if (!p3.k.a(B2.e.h2(this.f448y), verifyQuoteReport.getNonce())) {
            o.a("VerifyQuoteOperation", "Failed to verify quote: nonce mismatch");
            ((D0.e) l5).c(new O0.b(null, b.a.f1581q, 1));
            return;
        }
        try {
            C0459b<X509Certificate, X509Certificate> m5 = m(map);
            X509Certificate x509Certificate = m5.f7485c;
            X509Certificate x509Certificate2 = m5.f7486d;
            o.a("VerifyQuoteOperation", "Checking Intel signing certificate");
            x509Certificate.verify(x509Certificate2.getPublicKey());
            o.a("VerifyQuoteOperation", "Intel signing certificate is valid");
            try {
                byte[] bytes = n(map).getBytes(C0938a.f10833a);
                p3.k.d("getBytes(...)", bytes);
                p(bArr, bytes, x509Certificate);
                o.a("VerifyQuoteOperation", "Response signature is ok");
                try {
                    IasReportInfo o5 = o(verifyQuoteReport);
                    if (p3.k.a(verifyQuoteReport.getIsvEnclaveQuoteStatus(), "GROUP_OUT_OF_DATE")) {
                        o.a("VerifyQuoteOperation", "Group is out of date");
                        ((D0.e) l5).d(o5);
                    } else if (p3.k.a(verifyQuoteReport.getIsvEnclaveQuoteStatus(), "OK")) {
                        ((D0.e) l5).d(o5);
                    } else {
                        o.a("VerifyQuoteOperation", "Enclave quote status recognised as OK");
                        ((D0.e) l5).c(new O0.b(null, b.a.f1581q, 1));
                    }
                } catch (Exception e5) {
                    List<r> list = o.f10584a;
                    o.c("VerifyQuoteOperation", B2.e.G0(e5), e5);
                    ((D0.e) l5).c(new O0.b(null, b.a.f1581q, 1));
                }
            } catch (Exception e6) {
                List<r> list2 = o.f10584a;
                o.c("VerifyQuoteOperation", B2.e.G0(e6), e6);
                ((D0.e) l5).c(new O0.b(null, b.a.f1581q, 1));
            }
        } catch (Exception e7) {
            List<r> list3 = o.f10584a;
            o.c("VerifyQuoteOperation", B2.e.G0(e7), e7);
            ((D0.e) l5).c(new O0.b(null, b.a.f1581q, 1));
        }
    }

    @Override // E0.a
    public final void i(F0.a<ResponseData> aVar) {
        p3.k.e("result", aVar);
        super.i(aVar);
        ((D0.e) this.f430d).c(new O0.b(null, b.a.f1581q, 1));
    }

    @Override // E0.f
    public final Class<VerifyQuoteReport> j() {
        return this.f444c1;
    }

    @Override // E0.f
    public final HashMap<String, String> k() {
        HashMap<String, String> k5 = super.k();
        k5.put("Ocp-Apim-Subscription-Key", "7eb30c4b956c4326864f4171f4f26d31");
        return k5;
    }

    @Override // E0.f
    public final EncodedQuote l() {
        return (EncodedQuote) this.f445d1.a();
    }

    public final C0459b<X509Certificate, X509Certificate> m(Map<String, String> map) {
        String str = map.get("X-Iasreport-Signing-Certificate");
        if (str == null) {
            o.a("VerifyQuoteOperation", "Certificates not found");
            ((D0.e) this.f430d).c(new O0.b(null, b.a.f1581q, 1));
            throw new IllegalStateException("Certificates not found".toString());
        }
        String decode = URLDecoder.decode(str, "UTF-8");
        p3.k.b(decode);
        int B3 = v3.g.B(decode, "-----END CERTIFICATE-----\n", 0, false, 6);
        if (B3 < 0) {
            throw new IllegalStateException("No certificate found".toString());
        }
        int i5 = B3 + 26;
        String substring = decode.substring(0, i5);
        p3.k.d("substring(...)", substring);
        Charset charset = C0938a.f10833a;
        byte[] bytes = substring.getBytes(charset);
        p3.k.d("getBytes(...)", bytes);
        String substring2 = decode.substring(i5);
        p3.k.d("substring(...)", substring2);
        byte[] bytes2 = substring2.getBytes(charset);
        p3.k.d("getBytes(...)", bytes2);
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bytes));
        p3.k.c("null cannot be cast to non-null type java.security.cert.X509Certificate", generateCertificate);
        Certificate generateCertificate2 = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bytes2));
        p3.k.c("null cannot be cast to non-null type java.security.cert.X509Certificate", generateCertificate2);
        return new C0459b<>((X509Certificate) generateCertificate, (X509Certificate) generateCertificate2);
    }

    public final String n(Map<String, String> map) {
        String str = map.get("X-Iasreport-Signature");
        if (str == null) {
            ((D0.e) this.f430d).c(new O0.b(null, b.a.f1581q, 1));
            throw new IllegalStateException("Signature not found".toString());
        }
        String decode = URLDecoder.decode(str, "UTF-8");
        p3.k.d("decode(...)", decode);
        return decode;
    }

    public final IasReportInfo o(VerifyQuoteReport verifyQuoteReport) {
        try {
            byte[] decode = Base64.getDecoder().decode(verifyQuoteReport.getIsvEnclaveQuoteBody());
            p3.k.b(decode);
            byte[] q5 = g3.g.q(decode, 176, 208);
            if (q5.length != 32) {
                ((D0.e) this.f430d).c(new O0.b(null, b.a.f1581q, 1));
                throw new IllegalStateException("Unexpected MRSIGNER size".toString());
            }
            String advisoryURL = verifyQuoteReport.getAdvisoryURL();
            List<String> advisoryIDs = verifyQuoteReport.getAdvisoryIDs();
            byte[] copyOf = Arrays.copyOf(q5, q5.length);
            p3.k.d("copyOf(...)", copyOf);
            return new IasReportInfo(copyOf, advisoryURL, advisoryIDs);
        } catch (Exception unused) {
            verifyQuoteReport.getIsvEnclaveQuoteBody();
            throw new IllegalStateException("Failed to decode base64 quote body".toString());
        }
    }
}
