package com.android.devicediagnostics;

import android.util.Log;
import com.google.android.attestation.ParsedAttestationRecord;
import com.google.common.collect.ImmutableList;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;

/* compiled from: KeyAttestationParser.kt */
@Metadata(mv = {1, 9, 0}, k = 2, xi = 48, d1 = {"��4\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n��\n\u0002\u0010 \n��\u001a$\u0010\u0002\u001a\u0010\u0012\u0006\u0012\u0004\u0018\u00010\u0004\u0012\u0004\u0012\u00020\u00050\u00032\u0006\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\u0007\u001a\u0016\u0010\t\u001a\b\u0012\u0004\u0012\u00020\u000b0\n2\u0006\u0010\u0006\u001a\u00020\u0007H\u0002\u001a\u0016\u0010\f\u001a\u00020\r2\f\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u000b0\u000fH\u0002\"\u000e\u0010��\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n��¨\u0006\u0010"}, d2 = {"TAG", "", "getAttestation", "Lkotlin/Pair;", "Lcom/google/android/attestation/ParsedAttestationRecord;", "Lcom/android/devicediagnostics/AttestationResult;", "attestation", "", "challenge", "loadCertificates", "Lcom/google/common/collect/ImmutableList;", "Ljava/security/cert/X509Certificate;", "verifyCertificateChain", "", "certs", "", "packages__apps__DeviceDiagnostics__DeviceDiagnosticsLib__src__main__android_common__DeviceDiagnosticsLib"})
/* loaded from: input_file:com/android/devicediagnostics/KeyAttestationParserKt.class */
public final class KeyAttestationParserKt {

    @NotNull
    private static final String TAG = "Attestation";

    @NotNull
    public static final Pair<ParsedAttestationRecord, AttestationResult> getAttestation(@NotNull byte[] attestation, @NotNull byte[] challenge) {
        Intrinsics.checkNotNullParameter(attestation, "attestation");
        Intrinsics.checkNotNullParameter(challenge, "challenge");
        try {
            ImmutableList<X509Certificate> loadCertificates = loadCertificates(attestation);
            ParsedAttestationRecord createParsedAttestationRecord = ParsedAttestationRecord.createParsedAttestationRecord(loadCertificates);
            if (verifyCertificateChain(loadCertificates)) {
                if (Arrays.equals(createParsedAttestationRecord.attestationChallenge, challenge)) {
                    return new Pair<>(createParsedAttestationRecord, AttestationResult.VERIFIED);
                }
                Log.e(TAG, "Attestation failed: challenge does not match");
            }
            return new Pair<>(createParsedAttestationRecord, AttestationResult.UNVERIFIED);
        } catch (Exception e) {
            Log.e(TAG, "Attestation failed: " + e);
            return (0 == 0 || !(e instanceof IOException)) ? new Pair<>(null, AttestationResult.GENERIC_ERROR) : new Pair<>(null, AttestationResult.NETWORK_ERROR);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x0065, code lost:
    
        throw new java.security.cert.CertificateException("Certificate revocation status is " + r0.status.name());
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x008e, code lost:
    
        return java.util.Arrays.equals(org.bouncycastle.util.encoders.Base64.decode(com.google.android.attestation.Constants.GOOGLE_ROOT_CA_PUB_KEY), r5.get(r5.size() - 1).getPublicKey().getEncoded());
     */
    /* JADX WARN: Code restructure failed: missing block: B:2:0x001d, code lost:
    
        if (0 <= r7) goto L4;
     */
    /* JADX WARN: Code restructure failed: missing block: B:3:0x0020, code lost:
    
        r0 = r7;
        r7 = r7 - 1;
        r0 = r5.get(r0);
        r0.checkValidity();
        r0.verify(r6.getPublicKey());
        r6 = r0;
        r0 = com.google.android.attestation.CertificateRevocationStatus.fetchStatus(r0.getSerialNumber());
     */
    /* JADX WARN: Code restructure failed: missing block: B:4:0x004e, code lost:
    
        if (r0 == null) goto L8;
     */
    /* JADX WARN: Code restructure failed: missing block: B:6:0x0068, code lost:
    
        if (0 <= r7) goto L14;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static final boolean verifyCertificateChain(java.util.List<? extends java.security.cert.X509Certificate> r5) {
        /*
            r0 = r5
            r1 = r5
            int r1 = r1.size()
            r2 = 1
            int r1 = r1 - r2
            java.lang.Object r0 = r0.get(r1)
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
            r6 = r0
            r0 = r5
            int r0 = r0.size()
            r1 = -1
            int r0 = r0 + r1
            r7 = r0
            r0 = 0
            r1 = r7
            if (r0 > r1) goto L6b
        L20:
            r0 = r7
            r8 = r0
            int r7 = r7 + (-1)
            r0 = r5
            r1 = r8
            java.lang.Object r0 = r0.get(r1)
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
            r9 = r0
            r0 = r9
            r0.checkValidity()
            r0 = r9
            r1 = r6
            java.security.PublicKey r1 = r1.getPublicKey()
            r0.verify(r1)
            r0 = r9
            r6 = r0
            r0 = r9
            java.math.BigInteger r0 = r0.getSerialNumber()
            com.google.android.attestation.CertificateRevocationStatus r0 = com.google.android.attestation.CertificateRevocationStatus.fetchStatus(r0)
            r10 = r0
            r0 = r10
            if (r0 == 0) goto L66
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException
            r1 = r0
            r2 = r10
            com.google.android.attestation.CertificateRevocationStatus$Status r2 = r2.status
            java.lang.String r2 = r2.name()
            java.lang.String r2 = "Certificate revocation status is " + r2
            r1.<init>(r2)
            throw r0
        L66:
            r0 = 0
            r1 = r7
            if (r0 <= r1) goto L20
        L6b:
            java.lang.String r0 = "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAQ=="
            byte[] r0 = org.bouncycastle.util.encoders.Base64.decode(r0)
            r7 = r0
            r0 = r7
            r1 = r5
            r2 = r5
            int r2 = r2.size()
            r3 = 1
            int r2 = r2 - r3
            java.lang.Object r1 = r1.get(r2)
            java.security.cert.X509Certificate r1 = (java.security.cert.X509Certificate) r1
            java.security.PublicKey r1 = r1.getPublicKey()
            byte[] r1 = r1.getEncoded()
            boolean r0 = java.util.Arrays.equals(r0, r1)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.android.devicediagnostics.KeyAttestationParserKt.verifyCertificateChain(java.util.List):boolean");
    }

    private static final ImmutableList<X509Certificate> loadCertificates(byte[] bArr) {
        ImmutableList.Builder builder = new ImmutableList.Builder();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        while (wrap.remaining() > 0) {
            byte[] bArr2 = new byte[wrap.getInt()];
            wrap.get(bArr2);
            Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(bArr2));
            Intrinsics.checkNotNull(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            builder.add((ImmutableList.Builder) generateCertificate);
        }
        ImmutableList<X509Certificate> build = builder.build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        return build;
    }
}
