package de.authada.eid.core.authentication.paos.steps;

import de.authada.eid.card.api.ByteArray;
import de.authada.eid.card.api.Card;
import de.authada.eid.card.api.CardLostException;
import de.authada.eid.card.asn1.CVCertificate;
import de.authada.eid.card.asn1.CertificateHolderAuthorizationTemplate;
import de.authada.eid.card.asn1.ca.EphemeralPublicKey;
import de.authada.eid.card.asn1.ta.CompressedEphemeralPublicKey;
import de.authada.eid.card.ca.ChipAuthentication;
import de.authada.eid.card.ca.ChipAuthenticationException;
import de.authada.eid.card.ca.ChipAuthenticationResult;
import de.authada.eid.card.ta.TerminalAuthenticationException;
import de.authada.eid.core.api.callbacks.AuthenticationCallback;
import de.authada.eid.core.authentication.paos.PAOSException;
import de.authada.eid.core.authentication.paos.PAOSUtils;
import de.authada.eid.core.authentication.paos.steps.EAC1Step;
import de.authada.eid.core.authentication.paos.steps.ImmutableEAC2Context;
import de.authada.eid.core.support.Function;
import de.authada.eid.core.support.Optional;
import de.authada.eid.core.support.Supplier;
import de.authada.eid.paos.models.output.EAC2OutputTypeBuilder;
import de.authada.mobile.org.spongycastle.asn1.eac.CertificationAuthorityReference;
import java.util.ArrayList;
import java.util.List;
import org.immutables.value.Value;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public class EAC2Step {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) EAC2Step.class);

    @Value.Style(builderVisibility = Value.Style.BuilderVisibility.PACKAGE, strictBuilder = true)
    @Value.Immutable
    /* loaded from: classes3.dex */
    public interface EAC2Context {
        Optional<Integer> getCertificateSerialNumber();

        EAC2OutputTypeBuilder getEac2OutputTypeBuilder();
    }

    private CVCertificate findCertificateWithCAR(Iterable<CVCertificate> iterable, CertificationAuthorityReference certificationAuthorityReference) throws PAOSException {
        for (CVCertificate cVCertificate : iterable) {
            if (PAOSUtils.carEquals(cVCertificate.getCvCertificateBody().getCAR(), certificationAuthorityReference)) {
                return cVCertificate;
            }
        }
        throw new PAOSException("CAR not found in certificate list");
    }

    private List<CVCertificate> getCVCertificates(EAC1Step.EAC1Context eAC1Context, Iterable<CVCertificate> iterable) {
        ArrayList arrayList = new ArrayList(eAC1Context.getCvCertificates());
        for (CVCertificate cVCertificate : iterable) {
            if (cVCertificate.getCvCertificateBody().getCHAT().getRole() != CertificateHolderAuthorizationTemplate.Role.TERMINAL) {
                arrayList.add(cVCertificate);
            }
        }
        arrayList.add(eAC1Context.getTerminalCertificate());
        return arrayList;
    }

    private List<CVCertificate> getTrustedChain(List<CVCertificate> list, CertificationAuthorityReference certificationAuthorityReference) throws PAOSException {
        ArrayList arrayList = new ArrayList();
        CVCertificate findCertificateWithCAR = findCertificateWithCAR(list, certificationAuthorityReference);
        while (findCertificateWithCAR != null) {
            arrayList.add(findCertificateWithCAR);
            findCertificateWithCAR = nextInChain(list, findCertificateWithCAR);
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ PAOSException lambda$getFilteredCertificateChain$3() {
        return new PAOSException("Certificate chain is invalid");
    }

    private CVCertificate nextInChain(Iterable<CVCertificate> iterable, CVCertificate cVCertificate) throws PAOSException {
        if (cVCertificate.getCvCertificateBody().getCHAT().getRole() == CertificateHolderAuthorizationTemplate.Role.TERMINAL) {
            return null;
        }
        for (CVCertificate cVCertificate2 : iterable) {
            if (PAOSUtils.chrEqualsCar(cVCertificate.getCvCertificateBody().getCHR(), cVCertificate2.getCvCertificateBody().getCAR())) {
                return cVCertificate2;
            }
        }
        throw new PAOSException("Certificate chain is invalid");
    }

    List<CVCertificate> getFilteredCertificateChain(final EAC1Step.EAC1Context eAC1Context, Iterable<CVCertificate> iterable) throws PAOSException {
        final List<CVCertificate> cVCertificates = getCVCertificates(eAC1Context, iterable);
        return (List) Optional.ofNullable((List) eAC1Context.getNewCAR().map(new Function() { // from class: de.authada.eid.core.authentication.paos.steps.-$$Lambda$EAC2Step$RW3hm3VJETHDP_BGG7tHi4EaYCc
            @Override // de.authada.eid.core.support.Function
            public final Object apply(Object obj) {
                return EAC2Step.this.lambda$getFilteredCertificateChain$0$EAC2Step(cVCertificates, (CertificationAuthorityReference) obj);
            }
        }).orElseGet(new Supplier() { // from class: de.authada.eid.core.authentication.paos.steps.-$$Lambda$EAC2Step$PPcP8bXI3a_ZwT8f00-nmlBzah8
            @Override // de.authada.eid.core.support.Supplier
            public final Object get() {
                return EAC2Step.this.lambda$getFilteredCertificateChain$2$EAC2Step(eAC1Context, cVCertificates);
            }
        })).orElseThrow(new Supplier() { // from class: de.authada.eid.core.authentication.paos.steps.-$$Lambda$EAC2Step$KPNVPOq4Op685VLQhGC5tsoH8iA
            @Override // de.authada.eid.core.support.Supplier
            public final Object get() {
                return EAC2Step.lambda$getFilteredCertificateChain$3();
            }
        });
    }

    public /* synthetic */ List lambda$getFilteredCertificateChain$0$EAC2Step(List list, CertificationAuthorityReference certificationAuthorityReference) {
        try {
            return getTrustedChain(list, certificationAuthorityReference);
        } catch (PAOSException unused) {
            LOGGER.info("Could not build trustedChain for NewCAR");
            return null;
        }
    }

    public /* synthetic */ List lambda$getFilteredCertificateChain$2$EAC2Step(EAC1Step.EAC1Context eAC1Context, final List list) {
        return (List) eAC1Context.getOldCAR().map(new Function() { // from class: de.authada.eid.core.authentication.paos.steps.-$$Lambda$EAC2Step$K8AZL2BalyxGSOc4K-4leF1rfrI
            @Override // de.authada.eid.core.support.Function
            public final Object apply(Object obj) {
                return EAC2Step.this.lambda$null$1$EAC2Step(list, (CertificationAuthorityReference) obj);
            }
        }).orElse(null);
    }

    public /* synthetic */ List lambda$null$1$EAC2Step(List list, CertificationAuthorityReference certificationAuthorityReference) {
        try {
            return getTrustedChain(list, certificationAuthorityReference);
        } catch (PAOSException unused) {
            LOGGER.info("Could not build trustedChain for OldCAR");
            return null;
        }
    }

    ChipAuthenticationResult performChipAuthentication(Card card, EphemeralPublicKey ephemeralPublicKey) throws ChipAuthenticationException, CardLostException {
        return new ChipAuthentication(card, ephemeralPublicKey).process();
    }

    public EAC2Context processStep(EAC1Step.EAC1Context eAC1Context, Iterable<CVCertificate> iterable, ByteArray byteArray, EphemeralPublicKey ephemeralPublicKey) throws PAOSException, CardLostException {
        LOGGER.info("Check CVCertificate list from EAC1Context");
        List<CVCertificate> filteredCertificateChain = getFilteredCertificateChain(eAC1Context, iterable);
        try {
            ImmutableEAC2Context.Builder builder = ImmutableEAC2Context.builder();
            LOGGER.info("Continue Terminal Authenticatin");
            eAC1Context.getTaStep().resume(new CompressedEphemeralPublicKey(ephemeralPublicKey.getBytes()), byteArray, filteredCertificateChain);
            eAC1Context.getCallbackHelper().fireStateChanged(AuthenticationCallback.State.TA_COMPLETED);
            LOGGER.info("Perform Chip Authentication");
            ChipAuthenticationResult performChipAuthentication = performChipAuthentication(eAC1Context.getCard(builder), ephemeralPublicKey);
            eAC1Context.getCallbackHelper().fireStateChanged(AuthenticationCallback.State.CA_COMPLETED);
            Optional<Integer> certificateSerialNumber = performChipAuthentication.getEFCardSecurity().getCertificateSerialNumber();
            LOGGER.debug("Acquired Certificate Serial Number {}", certificateSerialNumber.orElse(null));
            builder.certificateSerialNumber(certificateSerialNumber);
            LOGGER.info("Build eac2outputtype");
            builder.eac2OutputTypeBuilder(new EAC2OutputTypeBuilder().efCardSecurity(Optional.of(performChipAuthentication.getEFCardSecurity())).authenticationToken(Optional.of(performChipAuthentication.getAuthenticationToken())).nonce(Optional.of(performChipAuthentication.getNonce())).challenge(Optional.empty()));
            return builder.build();
        } catch (ChipAuthenticationException e) {
            throw new PAOSException("Failed to perform Chip Authentication", e);
        } catch (TerminalAuthenticationException e2) {
            throw new PAOSException("Failed to perform Terminal Authentication", e2);
        }
    }
}
