package org.forgerock.android.auth.devicebind;

import android.content.Context;
import android.os.Build;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.coroutines.Continuation;
import kotlin.jvm.internal.Intrinsics;
import org.forgerock.android.auth.CryptoKey;
import org.forgerock.android.auth.callback.Attestation;
import org.forgerock.android.auth.callback.DeviceBindingAuthenticationType;

/* compiled from: DeviceBindAuthenticators.kt */
@Metadata(d1 = {"\u0000b\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\bf\u0018\u00002\u00020\u0001J\u0019\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u0004\u001a\u00020\u0005H¦@ø\u0001\u0000¢\u0006\u0002\u0010\u0006J\u0010\u0010\u0007\u001a\u00020\b2\u0006\u0010\u0004\u001a\u00020\u0005H&J!\u0010\t\u001a\u00020\n2\u0006\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u000b\u001a\u00020\fH¦@ø\u0001\u0000¢\u0006\u0002\u0010\rJ\u0016\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u00100\u000f2\u0006\u0010\u0011\u001a\u00020\u0012H\u0002J\u001a\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0004\u001a\u00020\u00052\b\b\u0002\u0010\u000b\u001a\u00020\fH\u0016J\u0010\u0010\u0015\u001a\u00020\b2\u0006\u0010\u0015\u001a\u00020\u0016H\u0016JB\u0010\u0017\u001a\u00020\u00122\u0006\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0018\u001a\u00020\n2\u0006\u0010\u0019\u001a\u00020\u00122\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u001a\u001a\u00020\u00122\u0006\u0010\u001b\u001a\u00020\u001c2\b\b\u0002\u0010\u000b\u001a\u00020\fH\u0016J0\u0010\u0017\u001a\u00020\u00122\u0006\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u001f\u001a\u00020 2\u0006\u0010\u001a\u001a\u00020\u00122\u0006\u0010\u001b\u001a\u00020\u001cH\u0016J\b\u0010!\u001a\u00020\"H&\u0082\u0002\u0004\n\u0002\b\u0019¨\u0006#"}, d2 = {"Lorg/forgerock/android/auth/devicebind/DeviceAuthenticator;", "", "authenticate", "Lorg/forgerock/android/auth/devicebind/DeviceBindingStatus;", "context", "Landroid/content/Context;", "(Landroid/content/Context;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "deleteKeys", "", "generateKeys", "Lorg/forgerock/android/auth/devicebind/KeyPair;", "attestation", "Lorg/forgerock/android/auth/callback/Attestation;", "(Landroid/content/Context;Lorg/forgerock/android/auth/callback/Attestation;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "getCertificateChain", "", "Lcom/nimbusds/jose/util/Base64;", "userId", "", "isSupported", "", "prompt", "Lorg/forgerock/android/auth/devicebind/Prompt;", "sign", "keyPair", LocalDeviceBindingRepositoryKt.kidKey, "challenge", "expiration", "Ljava/util/Date;", "userKey", "Lorg/forgerock/android/auth/devicebind/UserKey;", "privateKey", "Ljava/security/PrivateKey;", "type", "Lorg/forgerock/android/auth/callback/DeviceBindingAuthenticationType;", "forgerock-auth_release"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes4.dex */
public interface DeviceAuthenticator {

    /* compiled from: DeviceBindAuthenticators.kt */
    @Metadata(k = 3, mv = {1, 8, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public static final class DefaultImpls {
        private static List<Base64> getCertificateChain(DeviceAuthenticator deviceAuthenticator, String str) {
            Certificate[] certificateChain = new CryptoKey(str).getCertificateChain();
            ArrayList arrayList = new ArrayList(certificateChain.length);
            for (Certificate certificate : certificateChain) {
                arrayList.add(Base64.encode(certificate.getEncoded()));
            }
            return CollectionsKt.toList(arrayList);
        }

        public static boolean isSupported(DeviceAuthenticator deviceAuthenticator, Context context, Attestation attestation) {
            Intrinsics.checkNotNullParameter(context, "context");
            Intrinsics.checkNotNullParameter(attestation, "attestation");
            return (attestation instanceof Attestation.None) || Build.VERSION.SDK_INT >= 24;
        }

        public static /* synthetic */ boolean isSupported$default(DeviceAuthenticator deviceAuthenticator, Context context, Attestation attestation, int i, Object obj) {
            if (obj != null) {
                throw new UnsupportedOperationException("Super calls with default arguments not supported in this target, function: isSupported");
            }
            if ((i & 2) != 0) {
                attestation = Attestation.None.INSTANCE;
            }
            return deviceAuthenticator.isSupported(context, attestation);
        }

        public static void prompt(DeviceAuthenticator deviceAuthenticator, Prompt prompt) {
            Intrinsics.checkNotNullParameter(prompt, "prompt");
        }

        public static String sign(DeviceAuthenticator deviceAuthenticator, Context context, KeyPair keyPair, String kid, String userId, String challenge, Date expiration, Attestation attestation) {
            Intrinsics.checkNotNullParameter(context, "context");
            Intrinsics.checkNotNullParameter(keyPair, "keyPair");
            Intrinsics.checkNotNullParameter(kid, "kid");
            Intrinsics.checkNotNullParameter(userId, "userId");
            Intrinsics.checkNotNullParameter(challenge, "challenge");
            Intrinsics.checkNotNullParameter(expiration, "expiration");
            Intrinsics.checkNotNullParameter(attestation, "attestation");
            RSAKey.Builder algorithm = new RSAKey.Builder(keyPair.getPublicKey()).keyUse(KeyUse.SIGNATURE).keyID(kid).algorithm(JWSAlgorithm.RS512);
            if (!(attestation instanceof Attestation.None)) {
                algorithm.x509CertChain(getCertificateChain(deviceAuthenticator, userId));
            }
            SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS512).keyID(kid).jwk(algorithm.build()).build(), new JWTClaimsSet.Builder().subject(userId).issuer(context.getPackageName()).expirationTime(expiration).claim("platform", "android").claim("android-version", Integer.valueOf(Build.VERSION.SDK_INT)).claim("challenge", challenge).build());
            signedJWT.sign(new RSASSASigner(keyPair.getPrivateKey()));
            String serialize = signedJWT.serialize();
            Intrinsics.checkNotNullExpressionValue(serialize, "signedJWT.serialize()");
            return serialize;
        }

        public static String sign(DeviceAuthenticator deviceAuthenticator, Context context, UserKey userKey, PrivateKey privateKey, String challenge, Date expiration) {
            Intrinsics.checkNotNullParameter(context, "context");
            Intrinsics.checkNotNullParameter(userKey, "userKey");
            Intrinsics.checkNotNullParameter(privateKey, "privateKey");
            Intrinsics.checkNotNullParameter(challenge, "challenge");
            Intrinsics.checkNotNullParameter(expiration, "expiration");
            SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS512).keyID(userKey.getKid()).build(), new JWTClaimsSet.Builder().subject(userKey.getUserId()).issuer(context.getPackageName()).claim("challenge", challenge).expirationTime(expiration).build());
            signedJWT.sign(new RSASSASigner(privateKey));
            String serialize = signedJWT.serialize();
            Intrinsics.checkNotNullExpressionValue(serialize, "signedJWT.serialize()");
            return serialize;
        }

        public static /* synthetic */ String sign$default(DeviceAuthenticator deviceAuthenticator, Context context, KeyPair keyPair, String str, String str2, String str3, Date date, Attestation attestation, int i, Object obj) {
            if (obj == null) {
                return deviceAuthenticator.sign(context, keyPair, str, str2, str3, date, (i & 64) != 0 ? Attestation.None.INSTANCE : attestation);
            }
            throw new UnsupportedOperationException("Super calls with default arguments not supported in this target, function: sign");
        }
    }

    Object authenticate(Context context, Continuation<? super DeviceBindingStatus> continuation);

    void deleteKeys(Context context);

    Object generateKeys(Context context, Attestation attestation, Continuation<? super KeyPair> continuation);

    boolean isSupported(Context context, Attestation attestation);

    void prompt(Prompt prompt);

    String sign(Context context, KeyPair keyPair, String kid, String userId, String challenge, Date expiration, Attestation attestation);

    String sign(Context context, UserKey userKey, PrivateKey privateKey, String challenge, Date expiration);

    DeviceBindingAuthenticationType type();
}
