package org.whispersystems.signalservice.internal.contacts.crypto;

import j$.time.Instant;
import j$.time.LocalDateTime;
import j$.time.Period;
import j$.time.ZoneId;
import j$.time.ZonedDateTime;
import j$.time.format.DateTimeFormatter;
import j$.util.DesugarArrays;
import j$.util.function.Predicate;
import j$.util.stream.Stream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SignatureException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import org.signal.libsignal.protocol.util.ByteUtil;
import org.whispersystems.signalservice.api.crypto.InvalidCiphertextException;
import org.whispersystems.signalservice.internal.contacts.entities.RemoteAttestationResponse;
import org.whispersystems.signalservice.internal.util.Hex;
import org.whispersystems.signalservice.internal.util.JsonUtil;

/* loaded from: classes5.dex */
public final class RemoteAttestationCipher {
    private static final Set<String> ALLOWED_ADVISORIES = new HashSet<String>() { // from class: org.whispersystems.signalservice.internal.contacts.crypto.RemoteAttestationCipher.1
        {
            add("INTEL-SA-00334");
            add("INTEL-SA-00615");
        }
    };
    private static final Set<Long> SIGNATURE_BODY_VERSIONS = new HashSet<Long>() { // from class: org.whispersystems.signalservice.internal.contacts.crypto.RemoteAttestationCipher.2
        {
            add(3L);
            add(4L);
        }
    };

    private RemoteAttestationCipher() {
    }

    public static byte[] getRequestId(RemoteAttestationKeys remoteAttestationKeys, RemoteAttestationResponse remoteAttestationResponse) throws InvalidCiphertextException {
        return AESCipher.decrypt(remoteAttestationKeys.getServerKey(), remoteAttestationResponse.getIv(), remoteAttestationResponse.getCiphertext(), remoteAttestationResponse.getTag());
    }

    private static boolean hasValidStatus(SignatureBodyEntity signatureBodyEntity) {
        if ("OK".equals(signatureBodyEntity.getIsvEnclaveQuoteStatus())) {
            return true;
        }
        if (!"SW_HARDENING_NEEDED".equals(signatureBodyEntity.getIsvEnclaveQuoteStatus())) {
            return false;
        }
        Stream stream = DesugarArrays.stream(signatureBodyEntity.getAdvisoryIds());
        final Set<String> set = ALLOWED_ADVISORIES;
        Objects.requireNonNull(set);
        return stream.allMatch(new Predicate() { // from class: org.whispersystems.signalservice.internal.contacts.crypto.RemoteAttestationCipher$$ExternalSyntheticLambda0
            @Override // j$.util.function.Predicate
            public /* synthetic */ Predicate and(Predicate predicate) {
                return Predicate.CC.$default$and(this, predicate);
            }

            @Override // j$.util.function.Predicate
            /* renamed from: negate */
            public /* synthetic */ Predicate mo2986negate() {
                return Predicate.CC.$default$negate(this);
            }

            @Override // j$.util.function.Predicate
            public /* synthetic */ Predicate or(Predicate predicate) {
                return Predicate.CC.$default$or(this, predicate);
            }

            @Override // j$.util.function.Predicate
            public final boolean test(Object obj) {
                return set.contains((String) obj);
            }
        });
    }

    public static void verifyIasSignature(KeyStore keyStore, String str, String str2, String str3, Quote quote) throws SignatureException {
        if (str == null || str.isEmpty()) {
            throw new SignatureException("No certificates.");
        }
        try {
            new SigningCertificate(str, keyStore).verifySignature(str2, str3);
            SignatureBodyEntity signatureBodyEntity = (SignatureBodyEntity) JsonUtil.fromJson(str2, SignatureBodyEntity.class);
            if (!SIGNATURE_BODY_VERSIONS.contains(signatureBodyEntity.getVersion())) {
                throw new SignatureException("Unexpected signed quote version " + signatureBodyEntity.getVersion());
            }
            if (!MessageDigest.isEqual(ByteUtil.trim(signatureBodyEntity.getIsvEnclaveQuoteBody(), 432), ByteUtil.trim(quote.getQuoteBytes(), 432))) {
                throw new SignatureException("Signed quote is not the same as RA quote: " + Hex.toStringCondensed(signatureBodyEntity.getIsvEnclaveQuoteBody()) + " vs " + Hex.toStringCondensed(quote.getQuoteBytes()));
            }
            if (hasValidStatus(signatureBodyEntity)) {
                if (Instant.from(ZonedDateTime.of(LocalDateTime.from(DateTimeFormatter.ofPattern("yyy-MM-dd'T'HH:mm:ss.SSSSSS").parse(signatureBodyEntity.getTimestamp())), ZoneId.of("UTC"))).plus(Period.ofDays(1)).isBefore(Instant.now())) {
                    throw new SignatureException("Signature is expired");
                }
                return;
            }
            throw new SignatureException("Quote status is: " + signatureBodyEntity.getIsvEnclaveQuoteStatus() + " and advisories are: " + Arrays.toString(signatureBodyEntity.getAdvisoryIds()));
        } catch (IOException e) {
            e = e;
            throw new SignatureException(e);
        } catch (CertPathValidatorException e2) {
            e = e2;
            throw new SignatureException(e);
        } catch (CertificateException e3) {
            e = e3;
            throw new SignatureException(e);
        }
    }

    public static void verifyServerQuote(Quote quote, byte[] bArr, String str) throws UnauthenticatedQuoteException {
        try {
            int length = bArr.length;
            byte[] bArr2 = new byte[length];
            System.arraycopy(quote.getReportData(), 0, bArr2, 0, length);
            if (!MessageDigest.isEqual(bArr2, bArr)) {
                throw new UnauthenticatedQuoteException("Response quote has unauthenticated report data!");
            }
            if (MessageDigest.isEqual(Hex.fromStringCondensed(str), quote.getMrenclave())) {
                if (quote.isDebugQuote()) {
                    throw new UnauthenticatedQuoteException("Received quote for debuggable enclave");
                }
            } else {
                throw new UnauthenticatedQuoteException("The response quote has the wrong mrenclave value in it: " + Hex.toStringCondensed(quote.getMrenclave()));
            }
        } catch (IOException e) {
            throw new UnauthenticatedQuoteException(e);
        }
    }
}
