package de.rki.coronawarnapp.dccticketing.core.server;

import de.rki.coronawarnapp.dccticketing.core.check.DccTicketingServerCertificateCheckException;
import de.rki.coronawarnapp.dccticketing.core.check.DccTicketingServerCertificateChecker;
import de.rki.coronawarnapp.dccticketing.core.transaction.DccJWK;
import de.rki.coronawarnapp.ui.color.ColorKt;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import kotlin.NoWhenBranchMatchedException;
import kotlin.ResultKt;
import kotlin.Unit;
import kotlin.collections.CollectionsKt__IteratorsJVMKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.collections.EmptyList;
import kotlin.coroutines.Continuation;
import kotlin.coroutines.intrinsics.CoroutineSingletons;
import kotlin.coroutines.jvm.internal.DebugMetadata;
import kotlin.coroutines.jvm.internal.SuspendLambda;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.coroutines.CoroutineScope;
import okhttp3.Handshake;
import okhttp3.ResponseBody;
import retrofit2.Response;
import timber.log.Timber;

/* compiled from: DccTicketingServer.kt */
@DebugMetadata(c = "de.rki.coronawarnapp.dccticketing.core.server.DccTicketingServer$getAccessToken$2", f = "DccTicketingServer.kt", l = {65}, m = "invokeSuspend")
/* loaded from: classes.dex */
public final class DccTicketingServer$getAccessToken$2 extends SuspendLambda implements Function2<CoroutineScope, Continuation<? super AccessTokenResponse>, Object> {
    public final /* synthetic */ String $authorizationHeader;
    public final /* synthetic */ Set<DccJWK> $jwkSet;
    public final /* synthetic */ AccessTokenRequest $requestBody;
    public final /* synthetic */ String $url;
    public int label;
    public final /* synthetic */ DccTicketingServer this$0;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public DccTicketingServer$getAccessToken$2(String str, DccTicketingServer dccTicketingServer, String str2, AccessTokenRequest accessTokenRequest, Set<DccJWK> set, Continuation<? super DccTicketingServer$getAccessToken$2> continuation) {
        super(2, continuation);
        this.$url = str;
        this.this$0 = dccTicketingServer;
        this.$authorizationHeader = str2;
        this.$requestBody = accessTokenRequest;
        this.$jwkSet = set;
    }

    @Override // kotlin.coroutines.jvm.internal.BaseContinuationImpl
    public final Continuation<Unit> create(Object obj, Continuation<?> continuation) {
        return new DccTicketingServer$getAccessToken$2(this.$url, this.this$0, this.$authorizationHeader, this.$requestBody, this.$jwkSet, continuation);
    }

    @Override // kotlin.jvm.functions.Function2
    public Object invoke(CoroutineScope coroutineScope, Continuation<? super AccessTokenResponse> continuation) {
        return new DccTicketingServer$getAccessToken$2(this.$url, this.this$0, this.$authorizationHeader, this.$requestBody, this.$jwkSet, continuation).invokeSuspend(Unit.INSTANCE);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // kotlin.coroutines.jvm.internal.BaseContinuationImpl
    public final Object invokeSuspend(Object obj) {
        CoroutineSingletons coroutineSingletons = CoroutineSingletons.COROUTINE_SUSPENDED;
        int i = this.label;
        if (i == 0) {
            ResultKt.throwOnFailure(obj);
            Timber.Forest.d("getAccessToken(url=%s)", this.$url);
            DccTicketingApiV1 dccTicketingApiV1 = this.this$0.dccTicketingApiV1Lazy.get();
            Intrinsics.checkNotNullExpressionValue(dccTicketingApiV1, "dccTicketingApiV1Lazy.get()");
            String str = this.$url;
            String str2 = this.$authorizationHeader;
            AccessTokenRequest accessTokenRequest = this.$requestBody;
            this.label = 1;
            obj = dccTicketingApiV1.getAccessToken(str, str2, accessTokenRequest, this);
            if (obj == coroutineSingletons) {
                return coroutineSingletons;
            }
        } else {
            if (i != 1) {
                throw new IllegalStateException("call to 'resume' before 'invoke' with coroutine");
            }
            ResultKt.throwOnFailure(obj);
        }
        Response response = (Response) obj;
        DccTicketingServer dccTicketingServer = this.this$0;
        Set<DccJWK> jwkSet = this.$jwkSet;
        String str3 = DccTicketingServer.TAG;
        Objects.requireNonNull(dccTicketingServer);
        Timber.Forest forest = Timber.Forest;
        forest.tag(DccTicketingServer.TAG);
        forest.d("Validating response with jwk set=%s", jwkSet);
        DccTicketingServerCertificateChecker dccTicketingServerCertificateChecker = dccTicketingServer.serverCertificateChecker;
        okhttp3.Response response2 = response.rawResponse;
        Intrinsics.checkNotNullExpressionValue(response2, "raw()");
        Objects.requireNonNull(dccTicketingServerCertificateChecker);
        Intrinsics.checkNotNullParameter(jwkSet, "jwkSet");
        Handshake handshake = response2.handshake;
        List<Certificate> peerCertificates = handshake == null ? null : handshake.peerCertificates();
        if (peerCertificates == null) {
            peerCertificates = EmptyList.INSTANCE;
        }
        try {
            String str4 = DccTicketingServerCertificateChecker.TAG;
            forest.tag(str4);
            forest.d("checkCertificate(certificateChain=%s, jwkSet=%s)", peerCertificates, jwkSet);
            Certificate certificate = (Certificate) CollectionsKt___CollectionsKt.first((List) peerCertificates);
            String base64 = ColorKt.createSha256Fingerprint(certificate).substring(0, 8).base64();
            forest.tag(str4);
            forest.d("requiredKid=%s", base64);
            Set<DccJWK> findRequiredJwkSet = dccTicketingServerCertificateChecker.findRequiredJwkSet(jwkSet, base64);
            ArrayList arrayList = new ArrayList(CollectionsKt__IteratorsJVMKt.collectionSizeOrDefault(findRequiredJwkSet, 10));
            Iterator<T> it = findRequiredJwkSet.iterator();
            while (it.hasNext()) {
                arrayList.add(dccTicketingServerCertificateChecker.dccJWKConverter.createX509Certificate((DccJWK) it.next()));
            }
            ArrayList arrayList2 = new ArrayList(CollectionsKt__IteratorsJVMKt.collectionSizeOrDefault(arrayList, 10));
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                arrayList2.add(ColorKt.createSha256Fingerprint((X509Certificate) it2.next()));
            }
            boolean contains = arrayList2.contains(ColorKt.createSha256Fingerprint(certificate));
            if (!contains) {
                if (contains) {
                    throw new NoWhenBranchMatchedException();
                }
                throw new DccTicketingServerCertificateCheckException(DccTicketingServerCertificateCheckException.ErrorCode.CERT_PIN_MISMATCH, null);
            }
            Timber.Forest forest2 = Timber.Forest;
            forest2.tag(DccTicketingServerCertificateChecker.TAG);
            forest2.d("Certificate check was successful against jwk set=%s", jwkSet);
            ResponseBody responseBody = (ResponseBody) response.body;
            String string = responseBody != null ? responseBody.string() : null;
            Intrinsics.checkNotNull(string);
            String str5 = response.rawResponse.headers.get("x-nonce");
            Intrinsics.checkNotNull(str5);
            return new AccessTokenResponse(string, str5);
        } catch (Exception e) {
            if (e instanceof DccTicketingServerCertificateCheckException) {
                throw e;
            }
            Timber.Forest forest3 = Timber.Forest;
            forest3.tag(DccTicketingServerCertificateChecker.TAG);
            forest3.w(e, "Certificate check failed with an unspecified error. Needs further investigation!", new Object[0]);
            throw new DccTicketingServerCertificateCheckException(DccTicketingServerCertificateCheckException.ErrorCode.CERT_PIN_MISMATCH, e);
        }
    }
}
