package de.fhg.aisec.ids.idscp2.drivers.default_driver_impl.rat.tpm2d;

import com.google.protobuf.InvalidProtocolBufferException;
import de.fhg.aisec.ids.idscp2.drivers.default_driver_impl.rat.tpm2d.TPM2dHelper;
import de.fhg.aisec.ids.idscp2.drivers.default_driver_impl.rat.tpm2d.TPM2dVerifierConfig;
import de.fhg.aisec.ids.idscp2.drivers.interfaces.RatVerifierDriver;
import de.fhg.aisec.ids.idscp2.idscp_core.fsm.FsmListener;
import de.fhg.aisec.ids.idscp2.idscp_core.fsm.InternalControlMessage;
import de.fhg.aisec.ids.idscp2.messages.Tpm2dAttestation;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.nio.charset.StandardCharsets;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import tss.tpm.TPMS_ATTEST;
import tss.tpm.TPMS_SIGNATURE_RSAPSS;
import tss.tpm.TPMS_SIGNATURE_RSASSA;
import tss.tpm.TPMT_SIGNATURE;
import tss.tpm.TPM_ALG_ID;

/* compiled from: TPM2dVerifier.kt */
@Metadata(mv = {1, 4, 0}, bv = {1, 0, 3}, k = 1, d1 = {"��6\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0010\u0012\n��\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0005\u0018�� \u00142\b\u0012\u0004\u0012\u00020\u00020\u0001:\u0001\u0014B\r\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005J\u0018\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\tH\u0002J\u0010\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\tH\u0016J\b\u0010\u0012\u001a\u00020\u0010H\u0016J\u0010\u0010\u0013\u001a\u00020\u00102\u0006\u0010\u0006\u001a\u00020\u0002H\u0016R\u000e\u0010\u0006\u001a\u00020\u0002X\u0082\u000e¢\u0006\u0002\n��R\u0014\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\t0\bX\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0015"}, d2 = {"Lde/fhg/aisec/ids/idscp2/drivers/default_driver_impl/rat/tpm2d/TPM2dVerifier;", "Lde/fhg/aisec/ids/idscp2/drivers/interfaces/RatVerifierDriver;", "Lde/fhg/aisec/ids/idscp2/drivers/default_driver_impl/rat/tpm2d/TPM2dVerifierConfig;", "fsmListener", "Lde/fhg/aisec/ids/idscp2/idscp_core/fsm/FsmListener;", "(Lde/fhg/aisec/ids/idscp2/idscp_core/fsm/FsmListener;)V", "config", "queue", "Ljava/util/concurrent/BlockingQueue;", "", "checkSignature", "", "response", "Lde/fhg/aisec/ids/idscp2/messages/Tpm2dAttestation$Tpm2dRatResponse;", "hash", "delegate", "", "message", "run", "setConfig", "Companion", "idscp2"})
/* loaded from: input_file:de/fhg/aisec/ids/idscp2/drivers/default_driver_impl/rat/tpm2d/TPM2dVerifier.class */
public final class TPM2dVerifier extends RatVerifierDriver<TPM2dVerifierConfig> {
    private final BlockingQueue<byte[]> queue;
    private TPM2dVerifierConfig config;
    public static final Companion Companion = new Companion(null);
    private static final Logger LOG = LoggerFactory.getLogger(TPM2dVerifier.class);

    /* compiled from: TPM2dVerifier.kt */
    @Metadata(mv = {1, 4, 0}, bv = {1, 0, 3}, k = 1, d1 = {"��\u0014\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u0016\u0010\u0003\u001a\n \u0005*\u0004\u0018\u00010\u00040\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0006"}, d2 = {"Lde/fhg/aisec/ids/idscp2/drivers/default_driver_impl/rat/tpm2d/TPM2dVerifier$Companion;", "", "()V", "LOG", "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "idscp2"})
    /* loaded from: input_file:de/fhg/aisec/ids/idscp2/drivers/default_driver_impl/rat/tpm2d/TPM2dVerifier$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @Override // de.fhg.aisec.ids.idscp2.drivers.interfaces.RatVerifierDriver
    public void setConfig(@NotNull TPM2dVerifierConfig tPM2dVerifierConfig) {
        Intrinsics.checkNotNullParameter(tPM2dVerifierConfig, "config");
        LOG.debug("Set rat verifier config");
        this.config = tPM2dVerifierConfig;
    }

    @Override // de.fhg.aisec.ids.idscp2.drivers.interfaces.RatVerifierDriver
    public void delegate(@NotNull byte[] bArr) {
        Intrinsics.checkNotNullParameter(bArr, "message");
        this.queue.add(bArr);
        LOG.debug("Delegated to Verifier");
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        LOG.debug("Generate and send rat challenge for rat prover");
        byte[] generateNonce = TPM2dHelper.INSTANCE.generateNonce(20);
        byte[] byteArray = TPM2dMessageFactory.INSTANCE.getAttestationChallengeMessage(generateNonce, this.config.getExpectedAType(), this.config.getExpectedAttestationMask()).toByteArray();
        FsmListener fsmListener = getFsmListener();
        InternalControlMessage internalControlMessage = InternalControlMessage.RAT_VERIFIER_MSG;
        Intrinsics.checkNotNullExpressionValue(byteArray, "ratChallenge");
        fsmListener.onRatVerifierMessage(internalControlMessage, byteArray);
        try {
            byte[] take = this.queue.take();
            Intrinsics.checkNotNullExpressionValue(take, "queue.take()");
            byte[] bArr = take;
            LOG.debug("Verifier receives new message");
            try {
                Tpm2dAttestation.Tpm2dMessageWrapper parseFrom = Tpm2dAttestation.Tpm2dMessageWrapper.parseFrom(bArr);
                Intrinsics.checkNotNullExpressionValue(parseFrom, "Tpm2dMessageWrapper.parseFrom(msg)");
                if (!parseFrom.hasRatResponse()) {
                    LOG.warn("Unexpected message from RatProver: Expected Tpm2dRatResponse");
                    getFsmListener().onRatVerifierMessage(InternalControlMessage.RAT_VERIFIER_FAILED);
                    return;
                }
                LOG.debug("Get rat response from remote prover");
                Tpm2dAttestation.Tpm2dRatResponse ratResponse = parseFrom.getRatResponse();
                LOG.debug("Validate rat response: signature and rat repository checks");
                boolean z = true;
                byte[] calculateHash = TPM2dHelper.INSTANCE.calculateHash(generateNonce, this.config.getLocalCertificate());
                Intrinsics.checkNotNullExpressionValue(ratResponse, "resp");
                if (!checkSignature(ratResponse, calculateHash)) {
                    z = false;
                    LOG.warn("Invalid rat signature");
                }
                LOG.debug("Send rat result to remote prover");
                byte[] byteArray2 = TPM2dMessageFactory.INSTANCE.getAttestationResultMessage(z).toByteArray();
                FsmListener fsmListener2 = getFsmListener();
                InternalControlMessage internalControlMessage2 = InternalControlMessage.RAT_VERIFIER_MSG;
                Intrinsics.checkNotNullExpressionValue(byteArray2, "ratResult");
                fsmListener2.onRatVerifierMessage(internalControlMessage2, byteArray2);
                if (z) {
                    getFsmListener().onRatVerifierMessage(InternalControlMessage.RAT_VERIFIER_OK);
                } else {
                    getFsmListener().onRatVerifierMessage(InternalControlMessage.RAT_VERIFIER_FAILED);
                }
            } catch (InvalidProtocolBufferException e) {
                LOG.error("Cannot parse IdscpRatProver body", e);
                getFsmListener().onRatVerifierMessage(InternalControlMessage.RAT_VERIFIER_FAILED);
            }
        } catch (InterruptedException e2) {
            if (getRunning()) {
                getFsmListener().onRatVerifierMessage(InternalControlMessage.RAT_VERIFIER_FAILED);
            }
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r16v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r16v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r18v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r18v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 16, insn: 0x022b: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r16 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:137:0x022b */
    /* JADX WARN: Not initialized variable reg: 18, insn: 0x022d: MOVE (r1 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r18 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:138:0x022d */
    /* JADX WARN: Type inference failed for: r16v1, types: [java.io.Closeable] */
    /* JADX WARN: Type inference failed for: r18v0, types: [java.lang.Throwable] */
    private final boolean checkSignature(Tpm2dAttestation.Tpm2dRatResponse tpm2dRatResponse, byte[] bArr) {
        boolean z;
        CertificateFactory certificateFactory;
        ?? r16;
        ?? r18;
        BufferedReader newBufferedReader;
        Throwable th;
        Certificate generateCertificate;
        int i;
        byte[] bArr2;
        byte[] byteArray = tpm2dRatResponse.getSignature().toByteArray();
        byte[] byteArray2 = tpm2dRatResponse.getCertificate().toByteArray();
        byte[] byteArray3 = tpm2dRatResponse.getQuoted().toByteArray();
        Logger logger = LOG;
        Intrinsics.checkNotNullExpressionValue(logger, "LOG");
        if (logger.isDebugEnabled()) {
            Logger logger2 = LOG;
            TPM2dHelper.ByteArrayUtil byteArrayUtil = TPM2dHelper.ByteArrayUtil.INSTANCE;
            Intrinsics.checkNotNullExpressionValue(byteArray, "byteSignature");
            logger2.debug("signature: {}", byteArrayUtil.toPrintableHexString(byteArray));
            Logger logger3 = LOG;
            TPM2dHelper.ByteArrayUtil byteArrayUtil2 = TPM2dHelper.ByteArrayUtil.INSTANCE;
            Intrinsics.checkNotNullExpressionValue(byteArray2, "byteCert");
            logger3.debug("cert: {}", byteArrayUtil2.toPrintableHexString(byteArray2));
            Logger logger4 = LOG;
            TPM2dHelper.ByteArrayUtil byteArrayUtil3 = TPM2dHelper.ByteArrayUtil.INSTANCE;
            Intrinsics.checkNotNullExpressionValue(byteArray3, "byteQuoted");
            logger4.debug("quoted: {}", byteArrayUtil3.toPrintableHexString(byteArray3));
        }
        Intrinsics.checkNotNullExpressionValue(byteArray, "byteSignature");
        if (!(byteArray.length == 0)) {
            Intrinsics.checkNotNullExpressionValue(byteArray2, "byteCert");
            if (!(byteArray2.length == 0)) {
                Intrinsics.checkNotNullExpressionValue(byteArray3, "byteQuoted");
                if (!(byteArray3.length == 0)) {
                    try {
                        certificateFactory = CertificateFactory.getInstance("X.509");
                        try {
                            try {
                                newBufferedReader = Files.newBufferedReader(FileSystems.getDefault().getPath("etc", "rootca-cert.pem"), StandardCharsets.US_ASCII);
                                th = (Throwable) null;
                                BufferedReader bufferedReader = newBufferedReader;
                                StringBuilder sb = new StringBuilder();
                                for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                                    if (!StringsKt.startsWith$default(readLine, "-", false, 2, (Object) null)) {
                                        String str = readLine;
                                        int i2 = 0;
                                        int length = str.length() - 1;
                                        boolean z2 = false;
                                        while (i2 <= length) {
                                            boolean z3 = Intrinsics.compare(str.charAt(!z2 ? i2 : length), 32) <= 0;
                                            if (z2) {
                                                if (!z3) {
                                                    break;
                                                }
                                                length--;
                                            } else if (z3) {
                                                i2++;
                                            } else {
                                                z2 = true;
                                            }
                                        }
                                        sb.append(str.subSequence(i2, length + 1).toString());
                                    }
                                }
                                generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(sb.toString())));
                            } catch (Throwable th2) {
                                CloseableKt.closeFinally((Closeable) r16, (Throwable) r18);
                                throw th2;
                            }
                        } catch (Exception e) {
                            LOG.error("Error parsing root certificate", e);
                            return false;
                        }
                    } catch (Exception e2) {
                        LOG.warn("Error during attestation validation", e2);
                        z = false;
                    }
                    if (generateCertificate == null) {
                        throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                    }
                    X509Certificate x509Certificate = (X509Certificate) generateCertificate;
                    Unit unit = Unit.INSTANCE;
                    CloseableKt.closeFinally(newBufferedReader, th);
                    Certificate generateCertificate2 = certificateFactory.generateCertificate(new ByteArrayInputStream(byteArray2));
                    if (generateCertificate2 == null) {
                        throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                    }
                    X509Certificate x509Certificate2 = (X509Certificate) generateCertificate2;
                    try {
                        x509Certificate2.verify(x509Certificate.getPublicKey());
                        try {
                            TPMT_SIGNATURE fromTpm = TPMT_SIGNATURE.fromTpm(byteArray);
                            Intrinsics.checkNotNullExpressionValue(fromTpm, "TPMT_SIGNATURE.fromTpm(byteSignature)");
                            try {
                                TPMS_ATTEST fromTpm2 = TPMS_ATTEST.fromTpm(byteArray3);
                                Intrinsics.checkNotNullExpressionValue(fromTpm2, "TPMS_ATTEST.fromTpm(byteQuoted)");
                                byte[] bArr3 = fromTpm2.extraData;
                                if (!Arrays.equals(bArr3, bArr)) {
                                    Logger logger5 = LOG;
                                    Intrinsics.checkNotNullExpressionValue(logger5, "LOG");
                                    if (!logger5.isWarnEnabled()) {
                                        return false;
                                    }
                                    Logger logger6 = LOG;
                                    TPM2dHelper.ByteArrayUtil byteArrayUtil4 = TPM2dHelper.ByteArrayUtil.INSTANCE;
                                    Intrinsics.checkNotNullExpressionValue(bArr3, "extraBytes");
                                    logger6.warn("The hash (extra data) in TPMS_ATTEST structure is invalid!\nextra data: {}\nhash: {}", byteArrayUtil4.toPrintableHexString(bArr3), TPM2dHelper.ByteArrayUtil.INSTANCE.toPrintableHexString(bArr));
                                    return false;
                                }
                                int GetUnionSelector_signature = fromTpm.GetUnionSelector_signature();
                                if (GetUnionSelector_signature == TPM_ALG_ID.RSAPSS.toInt()) {
                                    TPMS_SIGNATURE_RSAPSS tpms_signature_rsapss = fromTpm.signature;
                                    if (tpms_signature_rsapss == null) {
                                        throw new NullPointerException("null cannot be cast to non-null type tss.tpm.TPMS_SIGNATURE_RSAPSS");
                                    }
                                    i = tpms_signature_rsapss.hash.toInt();
                                    TPMS_SIGNATURE_RSAPSS tpms_signature_rsapss2 = fromTpm.signature;
                                    if (tpms_signature_rsapss2 == null) {
                                        throw new NullPointerException("null cannot be cast to non-null type tss.tpm.TPMS_SIGNATURE_RSAPSS");
                                    }
                                    byte[] bArr4 = tpms_signature_rsapss2.sig;
                                    Intrinsics.checkNotNullExpressionValue(bArr4, "(tpmtSignature.signature…PMS_SIGNATURE_RSAPSS).sig");
                                    bArr2 = bArr4;
                                } else {
                                    if (GetUnionSelector_signature != TPM_ALG_ID.RSASSA.toInt()) {
                                        throw new Exception("Unknown or unimplemented signature scheme: " + fromTpm.signature.getClass());
                                    }
                                    TPMS_SIGNATURE_RSASSA tpms_signature_rsassa = fromTpm.signature;
                                    if (tpms_signature_rsassa == null) {
                                        throw new NullPointerException("null cannot be cast to non-null type tss.tpm.TPMS_SIGNATURE_RSASSA");
                                    }
                                    i = tpms_signature_rsassa.hash.toInt();
                                    TPMS_SIGNATURE_RSASSA tpms_signature_rsassa2 = fromTpm.signature;
                                    if (tpms_signature_rsassa2 == null) {
                                        throw new NullPointerException("null cannot be cast to non-null type tss.tpm.TPMS_SIGNATURE_RSASSA");
                                    }
                                    byte[] bArr5 = tpms_signature_rsassa2.sig;
                                    Intrinsics.checkNotNullExpressionValue(bArr5, "(tpmtSignature.signature…PMS_SIGNATURE_RSASSA).sig");
                                    bArr2 = bArr5;
                                }
                                if (i != TPM_ALG_ID.SHA256.toInt()) {
                                    throw new Exception("Only SHA256withRSA TPM signature hash algorithm is allowed!");
                                }
                                Signature signature = Signature.getInstance("SHA256withRSA");
                                signature.initVerify(x509Certificate2.getPublicKey());
                                signature.update(byteArray3);
                                boolean verify = signature.verify(bArr2);
                                if (!verify) {
                                    Logger logger7 = LOG;
                                    Intrinsics.checkNotNullExpressionValue(logger7, "LOG");
                                    if (logger7.isWarnEnabled()) {
                                        LOG.warn("Attestation signature invalid!");
                                    }
                                }
                                z = verify;
                                return z;
                            } catch (Exception e3) {
                                LOG.warn(StringsKt.trimIndent("\n                Could not create a TPMS_ATTEST from bytes:\n                " + TPM2dHelper.ByteArrayUtil.INSTANCE.toPrintableHexString(byteArray3) + "\n                "), e3);
                                return false;
                            }
                        } catch (Exception e4) {
                            LOG.warn(StringsKt.trimIndent("\n                Could not create a TPMT_SIGNATURE from bytes:\n                " + TPM2dHelper.ByteArrayUtil.INSTANCE.toPrintableHexString(byteArray) + "\n                "), e4);
                            return false;
                        }
                    } catch (Exception e5) {
                        LOG.error("TPM certificate is invalid", e5);
                        return false;
                    }
                }
            }
        }
        LOG.warn("Some required part (signature, cert or quoted) is empty!");
        return false;
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public TPM2dVerifier(@NotNull FsmListener fsmListener) {
        super(fsmListener);
        Intrinsics.checkNotNullParameter(fsmListener, "fsmListener");
        this.queue = new LinkedBlockingQueue();
        this.config = new TPM2dVerifierConfig.Builder().build();
    }
}
