package de.fhg.aisec.ids.idscp2.default_drivers.daps.aisec_daps;

import de.fhg.aisec.ids.idscp2.default_drivers.keystores.PreConfiguration;
import de.fhg.aisec.ids.idscp2.idscp_core.drivers.DapsDriver;
import de.fhg.aisec.ids.idscp2.idscp_core.error.DatException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import okhttp3.FormBody;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.jose4j.http.Get;
import org.jose4j.http.SimpleGet;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwk.HttpsJwks;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.jose4j.jwt.consumer.JwtConsumer;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.keys.resolvers.HttpsJwksVerificationKeyResolver;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: AisecDapsDriver.kt */
@Metadata(mv = {1, 5, 1}, k = 1, xi = 48, d1 = {"��\u0084\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u0005\n\u0002\u0010\u0019\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0007\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0005\n\u0002\u0010\u000b\n��\n\u0002\u0010\t\n\u0002\b\u0004\n\u0002\u0010\u0002\n\u0002\b\u0004\u0018�� 42\u00020\u0001:\u00014B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0010\u0010\"\u001a\u00020\r2\u0006\u0010#\u001a\u00020$H\u0002J\u0010\u0010%\u001a\u00020\u00062\u0006\u0010&\u001a\u00020\u0010H\u0002J\u0018\u0010'\u001a\u00020\u00062\u0006\u0010(\u001a\u00020\b2\u0006\u0010)\u001a\u00020*H\u0002J*\u0010+\u001a\u00020,2\u0006\u0010-\u001a\u00020\b2\b\u0010\u0019\u001a\u0004\u0018\u00010\u001a2\u0006\u0010&\u001a\u00020\u00102\u0006\u0010.\u001a\u00020*H\u0002J\b\u0010/\u001a\u00020\bH\u0002J\u0010\u00100\u001a\u0002012\b\u0010\u0019\u001a\u0004\u0018\u00010\u001aJ\u001a\u00102\u001a\u00020,2\u0006\u0010-\u001a\u00020\b2\b\u00103\u001a\u0004\u0018\u00010\u0010H\u0016R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u000e¢\u0006\u0002\n��R\u000e\u0010\t\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n��R*\u0010\n\u001a\u001e\u0012\u0004\u0012\u00020\f\u0012\u0004\u0012\u00020\r0\u000bj\u000e\u0012\u0004\u0012\u00020\f\u0012\u0004\u0012\u00020\r`\u000eX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u000f\u001a\u00020\u0010X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0011\u001a\u00020\u0012X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0013\u001a\u00020\u0014X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0015\u001a\u00020\u0016X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0017\u001a\u00020\u0018X\u0082\u000e¢\u0006\u0002\n��R\u0010\u0010\u0019\u001a\u0004\u0018\u00010\u001aX\u0082\u000e¢\u0006\u0002\n��R\u000e\u0010\u001b\u001a\u00020\u001cX\u0082\u000e¢\u0006\u0002\n��R\u0014\u0010\u001d\u001a\u00020\b8VX\u0096\u0004¢\u0006\u0006\u001a\u0004\b\u001e\u0010\u001fR\u000e\u0010 \u001a\u00020!X\u0082\u0004¢\u0006\u0002\n��¨\u00065"}, d2 = {"Lde/fhg/aisec/ids/idscp2/default_drivers/daps/aisec_daps/AisecDapsDriver;", "Lde/fhg/aisec/ids/idscp2/idscp_core/drivers/DapsDriver;", "config", "Lde/fhg/aisec/ids/idscp2/default_drivers/daps/aisec_daps/AisecDapsDriverConfig;", "(Lde/fhg/aisec/ids/idscp2/default_drivers/daps/aisec_daps/AisecDapsDriverConfig;)V", "connectorUUID", "", "currentToken", "", "dapsUrl", "hexLookup", "Ljava/util/HashMap;", "", "", "Lkotlin/collections/HashMap;", "localPeerCertificate", "Ljava/security/cert/X509Certificate;", "privateKey", "Ljava/security/Key;", "renewalLock", "Ljava/util/concurrent/locks/ReentrantLock;", "renewalThreshold", "", "renewalTime", "Lorg/jose4j/jwt/NumericDate;", "securityRequirements", "Lde/fhg/aisec/ids/idscp2/default_drivers/daps/aisec_daps/SecurityRequirements;", "sslSocketFactory", "Ljavax/net/ssl/SSLSocketFactory;", "token", "getToken", "()[B", "trustManager", "Ljavax/net/ssl/X509ExtendedTrustManager;", "byteToHex", "num", "", "createConnectorUUID", "certificate", "encodeHexString", "byteArray", "beautify", "", "innerVerifyToken", "", "dat", "setCurrentToken", "syncGetToken", "updateSecurityRequirements", "", "verifyToken", "peerCertificate", "Companion", "idscp2"})
/* loaded from: input_file:de/fhg/aisec/ids/idscp2/default_drivers/daps/aisec_daps/AisecDapsDriver.class */
public final class AisecDapsDriver implements DapsDriver {

    @NotNull
    private SSLSocketFactory sslSocketFactory;

    @Nullable
    private SecurityRequirements securityRequirements;

    @NotNull
    private final X509ExtendedTrustManager trustManager;

    @NotNull
    private final Key privateKey;

    @NotNull
    private final String dapsUrl;

    @NotNull
    private final X509Certificate localPeerCertificate;

    @NotNull
    private final HashMap<Byte, char[]> hexLookup;

    @NotNull
    private final String connectorUUID;

    @NotNull
    private byte[] currentToken;

    @NotNull
    private NumericDate renewalTime;
    private final float renewalThreshold;

    @NotNull
    private final ReentrantLock renewalLock;

    @NotNull
    private static final String TARGET_AUDIENCE = "idsc:IDS_CONNECTORS_ALL";

    @NotNull
    public static final Companion Companion = new Companion(null);
    private static final Logger LOG = LoggerFactory.getLogger(AisecDapsDriver.class);

    /* compiled from: AisecDapsDriver.kt */
    @Metadata(mv = {1, 5, 1}, k = 1, xi = 48, d1 = {"��\u001a\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u0016\u0010\u0003\u001a\n \u0005*\u0004\u0018\u00010\u00040\u0004X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n��¨\u0006\b"}, d2 = {"Lde/fhg/aisec/ids/idscp2/default_drivers/daps/aisec_daps/AisecDapsDriver$Companion;", "", "()V", "LOG", "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "TARGET_AUDIENCE", "", "idscp2"})
    /* loaded from: input_file:de/fhg/aisec/ids/idscp2/default_drivers/daps/aisec_daps/AisecDapsDriver$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public AisecDapsDriver(@NotNull AisecDapsDriverConfig aisecDapsDriverConfig) {
        Intrinsics.checkNotNullParameter(aisecDapsDriverConfig, "config");
        this.securityRequirements = aisecDapsDriverConfig.getSecurityRequirements();
        this.privateKey = PreConfiguration.INSTANCE.getKey(aisecDapsDriverConfig.getKeyStorePath(), aisecDapsDriverConfig.getKeyStorePassword(), aisecDapsDriverConfig.getKeyAlias(), aisecDapsDriverConfig.getKeyPassword());
        this.dapsUrl = aisecDapsDriverConfig.getDapsUrl();
        this.localPeerCertificate = PreConfiguration.INSTANCE.getCertificate(aisecDapsDriverConfig.getKeyStorePath(), aisecDapsDriverConfig.getKeyStorePassword(), aisecDapsDriverConfig.getKeyAlias());
        this.hexLookup = new HashMap<>();
        this.connectorUUID = createConnectorUUID(this.localPeerCertificate);
        byte[] bytes = "INVALID_TOKEN".getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
        this.currentToken = bytes;
        NumericDate now = NumericDate.now();
        Intrinsics.checkNotNullExpressionValue(now, "now()");
        this.renewalTime = now;
        this.renewalThreshold = aisecDapsDriverConfig.getDapsTokenRenewalThreshold();
        this.renewalLock = new ReentrantLock(true);
        TrustManager[] x509ExtTrustManager = PreConfiguration.INSTANCE.getX509ExtTrustManager(aisecDapsDriverConfig.getTrustStorePath(), aisecDapsDriverConfig.getTrustStorePassword());
        this.trustManager = (X509ExtendedTrustManager) x509ExtTrustManager[0];
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, x509ExtTrustManager, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            Intrinsics.checkNotNullExpressionValue(socketFactory, "{\n            val sslContext = SSLContext.getInstance(\"TLS\")\n            sslContext.init(null, trustManagers, null)\n            sslContext.socketFactory\n        }");
            this.sslSocketFactory = socketFactory;
        } catch (KeyManagementException e) {
            LOG.error("Cannot init DefaultDapsDriver: {}", e.toString());
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            LOG.error("Cannot init DefaultDapsDriver: {}", e2.toString());
            throw new RuntimeException(e2);
        }
    }

    private final String createConnectorUUID(X509Certificate x509Certificate) {
        byte[] keyIdentifier = AuthorityKeyIdentifier.getInstance(ASN1OctetString.getInstance(x509Certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId())).getOctets()).getKeyIdentifier();
        Intrinsics.checkNotNullExpressionValue(keyIdentifier, "authorityKeyIdentifier");
        String encodeHexString = encodeHexString(keyIdentifier, true);
        if (encodeHexString == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
        }
        String upperCase = encodeHexString.toUpperCase(Locale.ROOT);
        Intrinsics.checkNotNullExpressionValue(upperCase, "(this as java.lang.Strin….toUpperCase(Locale.ROOT)");
        byte[] keyIdentifier2 = SubjectKeyIdentifier.getInstance(ASN1OctetString.getInstance(x509Certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getKeyIdentifier();
        Intrinsics.checkNotNullExpressionValue(keyIdentifier2, "subjectKeyIdentifier");
        String encodeHexString2 = encodeHexString(keyIdentifier2, true);
        if (encodeHexString2 == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
        }
        String upperCase2 = encodeHexString2.toUpperCase(Locale.ROOT);
        Intrinsics.checkNotNullExpressionValue(upperCase2, "(this as java.lang.Strin….toUpperCase(Locale.ROOT)");
        if (LOG.isDebugEnabled()) {
            LOG.debug("AKI: " + upperCase);
            LOG.debug("SKI: " + upperCase2);
        }
        int length = upperCase.length() - 1;
        if (upperCase == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
        }
        String substring = upperCase.substring(0, length);
        Intrinsics.checkNotNullExpressionValue(substring, "(this as java.lang.Strin…ing(startIndex, endIndex)");
        return upperCase2 + "keyid:" + substring;
    }

    private final byte[] syncGetToken() {
        this.renewalLock.lock();
        try {
            try {
                if (NumericDate.now().isBefore(this.renewalTime)) {
                    if (LOG.isDebugEnabled()) {
                        Logger logger = LOG;
                        byte[] bArr = this.currentToken;
                        Charset charset = StandardCharsets.UTF_8;
                        Intrinsics.checkNotNullExpressionValue(charset, "UTF_8");
                        logger.debug("Issue cached DAT: {}", new String(bArr, charset));
                    }
                    byte[] bArr2 = this.currentToken;
                    this.renewalLock.unlock();
                    return bArr2;
                }
                if (LOG.isInfoEnabled()) {
                    LOG.info("Retrieving Dynamic Attribute Token from DAPS ...");
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("ConnectorUUID: " + this.connectorUUID);
                }
                Date from = Date.from(Instant.now().plusSeconds(86400L));
                Date from2 = Date.from(Instant.now());
                Date from3 = Date.from(Instant.now());
                String compact = Jwts.builder().setIssuer(this.connectorUUID).setSubject(this.connectorUUID).claim("@context", "https://w3id.org/idsa/contexts/context.jsonld").claim("@type", "ids:DatRequestToken").setExpiration(from).setIssuedAt(from2).setNotBefore(from3).setAudience(TARGET_AUDIENCE).signWith(this.privateKey, SignatureAlgorithm.RS256).compact();
                FormBody.Builder add = new FormBody.Builder((Charset) null, 1, (DefaultConstructorMarker) null).add("grant_type", "client_credentials").add("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
                Intrinsics.checkNotNullExpressionValue(compact, "jwt");
                Response execute = new OkHttpClient.Builder().sslSocketFactory(this.sslSocketFactory, this.trustManager).connectTimeout(15L, TimeUnit.SECONDS).writeTimeout(15L, TimeUnit.SECONDS).readTimeout(15L, TimeUnit.SECONDS).build().newCall(new Request.Builder().url(this.dapsUrl + "/v2/token").post(add.add("client_assertion", compact).add("scope", "idsc:IDS_CONNECTOR_ATTRIBUTES_ALL").build()).build()).execute();
                if (!execute.isSuccessful()) {
                    LOG.error("Failed to request token issued with parameters: Issuer: {}, Subject: {}, Expiration: {}, IssuedAt: {}, NotBefore: {}, Audience: {}", new Object[]{this.connectorUUID, this.connectorUUID, from, from2, from3, TARGET_AUDIENCE});
                    throw new DatException("Received non-200 http response: " + execute.code());
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Acquired DAT from {}/v2/token", this.dapsUrl);
                }
                ResponseBody body = execute.body();
                String string = body == null ? null : body.string();
                if (string == null) {
                    throw new DatException("Received empty DAPS response");
                }
                JSONObject jSONObject = new JSONObject(string);
                if (!jSONObject.has("access_token")) {
                    if (jSONObject.has("error")) {
                        throw new DatException("DAPS reported error: " + jSONObject.getString("error"));
                    }
                    throw new DatException("DAPS response does not contain \"access_token\" or \"error\" field.");
                }
                String string2 = jSONObject.getString("access_token");
                Intrinsics.checkNotNullExpressionValue(string2, "json.getString(\"access_token\")");
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Received DAT from DAPS: {}", string2);
                }
                Charset charset2 = StandardCharsets.UTF_8;
                Intrinsics.checkNotNullExpressionValue(charset2, "UTF_8");
                byte[] bytes = string2.getBytes(charset2);
                Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
                innerVerifyToken(bytes, null, this.localPeerCertificate, true);
                Charset charset3 = StandardCharsets.UTF_8;
                Intrinsics.checkNotNullExpressionValue(charset3, "UTF_8");
                byte[] bytes2 = string2.getBytes(charset3);
                Intrinsics.checkNotNullExpressionValue(bytes2, "(this as java.lang.String).getBytes(charset)");
                this.renewalLock.unlock();
                return bytes2;
            } catch (Throwable th) {
                if (th instanceof DatException) {
                    throw th;
                }
                throw new DatException("Error whilst retrieving DAT", th);
            }
        } catch (Throwable th2) {
            this.renewalLock.unlock();
            throw th2;
        }
    }

    @Override // de.fhg.aisec.ids.idscp2.idscp_core.drivers.DapsDriver
    @NotNull
    public byte[] getToken() {
        return syncGetToken();
    }

    public final void updateSecurityRequirements(@Nullable SecurityRequirements securityRequirements) {
        this.securityRequirements = securityRequirements;
    }

    @Override // de.fhg.aisec.ids.idscp2.idscp_core.drivers.DapsDriver
    public long verifyToken(@NotNull byte[] bArr, @Nullable X509Certificate x509Certificate) {
        Intrinsics.checkNotNullParameter(bArr, "dat");
        if (x509Certificate == null) {
            throw new DatException("Missing peer certificate for fingerprint validation");
        }
        return innerVerifyToken(bArr, this.securityRequirements, x509Certificate, false);
    }

    private final long innerVerifyToken(byte[] bArr, SecurityRequirements securityRequirements, X509Certificate x509Certificate, boolean z) {
        List listOf;
        if (LOG.isDebugEnabled()) {
            LOG.debug("Verifying dynamic attribute token...");
        }
        HttpsJwks httpsJwks = new HttpsJwks(this.dapsUrl + "/.well-known/jwks.json");
        SimpleGet get = new Get();
        get.setSslSocketFactory(this.sslSocketFactory);
        httpsJwks.setSimpleHttpGet(get);
        JwtConsumer build = new JwtConsumerBuilder().setRequireExpirationTime().setAllowedClockSkewInSeconds(30).setRequireSubject().setExpectedAudience(true, new String[]{"IDS_Connector", TARGET_AUDIENCE}).setExpectedIssuer(this.dapsUrl).setVerificationKeyResolver(new HttpsJwksVerificationKeyResolver(httpsJwks)).setJweAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.PERMIT, new String[]{"RS256"})).build();
        try {
            Charset charset = StandardCharsets.UTF_8;
            Intrinsics.checkNotNullExpressionValue(charset, "UTF_8");
            JwtClaims processToClaims = build.processToClaims(new String(bArr, charset));
            Intrinsics.checkNotNullExpressionValue(processToClaims, "jwtConsumer.processToClaims(String(dat, StandardCharsets.UTF_8))");
            long value = processToClaims.getExpirationTime().getValue() - NumericDate.now().getValue();
            if (z) {
                this.currentToken = bArr;
                NumericDate now = NumericDate.now();
                Intrinsics.checkNotNullExpressionValue(now, "now()");
                this.renewalTime = now;
                this.renewalTime.addSeconds(((float) value) * this.renewalThreshold);
            }
            if (!Intrinsics.areEqual(x509Certificate, this.localPeerCertificate)) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Validate peer certificate fingerprint against expected fingerprint from DAT");
                }
                if (processToClaims.isClaimValueStringList("transportCertsSha256")) {
                    List stringListClaimValue = processToClaims.getStringListClaimValue("transportCertsSha256");
                    Intrinsics.checkNotNullExpressionValue(stringListClaimValue, "{\n                    claims.getStringListClaimValue(\"transportCertsSha256\")\n                }");
                    listOf = stringListClaimValue;
                } else {
                    if (!processToClaims.isClaimValueString("transportCertsSha256")) {
                        throw new DatException("Missing or invalid 'transportCertsSha256' format in DAT");
                    }
                    listOf = CollectionsKt.listOf(processToClaims.getStringClaimValue("transportCertsSha256"));
                }
                List list = listOf;
                try {
                    MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                    messageDigest.update(x509Certificate.getEncoded());
                    byte[] digest = messageDigest.digest();
                    Intrinsics.checkNotNullExpressionValue(digest, "digest");
                    String encodeHexString = encodeHexString(digest, false);
                    if (encodeHexString == null) {
                        throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
                    }
                    String lowerCase = encodeHexString.toLowerCase(Locale.ROOT);
                    Intrinsics.checkNotNullExpressionValue(lowerCase, "(this as java.lang.Strin….toLowerCase(Locale.ROOT)");
                    if (!list.contains(lowerCase)) {
                        throw new DatException("Fingerprint of peer certificate does not match an expected fingerprint from DAT");
                    }
                } catch (Exception e) {
                    throw new DatException("Cannot calculate peer certificate fingerprint", e);
                }
            }
            if (securityRequirements != null) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Validate security attributes");
                }
                String stringClaimValue = processToClaims.getStringClaimValue("securityProfile");
                if (stringClaimValue == null) {
                    throw new DatException("DAT does not contain securityProfile");
                }
                SecurityProfile fromString = SecurityProfile.Companion.fromString(stringClaimValue);
                if (fromString.compareTo(securityRequirements.getRequiredSecurityLevel()) < 0) {
                    throw new DatException("Peer does not support any valid trust profile: Required: " + securityRequirements.getRequiredSecurityLevel() + " given: " + fromString);
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Peer's supported security profile: {}", fromString);
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("DAT is valid for {} seconds", Long.valueOf(value));
            }
            return value;
        } catch (Exception e2) {
            throw new DatException("Error during claims processing", e2);
        }
    }

    private final char[] byteToHex(int i) {
        return new char[]{Character.forDigit((i >> 4) & 15, 16), Character.forDigit(i & 15, 16)};
    }

    private final String encodeHexString(byte[] bArr, boolean z) {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        int length = bArr.length;
        while (i < length) {
            byte b = bArr[i];
            i++;
            sb.append(this.hexLookup.computeIfAbsent(Byte.valueOf(b), (v1) -> {
                return m0encodeHexString$lambda0(r3, v1);
            }));
            if (z) {
                sb.append(':');
            }
        }
        String sb2 = sb.toString();
        Intrinsics.checkNotNullExpressionValue(sb2, "sb.toString()");
        return sb2;
    }

    /* renamed from: encodeHexString$lambda-0, reason: not valid java name */
    private static final char[] m0encodeHexString$lambda0(AisecDapsDriver aisecDapsDriver, byte b) {
        Intrinsics.checkNotNullParameter(aisecDapsDriver, "this$0");
        return aisecDapsDriver.byteToHex(b);
    }
}
