package Kc;

import ce.C0899b;
import com.google.android.gms.internal.measurement.AbstractC0993r1;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.KeyTypeException;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.stripe.android.stripe3ds2.observability.DefaultErrorReporter;
import java.io.ByteArrayInputStream;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.SecretKey;
import kotlin.Result;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import n9.C2045c;
import n9.C2046d;
import n9.C2048f;
import o9.C2187a;
import org.json.JSONObject;
import p7.C2249a;
import p9.h;
import xe.C2812k;

/* loaded from: classes4.dex */
public final class b {

    /* renamed from: a, reason: collision with root package name */
    public final boolean f3946a;

    /* renamed from: b, reason: collision with root package name */
    public final ArrayList f3947b;

    /* renamed from: c, reason: collision with root package name */
    public final DefaultErrorReporter f3948c;

    public b(boolean z4, ArrayList rootCerts, DefaultErrorReporter errorReporter) {
        Intrinsics.checkNotNullParameter(rootCerts, "rootCerts");
        Intrinsics.checkNotNullParameter(errorReporter, "errorReporter");
        this.f3946a = z4;
        this.f3947b = rootCerts;
        this.f3948c = errorReporter;
    }

    public final JSONObject a(String jws) {
        Intrinsics.checkNotNullParameter(jws, "jws");
        Base64URL[] a9 = JOSEObject.a(jws);
        if (a9.length != 3) {
            throw new ParseException("Unexpected number of Base64URL parts, must be three", 0);
        }
        JWSObject jWSObject = new JWSObject(a9[0], a9[1], a9[2]);
        if (this.f3946a) {
            if (b(jWSObject, this.f3947b)) {
                return new JSONObject(jWSObject.f24182a.toString());
            }
            throw new IllegalStateException("Could not validate JWS");
        }
        JWSHeader jWSHeader = jWSObject.f24241b;
        List d9 = jWSHeader.d();
        if (d9 == null || d9.isEmpty()) {
            return new JSONObject(jWSObject.f24182a.toString());
        }
        List d10 = jWSHeader.d();
        Intrinsics.checkNotNullExpressionValue(d10, "getX509CertChain(...)");
        ArrayList arrayList = new ArrayList();
        Iterator it = d10.iterator();
        while (it.hasNext()) {
            String str = ((Base64) it.next()).f24361a;
            Intrinsics.checkNotNullExpressionValue(str, "toString(...)");
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Ie.b.a(Ie.b.f3455c, str, 0, 6)));
            X509Certificate x509Certificate = generateCertificate instanceof X509Certificate ? (X509Certificate) generateCertificate : null;
            if (x509Certificate != null) {
                arrayList.add(x509Certificate);
            }
        }
        if (arrayList.isEmpty() || !b(jWSObject, arrayList)) {
            throw new IllegalStateException("Could not validate JWS");
        }
        return new JSONObject(jWSObject.f24182a.toString());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r4v17, types: [n9.f] */
    /* JADX WARN: Type inference failed for: r4v22, types: [n9.d] */
    public final boolean b(JWSObject jWSObject, ArrayList rootCerts) {
        Object a9;
        C2045c c2045c;
        boolean c8;
        if (jWSObject.f24241b.c() != null) {
            this.f3948c.c(new IllegalArgumentException("Encountered a JWK in " + jWSObject.f24241b));
        }
        JWSHeader jwsHeader = jWSObject.f24241b;
        Intrinsics.checkNotNullExpressionValue(jwsHeader, "getHeader(...)");
        Intrinsics.checkNotNullParameter(jwsHeader, "jwsHeader");
        com.nimbusds.jose.a aVar = new com.nimbusds.jose.a(jwsHeader);
        aVar.f24256f = null;
        JWSHeader jWSHeader = new JWSHeader(aVar.f24251a, aVar.f24252b, aVar.f24253c, aVar.f24254d, aVar.f24255e, aVar.f24256f, aVar.f24257g, aVar.f24258h, aVar.f24259i, aVar.j, aVar.k, aVar.f24260l, aVar.f24261m, null);
        Intrinsics.checkNotNullExpressionValue(jWSHeader, "build(...)");
        List d9 = jWSHeader.d();
        Intrinsics.checkNotNullParameter(rootCerts, "rootCerts");
        try {
            C2812k c2812k = Result.f35317b;
        } catch (Throwable th) {
            C2812k c2812k2 = Result.f35317b;
            a9 = kotlin.b.a(th);
        }
        if (d9 == null || d9.isEmpty()) {
            throw new IllegalArgumentException("JWSHeader's X.509 certificate chain is null or empty");
        }
        if (rootCerts.isEmpty()) {
            throw new IllegalArgumentException("Root certificates are empty");
        }
        C0899b.a(rootCerts, d9);
        a9 = Unit.f35330a;
        Throwable a10 = Result.a(a9);
        if (a10 != null) {
            this.f3948c.c(a10);
        }
        if (a9 instanceof Result.Failure) {
            return false;
        }
        C2187a c2187a = new C2187a();
        String str = Intrinsics.b((JWSAlgorithm) jWSHeader.f24176a, JWSAlgorithm.f24231i) ? "SHA256withECDSA" : "SHA256withRSA";
        C2249a c2249a = c2187a.f38173a;
        c2249a.f38569b = Signature.getInstance(str).getProvider();
        List d10 = jWSHeader.d();
        Intrinsics.checkNotNullExpressionValue(d10, "getX509CertChain(...)");
        PublicKey publicKey = AbstractC0993r1.Q(((Base64) CollectionsKt.N(d10)).a()).getPublicKey();
        Intrinsics.checkNotNullExpressionValue(publicKey, "getPublicKey(...)");
        Set set = p9.f.f38598d;
        JWSAlgorithm jWSAlgorithm = (JWSAlgorithm) jWSHeader.f24176a;
        if (set.contains(jWSAlgorithm)) {
            if (!(publicKey instanceof SecretKey)) {
                throw new KeyTypeException(SecretKey.class);
            }
            c2045c = new C2046d((SecretKey) publicKey);
        } else if (h.f38601c.contains(jWSAlgorithm)) {
            if (!(publicKey instanceof RSAPublicKey)) {
                throw new KeyTypeException(RSAPublicKey.class);
            }
            c2045c = new C2048f((RSAPublicKey) publicKey);
        } else {
            if (!p9.d.f38593c.contains(jWSAlgorithm)) {
                throw new Exception("Unsupported JWS algorithm: " + jWSAlgorithm);
            }
            if (!(publicKey instanceof ECPublicKey)) {
                throw new KeyTypeException(ECPublicKey.class);
            }
            c2045c = new C2045c((ECPublicKey) publicKey);
        }
        ((C2249a) c2045c.f3293b).f38569b = (Provider) c2249a.f38569b;
        Intrinsics.checkNotNullExpressionValue(c2045c, "createJWSVerifier(...)");
        synchronized (jWSObject) {
            AtomicReference atomicReference = jWSObject.f24244e;
            if (atomicReference.get() != JWSObject.State.f24245a && atomicReference.get() != JWSObject.State.f24246b) {
                throw new IllegalStateException("The JWS object must be in a signed or verified state");
            }
            try {
                c8 = c2045c.c(jWSObject.f24241b, jWSObject.f24242c.getBytes(C9.b.f1209a), jWSObject.f24243d);
                if (c8) {
                    jWSObject.f24244e.set(JWSObject.State.f24246b);
                }
            } catch (JOSEException e5) {
                throw e5;
            } catch (Exception e8) {
                throw new Exception(e8.getMessage(), e8);
            }
        }
        return c8;
    }
}
