package rb;

import android.util.Base64;
import bq.a;
import com.airwatch.crypto.openssl.OpenSSLCryptUtil;
import com.airwatch.revocationcheck.RevocationCheckConfig;
import ff.b0;
import ff.q;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import kn.l;
import kotlin.Metadata;
import kotlin.collections.r;
import kotlin.jvm.internal.Lambda;
import kotlin.text.g;
import ln.o;
import ln.u;
import xd.h;

@Metadata(d1 = {"\u00002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0011\u0018\u0000 \t2\u00020\u0001:\u0001\tB\u0007¢\u0006\u0004\b\u0002\u0010\u0003J\u000f\u0010\u0005\u001a\u00020\u0004H\u0012¢\u0006\u0004\b\u0005\u0010\u0006J\u0019\u0010\t\u001a\u0004\u0018\u00010\u00072\u0006\u0010\b\u001a\u00020\u0007H\u0011¢\u0006\u0004\b\t\u0010\nJ\u0017\u0010\u000e\u001a\u00020\r2\u0006\u0010\f\u001a\u00020\u000bH\u0011¢\u0006\u0004\b\u000e\u0010\u000fJ'\u0010\u0013\u001a\u00020\u00122\u0006\u0010\u0010\u001a\u00020\u00072\u0006\u0010\u0011\u001a\u00020\u00072\u0006\u0010\f\u001a\u00020\u000bH\u0010¢\u0006\u0004\b\u0013\u0010\u0014¨\u0006\u0015"}, d2 = {"Lrb/a;", "Lbq/a;", "<init>", "()V", "Lcom/airwatch/revocationcheck/RevocationCheckConfig;", "b", "()Lcom/airwatch/revocationcheck/RevocationCheckConfig;", "", "signedCertSubjectPrincipal", "a", "(Ljava/lang/String;)Ljava/lang/String;", "Ljava/security/cert/X509Certificate;", "rootCertificate", "Lcom/airwatch/revocationcheck/b;", "c", "(Ljava/security/cert/X509Certificate;)Lcom/airwatch/revocationcheck/b;", "encodedPayload", "signerCertCN", "Lrb/b;", "e", "(Ljava/lang/String;Ljava/lang/String;Ljava/security/cert/X509Certificate;)Lrb/b;", "AWFramework_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes.dex */
public class a implements bq.a {

    @Metadata(d1 = {"\u0000\u0012\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0002\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00030\u00022\u0006\u0010\u0001\u001a\u00020\u0000H\n¢\u0006\u0004\b\u0004\u0010\u0005"}, d2 = {"Lcom/airwatch/revocationcheck/RevocationCheckConfig;", "it", "", "Ljava/security/cert/X509Certificate;", "a", "(Lcom/airwatch/revocationcheck/RevocationCheckConfig;)Ljava/util/List;"}, k = 3, mv = {1, 9, 0})
    /* loaded from: classes.dex */
    public static final class b extends Lambda implements l<RevocationCheckConfig, List<? extends X509Certificate>> {

        /* renamed from: c, reason: collision with root package name */
        final /* synthetic */ ArrayList<X509Certificate> f39996c;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        b(ArrayList<X509Certificate> arrayList) {
            super(1);
            this.f39996c = arrayList;
        }

        @Override // kn.l
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final List<X509Certificate> invoke(RevocationCheckConfig revocationCheckConfig) {
            o.f(revocationCheckConfig, "it");
            return this.f39996c;
        }
    }

    private RevocationCheckConfig b() {
        RevocationCheckConfig.a aVar = new RevocationCheckConfig.a();
        aVar.k(1);
        aVar.r(2);
        aVar.n(1);
        aVar.o(2);
        aVar.p(1);
        return aVar.a();
    }

    public String a(String signedCertSubjectPrincipal) {
        o.f(signedCertSubjectPrincipal, "signedCertSubjectPrincipal");
        for (String str : g.G0(signedCertSubjectPrincipal, new String[]{","}, false, 0, 6, null)) {
            if (g.K(str, "cn", true)) {
                return (String) g.G0(str, new String[]{"="}, false, 0, 6, null).get(1);
            }
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public com.airwatch.revocationcheck.b c(X509Certificate rootCertificate) {
        o.f(rootCertificate, "rootCertificate");
        ArrayList arrayList = new ArrayList();
        arrayList.add(rootCertificate);
        com.airwatch.revocationcheck.b bVar = new com.airwatch.revocationcheck.b(new b(arrayList), (OpenSSLCryptUtil) (this instanceof bq.b ? ((bq.b) this).d() : getKoin().getScopeRegistry().getRootScope()).e(u.b(OpenSSLCryptUtil.class), null, null), new q());
        bVar.b(b());
        return bVar;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public PayloadValidationResult e(String encodedPayload, String signerCertCN, X509Certificate rootCertificate) {
        byte[] bArr;
        o.f(encodedPayload, "encodedPayload");
        o.f(signerCertCN, "signerCertCN");
        o.f(rootCertificate, "rootCertificate");
        try {
            bArr = Base64.decode(encodedPayload, 0);
        } catch (IllegalArgumentException unused) {
            b0.p("ConfigValidator", "unable to base64 decode input data", null, 4, null);
            bArr = null;
        }
        if (bArr == null) {
            b0.A("ConfigValidator", "Base64 decode failed", null, 4, null);
            return new PayloadValidationResult(9, null);
        }
        Object[] verifySignatureAndGetMessageAndCert = ((OpenSSLCryptUtil) (this instanceof bq.b ? ((bq.b) this).d() : getKoin().getScopeRegistry().getRootScope()).e(u.b(OpenSSLCryptUtil.class), null, null)).verifySignatureAndGetMessageAndCert(bArr);
        if (verifySignatureAndGetMessageAndCert == null) {
            b0.A("ConfigValidator", "Unable to verify signed data", null, 4, null);
            return new PayloadValidationResult(8, null);
        }
        Object obj = verifySignatureAndGetMessageAndCert[0];
        if (obj != null) {
            o.d(obj, "null cannot be cast to non-null type kotlin.ByteArray");
            if (!gb.b.b((byte[]) obj)) {
                Object obj2 = verifySignatureAndGetMessageAndCert[1];
                if (obj2 != null) {
                    o.d(obj2, "null cannot be cast to non-null type kotlin.ByteArray");
                    if (!gb.b.b((byte[]) obj2)) {
                        Object obj3 = verifySignatureAndGetMessageAndCert[1];
                        o.d(obj3, "null cannot be cast to non-null type kotlin.ByteArray");
                        X509Certificate i10 = q.i((byte[]) obj3);
                        if (i10 == null) {
                            b0.A("ConfigValidator", "Unable to create certificate from extracted signed certificate data", null, 4, null);
                            return new PayloadValidationResult(5, null);
                        }
                        if (!ff.o.b(new X509Certificate[]{i10}, r.e(rootCertificate))) {
                            b0.A("ConfigValidator", "Signer certificate chain validation failed", null, 4, null);
                            return new PayloadValidationResult(4, null);
                        }
                        String name = i10.getSubjectX500Principal().getName();
                        o.e(name, "getName(...)");
                        String a10 = a(name);
                        if (a10 == null || !g.R(a10, signerCertCN, false, 2, null)) {
                            b0.A("ConfigValidator", "common name of the signed certificate is not matching", null, 4, null);
                            return new PayloadValidationResult(3, null);
                        }
                        if (!h.a.a(c(rootCertificate), new X509Certificate[]{i10}, null, 2, null).getUsagePolicy().getAllowUsage()) {
                            b0.A("ConfigValidator", "Revocation check failed", null, 4, null);
                            return new PayloadValidationResult(1, null);
                        }
                        Object obj4 = verifySignatureAndGetMessageAndCert[0];
                        o.d(obj4, "null cannot be cast to non-null type kotlin.ByteArray");
                        return new PayloadValidationResult(0, new String((byte[]) obj4, wn.a.UTF_8));
                    }
                }
                b0.A("ConfigValidator", "Unable to extract signed certificate from the signed message", null, 4, null);
                return new PayloadValidationResult(6, null);
            }
        }
        b0.A("ConfigValidator", "Unable to extract content from the signed message", null, 4, null);
        return new PayloadValidationResult(7, null);
    }

    @Override // bq.a
    public aq.a getKoin() {
        return a.C0149a.a(this);
    }
}
