package com.stripe.android.stripe3ds2.transaction;

import ac.r;
import ac.s;
import ac.t;
import cc.AbstractC2909a;
import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import dc.C4602a;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import kf.C5235a;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.O;
import org.jetbrains.annotations.NotNull;
import org.json.JSONObject;
import pc.C5801a;
import pc.n;
import pc.o;

@Metadata
/* loaded from: classes4.dex */
public final class DefaultJwsValidator implements JwsValidator {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private final ErrorReporter errorReporter;
    private final boolean isLiveMode;

    @NotNull
    private final List<X509Certificate> rootCerts;

    @Metadata
    /* loaded from: classes4.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void validateChain(List<? extends C5801a> list, List<? extends X509Certificate> list2) {
            List a10 = n.a(list);
            KeyStore createKeyStore = createKeyStore(list2);
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) a10.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(a10)));
            CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
        }

        @NotNull
        public final KeyStore createKeyStore(@NotNull List<? extends X509Certificate> rootCerts) {
            Intrinsics.checkNotNullParameter(rootCerts, "rootCerts");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            int i10 = 0;
            for (Object obj : rootCerts) {
                int i11 = i10 + 1;
                if (i10 < 0) {
                    CollectionsKt.u();
                }
                O o10 = O.f58080a;
                String format = String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i10)}, 1));
                Intrinsics.checkNotNullExpressionValue(format, "format(...)");
                keyStore.setCertificateEntry(format, rootCerts.get(i10));
                i10 = i11;
            }
            Intrinsics.e(keyStore);
            return keyStore;
        }

        @NotNull
        public final r sanitizedJwsHeader$3ds2sdk_release(@NotNull r jwsHeader) {
            Intrinsics.checkNotNullParameter(jwsHeader, "jwsHeader");
            r b10 = new r.a(jwsHeader).f(null).b();
            Intrinsics.checkNotNullExpressionValue(b10, "build(...)");
            return b10;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public DefaultJwsValidator(boolean z10, @NotNull List<? extends X509Certificate> rootCerts, @NotNull ErrorReporter errorReporter) {
        Intrinsics.checkNotNullParameter(rootCerts, "rootCerts");
        Intrinsics.checkNotNullParameter(errorReporter, "errorReporter");
        this.isLiveMode = z10;
        this.rootCerts = rootCerts;
        this.errorReporter = errorReporter;
    }

    private final X509Certificate certificateFromString(String str) {
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(C5235a.f(C5235a.f57954d, str, 0, 0, 6, null)));
        if (generateCertificate instanceof X509Certificate) {
            return (X509Certificate) generateCertificate;
        }
        return null;
    }

    private final PublicKey getPublicKeyFromHeader(r rVar) {
        List m10 = rVar.m();
        Intrinsics.checkNotNullExpressionValue(m10, "getX509CertChain(...)");
        PublicKey publicKey = o.a(((C5801a) CollectionsKt.m0(m10)).a()).getPublicKey();
        Intrinsics.checkNotNullExpressionValue(publicKey, "getPublicKey(...)");
        return publicKey;
    }

    private final t getVerifier(r rVar) {
        C4602a c4602a = new C4602a();
        c4602a.getJCAContext().c(AbstractC2909a.a());
        t c10 = c4602a.c(rVar, getPublicKeyFromHeader(rVar));
        Intrinsics.checkNotNullExpressionValue(c10, "createJWSVerifier(...)");
        return c10;
    }

    private final boolean isValid(s sVar, List<? extends X509Certificate> list) {
        if (sVar.h().j() != null) {
            this.errorReporter.reportError(new IllegalArgumentException("Encountered a JWK in " + sVar.h()));
        }
        Companion companion = Companion;
        r h10 = sVar.h();
        Intrinsics.checkNotNullExpressionValue(h10, "getHeader(...)");
        r sanitizedJwsHeader$3ds2sdk_release = companion.sanitizedJwsHeader$3ds2sdk_release(h10);
        if (isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.m(), list)) {
            return sVar.n(getVerifier(sanitizedJwsHeader$3ds2sdk_release));
        }
        return false;
    }

    @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
    @NotNull
    public JSONObject getPayload(@NotNull String jws) {
        Intrinsics.checkNotNullParameter(jws, "jws");
        s k10 = s.k(jws);
        if (this.isLiveMode) {
            Intrinsics.e(k10);
            if (isValid(k10, this.rootCerts)) {
                return new JSONObject(k10.b().toString());
            }
            throw new IllegalStateException("Could not validate JWS");
        }
        List m10 = k10.h().m();
        if (m10 == null || m10.isEmpty()) {
            return new JSONObject(k10.b().toString());
        }
        List m11 = k10.h().m();
        Intrinsics.checkNotNullExpressionValue(m11, "getX509CertChain(...)");
        ArrayList arrayList = new ArrayList();
        Iterator it = m11.iterator();
        while (it.hasNext()) {
            String c5801a = ((C5801a) it.next()).toString();
            Intrinsics.checkNotNullExpressionValue(c5801a, "toString(...)");
            X509Certificate certificateFromString = certificateFromString(c5801a);
            if (certificateFromString != null) {
                arrayList.add(certificateFromString);
            }
        }
        if (!arrayList.isEmpty()) {
            Intrinsics.e(k10);
            if (isValid(k10, arrayList)) {
                return new JSONObject(k10.b().toString());
            }
        }
        throw new IllegalStateException("Could not validate JWS");
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x0017 A[Catch: all -> 0x0012, TryCatch #0 {all -> 0x0012, blocks: (B:3:0x0005, B:5:0x0009, B:10:0x0017, B:12:0x001d, B:19:0x0029, B:20:0x0030, B:21:0x0031, B:22:0x0038), top: B:2:0x0005 }] */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0031 A[Catch: all -> 0x0012, TryCatch #0 {all -> 0x0012, blocks: (B:3:0x0005, B:5:0x0009, B:10:0x0017, B:12:0x001d, B:19:0x0029, B:20:0x0030, B:21:0x0031, B:22:0x0038), top: B:2:0x0005 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean isCertificateChainValid(java.util.List<? extends pc.C5801a> r2, @org.jetbrains.annotations.NotNull java.util.List<? extends java.security.cert.X509Certificate> r3) {
        /*
            r1 = this;
            java.lang.String r0 = "rootCerts"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r3, r0)
            Ye.u$a r0 = Ye.u.f21323b     // Catch: java.lang.Throwable -> L12
            if (r2 == 0) goto L14
            boolean r0 = r2.isEmpty()     // Catch: java.lang.Throwable -> L12
            if (r0 == 0) goto L10
            goto L14
        L10:
            r0 = 0
            goto L15
        L12:
            r2 = move-exception
            goto L39
        L14:
            r0 = 1
        L15:
            if (r0 != 0) goto L31
            boolean r0 = r3.isEmpty()     // Catch: java.lang.Throwable -> L12
            if (r0 != 0) goto L29
            com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator$Companion r0 = com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.Companion     // Catch: java.lang.Throwable -> L12
            com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.Companion.access$validateChain(r0, r2, r3)     // Catch: java.lang.Throwable -> L12
            kotlin.Unit r2 = kotlin.Unit.f58004a     // Catch: java.lang.Throwable -> L12
            java.lang.Object r2 = Ye.u.b(r2)     // Catch: java.lang.Throwable -> L12
            goto L43
        L29:
            java.lang.String r2 = "Root certificates are empty"
            java.lang.IllegalArgumentException r3 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L12
            r3.<init>(r2)     // Catch: java.lang.Throwable -> L12
            throw r3     // Catch: java.lang.Throwable -> L12
        L31:
            java.lang.String r2 = "JWSHeader's X.509 certificate chain is null or empty"
            java.lang.IllegalArgumentException r3 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L12
            r3.<init>(r2)     // Catch: java.lang.Throwable -> L12
            throw r3     // Catch: java.lang.Throwable -> L12
        L39:
            Ye.u$a r3 = Ye.u.f21323b
            java.lang.Object r2 = Ye.v.a(r2)
            java.lang.Object r2 = Ye.u.b(r2)
        L43:
            java.lang.Throwable r3 = Ye.u.e(r2)
            if (r3 == 0) goto L4e
            com.stripe.android.stripe3ds2.observability.ErrorReporter r0 = r1.errorReporter
            r0.reportError(r3)
        L4e:
            boolean r2 = Ye.u.h(r2)
            return r2
        */
        throw new UnsupportedOperationException("Method not decompiled: com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.isCertificateChainValid(java.util.List, java.util.List):boolean");
    }
}
