package com.stripe.android.stripe3ds2.transaction;

import androidx.camera.core.A;
import androidx.work.impl.C3199b;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.KeyTypeException;
import com.nimbusds.jose.jwk.JWK;
import com.stripe.android.stripe3ds2.observability.DefaultErrorReporter;
import java.io.ByteArrayInputStream;
import java.net.URI;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import javax.crypto.SecretKey;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.Unit;
import kotlin.collections.AbstractList;
import kotlin.io.encoding.Base64;
import kotlin.io.encoding.Base64Kt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.jvm.internal.StringCompanionObject;
import kotlin.text.Charsets;
import org.json.JSONObject;
import qa.C8500a;
import ta.C8706a;

@SourceDebugExtension
/* loaded from: classes5.dex */
public final class l {

    /* renamed from: a, reason: collision with root package name */
    public final boolean f65494a;

    /* renamed from: b, reason: collision with root package name */
    public final ArrayList f65495b;

    /* renamed from: c, reason: collision with root package name */
    public final DefaultErrorReporter f65496c;

    @SourceDebugExtension
    /* loaded from: classes5.dex */
    public static final class a {
        public static final void a(ArrayList rootCerts, List list) {
            LinkedList a10 = C3199b.a(list);
            Intrinsics.i(rootCerts, "rootCerts");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            int i10 = 0;
            for (Object obj : rootCerts) {
                int i11 = i10 + 1;
                if (i10 < 0) {
                    kotlin.collections.f.o();
                    throw null;
                }
                StringCompanionObject stringCompanionObject = StringCompanionObject.f75932a;
                keyStore.setCertificateEntry(String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i10)}, 1)), (Certificate) rootCerts.get(i10));
                i10 = i11;
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) a10.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(a10)));
            CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
        }
    }

    public l(boolean z10, ArrayList rootCerts, DefaultErrorReporter defaultErrorReporter) {
        Intrinsics.i(rootCerts, "rootCerts");
        this.f65494a = z10;
        this.f65495b = rootCerts;
        this.f65496c = defaultErrorReporter;
    }

    public final JSONObject a(String jws) {
        int i10;
        int i11;
        int i12;
        int i13;
        Base64.PaddingOption paddingOption;
        Iterator it;
        byte[] bArr;
        String str;
        boolean z10;
        int i14;
        int i15;
        int i16;
        Intrinsics.i(jws, "jws");
        JWSObject parse = JWSObject.parse(jws);
        String str2 = "Could not validate JWS";
        if (this.f65494a) {
            Intrinsics.f(parse);
            if (b(parse, this.f65495b)) {
                return new JSONObject(parse.getPayload().toString());
            }
            throw new IllegalStateException("Could not validate JWS");
        }
        List x509CertChain = parse.getHeader().getX509CertChain();
        if (x509CertChain == null || x509CertChain.isEmpty()) {
            return new JSONObject(parse.getPayload().toString());
        }
        List x509CertChain2 = parse.getHeader().getX509CertChain();
        Intrinsics.h(x509CertChain2, "getX509CertChain(...)");
        ArrayList arrayList = new ArrayList();
        Iterator it2 = x509CertChain2.iterator();
        while (it2.hasNext()) {
            String base64 = ((com.nimbusds.jose.util.Base64) it2.next()).toString();
            Intrinsics.h(base64, "toString(...)");
            Base64.Default r72 = Base64.f75902d;
            int length = base64.length();
            r72.getClass();
            int length2 = base64.length();
            AbstractList.Companion companion = AbstractList.INSTANCE;
            companion.getClass();
            int i17 = 0;
            AbstractList.Companion.a(0, length, length2);
            String substring = base64.substring(0, length);
            Intrinsics.h(substring, "substring(...)");
            byte[] bytes = substring.getBytes(Charsets.f78268c);
            Intrinsics.h(bytes, "getBytes(...)");
            int length3 = bytes.length;
            int length4 = bytes.length;
            companion.getClass();
            AbstractList.Companion.a(0, length3, length4);
            int i18 = 1;
            boolean z11 = r72.f75904b;
            if (length3 == 0) {
                i13 = 0;
                i10 = 1;
            } else {
                if (length3 == 1) {
                    throw new IllegalArgumentException(l.h.a(length3, "Input should have at least 2 symbols for Base64 decoding, startIndex: 0, endIndex: "));
                }
                if (z11) {
                    i12 = length3;
                    while (true) {
                        i10 = i18;
                        if (i17 >= length3) {
                            break;
                        }
                        int i19 = Base64Kt.f75906a[bytes[i17] & 255];
                        if (i19 < 0) {
                            if (i19 == -2) {
                                i12 -= length3 - i17;
                                break;
                            }
                            i12--;
                        }
                        i17++;
                        i18 = i10;
                    }
                } else {
                    i10 = 1;
                    if (bytes[length3 - 1] == 61) {
                        i12 = length3 - 1;
                        if (bytes[length3 - 2] == 61) {
                            i12 = length3 - 2;
                        }
                    } else {
                        i11 = length3;
                        i13 = (int) ((i11 * 6) / 8);
                    }
                }
                i11 = i12;
                i13 = (int) ((i11 * 6) / 8);
            }
            byte[] bArr2 = new byte[i13];
            int[] iArr = r72.f75903a ? Base64Kt.f75907b : Base64Kt.f75906a;
            int i20 = 8;
            int i21 = 0;
            int i22 = -8;
            int i23 = 0;
            int i24 = 0;
            while (true) {
                paddingOption = r72.f75905c;
                it = it2;
                bArr = bytes;
                if (i21 >= length3) {
                    str = str2;
                    z10 = z11;
                    i14 = i24;
                    i15 = 0;
                    break;
                }
                Base64.Default r25 = r72;
                if (i22 == -8 && (i16 = i21 + 3) < length3) {
                    int i25 = i21 + 4;
                    int i26 = (iArr[bArr[i21] & 255] << 18) | (iArr[bArr[i21 + 1] & 255] << 12) | (iArr[bArr[i21 + 2] & 255] << 6) | iArr[bArr[i16] & 255];
                    if (i26 >= 0) {
                        bArr2[i24] = (byte) (i26 >> 16);
                        int i27 = i24 + 2;
                        bArr2[i24 + 1] = (byte) (i26 >> 8);
                        i24 += 3;
                        bArr2[i27] = (byte) i26;
                        it2 = it;
                        bytes = bArr;
                        r72 = r25;
                        i21 = i25;
                    }
                }
                i14 = i24;
                int[] iArr2 = iArr;
                int i28 = bArr[i21] & 255;
                z10 = z11;
                int i29 = iArr2[i28];
                if (i29 < 0) {
                    str = str2;
                    if (i29 == -2) {
                        if (i22 == -8) {
                            throw new IllegalArgumentException(l.h.a(i21, "Redundant pad character at index "));
                        }
                        if (i22 != -6) {
                            if (i22 != -4) {
                                if (i22 != -2) {
                                    throw new IllegalStateException("Unreachable");
                                }
                            } else {
                                if (paddingOption == Base64.PaddingOption.ABSENT) {
                                    throw new IllegalArgumentException(l.h.a(i21, "The padding option is set to ABSENT, but the input has a pad character at index "));
                                }
                                i21++;
                                if (z10) {
                                    while (i21 < length3) {
                                        if (Base64Kt.f75906a[bArr[i21] & 255] != -1) {
                                            break;
                                        }
                                        i21++;
                                    }
                                }
                                if (i21 == length3 || bArr[i21] != 61) {
                                    throw new IllegalArgumentException(l.h.a(i21, "Missing one pad character at index "));
                                }
                            }
                        } else if (paddingOption == Base64.PaddingOption.ABSENT) {
                            throw new IllegalArgumentException(l.h.a(i21, "The padding option is set to ABSENT, but the input has a pad character at index "));
                        }
                        i21++;
                        i15 = i10;
                    } else {
                        if (!z10) {
                            StringBuilder sb2 = new StringBuilder("Invalid symbol '");
                            sb2.append((char) i28);
                            sb2.append("'(");
                            kotlin.text.b.a(i20);
                            String num = Integer.toString(i28, i20);
                            Intrinsics.h(num, "toString(...)");
                            sb2.append(num);
                            sb2.append(") at index ");
                            sb2.append(i21);
                            throw new IllegalArgumentException(sb2.toString());
                        }
                        i21++;
                        iArr = iArr2;
                        it2 = it;
                        bytes = bArr;
                        z11 = z10;
                        str2 = str;
                    }
                } else {
                    String str3 = str2;
                    i21++;
                    i23 = (i23 << 6) | i29;
                    int i30 = i22 + 6;
                    if (i30 >= 0) {
                        int i31 = i14 + 1;
                        bArr2[i14] = (byte) (i23 >>> i30);
                        i23 &= (i10 << i30) - 1;
                        i22 -= 2;
                        iArr = iArr2;
                        it2 = it;
                        bytes = bArr;
                        r72 = r25;
                        z11 = z10;
                        i20 = 8;
                        i24 = i31;
                        str2 = str3;
                    } else {
                        i22 = i30;
                        iArr = iArr2;
                        it2 = it;
                        bytes = bArr;
                        z11 = z10;
                        str2 = str3;
                        i20 = 8;
                    }
                }
                i24 = i14;
                r72 = r25;
            }
            if (i22 == -2) {
                throw new IllegalArgumentException("The last unit of input does not have enough bits");
            }
            if (i22 != -8 && i15 == 0 && paddingOption == Base64.PaddingOption.PRESENT) {
                throw new IllegalArgumentException("The padding option is set to PRESENT, but the input is not properly padded");
            }
            if (i23 != 0) {
                throw new IllegalArgumentException("The pad bits must be zeros");
            }
            if (z10) {
                while (i21 < length3) {
                    if (Base64Kt.f75906a[bArr[i21] & 255] != -1) {
                        break;
                    }
                    i21++;
                }
            }
            if (i21 < length3) {
                int i32 = bArr[i21] & 255;
                StringBuilder sb3 = new StringBuilder("Symbol '");
                sb3.append((char) i32);
                sb3.append("'(");
                kotlin.text.b.a(8);
                String num2 = Integer.toString(i32, 8);
                Intrinsics.h(num2, "toString(...)");
                sb3.append(num2);
                sb3.append(") at index ");
                throw new IllegalArgumentException(A.a(sb3, " is prohibited after the pad character", i21 - 1));
            }
            if (i14 != i13) {
                throw new IllegalStateException("Check failed.");
            }
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr2));
            X509Certificate x509Certificate = generateCertificate instanceof X509Certificate ? (X509Certificate) generateCertificate : null;
            if (x509Certificate != null) {
                arrayList.add(x509Certificate);
            }
            it2 = it;
            str2 = str;
        }
        String str4 = str2;
        if (arrayList.isEmpty() || !b(parse, arrayList)) {
            throw new IllegalStateException(str4);
        }
        return new JSONObject(parse.getPayload().toString());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r21v0, types: [com.nimbusds.jose.JWSObject] */
    /* JADX WARN: Type inference failed for: r3v15, types: [com.nimbusds.jose.crypto.f] */
    /* JADX WARN: Type inference failed for: r3v18, types: [com.nimbusds.jose.crypto.d] */
    public final boolean b(JWSObject jWSObject, ArrayList rootCerts) {
        Object m370constructorimpl;
        com.nimbusds.jose.crypto.c cVar;
        List list;
        JWK jwk = jWSObject.getHeader().getJWK();
        DefaultErrorReporter defaultErrorReporter = this.f65496c;
        if (jwk != null) {
            defaultErrorReporter.reportError(new IllegalArgumentException("Encountered a JWK in " + jWSObject.getHeader()));
        }
        JWSHeader header = jWSObject.getHeader();
        Intrinsics.h(header, "getHeader(...)");
        JWSAlgorithm algorithm = header.getAlgorithm();
        if (algorithm.getName().equals(Algorithm.NONE.getName())) {
            throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
        }
        JOSEObjectType type = header.getType();
        String contentType = header.getContentType();
        Set<String> criticalParams = header.getCriticalParams();
        URI jwkurl = header.getJWKURL();
        header.getJWK();
        JWSHeader jWSHeader = new JWSHeader(algorithm, type, contentType, criticalParams, jwkurl, null, header.getX509CertURL(), header.getX509CertThumbprint(), header.getX509CertSHA256Thumbprint(), header.getX509CertChain(), header.getKeyID(), header.isBase64URLEncodePayload(), header.getCustomParams(), null);
        List x509CertChain = jWSHeader.getX509CertChain();
        Intrinsics.i(rootCerts, "rootCerts");
        try {
            Result.Companion companion = Result.INSTANCE;
            list = x509CertChain;
        } catch (Throwable th2) {
            Result.Companion companion2 = Result.INSTANCE;
            m370constructorimpl = Result.m370constructorimpl(ResultKt.a(th2));
        }
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("JWSHeader's X.509 certificate chain is null or empty");
        }
        if (rootCerts.isEmpty()) {
            throw new IllegalArgumentException("Root certificates are empty");
        }
        a.a(rootCerts, x509CertChain);
        m370constructorimpl = Result.m370constructorimpl(Unit.f75794a);
        Throwable m373exceptionOrNullimpl = Result.m373exceptionOrNullimpl(m370constructorimpl);
        if (m373exceptionOrNullimpl != null) {
            defaultErrorReporter.reportError(m373exceptionOrNullimpl);
        }
        if (!Result.m377isSuccessimpl(m370constructorimpl)) {
            return false;
        }
        C8500a c8500a = new C8500a();
        String str = Intrinsics.d(jWSHeader.getAlgorithm(), JWSAlgorithm.ES256) ? "SHA256withECDSA" : "SHA256withRSA";
        C8706a c8706a = c8500a.f84468a;
        c8706a.f85593a = Signature.getInstance(str).getProvider();
        List x509CertChain2 = jWSHeader.getX509CertChain();
        Intrinsics.h(x509CertChain2, "getX509CertChain(...)");
        PublicKey publicKey = androidx.compose.runtime.snapshots.k.b(((com.nimbusds.jose.util.Base64) kotlin.collections.n.M(x509CertChain2)).decode()).getPublicKey();
        Intrinsics.h(publicKey, "getPublicKey(...)");
        if (ra.k.f84602d.contains(jWSHeader.getAlgorithm())) {
            if (!(publicKey instanceof SecretKey)) {
                throw new KeyTypeException(SecretKey.class);
            }
            cVar = new com.nimbusds.jose.crypto.d((SecretKey) publicKey);
        } else if (ra.n.f84606c.contains(jWSHeader.getAlgorithm())) {
            if (!(publicKey instanceof RSAPublicKey)) {
                throw new KeyTypeException(RSAPublicKey.class);
            }
            cVar = new com.nimbusds.jose.crypto.f((RSAPublicKey) publicKey);
        } else {
            if (!ra.i.f84596c.contains(jWSHeader.getAlgorithm())) {
                throw new JOSEException("Unsupported JWS algorithm: " + jWSHeader.getAlgorithm());
            }
            if (!(publicKey instanceof ECPublicKey)) {
                throw new KeyTypeException(ECPublicKey.class);
            }
            cVar = new com.nimbusds.jose.crypto.c((ECPublicKey) publicKey);
        }
        cVar.f84589b.f85593a = c8706a.f85593a;
        return jWSObject.verify(cVar);
    }
}
