package com.yandex.passport.internal.sso;

import YC.Y;
import YC.r;
import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import com.yandex.passport.internal.entities.h;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;
import kotlin.jvm.internal.AbstractC11557s;
import kotlin.jvm.internal.AbstractC11558t;
import kotlin.jvm.internal.DefaultConstructorMarker;
import lD.InterfaceC11676l;

/* loaded from: classes4.dex */
public final class c {

    /* renamed from: f, reason: collision with root package name */
    public static final a f90514f = new a(null);

    /* renamed from: a, reason: collision with root package name */
    private final String f90515a;

    /* renamed from: b, reason: collision with root package name */
    private final com.yandex.passport.internal.entities.h f90516b;

    /* renamed from: c, reason: collision with root package name */
    private final com.yandex.passport.internal.entities.h f90517c;

    /* renamed from: d, reason: collision with root package name */
    private final int f90518d;

    /* renamed from: e, reason: collision with root package name */
    private final X509Certificate f90519e;

    /* loaded from: classes4.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final c a(Context context, String packageName, InterfaceC11676l reportException) {
            AbstractC11557s.i(context, "context");
            AbstractC11557s.i(packageName, "packageName");
            AbstractC11557s.i(reportException, "reportException");
            try {
                PackageInfo packageInfo = context.getPackageManager().getPackageInfo(packageName, 192);
                if (packageInfo == null || packageInfo.signatures == null) {
                    return null;
                }
                h.a aVar = com.yandex.passport.internal.entities.h.f86720c;
                com.yandex.passport.internal.entities.h a10 = aVar.a(packageInfo);
                int i10 = packageInfo.applicationInfo.metaData.getInt("com.yandex.auth.INTERNAL_VERSION", -1);
                String b10 = com.yandex.passport.common.util.k.b(packageInfo.applicationInfo.metaData.getString("com.yandex.passport.SSO.CERT", null));
                PackageManager packageManager = context.getPackageManager();
                AbstractC11557s.h(packageManager, "context.packageManager");
                String packageName2 = context.getPackageName();
                AbstractC11557s.h(packageName2, "context.packageName");
                return new c(packageName, aVar.b(packageManager, packageName2), a10, i10, b10 != null ? d.f90521d.d(b10) : null);
            } catch (PackageManager.NameNotFoundException e10) {
                reportException.invoke(e10);
                return null;
            } catch (NoSuchAlgorithmException e11) {
                reportException.invoke(e11);
                return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public static final class b extends AbstractC11558t implements InterfaceC11676l {

        /* renamed from: h, reason: collision with root package name */
        final /* synthetic */ MessageDigest f90520h;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        b(MessageDigest messageDigest) {
            super(1);
            this.f90520h = messageDigest;
        }

        @Override // lD.InterfaceC11676l
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final byte[] invoke(X509Certificate it) {
            AbstractC11557s.i(it, "it");
            return this.f90520h.digest(it.getPublicKey().getEncoded());
        }
    }

    public c(String packageName, com.yandex.passport.internal.entities.h selfSignatureInfo, com.yandex.passport.internal.entities.h signatureInfo, int i10, X509Certificate x509Certificate) {
        AbstractC11557s.i(packageName, "packageName");
        AbstractC11557s.i(selfSignatureInfo, "selfSignatureInfo");
        AbstractC11557s.i(signatureInfo, "signatureInfo");
        this.f90515a = packageName;
        this.f90516b = selfSignatureInfo;
        this.f90517c = signatureInfo;
        this.f90518d = i10;
        this.f90519e = x509Certificate;
    }

    private final boolean a(String str, X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        com.yandex.passport.common.logger.c cVar = com.yandex.passport.common.logger.c.f83837a;
        if (cVar.b()) {
            com.yandex.passport.common.logger.c.d(cVar, com.yandex.passport.common.logger.d.DEBUG, null, "checkCN: " + name, null, 8, null);
        }
        return AbstractC11557s.d("CN=" + str, name);
    }

    private final boolean b(PublicKey publicKey) {
        Object obj;
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        Iterator it = tD.n.S(r.g0(this.f90517c.i()), new b(messageDigest)).iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        return ((byte[]) obj) != null;
    }

    private final CertPathValidatorResult h(X509Certificate x509Certificate, X509Certificate x509Certificate2, InterfaceC11676l interfaceC11676l) {
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(r.e(x509Certificate));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Y.d(new TrustAnchor(x509Certificate2, null)));
            pKIXParameters.setRevocationEnabled(false);
            return CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e10) {
            interfaceC11676l.invoke(e10);
            return null;
        }
    }

    public final int c() {
        return this.f90518d;
    }

    public final String d() {
        return this.f90515a;
    }

    public final com.yandex.passport.internal.entities.h e() {
        return this.f90517c;
    }

    public final X509Certificate f() {
        return this.f90519e;
    }

    public final boolean g(X509Certificate trustedCertificate, InterfaceC11676l reportException) {
        AbstractC11557s.i(trustedCertificate, "trustedCertificate");
        AbstractC11557s.i(reportException, "reportException");
        if (this.f90517c.o(this.f90516b)) {
            return true;
        }
        if (this.f90517c.n(this.f90515a)) {
            com.yandex.passport.common.logger.c cVar = com.yandex.passport.common.logger.c.f83837a;
            if (cVar.b()) {
                com.yandex.passport.common.logger.c.d(cVar, com.yandex.passport.common.logger.d.DEBUG, null, "isTrusted: true, reason: isSsoEnabledByFingerPrint()", null, 8, null);
            }
            return true;
        }
        X509Certificate x509Certificate = this.f90519e;
        if (x509Certificate == null) {
            com.yandex.passport.common.logger.c cVar2 = com.yandex.passport.common.logger.c.f83837a;
            if (cVar2.b()) {
                com.yandex.passport.common.logger.c.d(cVar2, com.yandex.passport.common.logger.d.DEBUG, null, "isTrusted: false, reason: ssoCertificate=null", null, 8, null);
            }
            return false;
        }
        if (!a(this.f90515a, x509Certificate)) {
            com.yandex.passport.common.logger.c cVar3 = com.yandex.passport.common.logger.c.f83837a;
            if (cVar3.b()) {
                com.yandex.passport.common.logger.c.d(cVar3, com.yandex.passport.common.logger.d.DEBUG, null, "isTrusted=false, reason=checkPackageName", null, 8, null);
            }
            return false;
        }
        if (h(this.f90519e, trustedCertificate, reportException) == null) {
            com.yandex.passport.common.logger.c cVar4 = com.yandex.passport.common.logger.c.f83837a;
            if (cVar4.b()) {
                com.yandex.passport.common.logger.c.d(cVar4, com.yandex.passport.common.logger.d.DEBUG, null, "isTrusted=false, reason=verifyCertificate", null, 8, null);
            }
            return false;
        }
        PublicKey publicKey = this.f90519e.getPublicKey();
        AbstractC11557s.h(publicKey, "ssoCertificate.publicKey");
        if (b(publicKey)) {
            return true;
        }
        com.yandex.passport.common.logger.c cVar5 = com.yandex.passport.common.logger.c.f83837a;
        if (cVar5.b()) {
            com.yandex.passport.common.logger.c.d(cVar5, com.yandex.passport.common.logger.d.DEBUG, null, "isTrusted=false, reason=checkPublicKey", null, 8, null);
        }
        return false;
    }
}
