package com.stripe.android.stripe3ds2.transaction;

import androidx.annotation.VisibleForTesting;
import androidx.camera.camera2.internal.d;
import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import cq.a;
import d1.b;
import g8.o;
import g8.p;
import g8.q;
import g8.u;
import h8.f;
import j8.n;
import j8.s;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.SecretKey;
import kotlin.jvm.internal.k;
import kotlin.jvm.internal.r;
import org.json.JSONObject;
import rp.c;
import rp.t;
import rp.z;
import w8.a;
import w8.g;

/* loaded from: classes3.dex */
public final class DefaultJwsValidator implements JwsValidator {
    public static final Companion Companion = new Companion(null);
    private final ErrorReporter errorReporter;
    private final boolean isLiveMode;
    private final List<X509Certificate> rootCerts;

    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(k kVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void validateChain(List<? extends a> list2, List<? extends X509Certificate> list3) {
            LinkedList u9 = b.u(list2);
            KeyStore createKeyStore = createKeyStore(list3);
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) u9.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(u9)));
            CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
        }

        @VisibleForTesting
        public final KeyStore createKeyStore(List<? extends X509Certificate> rootCerts) {
            r.i(rootCerts, "rootCerts");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            int i = 0;
            for (Object obj : rootCerts) {
                int i9 = i + 1;
                if (i < 0) {
                    t.v();
                    throw null;
                }
                keyStore.setCertificateEntry(String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i)}, 1)), rootCerts.get(i));
                i = i9;
            }
            return keyStore;
        }

        public final p sanitizedJwsHeader$3ds2sdk_release(p jwsHeader) {
            r.i(jwsHeader, "jwsHeader");
            o oVar = (o) jwsHeader.f;
            if (oVar.f.equals(g8.a.g.f)) {
                throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
            }
            return new p(oVar, jwsHeader.g, jwsHeader.f9936h, jwsHeader.i, jwsHeader.f9939l, null, jwsHeader.f9941n, jwsHeader.f9942o, jwsHeader.f9943p, jwsHeader.f9944q, jwsHeader.f9945r, jwsHeader.f10004t, jwsHeader.f9937j, null);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public DefaultJwsValidator(boolean z8, List<? extends X509Certificate> rootCerts, ErrorReporter errorReporter) {
        r.i(rootCerts, "rootCerts");
        r.i(errorReporter, "errorReporter");
        this.isLiveMode = z8;
        this.rootCerts = rootCerts;
        this.errorReporter = errorReporter;
    }

    private final X509Certificate certificateFromString(String str) {
        int i;
        int i9;
        a.b bVar;
        int i10;
        int i11;
        boolean z8;
        a.C0248a c0248a;
        char c10;
        int i12;
        a.C0248a c0248a2 = cq.a.f8534d;
        int length = str.length();
        c0248a2.getClass();
        int length2 = str.length();
        c.a aVar = c.Companion;
        aVar.getClass();
        int i13 = 0;
        c.a.a(0, length, length2);
        String substring = str.substring(0, length);
        r.h(substring, "substring(...)");
        byte[] bytes = substring.getBytes(oq.a.f13494c);
        r.h(bytes, "getBytes(...)");
        int length3 = bytes.length;
        int length4 = bytes.length;
        aVar.getClass();
        c.a.a(0, length3, length4);
        boolean z10 = c0248a2.b;
        if (length3 == 0) {
            i9 = 0;
        } else {
            if (length3 == 1) {
                throw new IllegalArgumentException(android.support.v4.media.a.a(length3, "Input should have at least 2 symbols for Base64 decoding, startIndex: 0, endIndex: "));
            }
            if (z10) {
                i = length3;
                int i14 = 0;
                while (true) {
                    if (i14 >= length3) {
                        break;
                    }
                    int i15 = cq.b.f8538a[bytes[i14] & 255];
                    if (i15 < 0) {
                        if (i15 == -2) {
                            i -= length3 - i14;
                            break;
                        }
                        i--;
                    }
                    i14++;
                }
            } else if (bytes[length3 - 1] == 61) {
                i = length3 - 1;
                if (bytes[length3 - 2] == 61) {
                    i = length3 - 2;
                }
            } else {
                i = length3;
            }
            i9 = (int) ((i * 6) / 8);
        }
        byte[] bArr = new byte[i9];
        int[] iArr = c0248a2.f8535a ? cq.b.b : cq.b.f8538a;
        int i16 = -8;
        int i17 = 0;
        int i18 = 0;
        int i19 = -8;
        while (true) {
            bVar = c0248a2.f8536c;
            if (i17 >= length3) {
                i10 = i9;
                i11 = -2;
                z8 = false;
                break;
            }
            if (i19 != i16 || (i12 = i17 + 3) >= length3) {
                c0248a = c0248a2;
                i10 = i9;
            } else {
                c0248a = c0248a2;
                i10 = i9;
                int i20 = i17 + 4;
                int i21 = (iArr[bytes[i17 + 1] & 255] << 12) | (iArr[bytes[i17] & 255] << 18) | (iArr[bytes[i17 + 2] & 255] << 6) | iArr[bytes[i12] & 255];
                if (i21 >= 0) {
                    bArr[i13] = (byte) (i21 >> 16);
                    int i22 = i13 + 2;
                    bArr[i13 + 1] = (byte) (i21 >> 8);
                    i13 += 3;
                    bArr[i22] = (byte) i21;
                    i9 = i10;
                    i17 = i20;
                    c0248a2 = c0248a;
                    i16 = -8;
                }
            }
            int i23 = bytes[i17] & 255;
            int i24 = iArr[i23];
            if (i24 >= 0) {
                c10 = '=';
                i17++;
                i18 = (i18 << 6) | i24;
                int i25 = i19 + 6;
                if (i25 >= 0) {
                    bArr[i13] = (byte) (i18 >>> i25);
                    i18 &= (1 << i25) - 1;
                    i19 -= 2;
                    i13++;
                } else {
                    i19 = i25;
                }
            } else if (i24 != -2) {
                c10 = '=';
                if (!z10) {
                    StringBuilder sb2 = new StringBuilder("Invalid symbol '");
                    sb2.append((char) i23);
                    sb2.append("'(");
                    com.google.android.play.core.integrity.k.a(8);
                    String num = Integer.toString(i23, 8);
                    r.h(num, "toString(...)");
                    sb2.append(num);
                    sb2.append(") at index ");
                    sb2.append(i17);
                    throw new IllegalArgumentException(sb2.toString());
                }
                i17++;
            } else {
                if (i19 == -8) {
                    throw new IllegalArgumentException(android.support.v4.media.a.a(i17, "Redundant pad character at index "));
                }
                if (i19 != -6) {
                    if (i19 != -4) {
                        if (i19 != -2) {
                            throw new IllegalStateException("Unreachable".toString());
                        }
                    } else {
                        if (bVar == a.b.g) {
                            throw new IllegalArgumentException(android.support.v4.media.a.a(i17, "The padding option is set to ABSENT, but the input has a pad character at index "));
                        }
                        int i26 = i17 + 1;
                        if (z10) {
                            while (i26 < length3) {
                                if (cq.b.f8538a[bytes[i26] & 255] != -1) {
                                    break;
                                }
                                i26++;
                            }
                        }
                        if (i26 == length3 || bytes[i26] != 61) {
                            throw new IllegalArgumentException(android.support.v4.media.a.a(i26, "Missing one pad character at index "));
                        }
                        i17 = i26 + 1;
                        i11 = -2;
                        z8 = true;
                    }
                } else if (bVar == a.b.g) {
                    throw new IllegalArgumentException(android.support.v4.media.a.a(i17, "The padding option is set to ABSENT, but the input has a pad character at index "));
                }
                i17++;
                i11 = -2;
                z8 = true;
            }
            i9 = i10;
            c0248a2 = c0248a;
            i16 = -8;
        }
        if (i19 == i11) {
            throw new IllegalArgumentException("The last unit of input does not have enough bits");
        }
        if (i19 != -8 && !z8 && bVar == a.b.f) {
            throw new IllegalArgumentException("The padding option is set to PRESENT, but the input is not properly padded");
        }
        if (i18 != 0) {
            throw new IllegalArgumentException("The pad bits must be zeros");
        }
        if (z10) {
            while (i17 < length3) {
                if (cq.b.f8538a[bytes[i17] & 255] != -1) {
                    break;
                }
                i17++;
            }
        }
        if (i17 >= length3) {
            if (i13 != i10) {
                throw new IllegalStateException("Check failed.");
            }
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            if (generateCertificate instanceof X509Certificate) {
                return (X509Certificate) generateCertificate;
            }
            return null;
        }
        int i27 = bytes[i17] & 255;
        StringBuilder sb3 = new StringBuilder("Symbol '");
        sb3.append((char) i27);
        sb3.append("'(");
        com.google.android.play.core.integrity.k.a(8);
        String num2 = Integer.toString(i27, 8);
        r.h(num2, "toString(...)");
        sb3.append(num2);
        sb3.append(") at index ");
        throw new IllegalArgumentException(d.a(sb3, " is prohibited after the pad character", i17 - 1));
    }

    private final PublicKey getPublicKeyFromHeader(p pVar) {
        List<w8.a> list2 = pVar.f9944q;
        r.h(list2, "getX509CertChain(...)");
        PublicKey publicKey = j8.r.b(((w8.a) z.S(list2)).a()).getPublicKey();
        r.h(publicKey, "getPublicKey(...)");
        return publicKey;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r5v13, types: [h8.d] */
    /* JADX WARN: Type inference failed for: r5v9, types: [h8.f] */
    private final g8.r getVerifier(p pVar) {
        h8.c cVar;
        i8.a aVar = new i8.a();
        String str = r.d((o) pVar.f, o.f9993n) ? "SHA256withECDSA" : "SHA256withRSA";
        l8.a aVar2 = aVar.f11150a;
        aVar2.f12174a = Signature.getInstance(str).getProvider();
        PublicKey publicKeyFromHeader = getPublicKeyFromHeader(pVar);
        Set<o> set = j8.p.f11574d;
        g8.a aVar3 = pVar.f;
        if (!set.contains((o) aVar3)) {
            o oVar = (o) aVar3;
            if (s.f11577c.contains(oVar)) {
                if (!(publicKeyFromHeader instanceof RSAPublicKey)) {
                    throw new u(RSAPublicKey.class);
                }
                cVar = new f((RSAPublicKey) publicKeyFromHeader);
            } else {
                if (!n.f11569c.contains(oVar)) {
                    throw new Exception("Unsupported JWS algorithm: " + oVar);
                }
                if (!(publicKeyFromHeader instanceof ECPublicKey)) {
                    throw new u(ECPublicKey.class);
                }
                cVar = new h8.c((ECPublicKey) publicKeyFromHeader);
            }
        } else {
            if (!(publicKeyFromHeader instanceof SecretKey)) {
                throw new u(SecretKey.class);
            }
            cVar = new h8.d((SecretKey) publicKeyFromHeader);
        }
        cVar.b.f12174a = aVar2.f12174a;
        return cVar;
    }

    private final boolean isValid(q qVar, List<? extends X509Certificate> list2) {
        boolean a10;
        if (qVar.g.f9940m != null) {
            this.errorReporter.reportError(new IllegalArgumentException("Encountered a JWK in " + qVar.g));
        }
        Companion companion = Companion;
        p pVar = qVar.g;
        r.h(pVar, "getHeader(...)");
        p sanitizedJwsHeader$3ds2sdk_release = companion.sanitizedJwsHeader$3ds2sdk_release(pVar);
        if (!isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.f9944q, list2)) {
            return false;
        }
        g8.r verifier = getVerifier(sanitizedJwsHeader$3ds2sdk_release);
        synchronized (qVar) {
            AtomicReference<q.a> atomicReference = qVar.f10006j;
            if (atomicReference.get() != q.a.f && atomicReference.get() != q.a.g) {
                throw new IllegalStateException("The JWS object must be in a signed or verified state");
            }
            try {
                try {
                    a10 = verifier.a(qVar.g, qVar.f10005h.getBytes(g.f17683a), qVar.i);
                    if (a10) {
                        qVar.f10006j.set(q.a.g);
                    }
                } catch (g8.f e) {
                    throw e;
                }
            } catch (Exception e10) {
                throw new Exception(e10.getMessage(), e10);
            }
        }
        return a10;
    }

    @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
    public JSONObject getPayload(String jws) {
        r.i(jws, "jws");
        w8.b[] a10 = g8.g.a(jws);
        if (a10.length != 3) {
            throw new ParseException("Unexpected number of Base64URL parts, must be three", 0);
        }
        q qVar = new q(a10[0], a10[1], a10[2]);
        if (this.isLiveMode) {
            if (isValid(qVar, this.rootCerts)) {
                return new JSONObject(qVar.f.toString());
            }
            throw new IllegalStateException("Could not validate JWS");
        }
        p pVar = qVar.g;
        List<w8.a> list2 = pVar.f9944q;
        if (list2 == null || list2.isEmpty()) {
            return new JSONObject(qVar.f.toString());
        }
        List<w8.a> list3 = pVar.f9944q;
        r.h(list3, "getX509CertChain(...)");
        ArrayList arrayList = new ArrayList();
        Iterator<T> it = list3.iterator();
        while (it.hasNext()) {
            String str = ((w8.a) it.next()).f;
            r.h(str, "toString(...)");
            X509Certificate certificateFromString = certificateFromString(str);
            if (certificateFromString != null) {
                arrayList.add(certificateFromString);
            }
        }
        if ((!arrayList.isEmpty()) && isValid(qVar, arrayList)) {
            return new JSONObject(qVar.f.toString());
        }
        throw new IllegalStateException("Could not validate JWS");
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x001a A[Catch: all -> 0x0014, TryCatch #0 {all -> 0x0014, blocks: (B:3:0x0006, B:5:0x000b, B:9:0x0017, B:11:0x001a, B:13:0x0024, B:20:0x002c, B:21:0x0037, B:22:0x0038, B:23:0x0043), top: B:2:0x0006 }] */
    /* JADX WARN: Removed duplicated region for block: B:22:0x0038 A[Catch: all -> 0x0014, TryCatch #0 {all -> 0x0014, blocks: (B:3:0x0006, B:5:0x000b, B:9:0x0017, B:11:0x001a, B:13:0x0024, B:20:0x002c, B:21:0x0037, B:22:0x0038, B:23:0x0043), top: B:2:0x0006 }] */
    @androidx.annotation.VisibleForTesting
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean isCertificateChainValid(java.util.List<? extends w8.a> r3, java.util.List<? extends java.security.cert.X509Certificate> r4) {
        /*
            r2 = this;
            java.lang.String r0 = "rootCerts"
            kotlin.jvm.internal.r.i(r4, r0)
            r0 = 1
            r1 = r3
            java.util.Collection r1 = (java.util.Collection) r1     // Catch: java.lang.Throwable -> L14
            if (r1 == 0) goto L16
            boolean r1 = r1.isEmpty()     // Catch: java.lang.Throwable -> L14
            if (r1 == 0) goto L12
            goto L16
        L12:
            r1 = 0
            goto L17
        L14:
            r3 = move-exception
            goto L44
        L16:
            r1 = r0
        L17:
            r1 = r1 ^ r0
            if (r1 == 0) goto L38
            r1 = r4
            java.util.Collection r1 = (java.util.Collection) r1     // Catch: java.lang.Throwable -> L14
            boolean r1 = r1.isEmpty()     // Catch: java.lang.Throwable -> L14
            r1 = r1 ^ r0
            if (r1 == 0) goto L2c
            com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator$Companion r1 = com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.Companion     // Catch: java.lang.Throwable -> L14
            com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.Companion.access$validateChain(r1, r3, r4)     // Catch: java.lang.Throwable -> L14
            qp.h0 r3 = qp.h0.f14298a     // Catch: java.lang.Throwable -> L14
            goto L48
        L2c:
            java.lang.String r3 = "Root certificates are empty"
            java.lang.IllegalArgumentException r4 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L14
            java.lang.String r3 = r3.toString()     // Catch: java.lang.Throwable -> L14
            r4.<init>(r3)     // Catch: java.lang.Throwable -> L14
            throw r4     // Catch: java.lang.Throwable -> L14
        L38:
            java.lang.String r3 = "JWSHeader's X.509 certificate chain is null or empty"
            java.lang.IllegalArgumentException r4 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L14
            java.lang.String r3 = r3.toString()     // Catch: java.lang.Throwable -> L14
            r4.<init>(r3)     // Catch: java.lang.Throwable -> L14
            throw r4     // Catch: java.lang.Throwable -> L14
        L44:
            qp.r$a r3 = qp.s.a(r3)
        L48:
            java.lang.Throwable r4 = qp.r.a(r3)
            if (r4 == 0) goto L53
            com.stripe.android.stripe3ds2.observability.ErrorReporter r1 = r2.errorReporter
            r1.reportError(r4)
        L53:
            boolean r3 = r3 instanceof qp.r.a
            r3 = r3 ^ r0
            return r3
        */
        throw new UnsupportedOperationException("Method not decompiled: com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.isCertificateChainValid(java.util.List, java.util.List):boolean");
    }
}
