package com.yandex.passport.internal.sso;

import android.content.pm.Signature;
import android.util.Base64;
import com.yandex.passport.common.logger.LogLevel;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import kotlin.collections.N;
import kotlin.collections.p;
import kotlin.collections.r;
import kotlin.collections.t;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.l;
import kotlin.sequences.m;

/* loaded from: classes3.dex */
public final class c {
    public final String a;

    /* renamed from: b, reason: collision with root package name */
    public final com.yandex.passport.internal.entities.f f68552b;

    /* renamed from: c, reason: collision with root package name */
    public final com.yandex.passport.internal.entities.f f68553c;

    /* renamed from: d, reason: collision with root package name */
    public final int f68554d;

    /* renamed from: e, reason: collision with root package name */
    public final X509Certificate f68555e;

    public c(String packageName, com.yandex.passport.internal.entities.f fVar, com.yandex.passport.internal.entities.f fVar2, int i10, X509Certificate x509Certificate) {
        l.i(packageName, "packageName");
        this.a = packageName;
        this.f68552b = fVar;
        this.f68553c = fVar2;
        this.f68554d = i10;
        this.f68555e = x509Certificate;
    }

    /* JADX WARN: Type inference failed for: r3v1, types: [java.util.Map, java.lang.Object] */
    public final boolean a(X509Certificate trustedCertificate, Function1 function1) {
        boolean equals;
        CertPathValidatorResult certPathValidatorResult;
        Object obj;
        l.i(trustedCertificate, "trustedCertificate");
        com.yandex.passport.internal.entities.f fVar = this.f68552b;
        com.yandex.passport.internal.entities.f fVar2 = this.f68553c;
        if (fVar2.e(fVar)) {
            return true;
        }
        String packageName = this.a;
        l.i(packageName, "packageName");
        String str = (String) com.yandex.passport.internal.entities.f.h.get(packageName);
        if (str == null) {
            equals = false;
        } else {
            byte[] decode = Base64.decode(str, 0);
            l.f(decode);
            equals = Arrays.equals(fVar2.a(), decode);
        }
        if (equals) {
            if (com.yandex.passport.common.logger.b.a.a()) {
                com.yandex.passport.common.logger.b.c(LogLevel.DEBUG, null, "isTrusted: true, reason: isSsoEnabledByFingerPrint()", 8);
            }
            return true;
        }
        X509Certificate x509Certificate = this.f68555e;
        if (x509Certificate == null) {
            if (com.yandex.passport.common.logger.b.a.a()) {
                com.yandex.passport.common.logger.b.c(LogLevel.DEBUG, null, "isTrusted: false, reason: ssoCertificate=null", 8);
            }
            return false;
        }
        String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        if (com.yandex.passport.common.logger.b.a.a()) {
            com.yandex.passport.common.logger.b.c(LogLevel.DEBUG, null, "checkCN: " + name, 8);
        }
        if (!l.d("CN=".concat(packageName), name)) {
            if (com.yandex.passport.common.logger.b.a.a()) {
                com.yandex.passport.common.logger.b.c(LogLevel.DEBUG, null, "isTrusted=false, reason=checkPackageName", 8);
            }
            return false;
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(N.d(x509Certificate));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) N.e(new TrustAnchor(trustedCertificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e6) {
            function1.invoke(e6);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            if (com.yandex.passport.common.logger.b.a.a()) {
                com.yandex.passport.common.logger.b.c(LogLevel.DEBUG, null, "isTrusted=false, reason=verifyCertificate", 8);
            }
            return false;
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        l.h(publicKey, "getPublicKey(...)");
        final MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        List G10 = p.G(fVar2.f66834b);
        ArrayList arrayList = new ArrayList(t.v(G10, 10));
        Iterator it = G10.iterator();
        while (it.hasNext()) {
            byte[] byteArray = ((Signature) it.next()).toByteArray();
            l.h(byteArray, "toByteArray(...)");
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
            l.g(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            arrayList.add((X509Certificate) generateCertificate);
        }
        kotlin.sequences.p H02 = m.H0(r.N(arrayList), new Function1() { // from class: com.yandex.passport.internal.sso.SsoApplication$checkPublicKey$validateSignature$1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            @Override // kotlin.jvm.functions.Function1
            public final byte[] invoke(X509Certificate it2) {
                l.i(it2, "it");
                return messageDigest.digest(it2.getPublicKey().getEncoded());
            }
        });
        Iterator it2 = H02.a.iterator();
        while (true) {
            if (!it2.hasNext()) {
                obj = null;
                break;
            }
            obj = H02.f80184b.invoke(it2.next());
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        if (com.yandex.passport.common.logger.b.a.a()) {
            com.yandex.passport.common.logger.b.c(LogLevel.DEBUG, null, "isTrusted=false, reason=checkPublicKey", 8);
        }
        return false;
    }
}
