package com.yandex.passport.internal.sso;

import Dc.J;
import Md.t;
import T2.D;
import android.content.pm.Signature;
import android.util.Base64;
import com.yandex.passport.internal.entities.q;
import ic.n;
import ic.p;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;

/* loaded from: classes2.dex */
public final class c {

    /* renamed from: a, reason: collision with root package name */
    public final String f29680a;

    /* renamed from: b, reason: collision with root package name */
    public final q f29681b;

    /* renamed from: c, reason: collision with root package name */
    public final q f29682c;

    /* renamed from: d, reason: collision with root package name */
    public final int f29683d;

    /* renamed from: e, reason: collision with root package name */
    public final X509Certificate f29684e;

    public c(String str, q qVar, q qVar2, int i5, X509Certificate x509Certificate) {
        this.f29680a = str;
        this.f29681b = qVar;
        this.f29682c = qVar2;
        this.f29683d = i5;
        this.f29684e = x509Certificate;
    }

    /* JADX WARN: Type inference failed for: r3v0, types: [java.util.Map, java.lang.Object] */
    public final boolean a(X509Certificate trustedCertificate, wc.k kVar) {
        boolean equals;
        CertPathValidatorResult certPathValidatorResult;
        Object obj;
        kotlin.jvm.internal.m.e(trustedCertificate, "trustedCertificate");
        q qVar = this.f29681b;
        q qVar2 = this.f29682c;
        if (qVar2.e(qVar)) {
            return true;
        }
        String str = this.f29680a;
        String str2 = (String) q.f26295h.get(str);
        if (str2 == null) {
            equals = false;
        } else {
            byte[] otherHash = Base64.decode(str2, 0);
            kotlin.jvm.internal.m.d(otherHash, "otherHash");
            equals = Arrays.equals(qVar2.a(), otherHash);
        }
        if (equals) {
            if (R4.a.f11531a.isEnabled()) {
                R4.a.c(2, null, 8, "isTrusted: true, reason: isSsoEnabledByFingerPrint()");
            }
            return true;
        }
        X509Certificate x509Certificate = this.f29684e;
        if (x509Certificate == null) {
            if (R4.a.f11531a.isEnabled()) {
                R4.a.c(2, null, 8, "isTrusted: false, reason: ssoCertificate=null");
            }
            return false;
        }
        String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        if (R4.a.f11531a.isEnabled()) {
            R4.a.c(2, null, 8, "checkCN: " + name);
        }
        if (!kotlin.jvm.internal.m.a("CN=".concat(str), name)) {
            if (R4.a.f11531a.isEnabled()) {
                R4.a.c(2, null, 8, "isTrusted=false, reason=checkPackageName");
            }
            return false;
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(J.M(x509Certificate));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Le.i.V(new TrustAnchor(trustedCertificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e8) {
            kVar.invoke(e8);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            if (R4.a.f11531a.isEnabled()) {
                R4.a.c(2, null, 8, "isTrusted=false, reason=verifyCertificate");
            }
            return false;
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        kotlin.jvm.internal.m.d(publicKey, "ssoCertificate.publicKey");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        ArrayList q02 = ic.l.q0(qVar2.f26297b);
        ArrayList arrayList = new ArrayList(p.h0(q02, 10));
        Iterator it = q02.iterator();
        while (it.hasNext()) {
            byte[] byteArray = ((Signature) it.next()).toByteArray();
            kotlin.jvm.internal.m.d(byteArray, "it.toByteArray()");
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
            kotlin.jvm.internal.m.c(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            arrayList.add((X509Certificate) generateCertificate);
        }
        t c02 = Md.m.c0(n.s0(arrayList), new D(14, messageDigest));
        Iterator it2 = c02.f8905a.iterator();
        while (true) {
            if (!it2.hasNext()) {
                obj = null;
                break;
            }
            obj = c02.f8906b.invoke(it2.next());
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        if (R4.a.f11531a.isEnabled()) {
            R4.a.c(2, null, 8, "isTrusted=false, reason=checkPublicKey");
        }
        return false;
    }
}
