package com.yandex.passport.internal.sso;

import android.content.pm.Signature;
import com.yandex.passport.internal.entities.SignatureInfo;
import com.yandex.passport.internal.z;
import com.yandex.xplat.xmail.DefaultStorageKt;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import kotlin.Unit;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.reflect.jvm.internal.impl.types.typeUtil.TypeUtilsKt;

/* loaded from: classes2.dex */
public final class d {

    /* renamed from: a, reason: collision with root package name */
    public final String f6890a;
    public final SignatureInfo b;
    public final int c;
    public final X509Certificate d;

    public d(String packageName, SignatureInfo signatureInfo, int i, X509Certificate x509Certificate) {
        Intrinsics.d(packageName, "packageName");
        Intrinsics.d(signatureInfo, "signatureInfo");
        this.f6890a = packageName;
        this.b = signatureInfo;
        this.c = i;
        this.d = x509Certificate;
    }

    public final boolean a(X509Certificate trustedCertificate, Function1<? super Exception, Unit> reportException) {
        CertPathValidatorResult certPathValidatorResult;
        Object obj;
        Intrinsics.d(trustedCertificate, "trustedCertificate");
        Intrinsics.d(reportException, "reportException");
        if (this.b.k()) {
            return true;
        }
        SignatureInfo signatureInfo = this.b;
        String packageName = this.f6890a;
        if (signatureInfo == null) {
            throw null;
        }
        Intrinsics.d(packageName, "packageName");
        String str = SignatureInfo.i.get(packageName);
        if (str != null ? signatureInfo.a(str) : false) {
            z.a("isTrusted: true, reason: isSsoEnabledByFingerPrint()");
            return true;
        }
        X509Certificate x509Certificate = this.d;
        if (x509Certificate == null) {
            z.a("isTrusted: false, reason: ssoCertificate=null");
            return false;
        }
        String str2 = this.f6890a;
        String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        z.a("checkCN: " + name);
        if (!Intrinsics.a((Object) ("CN=" + str2), (Object) name)) {
            Intrinsics.d("isTrusted=false, reason=checkPackageName", "message");
            z.d.a(3, "isTrusted=false, reason=checkPackageName", null);
            return false;
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(DefaultStorageKt.c(this.d));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) DefaultStorageKt.e(new TrustAnchor(trustedCertificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e) {
            reportException.invoke(e);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            Intrinsics.d("isTrusted=false, reason=verifyCertificate", "message");
            z.d.a(3, "isTrusted=false, reason=verifyCertificate", null);
            return false;
        }
        PublicKey publicKey = this.d.getPublicKey();
        Intrinsics.a((Object) publicKey, "ssoCertificate.publicKey");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        List d = DefaultStorageKt.d((Object[]) this.b.l);
        ArrayList arrayList = new ArrayList(DefaultStorageKt.a((Iterable) d, 10));
        Iterator it = ((ArrayList) d).iterator();
        while (it.hasNext()) {
            byte[] byteArray = ((Signature) it.next()).toByteArray();
            Intrinsics.a((Object) byteArray, "it.toByteArray()");
            arrayList.add(SsoApplicationsResolver.a(byteArray));
        }
        Iterator it2 = TypeUtilsKt.d(ArraysKt___ArraysJvmKt.a((Iterable) arrayList), new c(messageDigest)).iterator();
        while (true) {
            if (!it2.hasNext()) {
                obj = null;
                break;
            }
            obj = it2.next();
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        Intrinsics.d("isTrusted=false, reason=checkPublicKey", "message");
        z.d.a(3, "isTrusted=false, reason=checkPublicKey", null);
        return false;
    }
}
