package com.google.android.gms.auth.proximity;

import android.os.Parcel;
import android.os.Parcelable;
import android.util.Log;
import com.google.android.gms.common.internal.safeparcel.AbstractSafeParcelable;
import defpackage.aaha;
import defpackage.aahb;
import defpackage.aayh;
import defpackage.anpf;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;

/* compiled from: :com.google.android.gms@242213018@24.22.13 (100300-638740827) */
/* loaded from: classes6.dex */
public class AttestationVerifier extends AbstractSafeParcelable {
    public static final Parcelable.Creator CREATOR = new aahb();
    final byte[][] a;
    final int b;
    final aaha c;
    private int d = 1;

    public AttestationVerifier(byte[][] bArr, int i) {
        this.a = bArr;
        this.b = i;
        if (aaha.a == null) {
            aaha.a = new aaha();
        }
        this.c = aaha.a;
    }

    private final boolean b() {
        int i = 0;
        while (true) {
            byte[][] bArr = this.a;
            if (i >= bArr.length) {
                return true;
            }
            X509Certificate a = this.c.a(bArr[i]);
            if (a == null) {
                Log.e("AttestationVerifier", "Could not convert the attestation data to a set of valid certificates");
                return false;
            }
            try {
                a.checkValidity();
                i++;
            } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                Log.e("AttestationVerifier", "Certificate is outside of the validity period", e);
                return false;
            }
        }
    }

    private static final boolean c(boolean[] zArr, int i) {
        for (int i2 = 0; i2 < zArr.length; i2++) {
            if (i2 == i) {
                if (!zArr[i2]) {
                    Log.e("AttestationVerifier", a.l(i2, "Key usage index ", " should be set to true and was not"));
                    return false;
                }
            } else if (zArr[i2]) {
                Log.e("AttestationVerifier", a.l(i2, "Key usage index ", " should be set to false and was not"));
                return false;
            }
        }
        return true;
    }

    public final boolean a() {
        int i = this.d;
        boolean z = false;
        if (i == 3) {
            Log.e("AttestationVerifier", "Certificate previously failed to verify");
            return false;
        }
        if (i == 2 && !b()) {
            Log.e("AttestationVerifier", "Certificate is now outside the validity period");
            this.d = 3;
            return false;
        }
        if (this.b != aayh.a(3)) {
            Log.e("AttestationVerifier", "Not possible to perform verification for this type: " + this.b);
            return false;
        }
        int length = this.a.length;
        if (length == 0) {
            Log.e("AttestationVerifier", "No certificates to verify");
        } else {
            ArrayList arrayList = new ArrayList(length);
            int i2 = 0;
            while (true) {
                byte[][] bArr = this.a;
                if (i2 < bArr.length) {
                    X509Certificate a = this.c.a(bArr[i2]);
                    if (a == null) {
                        Log.e("AttestationVerifier", "Could not convert the attestation data to a set of valid certificates");
                        break;
                    }
                    arrayList.add(a);
                    dyjc l = dyaq.l(a.getSubjectX500Principal().getName("CANONICAL").split(","));
                    int basicConstraints = a.getBasicConstraints();
                    if (i2 == 1) {
                        if (l.c != 2 || !l.contains("o=chrome device soft bind") || !l.contains("cn=local authority")) {
                            break;
                        }
                        if (!c(a.getKeyUsage(), 5)) {
                            break;
                        }
                        if (basicConstraints != 0) {
                            Log.e("AttestationVerifier", "Penultimate cert PathLen constraint is incorrect");
                            break;
                        }
                        i2++;
                    } else if (i2 == 0) {
                        if (l.c != 2 || !l.contains("o=chrome device soft bind") || !l.contains("cn=cryptauth user key")) {
                            break;
                        }
                        if (!c(a.getKeyUsage(), 0)) {
                            break;
                        }
                        if (basicConstraints != -1) {
                            Log.e("AttestationVerifier", "Leaf cert PathLen constraint is incorrect");
                            break;
                        }
                        if (a.getNotAfter().getTime() - a.getNotBefore().getTime() > 259200000) {
                            Log.e("AttestationVerifier", "Leaf cert issued for longer than allowed period");
                            break;
                        }
                        i2++;
                    } else {
                        if (basicConstraints == 0) {
                            Log.e("AttestationVerifier", "Multiple or misplaced terminal local ca cert(s)");
                            break;
                        }
                        i2++;
                    }
                } else {
                    aaha aahaVar = this.c;
                    TrustAnchor trustAnchor = aahaVar.b;
                    if (trustAnchor == null || !aahaVar.b(arrayList, trustAnchor)) {
                        Log.e("AttestationVerifier", "Could not validate chain");
                    } else {
                        z = true;
                    }
                }
            }
        }
        if (z) {
            Log.i("AttestationVerifier", "CROS_SOFT_BIND certificate verified");
            this.d = 2;
        } else {
            Log.e("AttestationVerifier", "CROS_SOFT_BIND certificate NOT verified");
            this.d = 3;
        }
        return z;
    }

    public final boolean equals(Object obj) {
        if (obj instanceof AttestationVerifier) {
            return Arrays.equals(this.a, ((AttestationVerifier) obj).a);
        }
        return false;
    }

    public final int hashCode() {
        return Arrays.hashCode(this.a);
    }

    @Override // android.os.Parcelable
    public final void writeToParcel(Parcel parcel, int i) {
        int a = anpf.a(parcel);
        anpf.A(parcel, 1, this.a);
        anpf.o(parcel, 2, this.b);
        anpf.c(parcel, a);
    }
}
