package com.yandex.passport.internal.sso;

import android.content.pm.Signature;
import android.util.Base64;
import com.yandex.passport.internal.entities.q;
import g3.f1;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import kd.p;

/* loaded from: classes.dex */
public final class d {

    /* renamed from: a, reason: collision with root package name */
    public final String f13072a;

    /* renamed from: b, reason: collision with root package name */
    public final q f13073b;
    public final int c;

    /* renamed from: d, reason: collision with root package name */
    public final X509Certificate f13074d;

    public d(String str, q qVar, int i10, X509Certificate x509Certificate) {
        this.f13072a = str;
        this.f13073b = qVar;
        this.c = i10;
        this.f13074d = x509Certificate;
    }

    public final boolean a(X509Certificate x509Certificate, ud.c cVar) {
        CertPathValidatorResult certPathValidatorResult;
        Object obj;
        q qVar = this.f13073b;
        if (qVar.d()) {
            return true;
        }
        Map map = q.f10786g;
        String str = this.f13072a;
        String str2 = (String) map.get(str);
        int i10 = 0;
        boolean equals = str2 == null ? false : Arrays.equals(qVar.a(), Base64.decode(str2, 0));
        r7.d dVar = r7.d.DEBUG;
        if (equals) {
            r7.e eVar = r7.c.f27795a;
            if (r7.c.b()) {
                r7.c.d(dVar, null, "isTrusted: true, reason: isSsoEnabledByFingerPrint()", 8);
            }
            return true;
        }
        X509Certificate x509Certificate2 = this.f13074d;
        if (x509Certificate2 == null) {
            r7.e eVar2 = r7.c.f27795a;
            if (r7.c.b()) {
                r7.c.d(dVar, null, "isTrusted: false, reason: ssoCertificate=null", 8);
            }
            return false;
        }
        String name = x509Certificate2.getSubjectX500Principal().getName("RFC2253");
        r7.e eVar3 = r7.c.f27795a;
        if (r7.c.b()) {
            r7.c.d(dVar, null, "checkCN: " + name, 8);
        }
        if (!mq.d.l("CN=" + str, name)) {
            if (r7.c.b()) {
                r7.c.d(dVar, null, "isTrusted=false, reason=checkPackageName", 8);
            }
            return false;
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(Collections.singletonList(x509Certificate2));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e10) {
            cVar.invoke(e10);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            r7.e eVar4 = r7.c.f27795a;
            if (r7.c.b()) {
                r7.c.d(dVar, null, "isTrusted=false, reason=verifyCertificate", 8);
            }
            return false;
        }
        PublicKey publicKey = x509Certificate2.getPublicKey();
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        ArrayList V = xd.a.V(qVar.f10788b);
        ArrayList arrayList = new ArrayList(ce.m.e2(V, 10));
        Iterator it = V.iterator();
        while (it.hasNext()) {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(((Signature) it.next()).toByteArray()));
            if (generateCertificate == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            arrayList.add((X509Certificate) generateCertificate);
        }
        f1 l2 = p.l2(arrayList);
        c cVar2 = new c(i10, messageDigest);
        Iterator it2 = l2.iterator();
        while (true) {
            if (!it2.hasNext()) {
                obj = null;
                break;
            }
            obj = cVar2.invoke(it2.next());
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        r7.e eVar5 = r7.c.f27795a;
        if (r7.c.b()) {
            r7.c.d(dVar, null, "isTrusted=false, reason=checkPublicKey", 8);
        }
        return false;
    }
}
