package com.yandex.passport.internal.sso;

import android.annotation.SuppressLint;
import com.yandex.passport.internal.C1781z;
import com.yandex.passport.internal.entities.SignatureInfo;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.collections.d0;
import kotlin.collections.j;
import kotlin.sequences.SequencesKt___SequencesKt;
import ru.os.bmh;
import ru.os.e3f;
import ru.os.vo7;
import ru.os.wc6;

/* loaded from: classes6.dex */
public final class d {
    public final String a;
    public final SignatureInfo b;
    public final int c;
    public final X509Certificate d;

    public d(String str, SignatureInfo signatureInfo, int i, X509Certificate x509Certificate) {
        vo7.i(str, "packageName");
        vo7.i(signatureInfo, "signatureInfo");
        this.a = str;
        this.b = signatureInfo;
        this.c = i;
        this.d = x509Certificate;
    }

    private final CertPathValidatorResult a(X509Certificate x509Certificate, X509Certificate x509Certificate2, wc6<? super Exception, bmh> wc6Var) {
        List<? extends Certificate> e;
        Set d;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
            e = j.e(x509Certificate);
            CertPath generateCertPath = certificateFactory.generateCertPath(e);
            d = d0.d(new TrustAnchor(x509Certificate2, null));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) d);
            pKIXParameters.setRevocationEnabled(false);
            return CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e2) {
            wc6Var.invoke(e2);
            return null;
        }
    }

    private final boolean a(String str, X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        C1781z.a("checkCN: " + name);
        return vo7.d("CN=" + str, name);
    }

    @SuppressLint({"PackageManagerGetSignatures"})
    private final boolean a(PublicKey publicKey) {
        e3f b0;
        e3f H;
        Object obj;
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        b0 = CollectionsKt___CollectionsKt.b0(this.b.h());
        H = SequencesKt___SequencesKt.H(b0, new c(messageDigest));
        Iterator it = H.iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        return ((byte[]) obj) != null;
    }

    public final int a() {
        return this.c;
    }

    public final boolean a(X509Certificate x509Certificate, wc6<? super Exception, bmh> wc6Var) {
        vo7.i(x509Certificate, "trustedCertificate");
        vo7.i(wc6Var, "reportException");
        if (this.b.k()) {
            return true;
        }
        if (this.b.b(this.a)) {
            C1781z.a("isTrusted: true, reason: isSsoEnabledByFingerPrint()");
            return true;
        }
        X509Certificate x509Certificate2 = this.d;
        if (x509Certificate2 == null) {
            C1781z.a("isTrusted: false, reason: ssoCertificate=null");
            return false;
        }
        if (!a(this.a, x509Certificate2)) {
            C1781z.a("isTrusted=false, reason=checkPackageName");
            return false;
        }
        if (a(this.d, x509Certificate, wc6Var) == null) {
            C1781z.a("isTrusted=false, reason=verifyCertificate");
            return false;
        }
        PublicKey publicKey = this.d.getPublicKey();
        vo7.h(publicKey, "ssoCertificate.publicKey");
        if (a(publicKey)) {
            return true;
        }
        C1781z.a("isTrusted=false, reason=checkPublicKey");
        return false;
    }

    public final String b() {
        return this.a;
    }

    public final SignatureInfo c() {
        return this.b;
    }

    public final X509Certificate d() {
        return this.d;
    }
}
