package com.yandex.passport.internal.sso;

import android.content.pm.Signature;
import as0.n;
import com.avstaim.darkside.service.LogLevel;
import com.samsung.android.sdk.samsungpay.v2.InternalConst;
import com.yandex.passport.internal.sso.SsoApplicationsResolver;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.collections.j;
import kotlin.sequences.SequencesKt___SequencesKt;
import ks0.l;
import ts0.s;

/* loaded from: classes3.dex */
public final class b {

    /* renamed from: a, reason: collision with root package name */
    public final String f46460a;

    /* renamed from: b, reason: collision with root package name */
    public final com.yandex.passport.internal.entities.e f46461b;

    /* renamed from: c, reason: collision with root package name */
    public final com.yandex.passport.internal.entities.e f46462c;

    /* renamed from: d, reason: collision with root package name */
    public final int f46463d;

    /* renamed from: e, reason: collision with root package name */
    public final X509Certificate f46464e;

    public b(String str, com.yandex.passport.internal.entities.e eVar, com.yandex.passport.internal.entities.e eVar2, int i12, X509Certificate x509Certificate) {
        ls0.g.i(str, InternalConst.EXTRA_PACKAGE_NAME);
        this.f46460a = str;
        this.f46461b = eVar;
        this.f46462c = eVar2;
        this.f46463d = i12;
        this.f46464e = x509Certificate;
    }

    public final boolean a(X509Certificate x509Certificate, l<? super Exception, n> lVar) {
        CertPathValidatorResult certPathValidatorResult;
        Object obj;
        ls0.g.i(x509Certificate, "trustedCertificate");
        if (this.f46462c.h(this.f46461b)) {
            return true;
        }
        com.yandex.passport.internal.entities.e eVar = this.f46462c;
        String str = this.f46460a;
        Objects.requireNonNull(eVar);
        ls0.g.i(str, InternalConst.EXTRA_PACKAGE_NAME);
        String str2 = com.yandex.passport.internal.entities.e.f44027i.get(str);
        if (str2 == null ? false : eVar.a(str2)) {
            if (t6.c.f84522a.b()) {
                t6.c.d(LogLevel.DEBUG, null, "isTrusted: true, reason: isSsoEnabledByFingerPrint()", 8);
            }
            return true;
        }
        X509Certificate x509Certificate2 = this.f46464e;
        if (x509Certificate2 == null) {
            if (t6.c.f84522a.b()) {
                t6.c.d(LogLevel.DEBUG, null, "isTrusted: false, reason: ssoCertificate=null", 8);
            }
            return false;
        }
        String str3 = this.f46460a;
        String name = x509Certificate2.getSubjectX500Principal().getName("RFC2253");
        t6.c cVar = t6.c.f84522a;
        if (cVar.b()) {
            t6.c.d(LogLevel.DEBUG, null, "checkCN: " + name, 8);
        }
        if (!ls0.g.d("CN=" + str3, name)) {
            if (cVar.b()) {
                t6.c.d(LogLevel.DEBUG, null, "isTrusted=false, reason=checkPackageName", 8);
            }
            return false;
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(c9.e.U(this.f46464e));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) b5.a.T0(new TrustAnchor(x509Certificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e12) {
            lVar.invoke(e12);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            if (t6.c.f84522a.b()) {
                t6.c.d(LogLevel.DEBUG, null, "isTrusted=false, reason=verifyCertificate", 8);
            }
            return false;
        }
        PublicKey publicKey = this.f46464e.getPublicKey();
        ls0.g.h(publicKey, "ssoCertificate.publicKey");
        final MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        List s0 = ArraysKt___ArraysKt.s0(this.f46462c.f44029b);
        ArrayList arrayList = new ArrayList(j.A0(s0, 10));
        Iterator it2 = ((ArrayList) s0).iterator();
        while (it2.hasNext()) {
            Signature signature = (Signature) it2.next();
            SsoApplicationsResolver.a aVar = SsoApplicationsResolver.f46435d;
            byte[] byteArray = signature.toByteArray();
            ls0.g.h(byteArray, "it.toByteArray()");
            arrayList.add(aVar.c(byteArray));
        }
        s.a aVar2 = new s.a((s) SequencesKt___SequencesKt.R0(CollectionsKt___CollectionsKt.O0(arrayList), new l<X509Certificate, byte[]>() { // from class: com.yandex.passport.internal.sso.SsoApplication$checkPublicKey$validateSignature$1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            @Override // ks0.l
            public final byte[] invoke(X509Certificate x509Certificate3) {
                X509Certificate x509Certificate4 = x509Certificate3;
                ls0.g.i(x509Certificate4, "it");
                return messageDigest.digest(x509Certificate4.getPublicKey().getEncoded());
            }
        }));
        while (true) {
            if (!aVar2.hasNext()) {
                obj = null;
                break;
            }
            obj = aVar2.next();
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        if (t6.c.f84522a.b()) {
            t6.c.d(LogLevel.DEBUG, null, "isTrusted=false, reason=checkPublicKey", 8);
        }
        return false;
    }
}
