package com.stripe.android.stripe3ds2.transaction;

import al.w;
import am.b;
import androidx.compose.ui.platform.y;
import androidx.lifecycle.x0;
import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import ff.a;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.SecretKey;
import kotlin.jvm.internal.f;
import kotlin.jvm.internal.k;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.json.JSONObject;
import se.n;
import se.o;
import se.p;
import se.q;
import se.t;
import te.c;
import te.d;
import ve.e;
import ve.h;

/* loaded from: classes2.dex */
public final class DefaultJwsValidator implements JwsValidator {
    public static final Companion Companion = new Companion(null);
    private final ErrorReporter errorReporter;
    private final boolean isLiveMode;
    private final List<X509Certificate> rootCerts;

    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(f fVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void validateChain(List<? extends a> list, List<? extends X509Certificate> list2) {
            LinkedList B0 = b.B0(list);
            KeyStore createKeyStore = createKeyStore(list2);
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) B0.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(B0)));
            CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public final KeyStore createKeyStore(List<? extends X509Certificate> rootCerts) {
            k.f(rootCerts, "rootCerts");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            int i10 = 0;
            for (Object obj : rootCerts) {
                int i11 = i10 + 1;
                if (i10 < 0) {
                    y.E1();
                    throw null;
                }
                String format = String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i10)}, 1));
                k.e(format, "format(locale, format, *args)");
                keyStore.setCertificateEntry(format, rootCerts.get(i10));
                i10 = i11;
            }
            return keyStore;
        }

        public final o sanitizedJwsHeader$3ds2sdk_release(o jwsHeader) {
            k.f(jwsHeader, "jwsHeader");
            n nVar = (n) jwsHeader.f24738a;
            if (nVar.f24736a.equals(se.a.f24735b.f24736a)) {
                throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
            }
            return new o(nVar, jwsHeader.f24739b, jwsHeader.f24740c, jwsHeader.f24741d, jwsHeader.f24743g, null, jwsHeader.f24745i, jwsHeader.j, jwsHeader.f24746k, jwsHeader.f24747l, jwsHeader.f24748m, jwsHeader.f24806o, jwsHeader.f24742e, null);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public DefaultJwsValidator(boolean z10, List<? extends X509Certificate> rootCerts, ErrorReporter errorReporter) {
        k.f(rootCerts, "rootCerts");
        k.f(errorReporter, "errorReporter");
        this.isLiveMode = z10;
        this.rootCerts = rootCerts;
        this.errorReporter = errorReporter;
    }

    private final PublicKey getPublicKeyFromHeader(o oVar) {
        List<a> list = oVar.f24747l;
        k.e(list, "jwsHeader.x509CertChain");
        PublicKey publicKey = x0.V(((a) w.b2(list)).a()).getPublicKey();
        k.e(publicKey, "parseWithException(\n    …ode()\n        ).publicKey");
        return publicKey;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r8v13, types: [te.d] */
    /* JADX WARN: Type inference failed for: r8v9, types: [te.f] */
    /* JADX WARN: Unreachable blocks removed: 4, instructions: 4 */
    private final q getVerifier(o oVar) {
        c cVar;
        we.a aVar = new ue.a().f26179a;
        if (o8.a.f21719c == null) {
            o8.a.f21719c = new BouncyCastleProvider();
        }
        aVar.f28282a = o8.a.f21719c;
        PublicKey publicKeyFromHeader = getPublicKeyFromHeader(oVar);
        if (!ve.f.f27150d.contains((n) oVar.f24738a)) {
            Set<n> set = h.f27154c;
            n nVar = (n) oVar.f24738a;
            if (set.contains(nVar)) {
                if (!(publicKeyFromHeader instanceof RSAPublicKey)) {
                    throw new t(RSAPublicKey.class);
                }
                cVar = new te.f((RSAPublicKey) publicKeyFromHeader);
            } else {
                if (!e.f27149c.contains(nVar)) {
                    throw new se.e("Unsupported JWS algorithm: " + nVar);
                }
                if (!(publicKeyFromHeader instanceof ECPublicKey)) {
                    throw new t(ECPublicKey.class);
                }
                cVar = new c((ECPublicKey) publicKeyFromHeader);
            }
        } else {
            if (!(publicKeyFromHeader instanceof SecretKey)) {
                throw new t(SecretKey.class);
            }
            cVar = new d((SecretKey) publicKeyFromHeader);
        }
        cVar.f27146b.f28282a = aVar.f28282a;
        return cVar;
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private final boolean isValid(p pVar, List<? extends X509Certificate> list) {
        boolean a10;
        if (pVar.f24807b.f24744h != null) {
            this.errorReporter.reportError(new IllegalArgumentException(k.l(pVar.f24807b, "Encountered a JWK in ")));
        }
        Companion companion = Companion;
        o oVar = pVar.f24807b;
        k.e(oVar, "jwsObject.header");
        o sanitizedJwsHeader$3ds2sdk_release = companion.sanitizedJwsHeader$3ds2sdk_release(oVar);
        if (!isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.f24747l, list)) {
            return false;
        }
        q verifier = getVerifier(sanitizedJwsHeader$3ds2sdk_release);
        synchronized (pVar) {
            try {
                AtomicReference<p.a> atomicReference = pVar.f24810e;
                if (atomicReference.get() != p.a.SIGNED && atomicReference.get() != p.a.VERIFIED) {
                    throw new IllegalStateException("The JWS object must be in a signed or verified state");
                }
                try {
                    a10 = verifier.a(pVar.f24807b, pVar.f24808c.getBytes(ff.d.f12288a), pVar.f24809d);
                    if (a10) {
                        pVar.f24810e.set(p.a.VERIFIED);
                    }
                } catch (se.e e4) {
                    throw e4;
                } catch (Exception e5) {
                    throw new se.e(e5.getMessage(), e5);
                }
            } catch (Throwable th2) {
                throw th2;
            }
        }
        return a10;
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
    public JSONObject getPayload(String jws) {
        k.f(jws, "jws");
        ff.b[] a10 = se.f.a(jws);
        if (a10.length != 3) {
            throw new ParseException("Unexpected number of Base64URL parts, must be three", 0);
        }
        p pVar = new p(a10[0], a10[1], a10[2]);
        if (this.isLiveMode && !isValid(pVar, this.rootCerts)) {
            throw new IllegalStateException("Could not validate JWS");
        }
        return new JSONObject(pVar.f24759a.toString());
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x0023 A[Catch: all -> 0x001b, TryCatch #0 {all -> 0x001b, blocks: (B:5:0x000d, B:9:0x001f, B:11:0x0023, B:13:0x002d, B:21:0x0039, B:22:0x0049, B:23:0x004b, B:24:0x005b), top: B:4:0x000d }] */
    /* JADX WARN: Removed duplicated region for block: B:23:0x004b A[Catch: all -> 0x001b, TryCatch #0 {all -> 0x001b, blocks: (B:5:0x000d, B:9:0x001f, B:11:0x0023, B:13:0x002d, B:21:0x0039, B:22:0x0049, B:23:0x004b, B:24:0x005b), top: B:4:0x000d }] */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean isCertificateChainValid(java.util.List<? extends ff.a> r7, java.util.List<? extends java.security.cert.X509Certificate> r8) {
        /*
            r6 = this;
            r2 = r6
            java.lang.String r4 = "rootCerts"
            r0 = r4
            kotlin.jvm.internal.k.f(r8, r0)
            r4 = 5
            r4 = 1
            r0 = r4
            if (r7 == 0) goto L1d
            r5 = 5
            r5 = 7
            boolean r4 = r7.isEmpty()     // Catch: java.lang.Throwable -> L1b
            r1 = r4
            if (r1 == 0) goto L17
            r5 = 2
            goto L1e
        L17:
            r4 = 2
            r5 = 0
            r1 = r5
            goto L1f
        L1b:
            r7 = move-exception
            goto L5c
        L1d:
            r4 = 2
        L1e:
            r1 = r0
        L1f:
            r1 = r1 ^ r0
            r4 = 2
            if (r1 == 0) goto L4b
            r4 = 4
            boolean r5 = r8.isEmpty()     // Catch: java.lang.Throwable -> L1b
            r1 = r5
            r1 = r1 ^ r0
            r4 = 7
            if (r1 == 0) goto L39
            r5 = 3
            com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator$Companion r1 = com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.Companion     // Catch: java.lang.Throwable -> L1b
            r4 = 5
            com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.Companion.access$validateChain(r1, r7, r8)     // Catch: java.lang.Throwable -> L1b
            r4 = 4
            zk.u r7 = zk.u.f31289a     // Catch: java.lang.Throwable -> L1b
            r5 = 4
            goto L61
        L39:
            r5 = 2
            java.lang.String r4 = "Root certificates are empty"
            r7 = r4
            java.lang.IllegalArgumentException r8 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L1b
            r4 = 3
            java.lang.String r4 = r7.toString()     // Catch: java.lang.Throwable -> L1b
            r7 = r4
            r8.<init>(r7)     // Catch: java.lang.Throwable -> L1b
            r4 = 4
            throw r8     // Catch: java.lang.Throwable -> L1b
            r4 = 5
        L4b:
            r4 = 5
            java.lang.String r5 = "JWSHeader's X.509 certificate chain is null or empty"
            r7 = r5
            java.lang.IllegalArgumentException r8 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L1b
            r5 = 2
            java.lang.String r5 = r7.toString()     // Catch: java.lang.Throwable -> L1b
            r7 = r5
            r8.<init>(r7)     // Catch: java.lang.Throwable -> L1b
            r4 = 7
            throw r8     // Catch: java.lang.Throwable -> L1b
        L5c:
            zk.i$a r4 = androidx.compose.ui.platform.y.N(r7)
            r7 = r4
        L61:
            java.lang.Throwable r4 = zk.i.a(r7)
            r8 = r4
            if (r8 != 0) goto L6a
            r4 = 4
            goto L72
        L6a:
            r4 = 3
            com.stripe.android.stripe3ds2.observability.ErrorReporter r1 = r2.errorReporter
            r4 = 3
            r1.reportError(r8)
            r5 = 2
        L72:
            boolean r7 = r7 instanceof zk.i.a
            r5 = 2
            r7 = r7 ^ r0
            r5 = 5
            return r7
        */
        throw new UnsupportedOperationException("Method not decompiled: com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.isCertificateChainValid(java.util.List, java.util.List):boolean");
    }
}
