package com.yandex.srow.internal.sso;

import android.annotation.SuppressLint;
import com.yandex.srow.internal.x;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import kotlin.b0.g0;
import kotlin.b0.u;
import kotlin.g0.d.n;
import kotlin.g0.d.o;
import kotlin.y;

/* loaded from: classes.dex */
public final class c {
    private final String a;

    /* renamed from: b, reason: collision with root package name */
    private final com.yandex.srow.internal.entities.l f11435b;

    /* renamed from: c, reason: collision with root package name */
    private final int f11436c;

    /* renamed from: d, reason: collision with root package name */
    private final X509Certificate f11437d;

    /* loaded from: classes.dex */
    public static final class a extends o implements kotlin.g0.c.l<X509Certificate, byte[]> {

        /* renamed from: e, reason: collision with root package name */
        public final /* synthetic */ MessageDigest f11438e;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public a(MessageDigest messageDigest) {
            super(1);
            this.f11438e = messageDigest;
        }

        @Override // kotlin.g0.c.l
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final byte[] invoke(X509Certificate x509Certificate) {
            n.d(x509Certificate, "it");
            return this.f11438e.digest(x509Certificate.getPublicKey().getEncoded());
        }
    }

    public c(String str, com.yandex.srow.internal.entities.l lVar, int i2, X509Certificate x509Certificate) {
        n.d(str, "packageName");
        n.d(lVar, "signatureInfo");
        this.a = str;
        this.f11435b = lVar;
        this.f11436c = i2;
        this.f11437d = x509Certificate;
    }

    private final CertPathValidatorResult a(X509Certificate x509Certificate, X509Certificate x509Certificate2, kotlin.g0.c.l<? super Exception, y> lVar) {
        List<? extends Certificate> b2;
        Set a2;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
            b2 = kotlin.b0.l.b(x509Certificate);
            CertPath generateCertPath = certificateFactory.generateCertPath(b2);
            a2 = g0.a(new TrustAnchor(x509Certificate2, null));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) a2);
            pKIXParameters.setRevocationEnabled(false);
            return CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e2) {
            lVar.invoke(e2);
            return null;
        }
    }

    private final boolean a(String str, X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        x.a(n.j("checkCN: ", name));
        return n.a(n.j("CN=", str), name);
    }

    @SuppressLint({"PackageManagerGetSignatures"})
    private final boolean a(PublicKey publicKey) {
        kotlin.l0.c y;
        kotlin.l0.c g2;
        Object obj;
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        y = u.y(this.f11435b.h());
        g2 = kotlin.l0.i.g(y, new a(messageDigest));
        Iterator it = g2.iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        return ((byte[]) obj) != null;
    }

    public final int a() {
        return this.f11436c;
    }

    public final boolean a(X509Certificate x509Certificate, kotlin.g0.c.l<? super Exception, y> lVar) {
        n.d(x509Certificate, "trustedCertificate");
        n.d(lVar, "reportException");
        if (this.f11435b.k()) {
            return true;
        }
        if (this.f11435b.b(this.a)) {
            x.a("isTrusted: true, reason: isSsoEnabledByFingerPrint()");
            return true;
        }
        X509Certificate x509Certificate2 = this.f11437d;
        if (x509Certificate2 == null) {
            x.a("isTrusted: false, reason: ssoCertificate=null");
            return false;
        }
        if (!a(this.a, x509Certificate2)) {
            x.a("isTrusted=false, reason=checkPackageName");
            return false;
        }
        if (a(this.f11437d, x509Certificate, lVar) == null) {
            x.a("isTrusted=false, reason=verifyCertificate");
            return false;
        }
        PublicKey publicKey = this.f11437d.getPublicKey();
        n.c(publicKey, "ssoCertificate.publicKey");
        if (a(publicKey)) {
            return true;
        }
        x.a("isTrusted=false, reason=checkPublicKey");
        return false;
    }

    public final String b() {
        return this.a;
    }

    public final com.yandex.srow.internal.entities.l c() {
        return this.f11435b;
    }

    public final X509Certificate d() {
        return this.f11437d;
    }
}
