package com.yandex.p00221.passport.internal.sso;

import android.content.pm.Signature;
import android.util.Base64;
import com.yandex.p00221.passport.common.logger.d;
import com.yandex.p00221.passport.internal.entities.g;
import defpackage.C14209eF;
import defpackage.C4386Il8;
import defpackage.C7501Rp8;
import defpackage.C9277Xe1;
import defpackage.C9940Ze1;
import defpackage.LZ1;
import defpackage.RD9;
import defpackage.ZN0;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;

/* loaded from: classes4.dex */
public final class c {

    /* renamed from: case, reason: not valid java name */
    public final X509Certificate f86005case;

    /* renamed from: for, reason: not valid java name */
    @NotNull
    public final g f86006for;

    /* renamed from: if, reason: not valid java name */
    @NotNull
    public final String f86007if;

    /* renamed from: new, reason: not valid java name */
    @NotNull
    public final g f86008new;

    /* renamed from: try, reason: not valid java name */
    public final int f86009try;

    public c(@NotNull String packageName, @NotNull g selfSignatureInfo, @NotNull g signatureInfo, int i, X509Certificate x509Certificate) {
        Intrinsics.checkNotNullParameter(packageName, "packageName");
        Intrinsics.checkNotNullParameter(selfSignatureInfo, "selfSignatureInfo");
        Intrinsics.checkNotNullParameter(signatureInfo, "signatureInfo");
        this.f86007if = packageName;
        this.f86006for = selfSignatureInfo;
        this.f86008new = signatureInfo;
        this.f86009try = i;
        this.f86005case = x509Certificate;
    }

    /* JADX WARN: Type inference failed for: r3v1, types: [java.util.Map, java.lang.Object] */
    /* renamed from: if, reason: not valid java name */
    public final boolean m24446if(@NotNull X509Certificate trustedCertificate, @NotNull Function1<? super Exception, Unit> reportException) {
        boolean equals;
        CertPathValidatorResult certPathValidatorResult;
        Object obj;
        Intrinsics.checkNotNullParameter(trustedCertificate, "trustedCertificate");
        Intrinsics.checkNotNullParameter(reportException, "reportException");
        g gVar = this.f86006for;
        g gVar2 = this.f86008new;
        if (gVar2.m24066else(gVar)) {
            return true;
        }
        String packageName = this.f86007if;
        Intrinsics.checkNotNullParameter(packageName, "packageName");
        String sha256Fingerprint = (String) g.f82636this.get(packageName);
        if (sha256Fingerprint == null) {
            equals = false;
        } else {
            Intrinsics.checkNotNullParameter(sha256Fingerprint, "sha256Fingerprint");
            byte[] otherHash = Base64.decode(sha256Fingerprint, 0);
            Intrinsics.checkNotNullExpressionValue(otherHash, "otherHash");
            Intrinsics.checkNotNullParameter(otherHash, "otherHash");
            equals = Arrays.equals(gVar2.m24068if(), otherHash);
        }
        d dVar = d.f80143finally;
        if (equals) {
            com.yandex.p00221.passport.common.logger.c cVar = com.yandex.p00221.passport.common.logger.c.f80139if;
            cVar.getClass();
            if (com.yandex.p00221.passport.common.logger.c.f80138for.isEnabled()) {
                com.yandex.p00221.passport.common.logger.c.m23682new(cVar, dVar, null, "isTrusted: true, reason: isSsoEnabledByFingerPrint()", 8);
            }
            return true;
        }
        X509Certificate x509Certificate = this.f86005case;
        if (x509Certificate == null) {
            com.yandex.p00221.passport.common.logger.c cVar2 = com.yandex.p00221.passport.common.logger.c.f80139if;
            cVar2.getClass();
            if (com.yandex.p00221.passport.common.logger.c.f80138for.isEnabled()) {
                com.yandex.p00221.passport.common.logger.c.m23682new(cVar2, dVar, null, "isTrusted: false, reason: ssoCertificate=null", 8);
            }
            return false;
        }
        String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        com.yandex.p00221.passport.common.logger.c cVar3 = com.yandex.p00221.passport.common.logger.c.f80139if;
        cVar3.getClass();
        if (com.yandex.p00221.passport.common.logger.c.f80138for.isEnabled()) {
            com.yandex.p00221.passport.common.logger.c.m23682new(cVar3, dVar, null, ZN0.m18534new("checkCN: ", name), 8);
        }
        if (!Intrinsics.m31884try("CN=" + packageName, name)) {
            if (com.yandex.p00221.passport.common.logger.c.f80138for.isEnabled()) {
                com.yandex.p00221.passport.common.logger.c.m23682new(cVar3, dVar, null, "isTrusted=false, reason=checkPackageName", 8);
            }
            return false;
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(C9277Xe1.m17486new(x509Certificate));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) C7501Rp8.m13760for(new TrustAnchor(trustedCertificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e) {
            reportException.invoke(e);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            com.yandex.p00221.passport.common.logger.c cVar4 = com.yandex.p00221.passport.common.logger.c.f80139if;
            cVar4.getClass();
            if (com.yandex.p00221.passport.common.logger.c.f80138for.isEnabled()) {
                com.yandex.p00221.passport.common.logger.c.m23682new(cVar4, dVar, null, "isTrusted=false, reason=verifyCertificate", 8);
            }
            return false;
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        Intrinsics.checkNotNullExpressionValue(publicKey, "ssoCertificate.publicKey");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        ArrayList m27971throws = C14209eF.m27971throws(gVar2.f82638for);
        ArrayList arrayList = new ArrayList(C9940Ze1.m18715import(m27971throws, 10));
        Iterator it = m27971throws.iterator();
        while (it.hasNext()) {
            byte[] certBytes = ((Signature) it.next()).toByteArray();
            Intrinsics.checkNotNullExpressionValue(certBytes, "it.toByteArray()");
            Intrinsics.checkNotNullParameter(certBytes, "certBytes");
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certBytes));
            Intrinsics.m31878goto(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            arrayList.add((X509Certificate) generateCertificate);
        }
        RD9 m7464const = C4386Il8.m7464const(CollectionsKt.m31854implements(arrayList), new LZ1(2, messageDigest));
        Iterator it2 = m7464const.f43630if.iterator();
        while (true) {
            if (!it2.hasNext()) {
                obj = null;
                break;
            }
            obj = m7464const.f43629for.invoke(it2.next());
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        com.yandex.p00221.passport.common.logger.c cVar5 = com.yandex.p00221.passport.common.logger.c.f80139if;
        cVar5.getClass();
        if (com.yandex.p00221.passport.common.logger.c.f80138for.isEnabled()) {
            com.yandex.p00221.passport.common.logger.c.m23682new(cVar5, dVar, null, "isTrusted=false, reason=checkPublicKey", 8);
        }
        return false;
    }
}
