package com.stripe.android.stripe3ds2.transaction;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.KeyTypeException;
import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import defpackage.c83;
import defpackage.co7;
import defpackage.fe0;
import defpackage.fv3;
import defpackage.ha2;
import defpackage.ie0;
import defpackage.j93;
import defpackage.js1;
import defpackage.kr7;
import defpackage.m1d;
import defpackage.mmb;
import defpackage.nmb;
import defpackage.nw3;
import defpackage.ow3;
import defpackage.rq7;
import defpackage.sq7;
import defpackage.sy1;
import defpackage.tq7;
import defpackage.um;
import defpackage.uq7;
import defpackage.vjc;
import defpackage.vr8;
import defpackage.wr8;
import defpackage.yn7;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import javax.crypto.SecretKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes4.dex */
public interface JwsValidator {

    /* loaded from: classes4.dex */
    public static final class Default implements JwsValidator {
        public static final Companion Companion = new Companion(null);
        private final ErrorReporter errorReporter;

        /* loaded from: classes4.dex */
        public static final class Companion {
            private Companion() {
            }

            public /* synthetic */ Companion(c83 c83Var) {
                this();
            }

            /* JADX INFO: Access modifiers changed from: private */
            public final void validateChain(List<? extends fe0> list, List<? extends X509Certificate> list2) throws GeneralSecurityException, IOException, ParseException {
                LinkedList D = kr7.D(list);
                KeyStore createKeyStore = createKeyStore(list2);
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificate((X509Certificate) D.get(0));
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
                pKIXBuilderParameters.setRevocationEnabled(false);
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(D)));
                CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
            }

            public final KeyStore createKeyStore(List<? extends X509Certificate> list) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                int i = 0;
                for (Object obj : list) {
                    int i2 = i + 1;
                    if (i < 0) {
                        sy1.R();
                        throw null;
                    }
                    keyStore.setCertificateEntry(String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i)}, 1)), list.get(i));
                    i = i2;
                }
                return keyStore;
            }

            public final sq7 sanitizedJwsHeader$3ds2sdk_release(sq7 sq7Var) {
                rq7 rq7Var = (rq7) sq7Var.c;
                if (rq7Var.c.equals(um.f21279d.c)) {
                    throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
                }
                return new sq7(rq7Var, sq7Var.f19576d, sq7Var.e, sq7Var.f, sq7Var.j, null, sq7Var.l, sq7Var.m, sq7Var.n, sq7Var.o, sq7Var.p, sq7Var.q, sq7Var.g, null);
            }
        }

        public Default(ErrorReporter errorReporter) {
            this.errorReporter = errorReporter;
        }

        private final PublicKey getPublicKeyFromHeader(sq7 sq7Var) throws CertificateException {
            return vjc.y(((fe0) ha2.c0(sq7Var.o)).a()).getPublicKey();
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r6v13, types: [wr8] */
        /* JADX WARN: Type inference failed for: r6v9, types: [nmb] */
        private final uq7 getVerifier(sq7 sq7Var) throws JOSEException, CertificateException {
            ow3 ow3Var;
            j93 j93Var = new j93();
            yn7 yn7Var = j93Var.f15215a;
            if (js1.c == null) {
                js1.c = new BouncyCastleProvider();
            }
            yn7Var.f23340a = js1.c;
            PublicKey publicKeyFromHeader = getPublicKeyFromHeader(sq7Var);
            if (vr8.f21866d.contains((rq7) sq7Var.c)) {
                if (!(publicKeyFromHeader instanceof SecretKey)) {
                    throw new KeyTypeException(SecretKey.class);
                }
                ow3Var = new wr8((SecretKey) publicKeyFromHeader);
            } else if (mmb.c.contains((rq7) sq7Var.c)) {
                if (!(publicKeyFromHeader instanceof RSAPublicKey)) {
                    throw new KeyTypeException(RSAPublicKey.class);
                }
                ow3Var = new nmb((RSAPublicKey) publicKeyFromHeader);
            } else {
                if (!nw3.c.contains((rq7) sq7Var.c)) {
                    StringBuilder c = fv3.c("Unsupported JWS algorithm: ");
                    c.append((rq7) sq7Var.c);
                    throw new JOSEException(c.toString());
                }
                if (!(publicKeyFromHeader instanceof ECPublicKey)) {
                    throw new KeyTypeException(ECPublicKey.class);
                }
                ow3Var = new ow3((ECPublicKey) publicKeyFromHeader);
            }
            ow3Var.b.f23340a = j93Var.f15215a.f23340a;
            return ow3Var;
        }

        private final boolean isValid(tq7 tq7Var, List<? extends X509Certificate> list) throws JOSEException, CertificateException {
            boolean a2;
            if (tq7Var.f20822d.k != null) {
                ErrorReporter errorReporter = this.errorReporter;
                StringBuilder c = fv3.c("Encountered a JWK in ");
                c.append(tq7Var.f20822d);
                errorReporter.reportError(new IllegalArgumentException(c.toString()));
            }
            sq7 sanitizedJwsHeader$3ds2sdk_release = Companion.sanitizedJwsHeader$3ds2sdk_release(tq7Var.f20822d);
            if (!isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.o, list)) {
                return false;
            }
            uq7 verifier = getVerifier(sanitizedJwsHeader$3ds2sdk_release);
            synchronized (tq7Var) {
                try {
                    tq7Var.b();
                    try {
                        a2 = verifier.a(tq7Var.f20822d, tq7Var.e.getBytes(m1d.f16702a), tq7Var.f);
                        if (a2) {
                            tq7Var.g.set(tq7.a.VERIFIED);
                        }
                    } catch (JOSEException e) {
                        throw e;
                    } catch (Exception e2) {
                        throw new JOSEException(e2.getMessage(), e2);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
            return a2;
        }

        @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
        public JSONObject getPayload(String str, boolean z, List<? extends X509Certificate> list) throws JSONException, ParseException, JOSEException, CertificateException {
            ie0[] a2 = co7.a(str);
            if (a2.length != 3) {
                throw new ParseException("Unexpected number of Base64URL parts, must be three", 0);
            }
            tq7 tq7Var = new tq7(a2[0], a2[1], a2[2]);
            if (!z || isValid(tq7Var, list)) {
                return new JSONObject(tq7Var.c.toString());
            }
            throw new IllegalStateException("Could not validate JWS");
        }

        /* JADX WARN: Removed duplicated region for block: B:17:0x003b A[Catch: all -> 0x0011, TryCatch #0 {all -> 0x0011, blocks: (B:20:0x0005, B:4:0x0016, B:6:0x001a, B:8:0x0022, B:15:0x002c, B:16:0x003a, B:17:0x003b, B:18:0x004a), top: B:19:0x0005 }] */
        /* JADX WARN: Removed duplicated region for block: B:6:0x001a A[Catch: all -> 0x0011, TryCatch #0 {all -> 0x0011, blocks: (B:20:0x0005, B:4:0x0016, B:6:0x001a, B:8:0x0022, B:15:0x002c, B:16:0x003a, B:17:0x003b, B:18:0x004a), top: B:19:0x0005 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public final boolean isCertificateChainValid(java.util.List<? extends defpackage.fe0> r4, java.util.List<? extends java.security.cert.X509Certificate> r5) {
            /*
                r3 = this;
                r2 = 0
                r0 = 1
                r2 = 5
                if (r4 == 0) goto L14
                boolean r1 = r4.isEmpty()     // Catch: java.lang.Throwable -> L11
                r2 = 5
                if (r1 == 0) goto Ld
                goto L14
            Ld:
                r2 = 5
                r1 = 0
                r2 = 4
                goto L16
            L11:
                r4 = move-exception
                r2 = 3
                goto L4b
            L14:
                r2 = 6
                r1 = 1
            L16:
                r2 = 7
                r1 = r1 ^ r0
                if (r1 == 0) goto L3b
                r2 = 0
                boolean r1 = r5.isEmpty()     // Catch: java.lang.Throwable -> L11
                r1 = r1 ^ r0
                if (r1 == 0) goto L2c
                com.stripe.android.stripe3ds2.transaction.JwsValidator$Default$Companion r1 = com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.Companion     // Catch: java.lang.Throwable -> L11
                r2 = 4
                com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.Companion.access$validateChain(r1, r4, r5)     // Catch: java.lang.Throwable -> L11
                kotlin.Unit r4 = kotlin.Unit.INSTANCE     // Catch: java.lang.Throwable -> L11
                r2 = 7
                goto L52
            L2c:
                r2 = 2
                java.lang.String r4 = "Root certificates are empty"
                r2 = 6
                java.lang.IllegalArgumentException r5 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L11
                java.lang.String r4 = r4.toString()     // Catch: java.lang.Throwable -> L11
                r2 = 7
                r5.<init>(r4)     // Catch: java.lang.Throwable -> L11
                throw r5     // Catch: java.lang.Throwable -> L11
            L3b:
                r2 = 6
                java.lang.String r4 = "r sHorruaShaf.ele tmoi5nili  t0yJcs  t ep/nWaec/c9Xed"
                java.lang.String r4 = "JWSHeader's X.509 certificate chain is null or empty"
                r2 = 1
                java.lang.IllegalArgumentException r5 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L11
                java.lang.String r4 = r4.toString()     // Catch: java.lang.Throwable -> L11
                r5.<init>(r4)     // Catch: java.lang.Throwable -> L11
                throw r5     // Catch: java.lang.Throwable -> L11
            L4b:
                q0c$a r5 = new q0c$a
                r2 = 4
                r5.<init>(r4)
                r4 = r5
            L52:
                r2 = 6
                java.lang.Throwable r5 = defpackage.q0c.a(r4)
                r2 = 0
                if (r5 == 0) goto L60
                r2 = 5
                com.stripe.android.stripe3ds2.observability.ErrorReporter r1 = r3.errorReporter
                r1.reportError(r5)
            L60:
                boolean r4 = r4 instanceof q0c.a
                r2 = 5
                r4 = r4 ^ r0
                r2 = 4
                return r4
            */
            throw new UnsupportedOperationException("Method not decompiled: com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.isCertificateChainValid(java.util.List, java.util.List):boolean");
        }
    }

    JSONObject getPayload(String str, boolean z, List<? extends X509Certificate> list);
}
