package com.yandex.passport.internal.sso;

import android.content.pm.Signature;
import android.util.Base64;
import androidx.compose.runtime.internal.StabilityInferred;
import com.yandex.passport.common.logger.KLog;
import com.yandex.passport.common.logger.LogLevel;
import com.yandex.passport.internal.entities.SignatureInfo;
import defpackage.aj;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.sequences.SequencesKt;
import kotlin.sequences.TransformingSequence$iterator$1;

@StabilityInferred(parameters = 0)
@Metadata(d1 = {"\u0000\n\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\b\u0007\u0018\u00002\u00020\u0001¨\u0006\u0002"}, d2 = {"Lcom/yandex/passport/internal/sso/SsoApplication;", "", "passport_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes4.dex */
public final class SsoApplication {
    public final String a;
    public final SignatureInfo b;
    public final SignatureInfo c;
    public final int d;
    public final X509Certificate e;

    public SsoApplication(String packageName, SignatureInfo signatureInfo, SignatureInfo signatureInfo2, int i, X509Certificate x509Certificate) {
        Intrinsics.h(packageName, "packageName");
        this.a = packageName;
        this.b = signatureInfo;
        this.c = signatureInfo2;
        this.d = i;
        this.e = x509Certificate;
    }

    /* JADX WARN: Type inference failed for: r3v1, types: [java.util.Map, java.lang.Object] */
    public final boolean a(X509Certificate trustedCertificate, Function1<? super Exception, Unit> function1) {
        boolean equals;
        CertPathValidatorResult certPathValidatorResult;
        Object obj;
        Intrinsics.h(trustedCertificate, "trustedCertificate");
        SignatureInfo signatureInfo = this.b;
        SignatureInfo signatureInfo2 = this.c;
        if (!signatureInfo2.e(signatureInfo)) {
            String packageName = this.a;
            Intrinsics.h(packageName, "packageName");
            String str = (String) SignatureInfo.h.get(packageName);
            if (str == null) {
                equals = false;
            } else {
                byte[] decode = Base64.decode(str, 0);
                Intrinsics.e(decode);
                equals = Arrays.equals(signatureInfo2.a(), decode);
            }
            if (!equals) {
                X509Certificate x509Certificate = this.e;
                if (x509Certificate == null) {
                    KLog kLog = KLog.a;
                    kLog.getClass();
                    if (KLog.b.isEnabled()) {
                        KLog.c(kLog, LogLevel.c, null, "isTrusted: false, reason: ssoCertificate=null", 8);
                        return false;
                    }
                } else {
                    String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
                    KLog kLog2 = KLog.a;
                    kLog2.getClass();
                    if (KLog.b.isEnabled()) {
                        KLog.c(kLog2, LogLevel.c, null, aj.j("checkCN: ", name), 8);
                    }
                    if (Intrinsics.c("CN=".concat(packageName), name)) {
                        try {
                            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(CollectionsKt.T(x509Certificate));
                            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) SetsKt.h(new TrustAnchor(trustedCertificate, null)));
                            pKIXParameters.setRevocationEnabled(false);
                            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
                        } catch (GeneralSecurityException e) {
                            function1.invoke(e);
                            certPathValidatorResult = null;
                        }
                        if (certPathValidatorResult == null) {
                            KLog kLog3 = KLog.a;
                            kLog3.getClass();
                            if (KLog.b.isEnabled()) {
                                KLog.c(kLog3, LogLevel.c, null, "isTrusted=false, reason=verifyCertificate", 8);
                            }
                        } else {
                            PublicKey publicKey = x509Certificate.getPublicKey();
                            Intrinsics.g(publicKey, "getPublicKey(...)");
                            final MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
                            byte[] digest = messageDigest.digest(publicKey.getEncoded());
                            ArrayList D = ArraysKt.D(signatureInfo2.b);
                            ArrayList arrayList = new ArrayList(CollectionsKt.u(D, 10));
                            Iterator it = D.iterator();
                            while (it.hasNext()) {
                                byte[] byteArray = ((Signature) it.next()).toByteArray();
                                Intrinsics.g(byteArray, "toByteArray(...)");
                                Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
                                Intrinsics.f(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
                                arrayList.add((X509Certificate) generateCertificate);
                            }
                            TransformingSequence$iterator$1 transformingSequence$iterator$1 = new TransformingSequence$iterator$1(SequencesKt.r(CollectionsKt.q(arrayList), new Function1<X509Certificate, byte[]>() { // from class: com.yandex.passport.internal.sso.SsoApplication$checkPublicKey$validateSignature$1
                                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                                {
                                    super(1);
                                }

                                @Override // kotlin.jvm.functions.Function1
                                public final byte[] invoke(X509Certificate x509Certificate2) {
                                    X509Certificate it2 = x509Certificate2;
                                    Intrinsics.h(it2, "it");
                                    return messageDigest.digest(it2.getPublicKey().getEncoded());
                                }
                            }));
                            while (true) {
                                if (!transformingSequence$iterator$1.b.hasNext()) {
                                    obj = null;
                                    break;
                                }
                                obj = transformingSequence$iterator$1.next();
                                if (Arrays.equals((byte[]) obj, digest)) {
                                    break;
                                }
                            }
                            if (!(((byte[]) obj) != null)) {
                                KLog kLog4 = KLog.a;
                                kLog4.getClass();
                                if (KLog.b.isEnabled()) {
                                    KLog.c(kLog4, LogLevel.c, null, "isTrusted=false, reason=checkPublicKey", 8);
                                }
                            }
                        }
                    } else if (KLog.b.isEnabled()) {
                        KLog.c(kLog2, LogLevel.c, null, "isTrusted=false, reason=checkPackageName", 8);
                        return false;
                    }
                }
                return false;
            }
            KLog kLog5 = KLog.a;
            kLog5.getClass();
            if (KLog.b.isEnabled()) {
                KLog.c(kLog5, LogLevel.c, null, "isTrusted: true, reason: isSsoEnabledByFingerPrint()", 8);
                return true;
            }
        }
        return true;
    }
}
