package com.stripe.android.stripe3ds2.transaction;

import bh.c0;
import bh.u;
import com.nimbusds.jose.JOSEException;
import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import kf.p;
import kf.q;
import kf.r;
import kotlin.jvm.internal.k;
import kotlin.jvm.internal.o0;
import kotlin.jvm.internal.t;
import org.json.JSONException;
import org.json.JSONObject;
import pf.b;
import uf.a;
import uf.m;
import uf.n;

/* compiled from: JwsValidator.kt */
/* loaded from: classes3.dex */
public interface JwsValidator {

    /* compiled from: JwsValidator.kt */
    /* loaded from: classes3.dex */
    public static final class Default implements JwsValidator {
        public static final Companion Companion = new Companion(null);
        private final ErrorReporter errorReporter;

        /* compiled from: JwsValidator.kt */
        /* loaded from: classes3.dex */
        public static final class Companion {
            private Companion() {
            }

            public /* synthetic */ Companion(k kVar) {
                this();
            }

            /* JADX INFO: Access modifiers changed from: private */
            public final void validateChain(List<? extends a> list, List<? extends X509Certificate> list2) throws GeneralSecurityException, IOException, ParseException {
                List<X509Certificate> a10 = m.a(list);
                KeyStore createKeyStore = createKeyStore(list2);
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificate(a10.get(0));
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
                pKIXBuilderParameters.setRevocationEnabled(false);
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(a10)));
                CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
            }

            public final KeyStore createKeyStore(List<? extends X509Certificate> rootCerts) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
                t.g(rootCerts, "rootCerts");
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                int i10 = 0;
                for (Object obj : rootCerts) {
                    int i11 = i10 + 1;
                    if (i10 < 0) {
                        u.u();
                    }
                    o0 o0Var = o0.f25765a;
                    String format = String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i10)}, 1));
                    t.f(format, "java.lang.String.format(locale, format, *args)");
                    keyStore.setCertificateEntry(format, rootCerts.get(i10));
                    i10 = i11;
                }
                t.f(keyStore, "keyStore");
                return keyStore;
            }

            public final p sanitizedJwsHeader$3ds2sdk_release(p jwsHeader) {
                t.g(jwsHeader, "jwsHeader");
                p b10 = new p.a(jwsHeader).f(null).b();
                t.f(b10, "JWSHeader.Builder(jwsHea…                 .build()");
                return b10;
            }
        }

        public Default(ErrorReporter errorReporter) {
            t.g(errorReporter, "errorReporter");
            this.errorReporter = errorReporter;
        }

        private final PublicKey getPublicKeyFromHeader(p pVar) throws CertificateException {
            Object Z;
            List n10 = pVar.n();
            t.f(n10, "jwsHeader.x509CertChain");
            Z = c0.Z(n10);
            X509Certificate b10 = n.b(((a) Z).a());
            t.f(b10, "X509CertUtils.parseWithE…().decode()\n            )");
            PublicKey publicKey = b10.getPublicKey();
            t.f(publicKey, "X509CertUtils.parseWithE…)\n            ).publicKey");
            return publicKey;
        }

        private final r getVerifier(p pVar) throws JOSEException, CertificateException {
            nf.a aVar = new nf.a();
            b jCAContext = aVar.getJCAContext();
            t.f(jCAContext, "verifierFactory.jcaContext");
            jCAContext.c(mf.a.a());
            r c10 = aVar.c(pVar, getPublicKeyFromHeader(pVar));
            t.f(c10, "verifierFactory.createJW…KeyFromHeader(jwsHeader))");
            return c10;
        }

        private final boolean isValid(q qVar, List<? extends X509Certificate> list) throws JOSEException, CertificateException {
            p i10 = qVar.i();
            t.f(i10, "jwsObject.header");
            if (i10.k() != null) {
                this.errorReporter.reportError(new IllegalArgumentException("Encountered a JWK in " + qVar.i()));
            }
            Companion companion = Companion;
            p i11 = qVar.i();
            t.f(i11, "jwsObject.header");
            p sanitizedJwsHeader$3ds2sdk_release = companion.sanitizedJwsHeader$3ds2sdk_release(i11);
            if (isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.n(), list)) {
                return qVar.o(getVerifier(sanitizedJwsHeader$3ds2sdk_release));
            }
            return false;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
        public JSONObject getPayload(String jws, boolean z10, List<? extends X509Certificate> rootCerts) throws JSONException, ParseException, JOSEException, CertificateException {
            t.g(jws, "jws");
            t.g(rootCerts, "rootCerts");
            q jwsObject = q.l(jws);
            if (z10) {
                t.f(jwsObject, "jwsObject");
                if (!isValid(jwsObject, rootCerts)) {
                    throw new IllegalStateException("Could not validate JWS");
                }
            }
            t.f(jwsObject, "jwsObject");
            return new JSONObject(jwsObject.b().toString());
        }

        /* JADX WARN: Removed duplicated region for block: B:11:0x0025 A[Catch: all -> 0x0063, TryCatch #0 {all -> 0x0063, blocks: (B:3:0x0008, B:5:0x0010, B:9:0x0021, B:11:0x0025, B:13:0x002f, B:20:0x0040, B:21:0x0050, B:22:0x0052, B:23:0x0062), top: B:2:0x0008 }] */
        /* JADX WARN: Removed duplicated region for block: B:22:0x0052 A[Catch: all -> 0x0063, TryCatch #0 {all -> 0x0063, blocks: (B:3:0x0008, B:5:0x0010, B:9:0x0021, B:11:0x0025, B:13:0x002f, B:20:0x0040, B:21:0x0050, B:22:0x0052, B:23:0x0062), top: B:2:0x0008 }] */
        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public final boolean isCertificateChainValid(java.util.List<? extends uf.a> r7, java.util.List<? extends java.security.cert.X509Certificate> r8) {
            /*
                r6 = this;
                r2 = r6
                java.lang.String r4 = "rootCerts"
                r0 = r4
                kotlin.jvm.internal.t.g(r8, r0)
                r4 = 7
                r4 = 5
                ah.n$a r0 = ah.n.f648c     // Catch: java.lang.Throwable -> L63
                r5 = 4
                r4 = 1
                r0 = r4
                if (r7 == 0) goto L1e
                r5 = 3
                boolean r4 = r7.isEmpty()     // Catch: java.lang.Throwable -> L63
                r1 = r4
                if (r1 == 0) goto L1a
                r5 = 1
                goto L1f
            L1a:
                r4 = 3
                r4 = 0
                r1 = r4
                goto L21
            L1e:
                r5 = 2
            L1f:
                r5 = 1
                r1 = r5
            L21:
                r1 = r1 ^ r0
                r5 = 1
                if (r1 == 0) goto L52
                r5 = 7
                boolean r4 = r8.isEmpty()     // Catch: java.lang.Throwable -> L63
                r1 = r4
                r0 = r0 ^ r1
                r4 = 5
                if (r0 == 0) goto L40
                r4 = 7
                com.stripe.android.stripe3ds2.transaction.JwsValidator$Default$Companion r0 = com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.Companion     // Catch: java.lang.Throwable -> L63
                r5 = 6
                com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.Companion.access$validateChain(r0, r7, r8)     // Catch: java.lang.Throwable -> L63
                r4 = 2
                ah.v r7 = ah.v.f665a     // Catch: java.lang.Throwable -> L63
                r5 = 5
                java.lang.Object r4 = ah.n.b(r7)     // Catch: java.lang.Throwable -> L63
                r7 = r4
                goto L71
            L40:
                r4 = 5
                java.lang.String r4 = "Root certificates are empty"
                r7 = r4
                java.lang.IllegalArgumentException r8 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L63
                r5 = 5
                java.lang.String r4 = r7.toString()     // Catch: java.lang.Throwable -> L63
                r7 = r4
                r8.<init>(r7)     // Catch: java.lang.Throwable -> L63
                r5 = 1
                throw r8     // Catch: java.lang.Throwable -> L63
                r5 = 1
            L52:
                r4 = 5
                java.lang.String r5 = "JWSHeader's X.509 certificate chain is null or empty"
                r7 = r5
                java.lang.IllegalArgumentException r8 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L63
                r5 = 5
                java.lang.String r4 = r7.toString()     // Catch: java.lang.Throwable -> L63
                r7 = r4
                r8.<init>(r7)     // Catch: java.lang.Throwable -> L63
                r5 = 2
                throw r8     // Catch: java.lang.Throwable -> L63
            L63:
                r7 = move-exception
                ah.n$a r8 = ah.n.f648c
                r4 = 3
                java.lang.Object r5 = ah.o.a(r7)
                r7 = r5
                java.lang.Object r4 = ah.n.b(r7)
                r7 = r4
            L71:
                java.lang.Throwable r5 = ah.n.d(r7)
                r8 = r5
                if (r8 == 0) goto L80
                r5 = 3
                com.stripe.android.stripe3ds2.observability.ErrorReporter r0 = r2.errorReporter
                r5 = 6
                r0.reportError(r8)
                r5 = 4
            L80:
                r5 = 7
                boolean r4 = ah.n.h(r7)
                r7 = r4
                return r7
            */
            throw new UnsupportedOperationException("Method not decompiled: com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.isCertificateChainValid(java.util.List, java.util.List):boolean");
        }
    }

    JSONObject getPayload(String str, boolean z10, List<? extends X509Certificate> list);
}
