package com.yandex.passport.internal.sso;

import android.content.pm.Signature;
import android.util.Base64;
import defpackage.C1124Do1;
import defpackage.C11952sg0;
import defpackage.C1481Gh3;
import defpackage.C3856Yp;
import defpackage.C4715c2;
import defpackage.C6125eF2;
import defpackage.C7351hE;
import defpackage.C7525hm3;
import defpackage.C9017jc0;
import defpackage.CY0;
import defpackage.FL;
import defpackage.KL;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;

/* loaded from: classes2.dex */
public final class c {
    public final String a;
    public final com.yandex.passport.internal.entities.e b;
    public final com.yandex.passport.internal.entities.e c;
    public final int d;
    public final X509Certificate e;

    public c(String str, com.yandex.passport.internal.entities.e eVar, com.yandex.passport.internal.entities.e eVar2, int i, X509Certificate x509Certificate) {
        C1124Do1.f(str, "packageName");
        this.a = str;
        this.b = eVar;
        this.c = eVar2;
        this.d = i;
        this.e = x509Certificate;
    }

    /* JADX WARN: Type inference failed for: r3v1, types: [java.util.Map, java.lang.Object] */
    public final boolean a(X509Certificate x509Certificate, CY0<? super Exception, C7525hm3> cy0) {
        boolean equals;
        CertPathValidatorResult certPathValidatorResult;
        Object obj;
        C1124Do1.f(x509Certificate, "trustedCertificate");
        com.yandex.passport.internal.entities.e eVar = this.b;
        com.yandex.passport.internal.entities.e eVar2 = this.c;
        if (!eVar2.e(eVar)) {
            String str = this.a;
            C1124Do1.f(str, "packageName");
            String str2 = (String) com.yandex.passport.internal.entities.e.h.get(str);
            if (str2 == null) {
                equals = false;
            } else {
                byte[] decode = Base64.decode(str2, 0);
                C1124Do1.c(decode);
                equals = Arrays.equals(eVar2.a(), decode);
            }
            if (!equals) {
                X509Certificate x509Certificate2 = this.e;
                if (x509Certificate2 == null) {
                    com.yandex.passport.common.logger.a aVar = com.yandex.passport.common.logger.a.a;
                    aVar.getClass();
                    if (com.yandex.passport.common.logger.a.b.isEnabled()) {
                        com.yandex.passport.common.logger.a.c(aVar, com.yandex.passport.common.logger.b.c, null, "isTrusted: false, reason: ssoCertificate=null", 8);
                        return false;
                    }
                } else {
                    String name = x509Certificate2.getSubjectX500Principal().getName("RFC2253");
                    com.yandex.passport.common.logger.a aVar2 = com.yandex.passport.common.logger.a.a;
                    aVar2.getClass();
                    if (com.yandex.passport.common.logger.a.b.isEnabled()) {
                        com.yandex.passport.common.logger.a.c(aVar2, com.yandex.passport.common.logger.b.c, null, C7351hE.f("checkCN: ", name), 8);
                    }
                    if (C1124Do1.b("CN=".concat(str), name)) {
                        try {
                            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(C4715c2.r(x509Certificate2));
                            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) C9017jc0.z(new TrustAnchor(x509Certificate, null)));
                            pKIXParameters.setRevocationEnabled(false);
                            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
                        } catch (GeneralSecurityException e) {
                            cy0.invoke(e);
                            certPathValidatorResult = null;
                        }
                        if (certPathValidatorResult == null) {
                            com.yandex.passport.common.logger.a aVar3 = com.yandex.passport.common.logger.a.a;
                            aVar3.getClass();
                            if (com.yandex.passport.common.logger.a.b.isEnabled()) {
                                com.yandex.passport.common.logger.a.c(aVar3, com.yandex.passport.common.logger.b.c, null, "isTrusted=false, reason=verifyCertificate", 8);
                            }
                        } else {
                            PublicKey publicKey = x509Certificate2.getPublicKey();
                            C1124Do1.e(publicKey, "getPublicKey(...)");
                            MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
                            byte[] digest = messageDigest.digest(publicKey.getEncoded());
                            ArrayList Q = C3856Yp.Q(eVar2.b);
                            ArrayList arrayList = new ArrayList(FL.z(Q, 10));
                            Iterator it = Q.iterator();
                            while (it.hasNext()) {
                                byte[] byteArray = ((Signature) it.next()).toByteArray();
                                C1124Do1.e(byteArray, "toByteArray(...)");
                                Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
                                C1124Do1.d(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
                                arrayList.add((X509Certificate) generateCertificate);
                            }
                            C1481Gh3 z = C6125eF2.z(KL.Z(arrayList), new C11952sg0(4, messageDigest));
                            Iterator it2 = z.a.iterator();
                            while (true) {
                                if (!it2.hasNext()) {
                                    obj = null;
                                    break;
                                }
                                obj = z.b.invoke(it2.next());
                                if (Arrays.equals((byte[]) obj, digest)) {
                                    break;
                                }
                            }
                            if (!(((byte[]) obj) != null)) {
                                com.yandex.passport.common.logger.a aVar4 = com.yandex.passport.common.logger.a.a;
                                aVar4.getClass();
                                if (com.yandex.passport.common.logger.a.b.isEnabled()) {
                                    com.yandex.passport.common.logger.a.c(aVar4, com.yandex.passport.common.logger.b.c, null, "isTrusted=false, reason=checkPublicKey", 8);
                                }
                            }
                        }
                    } else if (com.yandex.passport.common.logger.a.b.isEnabled()) {
                        com.yandex.passport.common.logger.a.c(aVar2, com.yandex.passport.common.logger.b.c, null, "isTrusted=false, reason=checkPackageName", 8);
                        return false;
                    }
                }
                return false;
            }
            com.yandex.passport.common.logger.a aVar5 = com.yandex.passport.common.logger.a.a;
            aVar5.getClass();
            if (com.yandex.passport.common.logger.a.b.isEnabled()) {
                com.yandex.passport.common.logger.a.c(aVar5, com.yandex.passport.common.logger.b.c, null, "isTrusted: true, reason: isSsoEnabledByFingerPrint()", 8);
                return true;
            }
        }
        return true;
    }
}
