package com.stripe.android.stripe3ds2.transaction;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.KeyTypeException;
import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import defpackage.brb;
import defpackage.cdb;
import defpackage.deb;
import defpackage.e9b;
import defpackage.kdb;
import defpackage.ldb;
import defpackage.mdb;
import defpackage.pdb;
import defpackage.qdb;
import defpackage.sdb;
import defpackage.tdb;
import defpackage.tfb;
import defpackage.vfb;
import defpackage.xfb;
import defpackage.ya0;
import defpackage.ycb;
import defpackage.yfb;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import javax.crypto.SecretKey;
import kotlin.jvm.internal.DefaultConstructorMarker;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.json.JSONObject;

/* loaded from: classes4.dex */
public interface JwsValidator {

    /* loaded from: classes4.dex */
    public static final class Default implements JwsValidator {
        public static final Companion Companion = new Companion(null);
        private final ErrorReporter errorReporter;

        /* loaded from: classes4.dex */
        public static final class Companion {
            private Companion() {
            }

            public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
                this();
            }

            /* JADX INFO: Access modifiers changed from: private */
            public final void validateChain(List<? extends tfb> list, List<? extends X509Certificate> list2) {
                List<X509Certificate> d2 = xfb.d2(list);
                KeyStore createKeyStore = createKeyStore(list2);
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificate(d2.get(0));
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
                pKIXBuilderParameters.setRevocationEnabled(false);
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(d2)));
                CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
            }

            public final KeyStore createKeyStore(List<? extends X509Certificate> list) {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                int i = 0;
                for (Object obj : list) {
                    int i2 = i + 1;
                    if (i < 0) {
                        brb.I();
                        throw null;
                    }
                    keyStore.setCertificateEntry(String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i)}, 1)), list.get(i));
                    i = i2;
                }
                return keyStore;
            }

            public final ldb sanitizedJwsHeader$3ds2sdk_release(ldb ldbVar) {
                kdb kdbVar = (kdb) ldbVar.f38854b;
                if (kdbVar.f38037b.equals(ycb.c.f38037b)) {
                    throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
                }
                return new ldb(kdbVar, ldbVar.c, ldbVar.f38855d, ldbVar.e, ldbVar.h, null, ldbVar.j, ldbVar.k, ldbVar.f38856l, ldbVar.m, ldbVar.n, ldbVar.p, ldbVar.f, null);
            }
        }

        public Default(ErrorReporter errorReporter) {
            this.errorReporter = errorReporter;
        }

        private final PublicKey getPublicKeyFromHeader(ldb ldbVar) {
            return xfb.g2(((tfb) brb.g(ldbVar.m)).a()).getPublicKey();
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r5v13, types: [qdb] */
        /* JADX WARN: Type inference failed for: r5v9, types: [sdb] */
        private final mdb getVerifier(ldb ldbVar) {
            pdb pdbVar;
            tdb tdbVar = new tdb();
            deb debVar = tdbVar.f34002a;
            if (e9b.f21128a == null) {
                e9b.f21128a = new BouncyCastleProvider();
            }
            debVar.f20386a = e9b.f21128a;
            PublicKey publicKeyFromHeader = getPublicKeyFromHeader(ldbVar);
            if (qdb.e.contains((kdb) ldbVar.f38854b)) {
                if (!(publicKeyFromHeader instanceof SecretKey)) {
                    throw new KeyTypeException(SecretKey.class);
                }
                pdbVar = new qdb((SecretKey) publicKeyFromHeader);
            } else if (sdb.e.contains((kdb) ldbVar.f38854b)) {
                if (!(publicKeyFromHeader instanceof RSAPublicKey)) {
                    throw new KeyTypeException(RSAPublicKey.class);
                }
                pdbVar = new sdb((RSAPublicKey) publicKeyFromHeader);
            } else {
                if (!pdb.e.contains((kdb) ldbVar.f38854b)) {
                    StringBuilder g = ya0.g("Unsupported JWS algorithm: ");
                    g.append((kdb) ldbVar.f38854b);
                    throw new JOSEException(g.toString());
                }
                if (!(publicKeyFromHeader instanceof ECPublicKey)) {
                    throw new KeyTypeException(ECPublicKey.class);
                }
                pdbVar = new pdb((ECPublicKey) publicKeyFromHeader);
            }
            pdbVar.f37255b.f20386a = tdbVar.f34002a.f20386a;
            return pdbVar;
        }

        private final boolean isValid(JWSObject jWSObject, List<? extends X509Certificate> list) {
            boolean a2;
            if (jWSObject.f18923d.i != null) {
                ErrorReporter errorReporter = this.errorReporter;
                StringBuilder g = ya0.g("Encountered a JWK in ");
                g.append(jWSObject.f18923d);
                errorReporter.reportError(new IllegalArgumentException(g.toString()));
            }
            ldb sanitizedJwsHeader$3ds2sdk_release = Companion.sanitizedJwsHeader$3ds2sdk_release(jWSObject.f18923d);
            if (!isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.m, list)) {
                return false;
            }
            mdb verifier = getVerifier(sanitizedJwsHeader$3ds2sdk_release);
            synchronized (jWSObject) {
                jWSObject.c();
                try {
                    a2 = verifier.a(jWSObject.f18923d, jWSObject.e.getBytes(yfb.f38134a), jWSObject.f);
                    if (a2) {
                        jWSObject.g.set(JWSObject.State.VERIFIED);
                    }
                } catch (JOSEException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new JOSEException(e2.getMessage(), e2);
                }
            }
            return a2;
        }

        @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
        public JSONObject getPayload(String str, boolean z, List<? extends X509Certificate> list) {
            vfb[] b2 = cdb.b(str);
            if (b2.length != 3) {
                throw new ParseException("Unexpected number of Base64URL parts, must be three", 0);
            }
            JWSObject jWSObject = new JWSObject(b2[0], b2[1], b2[2]);
            if (!z || isValid(jWSObject, list)) {
                return new JSONObject(jWSObject.f3458b.toString());
            }
            throw new IllegalStateException("Could not validate JWS");
        }

        /* JADX WARN: Removed duplicated region for block: B:17:0x0035 A[Catch: all -> 0x0010, TryCatch #0 {all -> 0x0010, blocks: (B:20:0x0005, B:4:0x0015, B:6:0x0018, B:8:0x001f, B:15:0x0027, B:16:0x0034, B:17:0x0035, B:18:0x0042), top: B:19:0x0005 }] */
        /* JADX WARN: Removed duplicated region for block: B:6:0x0018 A[Catch: all -> 0x0010, TryCatch #0 {all -> 0x0010, blocks: (B:20:0x0005, B:4:0x0015, B:6:0x0018, B:8:0x001f, B:15:0x0027, B:16:0x0034, B:17:0x0035, B:18:0x0042), top: B:19:0x0005 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public final boolean isCertificateChainValid(java.util.List<? extends defpackage.tfb> r3, java.util.List<? extends java.security.cert.X509Certificate> r4) {
            /*
                r2 = this;
                r0 = 270(0x10e, float:3.78E-43)
                r0 = 1
                if (r3 == 0) goto L12
                boolean r1 = r3.isEmpty()     // Catch: java.lang.Throwable -> L10
                if (r1 == 0) goto Lc
                goto L12
            Lc:
                r1 = 31
                r1 = 0
                goto L15
            L10:
                r3 = move-exception
                goto L43
            L12:
                r1 = 287(0x11f, float:4.02E-43)
                r1 = 1
            L15:
                r1 = r1 ^ r0
                if (r1 == 0) goto L35
                boolean r1 = r4.isEmpty()     // Catch: java.lang.Throwable -> L10
                r1 = r1 ^ r0
                if (r1 == 0) goto L27
                com.stripe.android.stripe3ds2.transaction.JwsValidator$Default$Companion r1 = com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.Companion     // Catch: java.lang.Throwable -> L10
                com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.Companion.access$validateChain(r1, r3, r4)     // Catch: java.lang.Throwable -> L10
                wqb r3 = defpackage.wqb.f36766a     // Catch: java.lang.Throwable -> L10
                goto L49
            L27:
                java.lang.String r3 = "JWSHeader's X.509 certificate chain is null or empty"
                java.lang.String r3 = "Root certificates are empty"
                java.lang.IllegalArgumentException r4 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L10
                java.lang.String r3 = r3.toString()     // Catch: java.lang.Throwable -> L10
                r4.<init>(r3)     // Catch: java.lang.Throwable -> L10
                throw r4     // Catch: java.lang.Throwable -> L10
            L35:
                java.lang.String r3 = "Root certificates are empty"
                java.lang.String r3 = "JWSHeader's X.509 certificate chain is null or empty"
                java.lang.IllegalArgumentException r4 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L10
                java.lang.String r3 = r3.toString()     // Catch: java.lang.Throwable -> L10
                r4.<init>(r3)     // Catch: java.lang.Throwable -> L10
                throw r4     // Catch: java.lang.Throwable -> L10
            L43:
                sqb$a r4 = new sqb$a
                r4.<init>(r3)
                r3 = r4
            L49:
                java.lang.Throwable r4 = defpackage.sqb.a(r3)
                if (r4 == 0) goto L54
                com.stripe.android.stripe3ds2.observability.ErrorReporter r1 = r2.errorReporter
                r1.reportError(r4)
            L54:
                boolean r3 = r3 instanceof sqb.a
                r3 = r3 ^ r0
                return r3
            */
            throw new UnsupportedOperationException("Method not decompiled: com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.isCertificateChainValid(java.util.List, java.util.List):boolean");
        }
    }

    JSONObject getPayload(String str, boolean z, List<? extends X509Certificate> list);
}
