package com.yandex.passport.internal.sso;

import android.content.pm.Signature;
import android.util.Base64;
import com.yandex.passport.internal.analytics.v0;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;
import o9.l0;
import pi.q;
import pi.r;
import uh.u;
import vh.s;

/* loaded from: classes.dex */
public final class e {

    /* renamed from: a, reason: collision with root package name */
    public final String f15154a;

    /* renamed from: b, reason: collision with root package name */
    public final com.yandex.passport.internal.entities.o f15155b;

    /* renamed from: c, reason: collision with root package name */
    public final com.yandex.passport.internal.entities.o f15156c;

    /* renamed from: d, reason: collision with root package name */
    public final int f15157d;

    /* renamed from: e, reason: collision with root package name */
    public final X509Certificate f15158e;

    public e(String str, com.yandex.passport.internal.entities.o oVar, com.yandex.passport.internal.entities.o oVar2, int i10, X509Certificate x509Certificate) {
        ii.l.f("packageName", str);
        this.f15154a = str;
        this.f15155b = oVar;
        this.f15156c = oVar2;
        this.f15157d = i10;
        this.f15158e = x509Certificate;
    }

    public final boolean a(X509Certificate x509Certificate, hi.l<? super Exception, u> lVar) {
        boolean equals;
        CertPathValidatorResult certPathValidatorResult;
        Object obj;
        ii.l.f("trustedCertificate", x509Certificate);
        com.yandex.passport.internal.entities.o oVar = this.f15156c;
        if (oVar.f(this.f15155b)) {
            return true;
        }
        String str = this.f15154a;
        ii.l.f("packageName", str);
        String str2 = com.yandex.passport.internal.entities.o.f11694h.get(str);
        if (str2 == null) {
            equals = false;
        } else {
            byte[] decode = Base64.decode(str2, 0);
            ii.l.e("otherHash", decode);
            equals = Arrays.equals(oVar.a(), decode);
        }
        d4.d dVar = d4.d.DEBUG;
        if (equals) {
            d4.c cVar = d4.c.f19960a;
            cVar.getClass();
            if (d4.c.b()) {
                d4.c.d(cVar, dVar, null, "isTrusted: true, reason: isSsoEnabledByFingerPrint()", 8);
            }
            return true;
        }
        X509Certificate x509Certificate2 = this.f15158e;
        if (x509Certificate2 == null) {
            d4.c cVar2 = d4.c.f19960a;
            cVar2.getClass();
            if (d4.c.b()) {
                d4.c.d(cVar2, dVar, null, "isTrusted: false, reason: ssoCertificate=null", 8);
            }
            return false;
        }
        String name = x509Certificate2.getSubjectX500Principal().getName("RFC2253");
        d4.c cVar3 = d4.c.f19960a;
        cVar3.getClass();
        if (d4.c.b()) {
            d4.c.d(cVar3, dVar, null, v0.c("checkCN: ", name), 8);
        }
        if (!ii.l.a("CN=".concat(str), name)) {
            if (d4.c.b()) {
                d4.c.d(cVar3, dVar, null, "isTrusted=false, reason=checkPackageName", 8);
            }
            return false;
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(l0.q(x509Certificate2));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) af.d.s(new TrustAnchor(x509Certificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e10) {
            lVar.invoke(e10);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            d4.c cVar4 = d4.c.f19960a;
            cVar4.getClass();
            if (d4.c.b()) {
                d4.c.d(cVar4, dVar, null, "isTrusted=false, reason=verifyCertificate", 8);
            }
            return false;
        }
        PublicKey publicKey = x509Certificate2.getPublicKey();
        ii.l.e("ssoCertificate.publicKey", publicKey);
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        ArrayList W = vh.m.W(oVar.f11696b);
        ArrayList arrayList = new ArrayList(vh.o.F(W, 10));
        Iterator it = W.iterator();
        while (it.hasNext()) {
            byte[] byteArray = ((Signature) it.next()).toByteArray();
            ii.l.e("it.toByteArray()", byteArray);
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
            if (generateCertificate == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            arrayList.add((X509Certificate) generateCertificate);
        }
        r L = q.L(new s(arrayList), new d(messageDigest));
        Iterator it2 = L.f28038a.iterator();
        while (true) {
            if (!it2.hasNext()) {
                obj = null;
                break;
            }
            obj = L.f28039b.invoke(it2.next());
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        d4.c cVar5 = d4.c.f19960a;
        cVar5.getClass();
        if (d4.c.b()) {
            d4.c.d(cVar5, dVar, null, "isTrusted=false, reason=checkPublicKey", 8);
        }
        return false;
    }
}
