package com.yandex.passport.internal.sso;

import android.content.pm.Signature;
import android.util.Base64;
import com.unity3d.ads.core.data.datasource.AndroidStaticDeviceInfoDataSource;
import com.unity3d.ads.core.domain.HandleInvocationsFromAdViewer;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;
import ra.v;
import ra.x;
import w9.z;

/* loaded from: classes5.dex */
public final class d {

    /* renamed from: a, reason: collision with root package name */
    public final String f47839a;

    /* renamed from: b, reason: collision with root package name */
    public final com.yandex.passport.internal.entities.g f47840b;

    /* renamed from: c, reason: collision with root package name */
    public final com.yandex.passport.internal.entities.g f47841c;

    /* renamed from: d, reason: collision with root package name */
    public final int f47842d;

    /* renamed from: e, reason: collision with root package name */
    public final X509Certificate f47843e;

    public d(String str, com.yandex.passport.internal.entities.g gVar, com.yandex.passport.internal.entities.g gVar2, int i8, X509Certificate x509Certificate) {
        ka.k.f(str, HandleInvocationsFromAdViewer.KEY_PACKAGE_NAME);
        this.f47839a = str;
        this.f47840b = gVar;
        this.f47841c = gVar2;
        this.f47842d = i8;
        this.f47843e = x509Certificate;
    }

    public final boolean a(X509Certificate x509Certificate, ja.l<? super Exception, z> lVar) {
        boolean equals;
        CertPathValidatorResult certPathValidatorResult;
        Object obj;
        s0.d dVar = s0.d.DEBUG;
        ka.k.f(x509Certificate, "trustedCertificate");
        if (this.f47841c.f(this.f47840b)) {
            return true;
        }
        com.yandex.passport.internal.entities.g gVar = this.f47841c;
        String str = this.f47839a;
        gVar.getClass();
        ka.k.f(str, HandleInvocationsFromAdViewer.KEY_PACKAGE_NAME);
        String str2 = com.yandex.passport.internal.entities.g.f44315h.get(str);
        if (str2 == null) {
            equals = false;
        } else {
            byte[] decode = Base64.decode(str2, 0);
            ka.k.e(decode, "otherHash");
            equals = Arrays.equals(gVar.a(), decode);
        }
        if (equals) {
            s0.c.f62966a.getClass();
            if (s0.c.b()) {
                s0.c.c(dVar, null, "isTrusted: true, reason: isSsoEnabledByFingerPrint()", null);
            }
            return true;
        }
        X509Certificate x509Certificate2 = this.f47843e;
        if (x509Certificate2 == null) {
            s0.c.f62966a.getClass();
            if (s0.c.b()) {
                s0.c.c(dVar, null, "isTrusted: false, reason: ssoCertificate=null", null);
            }
            return false;
        }
        String str3 = this.f47839a;
        String name = x509Certificate2.getSubjectX500Principal().getName("RFC2253");
        s0.c.f62966a.getClass();
        if (s0.c.b()) {
            s0.c.c(dVar, null, "checkCN: " + name, null);
        }
        if (!ka.k.a("CN=" + str3, name)) {
            if (s0.c.b()) {
                s0.c.c(dVar, null, "isTrusted=false, reason=checkPackageName", null);
            }
            return false;
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(a0.h.k(this.f47843e));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) x4.a.e(new TrustAnchor(x509Certificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e6) {
            lVar.invoke(e6);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            s0.c.f62966a.getClass();
            if (s0.c.b()) {
                s0.c.c(dVar, null, "isTrusted=false, reason=verifyCertificate", null);
            }
            return false;
        }
        PublicKey publicKey = this.f47843e.getPublicKey();
        ka.k.e(publicKey, "ssoCertificate.publicKey");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        ArrayList r10 = x9.m.r(this.f47841c.f44317b);
        ArrayList arrayList = new ArrayList(x9.p.z(r10, 10));
        Iterator it = r10.iterator();
        while (it.hasNext()) {
            byte[] byteArray = ((Signature) it.next()).toByteArray();
            ka.k.e(byteArray, "it.toByteArray()");
            Certificate generateCertificate = CertificateFactory.getInstance(AndroidStaticDeviceInfoDataSource.CERTIFICATE_TYPE_X509).generateCertificate(new ByteArrayInputStream(byteArray));
            if (generateCertificate == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            arrayList.add((X509Certificate) generateCertificate);
        }
        x C = v.C(x9.v.J(arrayList), new c(messageDigest));
        Iterator it2 = C.f62678a.iterator();
        while (true) {
            if (!it2.hasNext()) {
                obj = null;
                break;
            }
            obj = C.f62679b.invoke(it2.next());
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        s0.c.f62966a.getClass();
        if (s0.c.b()) {
            s0.c.c(dVar, null, "isTrusted=false, reason=checkPublicKey", null);
        }
        return false;
    }
}
