package com.yandex.passport.internal.sso;

import android.content.pm.Signature;
import android.util.Base64;
import com.avstaim.darkside.service.LogLevel;
import com.yandex.passport.internal.sso.d;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;
import kotlin.collections.t;
import kotlin.collections.y;
import kotlin.sequences.c0;
import kotlin.sequences.h0;
import ml.o;

/* loaded from: classes5.dex */
public final class c {

    /* renamed from: a, reason: collision with root package name */
    public final String f31061a;

    /* renamed from: b, reason: collision with root package name */
    public final com.yandex.passport.internal.entities.b f31062b;
    public final int c;

    /* renamed from: d, reason: collision with root package name */
    public final X509Certificate f31063d;

    public c(String packageName, com.yandex.passport.internal.entities.b bVar, int i10, X509Certificate x509Certificate) {
        kotlin.jvm.internal.n.g(packageName, "packageName");
        this.f31061a = packageName;
        this.f31062b = bVar;
        this.c = i10;
        this.f31063d = x509Certificate;
    }

    public final boolean a(X509Certificate trustedCertificate, wl.l<? super Exception, o> lVar) {
        boolean equals;
        CertPathValidatorResult certPathValidatorResult;
        Object obj;
        kotlin.jvm.internal.n.g(trustedCertificate, "trustedCertificate");
        com.yandex.passport.internal.entities.b bVar = this.f31062b;
        if (bVar.f()) {
            return true;
        }
        String packageName = this.f31061a;
        kotlin.jvm.internal.n.g(packageName, "packageName");
        String str = com.yandex.passport.internal.entities.b.f29936g.get(packageName);
        if (str == null) {
            equals = false;
        } else {
            byte[] otherHash = Base64.decode(str, 0);
            kotlin.jvm.internal.n.f(otherHash, "otherHash");
            equals = Arrays.equals(bVar.a(), otherHash);
        }
        if (equals) {
            i1.c.f39631a.getClass();
            if (i1.c.b()) {
                i1.c.c(LogLevel.DEBUG, null, "isTrusted: true, reason: isSsoEnabledByFingerPrint()", null);
            }
            return true;
        }
        X509Certificate x509Certificate = this.f31063d;
        if (x509Certificate == null) {
            i1.c.f39631a.getClass();
            if (i1.c.b()) {
                i1.c.c(LogLevel.DEBUG, null, "isTrusted: false, reason: ssoCertificate=null", null);
            }
            return false;
        }
        String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        i1.c.f39631a.getClass();
        if (i1.c.b()) {
            i1.c.c(LogLevel.DEBUG, null, "checkCN: " + name, null);
        }
        if (!kotlin.jvm.internal.n.b("CN=".concat(packageName), name)) {
            if (i1.c.b()) {
                i1.c.c(LogLevel.DEBUG, null, "isTrusted=false, reason=checkPackageName", null);
            }
            return false;
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(x0.b.v(x509Certificate));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) com.yandex.passport.internal.database.tables.b.n(new TrustAnchor(trustedCertificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e) {
            lVar.invoke(e);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            i1.c.f39631a.getClass();
            if (i1.c.b()) {
                i1.c.c(LogLevel.DEBUG, null, "isTrusted=false, reason=verifyCertificate", null);
            }
            return false;
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        kotlin.jvm.internal.n.f(publicKey, "ssoCertificate.publicKey");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        ArrayList X = kotlin.collections.o.X(bVar.f29938b);
        ArrayList arrayList = new ArrayList(t.Q(X, 10));
        Iterator it = X.iterator();
        while (it.hasNext()) {
            byte[] byteArray = ((Signature) it.next()).toByteArray();
            kotlin.jvm.internal.n.f(byteArray, "it.toByteArray()");
            arrayList.add(d.a.c(byteArray));
        }
        h0.a aVar = new h0.a(c0.Q(y.f0(arrayList), new b(messageDigest)));
        while (true) {
            if (!aVar.getHasMore()) {
                obj = null;
                break;
            }
            obj = aVar.next();
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        i1.c.f39631a.getClass();
        if (i1.c.b()) {
            i1.c.c(LogLevel.DEBUG, null, "isTrusted=false, reason=checkPublicKey", null);
        }
        return false;
    }
}
