package com.yandex.passport.internal.sso;

import android.content.pm.Signature;
import dg.r;
import dg.v;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import jf.q;
import jf.u;
import p002if.s;
import p5.i0;

/* loaded from: classes4.dex */
public final class d {

    /* renamed from: a, reason: collision with root package name */
    public final String f44567a;

    /* renamed from: b, reason: collision with root package name */
    public final com.yandex.passport.internal.entities.b f44568b;

    /* renamed from: c, reason: collision with root package name */
    public final int f44569c;

    /* renamed from: d, reason: collision with root package name */
    public final X509Certificate f44570d;

    public d(String str, com.yandex.passport.internal.entities.b bVar, int i10, X509Certificate x509Certificate) {
        i0.S(str, "packageName");
        this.f44567a = str;
        this.f44568b = bVar;
        this.f44569c = i10;
        this.f44570d = x509Certificate;
    }

    public final boolean a(X509Certificate x509Certificate, vf.l<? super Exception, s> lVar) {
        CertPathValidatorResult certPathValidatorResult;
        Object obj;
        l0.d dVar = l0.d.DEBUG;
        i0.S(x509Certificate, "trustedCertificate");
        if (this.f44568b.h()) {
            return true;
        }
        com.yandex.passport.internal.entities.b bVar = this.f44568b;
        String str = this.f44567a;
        Objects.requireNonNull(bVar);
        i0.S(str, "packageName");
        String str2 = com.yandex.passport.internal.entities.b.f42578h.get(str);
        if (str2 == null ? false : bVar.a(str2)) {
            l0.c cVar = l0.c.f56188a;
            if (cVar.b()) {
                cVar.c(dVar, null, "isTrusted: true, reason: isSsoEnabledByFingerPrint()", null);
            }
            return true;
        }
        X509Certificate x509Certificate2 = this.f44570d;
        if (x509Certificate2 == null) {
            l0.c cVar2 = l0.c.f56188a;
            if (cVar2.b()) {
                cVar2.c(dVar, null, "isTrusted: false, reason: ssoCertificate=null", null);
            }
            return false;
        }
        String str3 = this.f44567a;
        String name = x509Certificate2.getSubjectX500Principal().getName("RFC2253");
        l0.c cVar3 = l0.c.f56188a;
        if (cVar3.b()) {
            cVar3.c(dVar, null, android.support.v4.media.a.f("checkCN: ", name), null);
        }
        if (!i0.D("CN=" + str3, name)) {
            if (cVar3.b()) {
                cVar3.c(dVar, null, "isTrusted=false, reason=checkPackageName", null);
            }
            return false;
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(m5.g.B(this.f44570d));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) q1.b.l(new TrustAnchor(x509Certificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e10) {
            lVar.invoke(e10);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            l0.c cVar4 = l0.c.f56188a;
            if (cVar4.b()) {
                cVar4.c(dVar, null, "isTrusted=false, reason=verifyCertificate", null);
            }
            return false;
        }
        PublicKey publicKey = this.f44570d.getPublicKey();
        i0.R(publicKey, "ssoCertificate.publicKey");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        List s02 = jf.m.s0(this.f44568b.f42580b);
        ArrayList arrayList = new ArrayList(q.P(s02, 10));
        Iterator it = ((ArrayList) s02).iterator();
        while (it.hasNext()) {
            byte[] byteArray = ((Signature) it.next()).toByteArray();
            i0.R(byteArray, "it.toByteArray()");
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
            Objects.requireNonNull(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            arrayList.add((X509Certificate) generateCertificate);
        }
        v vVar = (v) r.M1(u.W(arrayList), new c(messageDigest));
        Iterator it2 = vVar.f47413a.iterator();
        while (true) {
            if (!it2.hasNext()) {
                obj = null;
                break;
            }
            obj = vVar.f47414b.invoke(it2.next());
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        l0.c cVar5 = l0.c.f56188a;
        if (cVar5.b()) {
            cVar5.c(dVar, null, "isTrusted=false, reason=checkPublicKey", null);
        }
        return false;
    }
}
