package com.yandex.passport.internal.sso;

import X.s;
import android.content.pm.Signature;
import android.util.Base64;
import bd.AbstractC1195m;
import bd.AbstractC1196n;
import bd.AbstractC1199q;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import nd.InterfaceC4209l;
import ud.r;

/* loaded from: classes2.dex */
public final class c {

    /* renamed from: a, reason: collision with root package name */
    public final String f36857a;

    /* renamed from: b, reason: collision with root package name */
    public final com.yandex.passport.internal.entities.h f36858b;

    /* renamed from: c, reason: collision with root package name */
    public final com.yandex.passport.internal.entities.h f36859c;

    /* renamed from: d, reason: collision with root package name */
    public final int f36860d;

    /* renamed from: e, reason: collision with root package name */
    public final X509Certificate f36861e;

    public c(String str, com.yandex.passport.internal.entities.h hVar, com.yandex.passport.internal.entities.h hVar2, int i10, X509Certificate x509Certificate) {
        com.yandex.passport.common.util.i.k(str, "packageName");
        this.f36857a = str;
        this.f36858b = hVar;
        this.f36859c = hVar2;
        this.f36860d = i10;
        this.f36861e = x509Certificate;
    }

    public final boolean a(X509Certificate x509Certificate, InterfaceC4209l interfaceC4209l) {
        CertPathValidatorResult certPathValidatorResult;
        Object obj;
        com.yandex.passport.common.util.i.k(x509Certificate, "trustedCertificate");
        com.yandex.passport.internal.entities.h hVar = this.f36859c;
        if (hVar.e(this.f36858b)) {
            return true;
        }
        String str = this.f36857a;
        com.yandex.passport.common.util.i.k(str, "packageName");
        String str2 = (String) com.yandex.passport.internal.entities.h.f33259h.get(str);
        if (str2 != null) {
            byte[] decode = Base64.decode(str2, 0);
            com.yandex.passport.common.util.i.j(decode, "otherHash");
            if (Arrays.equals(hVar.a(), decode)) {
                if (B1.d.f488a.isEnabled()) {
                    B1.d.c(2, null, "isTrusted: true, reason: isSsoEnabledByFingerPrint()", 8);
                }
                return true;
            }
        }
        X509Certificate x509Certificate2 = this.f36861e;
        if (x509Certificate2 == null) {
            if (B1.d.f488a.isEnabled()) {
                B1.d.c(2, null, "isTrusted: false, reason: ssoCertificate=null", 8);
            }
            return false;
        }
        String name = x509Certificate2.getSubjectX500Principal().getName("RFC2253");
        if (B1.d.f488a.isEnabled()) {
            B1.d.c(2, null, "checkCN: " + name, 8);
        }
        if (!com.yandex.passport.common.util.i.f("CN=".concat(str), name)) {
            if (B1.d.f488a.isEnabled()) {
                B1.d.c(2, null, "isTrusted=false, reason=checkPackageName", 8);
            }
            return false;
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(com.yandex.passport.common.coroutine.c.v(x509Certificate2));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) G1.j.z(new TrustAnchor(x509Certificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e10) {
            interfaceC4209l.invoke(e10);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            if (B1.d.f488a.isEnabled()) {
                B1.d.c(2, null, "isTrusted=false, reason=verifyCertificate", 8);
            }
            return false;
        }
        PublicKey publicKey = x509Certificate2.getPublicKey();
        com.yandex.passport.common.util.i.j(publicKey, "ssoCertificate.publicKey");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        List i02 = AbstractC1195m.i0(hVar.f33261b);
        ArrayList arrayList = new ArrayList(AbstractC1196n.O(i02, 10));
        Iterator it = i02.iterator();
        while (it.hasNext()) {
            byte[] byteArray = ((Signature) it.next()).toByteArray();
            com.yandex.passport.common.util.i.j(byteArray, "it.toByteArray()");
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
            com.yandex.passport.common.util.i.i(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            arrayList.add((X509Certificate) generateCertificate);
        }
        r Y = ud.l.Y(AbstractC1199q.a0(arrayList), new s(13, messageDigest));
        Iterator it2 = Y.f58961a.iterator();
        while (true) {
            if (!it2.hasNext()) {
                obj = null;
                break;
            }
            obj = Y.f58962b.invoke(it2.next());
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        if (B1.d.f488a.isEnabled()) {
            B1.d.c(2, null, "isTrusted=false, reason=checkPublicKey", 8);
        }
        return false;
    }
}
