package com.yandex.passport.a.s;

import android.content.pm.Signature;
import com.yandex.metrica.rtm.Constants;
import com.yandex.passport.a.z;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import kotlin.TypeCastException;

/* loaded from: classes.dex */
public final class d {
    public final String a;
    public final com.yandex.passport.a.g.m b;
    public final int c;
    public final X509Certificate d;

    public d(String str, com.yandex.passport.a.g.m mVar, int i2, X509Certificate x509Certificate) {
        o.q.b.o.g(str, "packageName");
        o.q.b.o.g(mVar, "signatureInfo");
        this.a = str;
        this.b = mVar;
        this.c = i2;
        this.d = x509Certificate;
    }

    public final boolean a(X509Certificate x509Certificate, o.q.a.l<? super Exception, o.l> lVar) {
        CertPathValidatorResult certPathValidatorResult;
        o.q.b.o.g(x509Certificate, "trustedCertificate");
        o.q.b.o.g(lVar, "reportException");
        if (this.b.k()) {
            return true;
        }
        com.yandex.passport.a.g.m mVar = this.b;
        String str = this.a;
        Objects.requireNonNull(mVar);
        o.q.b.o.g(str, "packageName");
        String str2 = com.yandex.passport.a.g.m.f2816i.get(str);
        if (str2 != null ? mVar.a(str2) : false) {
            String str3 = z.a;
            i.a.a.a.a.f0("isTrusted: true, reason: isSsoEnabledByFingerPrint()", Constants.KEY_MESSAGE, "Passport", "tag", "isTrusted: true, reason: isSsoEnabledByFingerPrint()", Constants.KEY_MESSAGE);
            return true;
        }
        X509Certificate x509Certificate2 = this.d;
        if (x509Certificate2 == null) {
            String str4 = z.a;
            i.a.a.a.a.f0("isTrusted: false, reason: ssoCertificate=null", Constants.KEY_MESSAGE, "Passport", "tag", "isTrusted: false, reason: ssoCertificate=null", Constants.KEY_MESSAGE);
            return false;
        }
        String str5 = this.a;
        String name = x509Certificate2.getSubjectX500Principal().getName("RFC2253");
        z.a("checkCN: " + name);
        if (!o.q.b.o.a("CN=" + str5, name)) {
            i.a.a.a.a.f0("isTrusted=false, reason=checkPackageName", Constants.KEY_MESSAGE, "Passport", "tag", "isTrusted=false, reason=checkPackageName", Constants.KEY_MESSAGE);
            return false;
        }
        Object obj = null;
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(l.c.g0.a.X(this.d));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) l.c.g0.a.u0(new TrustAnchor(x509Certificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e) {
            lVar.invoke(e);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            i.a.a.a.a.f0("isTrusted=false, reason=verifyCertificate", Constants.KEY_MESSAGE, "Passport", "tag", "isTrusted=false, reason=verifyCertificate", Constants.KEY_MESSAGE);
            return false;
        }
        PublicKey publicKey = this.d.getPublicKey();
        o.q.b.o.b(publicKey, "ssoCertificate.publicKey");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        Signature[] signatureArr = this.b.f2819l;
        o.q.b.o.f(signatureArr, "<this>");
        ArrayList arrayList = new ArrayList();
        o.q.b.o.f(signatureArr, "<this>");
        o.q.b.o.f(arrayList, "destination");
        for (Signature signature : signatureArr) {
            if (signature != null) {
                arrayList.add(signature);
            }
        }
        ArrayList arrayList2 = new ArrayList(l.c.g0.a.l(arrayList, 10));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            byte[] byteArray = ((Signature) it.next()).toByteArray();
            o.q.b.o.b(byteArray, "it.toByteArray()");
            o.q.b.o.g(byteArray, "certBytes");
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
            if (generateCertificate == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            arrayList2.add((X509Certificate) generateCertificate);
        }
        o.v.h hVar = (o.v.h) l.c.g0.a.Y(o.m.h.d(arrayList2), new c(messageDigest));
        Iterator it2 = hVar.a.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            Object invoke = hVar.b.invoke(it2.next());
            if (Arrays.equals((byte[]) invoke, digest)) {
                obj = invoke;
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        i.a.a.a.a.f0("isTrusted=false, reason=checkPublicKey", Constants.KEY_MESSAGE, "Passport", "tag", "isTrusted=false, reason=checkPublicKey", Constants.KEY_MESSAGE);
        return false;
    }
}
