package com.yandex.passport.internal.sso;

import com.avstaim.darkside.service.LogLevel;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import kotlin.collections.CollectionsKt__CollectionsJVMKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.collections.SetsKt__SetsJVMKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Lambda;
import kotlin.sequences.Sequence;
import kotlin.sequences.SequencesKt___SequencesKt;

/* loaded from: classes12.dex */
public final class b {

    /* renamed from: a, reason: collision with root package name */
    private final String f86003a;

    /* renamed from: b, reason: collision with root package name */
    private final com.yandex.passport.internal.entities.g f86004b;

    /* renamed from: c, reason: collision with root package name */
    private final com.yandex.passport.internal.entities.g f86005c;

    /* renamed from: d, reason: collision with root package name */
    private final int f86006d;

    /* renamed from: e, reason: collision with root package name */
    private final X509Certificate f86007e;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes12.dex */
    public static final class a extends Lambda implements Function1 {

        /* renamed from: h, reason: collision with root package name */
        final /* synthetic */ MessageDigest f86008h;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        a(MessageDigest messageDigest) {
            super(1);
            this.f86008h = messageDigest;
        }

        @Override // kotlin.jvm.functions.Function1
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final byte[] invoke(X509Certificate it) {
            Intrinsics.checkNotNullParameter(it, "it");
            return this.f86008h.digest(it.getPublicKey().getEncoded());
        }
    }

    public b(String packageName, com.yandex.passport.internal.entities.g selfSignatureInfo, com.yandex.passport.internal.entities.g signatureInfo, int i11, X509Certificate x509Certificate) {
        Intrinsics.checkNotNullParameter(packageName, "packageName");
        Intrinsics.checkNotNullParameter(selfSignatureInfo, "selfSignatureInfo");
        Intrinsics.checkNotNullParameter(signatureInfo, "signatureInfo");
        this.f86003a = packageName;
        this.f86004b = selfSignatureInfo;
        this.f86005c = signatureInfo;
        this.f86006d = i11;
        this.f86007e = x509Certificate;
    }

    private final boolean a(String str, X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        n6.c cVar = n6.c.f122672a;
        if (cVar.b()) {
            n6.c.d(cVar, LogLevel.DEBUG, null, "checkCN: " + name, null, 8, null);
        }
        return Intrinsics.areEqual("CN=" + str, name);
    }

    private final boolean b(PublicKey publicKey) {
        Sequence asSequence;
        Sequence map;
        Object obj;
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        asSequence = CollectionsKt___CollectionsKt.asSequence(this.f86005c.i());
        map = SequencesKt___SequencesKt.map(asSequence, new a(messageDigest));
        Iterator it = map.iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        return ((byte[]) obj) != null;
    }

    private final CertPathValidatorResult h(X509Certificate x509Certificate, X509Certificate x509Certificate2, Function1 function1) {
        List<? extends Certificate> listOf;
        Set of2;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
            listOf = CollectionsKt__CollectionsJVMKt.listOf(x509Certificate);
            CertPath generateCertPath = certificateFactory.generateCertPath(listOf);
            of2 = SetsKt__SetsJVMKt.setOf(new TrustAnchor(x509Certificate2, null));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) of2);
            pKIXParameters.setRevocationEnabled(false);
            return CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e11) {
            function1.invoke(e11);
            return null;
        }
    }

    public final int c() {
        return this.f86006d;
    }

    public final String d() {
        return this.f86003a;
    }

    public final com.yandex.passport.internal.entities.g e() {
        return this.f86005c;
    }

    public final X509Certificate f() {
        return this.f86007e;
    }

    public final boolean g(X509Certificate trustedCertificate, Function1 reportException) {
        Intrinsics.checkNotNullParameter(trustedCertificate, "trustedCertificate");
        Intrinsics.checkNotNullParameter(reportException, "reportException");
        if (this.f86005c.o(this.f86004b)) {
            return true;
        }
        if (this.f86005c.n(this.f86003a)) {
            n6.c cVar = n6.c.f122672a;
            if (cVar.b()) {
                n6.c.d(cVar, LogLevel.DEBUG, null, "isTrusted: true, reason: isSsoEnabledByFingerPrint()", null, 8, null);
            }
            return true;
        }
        X509Certificate x509Certificate = this.f86007e;
        if (x509Certificate == null) {
            n6.c cVar2 = n6.c.f122672a;
            if (cVar2.b()) {
                n6.c.d(cVar2, LogLevel.DEBUG, null, "isTrusted: false, reason: ssoCertificate=null", null, 8, null);
            }
            return false;
        }
        if (!a(this.f86003a, x509Certificate)) {
            n6.c cVar3 = n6.c.f122672a;
            if (cVar3.b()) {
                n6.c.d(cVar3, LogLevel.DEBUG, null, "isTrusted=false, reason=checkPackageName", null, 8, null);
            }
            return false;
        }
        if (h(this.f86007e, trustedCertificate, reportException) == null) {
            n6.c cVar4 = n6.c.f122672a;
            if (cVar4.b()) {
                n6.c.d(cVar4, LogLevel.DEBUG, null, "isTrusted=false, reason=verifyCertificate", null, 8, null);
            }
            return false;
        }
        PublicKey publicKey = this.f86007e.getPublicKey();
        Intrinsics.checkNotNullExpressionValue(publicKey, "ssoCertificate.publicKey");
        if (b(publicKey)) {
            return true;
        }
        n6.c cVar5 = n6.c.f122672a;
        if (cVar5.b()) {
            n6.c.d(cVar5, LogLevel.DEBUG, null, "isTrusted=false, reason=checkPublicKey", null, 8, null);
        }
        return false;
    }
}
