package com.yandex.passport.internal.sso;

import android.content.pm.Signature;
import com.yandex.passport.internal.w;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;

/* loaded from: classes.dex */
public final class c {

    /* renamed from: f, reason: collision with root package name */
    public static final String f19979f = c.class.getSimpleName();

    /* renamed from: a, reason: collision with root package name */
    public final String f19980a;

    /* renamed from: b, reason: collision with root package name */
    public final com.yandex.passport.internal.e.f f19981b;

    /* renamed from: c, reason: collision with root package name */
    public final int f19982c;

    /* renamed from: e, reason: collision with root package name */
    public final X509Certificate f19983e;

    /* loaded from: classes.dex */
    public final class b extends i.e.b.k implements i.e.a.b<X509Certificate, byte[]> {

        /* renamed from: a, reason: collision with root package name */
        public final /* synthetic */ MessageDigest f19984a;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public b(MessageDigest messageDigest) {
            super(1);
            this.f19984a = messageDigest;
        }

        @Override // i.e.a.b
        public final /* synthetic */ byte[] invoke(X509Certificate x509Certificate) {
            X509Certificate x509Certificate2 = x509Certificate;
            i.e.b.j.b(x509Certificate2, "it");
            MessageDigest messageDigest = this.f19984a;
            PublicKey publicKey = x509Certificate2.getPublicKey();
            i.e.b.j.a((Object) publicKey, "it.publicKey");
            return messageDigest.digest(publicKey.getEncoded());
        }
    }

    public c(String str, com.yandex.passport.internal.e.f fVar, int i2, X509Certificate x509Certificate) {
        if (str == null) {
            i.e.b.j.a("packageName");
            throw null;
        }
        if (fVar == null) {
            i.e.b.j.a("signatureInfo");
            throw null;
        }
        this.f19980a = str;
        this.f19981b = fVar;
        this.f19982c = i2;
        this.f19983e = x509Certificate;
    }

    public final boolean a(X509Certificate x509Certificate, i.e.a.b<? super Exception, i.l> bVar) {
        CertPathValidatorResult certPathValidatorResult;
        Object obj = null;
        if (x509Certificate == null) {
            i.e.b.j.a("trustedCertificate");
            throw null;
        }
        if (bVar == null) {
            i.e.b.j.a("reportException");
            throw null;
        }
        if (this.f19981b.d()) {
            return true;
        }
        X509Certificate x509Certificate2 = this.f19983e;
        if (x509Certificate2 == null) {
            String str = f19979f;
            i.e.b.j.a((Object) str, "TAG");
            w.a(str, "isTrusted: false, reason: ssoCertificate=null");
            return false;
        }
        String str2 = this.f19980a;
        String name = x509Certificate2.getSubjectX500Principal().getName("RFC2253");
        String str3 = f19979f;
        i.e.b.j.a((Object) str3, "TAG");
        w.a(str3, "checkCN: ".concat(String.valueOf(name)));
        if (!i.e.b.j.a((Object) "CN=".concat(String.valueOf(str2)), (Object) name)) {
            String str4 = f19979f;
            i.e.b.j.a((Object) str4, "TAG");
            w.a(str4, "isTrusted=false, reason=checkPackageName");
            return false;
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(c.h.a.b.d.b.a.c.d(this.f19983e));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) c.h.a.b.d.b.a.c.e(new TrustAnchor(x509Certificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e2) {
            bVar.invoke(e2);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            String str5 = f19979f;
            i.e.b.j.a((Object) str5, "TAG");
            w.a(str5, "isTrusted=false, reason=verifyCertificate");
            return false;
        }
        PublicKey publicKey = this.f19983e.getPublicKey();
        i.e.b.j.a((Object) publicKey, "ssoCertificate.publicKey");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        Signature[] signatureArr = this.f19981b.f19337b;
        if (signatureArr == null) {
            i.e.b.j.a("$this$filterNotNull");
            throw null;
        }
        ArrayList arrayList = new ArrayList();
        for (Signature signature : signatureArr) {
            if (signature != null) {
                arrayList.add(signature);
            }
        }
        ArrayList arrayList2 = new ArrayList(c.h.a.b.d.b.a.c.a(arrayList, 10));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            byte[] byteArray = ((Signature) it.next()).toByteArray();
            i.e.b.j.a((Object) byteArray, "it.toByteArray()");
            arrayList2.add(d.a(byteArray));
        }
        Iterator it2 = c.h.a.b.d.b.a.c.d(i.a.i.a((Iterable) arrayList2), new b(messageDigest)).iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            Object next = it2.next();
            if (Arrays.equals((byte[]) next, digest)) {
                obj = next;
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        String str6 = f19979f;
        i.e.b.j.a((Object) str6, "TAG");
        w.a(str6, "isTrusted=false, reason=checkPublicKey");
        return false;
    }
}
