package com.yandex.passport.internal.sso;

import android.content.pm.Signature;
import c.a.ac;
import c.p;
import com.yandex.passport.internal.sso.d;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes2.dex */
public final class c {

    /* renamed from: d, reason: collision with root package name */
    public static final a f29134d = new a(0);

    /* renamed from: f, reason: collision with root package name */
    private static final String f29135f = c.class.getSimpleName();

    /* renamed from: a, reason: collision with root package name */
    public final String f29136a;

    /* renamed from: b, reason: collision with root package name */
    final com.yandex.passport.internal.e.e f29137b;

    /* renamed from: c, reason: collision with root package name */
    final int f29138c;

    /* renamed from: e, reason: collision with root package name */
    private final X509Certificate f29139e;

    /* loaded from: classes2.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(byte b2) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static final class b extends c.e.b.j implements c.e.a.b<X509Certificate, byte[]> {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ MessageDigest f29140a;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        b(MessageDigest messageDigest) {
            super(1);
            this.f29140a = messageDigest;
        }

        @Override // c.e.a.b
        public final /* synthetic */ byte[] invoke(X509Certificate x509Certificate) {
            X509Certificate x509Certificate2 = x509Certificate;
            c.e.b.i.b(x509Certificate2, "it");
            MessageDigest messageDigest = this.f29140a;
            PublicKey publicKey = x509Certificate2.getPublicKey();
            c.e.b.i.a((Object) publicKey, "it.publicKey");
            return messageDigest.digest(publicKey.getEncoded());
        }
    }

    public c(String str, com.yandex.passport.internal.e.e eVar, int i, X509Certificate x509Certificate) {
        c.e.b.i.b(str, "packageName");
        c.e.b.i.b(eVar, "signatureInfo");
        this.f29136a = str;
        this.f29137b = eVar;
        this.f29138c = i;
        this.f29139e = x509Certificate;
    }

    private static CertPathValidatorResult a(X509Certificate x509Certificate, X509Certificate x509Certificate2, c.e.a.b<? super Exception, p> bVar) {
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(c.a.h.a(x509Certificate));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) ac.a(new TrustAnchor(x509Certificate2, null)));
            pKIXParameters.setRevocationEnabled(false);
            return CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e2) {
            bVar.invoke(e2);
            return null;
        }
    }

    public final boolean a(X509Certificate x509Certificate, c.e.a.b<? super Exception, p> bVar) {
        Object obj;
        c.e.b.i.b(x509Certificate, "trustedCertificate");
        c.e.b.i.b(bVar, "reportException");
        if (this.f29137b.d()) {
            return true;
        }
        X509Certificate x509Certificate2 = this.f29139e;
        if (x509Certificate2 == null) {
            c.e.b.i.a((Object) f29135f, "TAG");
            return false;
        }
        String str = this.f29136a;
        String name = x509Certificate2.getSubjectX500Principal().getName("RFC2253");
        c.e.b.i.a((Object) f29135f, "TAG");
        if (!c.e.b.i.a((Object) "CN=".concat(String.valueOf(str)), (Object) name)) {
            c.e.b.i.a((Object) f29135f, "TAG");
            return false;
        }
        if (a(this.f29139e, x509Certificate, bVar) == null) {
            c.e.b.i.a((Object) f29135f, "TAG");
            return false;
        }
        PublicKey publicKey = this.f29139e.getPublicKey();
        c.e.b.i.a((Object) publicKey, "ssoCertificate.publicKey");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        List<Signature> b2 = c.a.c.b(this.f29137b.f28494b);
        ArrayList arrayList = new ArrayList(c.a.h.a((Iterable) b2));
        for (Signature signature : b2) {
            d.b bVar2 = d.f29141b;
            byte[] byteArray = signature.toByteArray();
            c.e.b.i.a((Object) byteArray, "it.toByteArray()");
            arrayList.add(d.b.a(byteArray));
        }
        Iterator a2 = c.k.d.c(c.a.h.g(arrayList), new b(messageDigest)).a();
        while (true) {
            if (!a2.hasNext()) {
                obj = null;
                break;
            }
            obj = a2.next();
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        c.e.b.i.a((Object) f29135f, "TAG");
        return false;
    }
}
