package com.yandex.passport.a.s;

import android.content.pm.Signature;
import com.yandex.passport.a.B;
import com.yandex.passport.a.s.f;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes2.dex */
public final class d {
    public final String a;
    public final com.yandex.passport.a.g.j b;
    public final int c;
    public final X509Certificate d;

    public d(String str, com.yandex.passport.a.g.j jVar, int i, X509Certificate x509Certificate) {
        if (str == null) {
            g0.y.c.k.a("packageName");
            throw null;
        }
        if (jVar == null) {
            g0.y.c.k.a("signatureInfo");
            throw null;
        }
        this.a = str;
        this.b = jVar;
        this.c = i;
        this.d = x509Certificate;
    }

    public final boolean a(X509Certificate x509Certificate, g0.y.b.b<? super Exception, g0.r> bVar) {
        CertPathValidatorResult certPathValidatorResult;
        Object obj = null;
        if (x509Certificate == null) {
            g0.y.c.k.a("trustedCertificate");
            throw null;
        }
        if (bVar == null) {
            g0.y.c.k.a("reportException");
            throw null;
        }
        if (this.b.j()) {
            return true;
        }
        if (this.b.b(this.a)) {
            B.a("isTrusted: true, reason: isSsoEnabledByFingerPrint()");
            return true;
        }
        X509Certificate x509Certificate2 = this.d;
        if (x509Certificate2 == null) {
            B.a("isTrusted: false, reason: ssoCertificate=null");
            return false;
        }
        String str = this.a;
        String name = x509Certificate2.getSubjectX500Principal().getName("RFC2253");
        B.a("checkCN: " + name);
        if (!g0.y.c.k.a((Object) ("CN=" + str), (Object) name)) {
            B.a("isTrusted=false, reason=checkPackageName");
            return false;
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(e.a.h0.n0.d.b(this.d));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) g0.u.j.c(new TrustAnchor(x509Certificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            certPathValidatorResult = CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e2) {
            bVar.invoke(e2);
            certPathValidatorResult = null;
        }
        if (certPathValidatorResult == null) {
            B.a("isTrusted=false, reason=verifyCertificate");
            return false;
        }
        PublicKey publicKey = this.d.getPublicKey();
        g0.y.c.k.a((Object) publicKey, "ssoCertificate.publicKey");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        List<Signature> b = e.a.h0.n0.d.b((Object[]) this.b.l);
        ArrayList arrayList = new ArrayList(g0.u.j.a((Iterable) b, 10));
        for (Signature signature : b) {
            f.a aVar = f.c;
            byte[] byteArray = signature.toByteArray();
            g0.y.c.k.a((Object) byteArray, "it.toByteArray()");
            arrayList.add(aVar.a(byteArray));
        }
        Iterator it = g0.u.j.c(g0.u.h.a((Iterable) arrayList), new c(messageDigest)).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (Arrays.equals((byte[]) next, digest)) {
                obj = next;
                break;
            }
        }
        if (((byte[]) obj) != null) {
            return true;
        }
        B.a("isTrusted=false, reason=checkPublicKey");
        return false;
    }
}
