package com.stripe.android.stripe3ds2.transaction;

import ck.g;
import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import javax.crypto.SecretKey;
import lb.p;
import lb.q;
import lb.r;
import lb.s;
import lb.v;
import mb.h;
import mb.k;
import ob.m;
import ob.o;
import ob.r;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jetbrains.annotations.NotNull;
import org.json.JSONException;
import org.json.JSONObject;
import rj.e;
import ub.a;
import ub.c;
import ub.i;
import ub.j;
import y7.f;

/* loaded from: classes4.dex */
public interface JwsValidator {

    /* loaded from: classes4.dex */
    public static final class Default implements JwsValidator {

        @NotNull
        public static final Companion Companion = new Companion(null);
        private final ErrorReporter errorReporter;

        /* loaded from: classes4.dex */
        public static final class Companion {
            private Companion() {
            }

            public /* synthetic */ Companion(g gVar) {
                this();
            }

            /* JADX INFO: Access modifiers changed from: private */
            public final void validateChain(List<? extends a> list, List<? extends X509Certificate> list2) throws GeneralSecurityException, IOException, ParseException {
                List<X509Certificate> a10 = i.a(list);
                KeyStore createKeyStore = createKeyStore(list2);
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificate(a10.get(0));
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
                pKIXBuilderParameters.setRevocationEnabled(false);
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(a10)));
                CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
            }

            @NotNull
            public final KeyStore createKeyStore(@NotNull List<? extends X509Certificate> list) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
                f.g(list, "rootCerts");
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                int i10 = 0;
                for (Object obj : list) {
                    int i11 = i10 + 1;
                    if (i10 < 0) {
                        e.h();
                        throw null;
                    }
                    String format = String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i10)}, 1));
                    f.f(format, "java.lang.String.format(locale, format, *args)");
                    keyStore.setCertificateEntry(format, list.get(i10));
                    i10 = i11;
                }
                return keyStore;
            }

            @NotNull
            public final q sanitizedJwsHeader$3ds2sdk_release(@NotNull q qVar) {
                f.g(qVar, "jwsHeader");
                p pVar = (p) qVar.f49177a;
                if (pVar.f49157a.equals(lb.a.f49156b.f49157a)) {
                    throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
                }
                return new q(pVar, qVar.f49178b, qVar.f49179c, qVar.f49180d, qVar.f49158h, null, qVar.f49160j, qVar.f49161k, qVar.f49162l, qVar.f49163m, qVar.f49164n, qVar.f49239o, qVar.f49181e, null);
            }
        }

        public Default(@NotNull ErrorReporter errorReporter) {
            f.g(errorReporter, "errorReporter");
            this.errorReporter = errorReporter;
        }

        private final PublicKey getPublicKeyFromHeader(q qVar) throws CertificateException {
            List<a> list = qVar.f49163m;
            f.f(list, "jwsHeader.x509CertChain");
            X509Certificate a10 = j.a(((a) rj.j.n(list)).a());
            f.f(a10, "X509CertUtils.parseWithE…().decode()\n            )");
            PublicKey publicKey = a10.getPublicKey();
            f.f(publicKey, "X509CertUtils.parseWithE…)\n            ).publicKey");
            return publicKey;
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r5v13, types: [mb.i] */
        /* JADX WARN: Type inference failed for: r5v9, types: [mb.k] */
        private final s getVerifier(q qVar) throws lb.f, CertificateException {
            h hVar;
            nb.a aVar = new nb.a();
            pb.a aVar2 = aVar.f51012a;
            f.f(aVar2, "verifierFactory.jcaContext");
            if (d.h.f41654a == null) {
                d.h.f41654a = new BouncyCastleProvider();
            }
            aVar2.f52525a = d.h.f41654a;
            PublicKey publicKeyFromHeader = getPublicKeyFromHeader(qVar);
            if (o.f51858d.contains((p) qVar.f49177a)) {
                if (!(publicKeyFromHeader instanceof SecretKey)) {
                    throw new v(SecretKey.class);
                }
                hVar = new mb.i((SecretKey) publicKeyFromHeader);
            } else if (r.f51861c.contains((p) qVar.f49177a)) {
                if (!(publicKeyFromHeader instanceof RSAPublicKey)) {
                    throw new v(RSAPublicKey.class);
                }
                hVar = new k((RSAPublicKey) publicKeyFromHeader);
            } else {
                if (!m.f51853c.contains((p) qVar.f49177a)) {
                    StringBuilder a10 = android.support.v4.media.f.a("Unsupported JWS algorithm: ");
                    a10.append((p) qVar.f49177a);
                    throw new lb.f(a10.toString());
                }
                if (!(publicKeyFromHeader instanceof ECPublicKey)) {
                    throw new v(ECPublicKey.class);
                }
                hVar = new h((ECPublicKey) publicKeyFromHeader);
            }
            hVar.f51847b.f52525a = aVar.f51012a.f52525a;
            return hVar;
        }

        private final boolean isValid(lb.r rVar, List<? extends X509Certificate> list) throws lb.f, CertificateException {
            boolean a10;
            q qVar = rVar.f49240c;
            f.f(qVar, "jwsObject.header");
            if (qVar.f49159i != null) {
                ErrorReporter errorReporter = this.errorReporter;
                StringBuilder a11 = android.support.v4.media.f.a("Encountered a JWK in ");
                a11.append(rVar.f49240c);
                errorReporter.reportError(new IllegalArgumentException(a11.toString()));
            }
            Companion companion = Companion;
            q qVar2 = rVar.f49240c;
            f.f(qVar2, "jwsObject.header");
            q sanitizedJwsHeader$3ds2sdk_release = companion.sanitizedJwsHeader$3ds2sdk_release(qVar2);
            if (!isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.f49163m, list)) {
                return false;
            }
            s verifier = getVerifier(sanitizedJwsHeader$3ds2sdk_release);
            synchronized (rVar) {
                rVar.b();
                try {
                    a10 = verifier.a(rVar.f49240c, rVar.f49241d.getBytes(ub.h.f55852a), rVar.f49242e);
                    if (a10) {
                        rVar.f49243f.set(r.a.VERIFIED);
                    }
                } catch (lb.f e10) {
                    throw e10;
                } catch (Exception e11) {
                    throw new lb.f(e11.getMessage(), e11);
                }
            }
            return a10;
        }

        @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
        @NotNull
        public JSONObject getPayload(@NotNull String str, boolean z10, @NotNull List<? extends X509Certificate> list) throws JSONException, ParseException, lb.f, CertificateException {
            f.g(str, "jws");
            f.g(list, "rootCerts");
            c[] a10 = lb.g.a(str);
            if (a10.length != 3) {
                throw new ParseException("Unexpected number of Base64URL parts, must be three", 0);
            }
            lb.r rVar = new lb.r(a10[0], a10[1], a10[2]);
            if (!z10 || isValid(rVar, list)) {
                return new JSONObject(rVar.f49183a.toString());
            }
            throw new IllegalStateException("Could not validate JWS");
        }

        /* JADX WARN: Removed duplicated region for block: B:17:0x0032 A[Catch: all -> 0x0011, TryCatch #0 {all -> 0x0011, blocks: (B:20:0x0008, B:4:0x0014, B:6:0x0017, B:8:0x001e, B:15:0x0026, B:16:0x0031, B:17:0x0032, B:18:0x003d), top: B:19:0x0008 }] */
        /* JADX WARN: Removed duplicated region for block: B:6:0x0017 A[Catch: all -> 0x0011, TryCatch #0 {all -> 0x0011, blocks: (B:20:0x0008, B:4:0x0014, B:6:0x0017, B:8:0x001e, B:15:0x0026, B:16:0x0031, B:17:0x0032, B:18:0x003d), top: B:19:0x0008 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public final boolean isCertificateChainValid(@org.jetbrains.annotations.Nullable java.util.List<? extends ub.a> r3, @org.jetbrains.annotations.NotNull java.util.List<? extends java.security.cert.X509Certificate> r4) {
            /*
                r2 = this;
                java.lang.String r0 = "rootCerts"
                y7.f.g(r4, r0)
                r0 = 1
                if (r3 == 0) goto L13
                boolean r1 = r3.isEmpty()     // Catch: java.lang.Throwable -> L11
                if (r1 == 0) goto Lf
                goto L13
            Lf:
                r1 = 0
                goto L14
            L11:
                r3 = move-exception
                goto L3e
            L13:
                r1 = r0
            L14:
                r1 = r1 ^ r0
                if (r1 == 0) goto L32
                boolean r1 = r4.isEmpty()     // Catch: java.lang.Throwable -> L11
                r1 = r1 ^ r0
                if (r1 == 0) goto L26
                com.stripe.android.stripe3ds2.transaction.JwsValidator$Default$Companion r1 = com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.Companion     // Catch: java.lang.Throwable -> L11
                com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.Companion.access$validateChain(r1, r3, r4)     // Catch: java.lang.Throwable -> L11
                qj.p r3 = qj.p.f53421a     // Catch: java.lang.Throwable -> L11
                goto L42
            L26:
                java.lang.String r3 = "Root certificates are empty"
                java.lang.IllegalArgumentException r4 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L11
                java.lang.String r3 = r3.toString()     // Catch: java.lang.Throwable -> L11
                r4.<init>(r3)     // Catch: java.lang.Throwable -> L11
                throw r4     // Catch: java.lang.Throwable -> L11
            L32:
                java.lang.String r3 = "JWSHeader's X.509 certificate chain is null or empty"
                java.lang.IllegalArgumentException r4 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L11
                java.lang.String r3 = r3.toString()     // Catch: java.lang.Throwable -> L11
                r4.<init>(r3)     // Catch: java.lang.Throwable -> L11
                throw r4     // Catch: java.lang.Throwable -> L11
            L3e:
                java.lang.Object r3 = qj.k.a(r3)
            L42:
                java.lang.Throwable r4 = qj.j.a(r3)
                if (r4 == 0) goto L4d
                com.stripe.android.stripe3ds2.observability.ErrorReporter r1 = r2.errorReporter
                r1.reportError(r4)
            L4d:
                boolean r3 = r3 instanceof qj.j.a
                r3 = r3 ^ r0
                return r3
            */
            throw new UnsupportedOperationException("Method not decompiled: com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.isCertificateChainValid(java.util.List, java.util.List):boolean");
        }
    }

    @NotNull
    JSONObject getPayload(@NotNull String str, boolean z10, @NotNull List<? extends X509Certificate> list);
}
