package com.yandex.strannik.a.s;

import com.yandex.strannik.a.z;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;
import kotlin.collections.ao;

/* loaded from: classes2.dex */
public final class d {

    /* renamed from: a, reason: collision with root package name */
    public final String f11012a;

    /* renamed from: b, reason: collision with root package name */
    public final com.yandex.strannik.a.g.k f11013b;

    /* renamed from: c, reason: collision with root package name */
    public final int f11014c;

    /* renamed from: d, reason: collision with root package name */
    public final X509Certificate f11015d;

    public d(String str, com.yandex.strannik.a.g.k kVar, int i, X509Certificate x509Certificate) {
        kotlin.jvm.internal.m.b(str, "packageName");
        kotlin.jvm.internal.m.b(kVar, "signatureInfo");
        this.f11012a = str;
        this.f11013b = kVar;
        this.f11014c = i;
        this.f11015d = x509Certificate;
    }

    private final CertPathValidatorResult a(X509Certificate x509Certificate, X509Certificate x509Certificate2, kotlin.jvm.a.b<? super Exception, kotlin.m> bVar) {
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(kotlin.collections.l.a(x509Certificate));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) ao.a(new TrustAnchor(x509Certificate2, null)));
            pKIXParameters.setRevocationEnabled(false);
            return CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (GeneralSecurityException e2) {
            bVar.invoke(e2);
            return null;
        }
    }

    private final boolean a(String str, X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        z.a("checkCN: " + name);
        return kotlin.jvm.internal.m.a((Object) ("CN=" + str), (Object) name);
    }

    private final boolean a(PublicKey publicKey) {
        Object obj;
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(publicKey.getEncoded());
        Iterator a2 = kotlin.sequences.o.d(kotlin.collections.l.w(this.f11013b.h()), new c(messageDigest)).a();
        while (true) {
            if (!a2.hasNext()) {
                obj = null;
                break;
            }
            obj = a2.next();
            if (Arrays.equals((byte[]) obj, digest)) {
                break;
            }
        }
        return ((byte[]) obj) != null;
    }

    public final int a() {
        return this.f11014c;
    }

    public final boolean a(X509Certificate x509Certificate, kotlin.jvm.a.b<? super Exception, kotlin.m> bVar) {
        kotlin.jvm.internal.m.b(x509Certificate, "trustedCertificate");
        kotlin.jvm.internal.m.b(bVar, "reportException");
        if (this.f11013b.k()) {
            return true;
        }
        if (this.f11013b.b(this.f11012a)) {
            z.a("isTrusted: true, reason: isSsoEnabledByFingerPrint()");
            return true;
        }
        X509Certificate x509Certificate2 = this.f11015d;
        if (x509Certificate2 == null) {
            z.a("isTrusted: false, reason: ssoCertificate=null");
            return false;
        }
        if (!a(this.f11012a, x509Certificate2)) {
            z.a("isTrusted=false, reason=checkPackageName");
            return false;
        }
        if (a(this.f11015d, x509Certificate, bVar) == null) {
            z.a("isTrusted=false, reason=verifyCertificate");
            return false;
        }
        PublicKey publicKey = this.f11015d.getPublicKey();
        kotlin.jvm.internal.m.a((Object) publicKey, "ssoCertificate.publicKey");
        if (a(publicKey)) {
            return true;
        }
        z.a("isTrusted=false, reason=checkPublicKey");
        return false;
    }

    public final String b() {
        return this.f11012a;
    }

    public final com.yandex.strannik.a.g.k c() {
        return this.f11013b;
    }
}
