package com.stripe.android.stripe3ds2.transaction;

import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import i9.C3707p;
import i9.C3708q;
import i9.InterfaceC3709r;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import k9.AbstractC4020a;
import kotlin.Metadata;
import kotlin.collections.C4053s;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Q;
import l9.C4122a;
import org.jetbrains.annotations.NotNull;
import org.json.JSONObject;
import x9.C5612a;
import x9.m;
import x9.n;

@Metadata
/* loaded from: classes4.dex */
public final class DefaultJwsValidator implements JwsValidator {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private final ErrorReporter errorReporter;
    private final boolean isLiveMode;

    @NotNull
    private final List<X509Certificate> rootCerts;

    @Metadata
    /* loaded from: classes4.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void validateChain(List<? extends C5612a> list, List<? extends X509Certificate> list2) {
            List a10 = m.a(list);
            KeyStore createKeyStore = createKeyStore(list2);
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) a10.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(a10)));
            CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
        }

        @NotNull
        public final KeyStore createKeyStore(@NotNull List<? extends X509Certificate> rootCerts) {
            Intrinsics.checkNotNullParameter(rootCerts, "rootCerts");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            int i10 = 0;
            for (Object obj : rootCerts) {
                int i11 = i10 + 1;
                if (i10 < 0) {
                    C4053s.w();
                }
                Q q10 = Q.f53440a;
                String format = String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i10)}, 1));
                Intrinsics.checkNotNullExpressionValue(format, "format(locale, format, *args)");
                keyStore.setCertificateEntry(format, rootCerts.get(i10));
                i10 = i11;
            }
            Intrinsics.checkNotNullExpressionValue(keyStore, "keyStore");
            return keyStore;
        }

        @NotNull
        public final C3707p sanitizedJwsHeader$3ds2sdk_release(@NotNull C3707p jwsHeader) {
            Intrinsics.checkNotNullParameter(jwsHeader, "jwsHeader");
            C3707p b10 = new C3707p.a(jwsHeader).f(null).b();
            Intrinsics.checkNotNullExpressionValue(b10, "Builder(jwsHeader)\n     …\n                .build()");
            return b10;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public DefaultJwsValidator(boolean z10, @NotNull List<? extends X509Certificate> rootCerts, @NotNull ErrorReporter errorReporter) {
        Intrinsics.checkNotNullParameter(rootCerts, "rootCerts");
        Intrinsics.checkNotNullParameter(errorReporter, "errorReporter");
        this.isLiveMode = z10;
        this.rootCerts = rootCerts;
        this.errorReporter = errorReporter;
    }

    private final PublicKey getPublicKeyFromHeader(C3707p c3707p) {
        List m10 = c3707p.m();
        Intrinsics.checkNotNullExpressionValue(m10, "jwsHeader.x509CertChain");
        PublicKey publicKey = n.b(((C5612a) CollectionsKt.i0(m10)).a()).getPublicKey();
        Intrinsics.checkNotNullExpressionValue(publicKey, "parseWithException(\n    …ode()\n        ).publicKey");
        return publicKey;
    }

    private final InterfaceC3709r getVerifier(C3707p c3707p) {
        C4122a c4122a = new C4122a();
        c4122a.getJCAContext().c(AbstractC4020a.a());
        InterfaceC3709r c10 = c4122a.c(c3707p, getPublicKeyFromHeader(c3707p));
        Intrinsics.checkNotNullExpressionValue(c10, "verifierFactory.createJW…KeyFromHeader(jwsHeader))");
        return c10;
    }

    private final boolean isValid(C3708q c3708q, List<? extends X509Certificate> list) {
        if (c3708q.h().j() != null) {
            this.errorReporter.reportError(new IllegalArgumentException("Encountered a JWK in " + c3708q.h()));
        }
        Companion companion = Companion;
        C3707p h10 = c3708q.h();
        Intrinsics.checkNotNullExpressionValue(h10, "jwsObject.header");
        C3707p sanitizedJwsHeader$3ds2sdk_release = companion.sanitizedJwsHeader$3ds2sdk_release(h10);
        if (isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.m(), list)) {
            return c3708q.n(getVerifier(sanitizedJwsHeader$3ds2sdk_release));
        }
        return false;
    }

    @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
    @NotNull
    public JSONObject getPayload(@NotNull String jws) {
        Intrinsics.checkNotNullParameter(jws, "jws");
        C3708q jwsObject = C3708q.k(jws);
        if (this.isLiveMode) {
            Intrinsics.checkNotNullExpressionValue(jwsObject, "jwsObject");
            if (!isValid(jwsObject, this.rootCerts)) {
                throw new IllegalStateException("Could not validate JWS");
            }
        }
        return new JSONObject(jwsObject.b().toString());
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x0017 A[Catch: all -> 0x0012, TryCatch #0 {all -> 0x0012, blocks: (B:3:0x0005, B:5:0x0009, B:10:0x0017, B:12:0x001d, B:19:0x0029, B:20:0x0030, B:21:0x0031, B:22:0x0038), top: B:2:0x0005 }] */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0031 A[Catch: all -> 0x0012, TryCatch #0 {all -> 0x0012, blocks: (B:3:0x0005, B:5:0x0009, B:10:0x0017, B:12:0x001d, B:19:0x0029, B:20:0x0030, B:21:0x0031, B:22:0x0038), top: B:2:0x0005 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean isCertificateChainValid(java.util.List<? extends x9.C5612a> r2, @org.jetbrains.annotations.NotNull java.util.List<? extends java.security.cert.X509Certificate> r3) {
        /*
            r1 = this;
            java.lang.String r0 = "rootCerts"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r3, r0)
            Pa.n$a r0 = Pa.n.f15457b     // Catch: java.lang.Throwable -> L12
            if (r2 == 0) goto L14
            boolean r0 = r2.isEmpty()     // Catch: java.lang.Throwable -> L12
            if (r0 == 0) goto L10
            goto L14
        L10:
            r0 = 0
            goto L15
        L12:
            r2 = move-exception
            goto L39
        L14:
            r0 = 1
        L15:
            if (r0 != 0) goto L31
            boolean r0 = r3.isEmpty()     // Catch: java.lang.Throwable -> L12
            if (r0 != 0) goto L29
            com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator$Companion r0 = com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.Companion     // Catch: java.lang.Throwable -> L12
            com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.Companion.access$validateChain(r0, r2, r3)     // Catch: java.lang.Throwable -> L12
            kotlin.Unit r2 = kotlin.Unit.f53349a     // Catch: java.lang.Throwable -> L12
            java.lang.Object r2 = Pa.n.b(r2)     // Catch: java.lang.Throwable -> L12
            goto L43
        L29:
            java.lang.String r2 = "Root certificates are empty"
            java.lang.IllegalArgumentException r3 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L12
            r3.<init>(r2)     // Catch: java.lang.Throwable -> L12
            throw r3     // Catch: java.lang.Throwable -> L12
        L31:
            java.lang.String r2 = "JWSHeader's X.509 certificate chain is null or empty"
            java.lang.IllegalArgumentException r3 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L12
            r3.<init>(r2)     // Catch: java.lang.Throwable -> L12
            throw r3     // Catch: java.lang.Throwable -> L12
        L39:
            Pa.n$a r3 = Pa.n.f15457b
            java.lang.Object r2 = Pa.o.a(r2)
            java.lang.Object r2 = Pa.n.b(r2)
        L43:
            java.lang.Throwable r3 = Pa.n.e(r2)
            if (r3 == 0) goto L4e
            com.stripe.android.stripe3ds2.observability.ErrorReporter r0 = r1.errorReporter
            r0.reportError(r3)
        L4e:
            boolean r2 = Pa.n.h(r2)
            return r2
        */
        throw new UnsupportedOperationException("Method not decompiled: com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.isCertificateChainValid(java.util.List, java.util.List):boolean");
    }
}
