package com.stripe.android.stripe3ds2.transaction;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.o;
import com.nimbusds.jose.p;
import com.nimbusds.jose.q;
import com.nimbusds.jose.util.a;
import com.nimbusds.jose.util.h;
import com.nimbusds.jose.util.i;
import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import hi.t;
import hi.v;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import kotlin.jvm.internal.j;
import kotlin.jvm.internal.k0;
import kotlin.jvm.internal.r;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public final class DefaultJwsValidator implements JwsValidator {
    public static final Companion Companion = new Companion(null);
    private final ErrorReporter errorReporter;
    private final boolean isLiveMode;
    private final List<X509Certificate> rootCerts;

    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(j jVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void validateChain(List<? extends a> list, List<? extends X509Certificate> list2) throws GeneralSecurityException, IOException, ParseException {
            List<X509Certificate> a10 = h.a(list);
            KeyStore createKeyStore = createKeyStore(list2);
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(a10.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(a10)));
            CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
        }

        public final KeyStore createKeyStore(List<? extends X509Certificate> rootCerts) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
            r.e(rootCerts, "rootCerts");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            int i10 = 0;
            for (Object obj : rootCerts) {
                int i11 = i10 + 1;
                if (i10 < 0) {
                    v.t();
                }
                k0 k0Var = k0.f41915a;
                String format = String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i10)}, 1));
                r.d(format, "java.lang.String.format(locale, format, *args)");
                keyStore.setCertificateEntry(format, rootCerts.get(i10));
                i10 = i11;
            }
            r.d(keyStore, "keyStore");
            return keyStore;
        }

        public final o sanitizedJwsHeader$3ds2sdk_release(o jwsHeader) {
            r.e(jwsHeader, "jwsHeader");
            o b10 = new o.a(jwsHeader).f(null).b();
            r.d(b10, "Builder(jwsHeader)\n                .jwk(null)\n                .build()");
            return b10;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public DefaultJwsValidator(boolean z10, List<? extends X509Certificate> rootCerts, ErrorReporter errorReporter) {
        r.e(rootCerts, "rootCerts");
        r.e(errorReporter, "errorReporter");
        this.isLiveMode = z10;
        this.rootCerts = rootCerts;
        this.errorReporter = errorReporter;
    }

    private final PublicKey getPublicKeyFromHeader(o oVar) throws CertificateException {
        List<a> r10 = oVar.r();
        r.d(r10, "jwsHeader.x509CertChain");
        PublicKey publicKey = i.b(((a) t.L(r10)).a()).getPublicKey();
        r.d(publicKey, "parseWithException(\n            jwsHeader.x509CertChain.first().decode()\n        ).publicKey");
        return publicKey;
    }

    private final q getVerifier(o oVar) throws JOSEException, CertificateException {
        bf.a aVar = new bf.a();
        aVar.getJCAContext().c(af.a.a());
        q c10 = aVar.c(oVar, getPublicKeyFromHeader(oVar));
        r.d(c10, "verifierFactory.createJWSVerifier(jwsHeader, getPublicKeyFromHeader(jwsHeader))");
        return c10;
    }

    private final boolean isValid(p pVar, List<? extends X509Certificate> list) throws JOSEException, CertificateException {
        if (pVar.i().l() != null) {
            this.errorReporter.reportError(new IllegalArgumentException(r.l("Encountered a JWK in ", pVar.i())));
        }
        Companion companion = Companion;
        o i10 = pVar.i();
        r.d(i10, "jwsObject.header");
        o sanitizedJwsHeader$3ds2sdk_release = companion.sanitizedJwsHeader$3ds2sdk_release(i10);
        if (isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.r(), list)) {
            return pVar.s(getVerifier(sanitizedJwsHeader$3ds2sdk_release));
        }
        return false;
    }

    @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
    public JSONObject getPayload(String jws) throws JSONException, ParseException, JOSEException, CertificateException {
        r.e(jws, "jws");
        p jwsObject = p.m(jws);
        if (this.isLiveMode) {
            r.d(jwsObject, "jwsObject");
            if (!isValid(jwsObject, this.rootCerts)) {
                throw new IllegalStateException("Could not validate JWS");
            }
        }
        return new JSONObject(jwsObject.b().toString());
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x0017 A[Catch: all -> 0x004d, TryCatch #0 {all -> 0x004d, blocks: (B:3:0x0005, B:5:0x000a, B:9:0x0014, B:11:0x0017, B:13:0x0020, B:20:0x002d, B:21:0x003d, B:22:0x003e, B:23:0x004c), top: B:2:0x0005 }] */
    /* JADX WARN: Removed duplicated region for block: B:22:0x003e A[Catch: all -> 0x004d, TryCatch #0 {all -> 0x004d, blocks: (B:3:0x0005, B:5:0x000a, B:9:0x0014, B:11:0x0017, B:13:0x0020, B:20:0x002d, B:21:0x003d, B:22:0x003e, B:23:0x004c), top: B:2:0x0005 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean isCertificateChainValid(java.util.List<? extends com.nimbusds.jose.util.a> r4, java.util.List<? extends java.security.cert.X509Certificate> r5) {
        /*
            r3 = this;
            java.lang.String r0 = "rootCerts"
            kotlin.jvm.internal.r.e(r5, r0)
            gi.n$a r0 = gi.n.f37350b     // Catch: java.lang.Throwable -> L4d
            r0 = 1
            if (r4 == 0) goto L13
            boolean r1 = r4.isEmpty()     // Catch: java.lang.Throwable -> L4d
            if (r1 == 0) goto L11
            goto L13
        L11:
            r1 = 0
            goto L14
        L13:
            r1 = 1
        L14:
            r1 = r1 ^ r0
            if (r1 == 0) goto L3e
            r2 = 4
            boolean r1 = r5.isEmpty()     // Catch: java.lang.Throwable -> L4d
            r0 = r0 ^ r1
            r2 = 3
            if (r0 == 0) goto L2d
            r2 = 1
            com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator$Companion r0 = com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.Companion     // Catch: java.lang.Throwable -> L4d
            com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.Companion.access$validateChain(r0, r4, r5)     // Catch: java.lang.Throwable -> L4d
            gi.v r4 = gi.v.f37364a     // Catch: java.lang.Throwable -> L4d
            java.lang.Object r4 = gi.n.b(r4)     // Catch: java.lang.Throwable -> L4d
            goto L58
        L2d:
            r2 = 4
            java.lang.String r4 = "fstctbptamor eree ci Ryitoa"
            java.lang.String r4 = "Root certificates are empty"
            java.lang.IllegalArgumentException r5 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L4d
            java.lang.String r4 = r4.toString()     // Catch: java.lang.Throwable -> L4d
            r2 = 4
            r5.<init>(r4)     // Catch: java.lang.Throwable -> L4d
            r2 = 4
            throw r5     // Catch: java.lang.Throwable -> L4d
        L3e:
            r2 = 7
            java.lang.String r4 = "JWSHeader's X.509 certificate chain is null or empty"
            r2 = 4
            java.lang.IllegalArgumentException r5 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L4d
            r2 = 5
            java.lang.String r4 = r4.toString()     // Catch: java.lang.Throwable -> L4d
            r5.<init>(r4)     // Catch: java.lang.Throwable -> L4d
            throw r5     // Catch: java.lang.Throwable -> L4d
        L4d:
            r4 = move-exception
            gi.n$a r5 = gi.n.f37350b
            java.lang.Object r4 = gi.o.a(r4)
            java.lang.Object r4 = gi.n.b(r4)
        L58:
            r2 = 1
            java.lang.Throwable r5 = gi.n.e(r4)
            if (r5 == 0) goto L65
            com.stripe.android.stripe3ds2.observability.ErrorReporter r0 = r3.errorReporter
            r2 = 4
            r0.reportError(r5)
        L65:
            r2 = 3
            boolean r4 = gi.n.h(r4)
            r2 = 3
            return r4
        */
        throw new UnsupportedOperationException("Method not decompiled: com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.isCertificateChainValid(java.util.List, java.util.List):boolean");
    }
}
