package com.stripe.android.stripe3ds2.transaction;

import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import defpackage.C1143xc595561b;
import defpackage.C1446x15b7443e;
import defpackage.C1449x32f4a94f;
import defpackage.as0;
import defpackage.at0;
import defpackage.aw1;
import defpackage.bs0;
import defpackage.bt0;
import defpackage.ct0;
import defpackage.dt0;
import defpackage.e21;
import defpackage.et0;
import defpackage.f21;
import defpackage.ko0;
import defpackage.n9;
import defpackage.pv1;
import defpackage.qv1;
import defpackage.rm;
import defpackage.ru;
import defpackage.tg0;
import defpackage.ty2;
import defpackage.vg0;
import defpackage.wy2;
import defpackage.xl;
import defpackage.xr0;
import defpackage.xu;
import defpackage.yc2;
import defpackage.zv0;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import javax.crypto.SecretKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public interface JwsValidator {

    /* loaded from: classes3.dex */
    public static final class Default implements JwsValidator {
        public static final Companion Companion = new Companion(null);
        private final ErrorReporter errorReporter;

        /* loaded from: classes3.dex */
        public static final class Companion {
            private Companion() {
            }

            public /* synthetic */ Companion(xl xlVar) {
                this();
            }

            /* JADX INFO: Access modifiers changed from: private */
            public final void validateChain(List<? extends C1446x15b7443e> list, List<? extends X509Certificate> list2) throws GeneralSecurityException, IOException, ParseException {
                List m13686xb5f23d2a = ty2.m13686xb5f23d2a(list);
                KeyStore createKeyStore = createKeyStore(list2);
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificate((X509Certificate) m13686xb5f23d2a.get(0));
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
                pKIXBuilderParameters.setRevocationEnabled(false);
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(m13686xb5f23d2a)));
                CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
            }

            public final KeyStore createKeyStore(List<? extends X509Certificate> list) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
                ko0.m11129x551f074e(list, "rootCerts");
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                int i = 0;
                for (Object obj : list) {
                    int i2 = i + 1;
                    if (i < 0) {
                        tg0.m13589xfee9fbad();
                        throw null;
                    }
                    String format = String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i)}, 1));
                    ko0.m11128x4b164820(format, "java.lang.String.format(locale, format, *args)");
                    keyStore.setCertificateEntry(format, list.get(i));
                    i = i2;
                }
                return keyStore;
            }

            public final bt0 sanitizedJwsHeader$3ds2sdk_release(bt0 bt0Var) {
                ko0.m11129x551f074e(bt0Var, "jwsHeader");
                at0 at0Var = (at0) bt0Var.f23419x4a8a3d98;
                if (at0Var.f31960x4a8a3d98.equals(C1143xc595561b.f31959x9235de.f31960x4a8a3d98)) {
                    throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
                }
                return new bt0(at0Var, bt0Var.f23420x9235de, bt0Var.f23421x31e4d330, bt0Var.f23422xc2433059, bt0Var.f24185x279d5878, null, bt0Var.f24187x5f9631c3, bt0Var.f24188x88ccad94, bt0Var.f24189x7c17ac44, bt0Var.f24190x39ce6939, bt0Var.f24191x4b5b6bc4, bt0Var.f2361xd779d3e4, bt0Var.f23423x1ce86daa, null);
            }
        }

        public Default(ErrorReporter errorReporter) {
            ko0.m11129x551f074e(errorReporter, "errorReporter");
            this.errorReporter = errorReporter;
        }

        private final PublicKey getPublicKeyFromHeader(bt0 bt0Var) throws CertificateException {
            List list = bt0Var.f24190x39ce6939;
            ko0.m11128x4b164820(list, "jwsHeader.x509CertChain");
            X509Certificate m14528xb5f23d2a = wy2.m14528xb5f23d2a(((C1446x15b7443e) n9.m11784xbb6e6047(list)).m16004xb5f23d2a());
            ko0.m11128x4b164820(m14528xb5f23d2a, "X509CertUtils.parseWithE…().decode()\n            )");
            PublicKey publicKey = m14528xb5f23d2a.getPublicKey();
            ko0.m11128x4b164820(publicKey, "X509CertUtils.parseWithE…)\n            ).publicKey");
            return publicKey;
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r5v13, types: [f21] */
        /* JADX WARN: Type inference failed for: r5v9, types: [qv1] */
        private final et0 getVerifier(bt0 bt0Var) throws as0, CertificateException {
            xu xuVar;
            rm rmVar = new rm();
            xr0 xr0Var = rmVar.f27443xb5f23d2a;
            ko0.m11128x4b164820(xr0Var, "verifierFactory.jcaContext");
            if (vg0.f29149xb5f23d2a == null) {
                vg0.f29149xb5f23d2a = new BouncyCastleProvider();
            }
            xr0Var.f30176xb5f23d2a = vg0.f29149xb5f23d2a;
            PublicKey publicKeyFromHeader = getPublicKeyFromHeader(bt0Var);
            if (e21.f21412xc2433059.contains((at0) bt0Var.f23419x4a8a3d98)) {
                if (!(publicKeyFromHeader instanceof SecretKey)) {
                    throw new zv0(SecretKey.class);
                }
                xuVar = new f21((SecretKey) publicKeyFromHeader);
            } else if (pv1.f26784x31e4d330.contains((at0) bt0Var.f23419x4a8a3d98)) {
                if (!(publicKeyFromHeader instanceof RSAPublicKey)) {
                    throw new zv0(RSAPublicKey.class);
                }
                xuVar = new qv1((RSAPublicKey) publicKeyFromHeader);
            } else {
                if (!ru.f27528x31e4d330.contains((at0) bt0Var.f23419x4a8a3d98)) {
                    StringBuilder m1107xb5f23d2a = aw1.m1107xb5f23d2a("Unsupported JWS algorithm: ");
                    m1107xb5f23d2a.append((at0) bt0Var.f23419x4a8a3d98);
                    throw new as0(m1107xb5f23d2a.toString());
                }
                if (!(publicKeyFromHeader instanceof ECPublicKey)) {
                    throw new zv0(ECPublicKey.class);
                }
                xuVar = new xu((ECPublicKey) publicKeyFromHeader);
            }
            ((xr0) xuVar.f32231x9235de).f30176xb5f23d2a = rmVar.f27443xb5f23d2a.f30176xb5f23d2a;
            return xuVar;
        }

        private final boolean isValid(dt0 dt0Var, List<? extends X509Certificate> list) throws as0, CertificateException {
            boolean mo9813xb5f23d2a;
            bt0 bt0Var = dt0Var.f21277x31e4d330;
            ko0.m11128x4b164820(bt0Var, "jwsObject.header");
            if (bt0Var.f24186x768c46da != null) {
                ErrorReporter errorReporter = this.errorReporter;
                StringBuilder m1107xb5f23d2a = aw1.m1107xb5f23d2a("Encountered a JWK in ");
                m1107xb5f23d2a.append(dt0Var.f21277x31e4d330);
                errorReporter.reportError(new IllegalArgumentException(m1107xb5f23d2a.toString()));
            }
            Companion companion = Companion;
            bt0 bt0Var2 = dt0Var.f21277x31e4d330;
            ko0.m11128x4b164820(bt0Var2, "jwsObject.header");
            bt0 sanitizedJwsHeader$3ds2sdk_release = companion.sanitizedJwsHeader$3ds2sdk_release(bt0Var2);
            if (!isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.f24190x39ce6939, list)) {
                return false;
            }
            et0 verifier = getVerifier(sanitizedJwsHeader$3ds2sdk_release);
            synchronized (dt0Var) {
                dt0Var.m9489xd206d0dd();
                try {
                    mo9813xb5f23d2a = verifier.mo9813xb5f23d2a(dt0Var.f21277x31e4d330, dt0Var.f21278xc2433059.getBytes(yc2.f30564xb5f23d2a), dt0Var.f21279x1ce86daa);
                    if (mo9813xb5f23d2a) {
                        dt0Var.f21280x1c307680.set(ct0.VERIFIED);
                    }
                } catch (as0 e) {
                    throw e;
                } catch (Exception e2) {
                    throw new as0(e2.getMessage(), e2);
                }
            }
            return mo9813xb5f23d2a;
        }

        @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
        public JSONObject getPayload(String str, boolean z, List<? extends X509Certificate> list) throws JSONException, ParseException, as0, CertificateException {
            ko0.m11129x551f074e(str, "jws");
            ko0.m11129x551f074e(list, "rootCerts");
            C1449x32f4a94f[] m1450xb5f23d2a = bs0.m1450xb5f23d2a(str);
            if (m1450xb5f23d2a.length != 3) {
                throw new ParseException("Unexpected number of Base64URL parts, must be three", 0);
            }
            dt0 dt0Var = new dt0(m1450xb5f23d2a[0], m1450xb5f23d2a[1], m1450xb5f23d2a[2]);
            if (!z || isValid(dt0Var, list)) {
                return new JSONObject(dt0Var.f2353x4a8a3d98.toString());
            }
            throw new IllegalStateException("Could not validate JWS");
        }

        /* JADX WARN: Removed duplicated region for block: B:11:0x0017 A[Catch: all -> 0x003e, TryCatch #0 {all -> 0x003e, blocks: (B:3:0x0006, B:5:0x000a, B:9:0x0014, B:11:0x0017, B:13:0x001e, B:20:0x0026, B:21:0x0031, B:22:0x0032, B:23:0x003d), top: B:2:0x0006 }] */
        /* JADX WARN: Removed duplicated region for block: B:22:0x0032 A[Catch: all -> 0x003e, TryCatch #0 {all -> 0x003e, blocks: (B:3:0x0006, B:5:0x000a, B:9:0x0014, B:11:0x0017, B:13:0x001e, B:20:0x0026, B:21:0x0031, B:22:0x0032, B:23:0x003d), top: B:2:0x0006 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public final boolean isCertificateChainValid(java.util.List<? extends defpackage.C1446x15b7443e> r3, java.util.List<? extends java.security.cert.X509Certificate> r4) {
            /*
                r2 = this;
                java.lang.String r0 = "rootCerts"
                defpackage.ko0.m11129x551f074e(r4, r0)
                r0 = 1
                n63 r1 = defpackage.k12.f24075x9235de     // Catch: java.lang.Throwable -> L3e
                if (r3 == 0) goto L13
                boolean r1 = r3.isEmpty()     // Catch: java.lang.Throwable -> L3e
                if (r1 == 0) goto L11
                goto L13
            L11:
                r1 = 0
                goto L14
            L13:
                r1 = 1
            L14:
                r1 = r1 ^ r0
                if (r1 == 0) goto L32
                boolean r1 = r4.isEmpty()     // Catch: java.lang.Throwable -> L3e
                r1 = r1 ^ r0
                if (r1 == 0) goto L26
                com.stripe.android.stripe3ds2.transaction.JwsValidator$Default$Companion r1 = com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.Companion     // Catch: java.lang.Throwable -> L3e
                com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.Companion.access$validateChain(r1, r3, r4)     // Catch: java.lang.Throwable -> L3e
                rn2 r3 = defpackage.rn2.f27461xb5f23d2a     // Catch: java.lang.Throwable -> L3e
                goto L45
            L26:
                java.lang.String r3 = "Root certificates are empty"
                java.lang.IllegalArgumentException r4 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L3e
                java.lang.String r3 = r3.toString()     // Catch: java.lang.Throwable -> L3e
                r4.<init>(r3)     // Catch: java.lang.Throwable -> L3e
                throw r4     // Catch: java.lang.Throwable -> L3e
            L32:
                java.lang.String r3 = "JWSHeader's X.509 certificate chain is null or empty"
                java.lang.IllegalArgumentException r4 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L3e
                java.lang.String r3 = r3.toString()     // Catch: java.lang.Throwable -> L3e
                r4.<init>(r3)     // Catch: java.lang.Throwable -> L3e
                throw r4     // Catch: java.lang.Throwable -> L3e
            L3e:
                r3 = move-exception
                n63 r4 = defpackage.k12.f24075x9235de
                java.lang.Object r3 = defpackage.j82.m10838xe1e02ed4(r3)
            L45:
                java.lang.Throwable r4 = defpackage.k12.m11044xb5f23d2a(r3)
                if (r4 == 0) goto L50
                com.stripe.android.stripe3ds2.observability.ErrorReporter r1 = r2.errorReporter
                r1.reportError(r4)
            L50:
                boolean r3 = r3 instanceof defpackage.j12
                r3 = r3 ^ r0
                return r3
            */
            throw new UnsupportedOperationException("Method not decompiled: com.stripe.android.stripe3ds2.transaction.JwsValidator.Default.isCertificateChainValid(java.util.List, java.util.List):boolean");
        }
    }

    JSONObject getPayload(String str, boolean z, List<? extends X509Certificate> list);
}
