package com.stripe.android.stripe3ds2.transaction;

import B.C0526m0;
import D.C0690x;
import F2.C0743k;
import Ja.a;
import Ja.b;
import R8.a;
import R8.p;
import R8.q;
import R8.r;
import S8.c;
import S8.d;
import S8.f;
import V8.h;
import V8.j;
import Xa.I;
import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import i9.C2419a;
import i9.C2420b;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.SecretKey;
import kotlin.jvm.internal.g;
import kotlin.jvm.internal.m;
import org.json.JSONObject;
import xa.C3384E;
import xa.C3401p;
import xa.C3402q;
import y6.C3516a;
import ya.AbstractC3534c;
import ya.o;
import ya.u;

/* loaded from: classes3.dex */
public final class DefaultJwsValidator implements JwsValidator {
    public static final Companion Companion = new Companion(null);
    private final ErrorReporter errorReporter;
    private final boolean isLiveMode;
    private final List<X509Certificate> rootCerts;

    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(g gVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void validateChain(List<? extends C2419a> list, List<? extends X509Certificate> list2) {
            LinkedList z9 = I.z(list);
            KeyStore createKeyStore = createKeyStore(list2);
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) z9.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(z9)));
            CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
        }

        public final KeyStore createKeyStore(List<? extends X509Certificate> rootCerts) {
            m.f(rootCerts, "rootCerts");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            int i = 0;
            for (Object obj : rootCerts) {
                int i10 = i + 1;
                if (i < 0) {
                    o.c0();
                    throw null;
                }
                keyStore.setCertificateEntry(String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i)}, 1)), rootCerts.get(i));
                i = i10;
            }
            return keyStore;
        }

        public final p sanitizedJwsHeader$3ds2sdk_release(p jwsHeader) {
            m.f(jwsHeader, "jwsHeader");
            R8.o oVar = (R8.o) jwsHeader.f9237a;
            if (oVar.f9228a.equals(a.f9227b.f9228a)) {
                throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
            }
            return new p(oVar, jwsHeader.f9238b, jwsHeader.f9239c, jwsHeader.f9240d, jwsHeader.f9230G, null, jwsHeader.f9232I, jwsHeader.f9233J, jwsHeader.f9234K, jwsHeader.f9235L, jwsHeader.f9236M, jwsHeader.f9322O, jwsHeader.f9241e, null);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public DefaultJwsValidator(boolean z9, List<? extends X509Certificate> rootCerts, ErrorReporter errorReporter) {
        m.f(rootCerts, "rootCerts");
        m.f(errorReporter, "errorReporter");
        this.isLiveMode = z9;
        this.rootCerts = rootCerts;
        this.errorReporter = errorReporter;
    }

    private final X509Certificate certificateFromString(String str) {
        int i;
        int i10;
        int i11;
        boolean z9;
        int i12;
        int i13;
        a.C0062a c0062a = Ja.a.f5011c;
        int length = str.length();
        c0062a.getClass();
        int i14 = 0;
        AbstractC3534c.a.a(0, length, str.length());
        String substring = str.substring(0, length);
        m.e(substring, "substring(...)");
        byte[] bytes = substring.getBytes(Ua.a.f10202c);
        m.e(bytes, "getBytes(...)");
        int length2 = bytes.length;
        AbstractC3534c.a.a(0, length2, bytes.length);
        boolean z10 = c0062a.f5013b;
        if (length2 == 0) {
            i10 = 0;
        } else {
            if (length2 == 1) {
                throw new IllegalArgumentException(I.g.i(length2, "Input should have at least 2 symbols for Base64 decoding, startIndex: 0, endIndex: "));
            }
            if (z10) {
                i = length2;
                int i15 = 0;
                while (true) {
                    if (i15 >= length2) {
                        break;
                    }
                    int i16 = b.f5015a[bytes[i15] & 255];
                    if (i16 < 0) {
                        if (i16 == -2) {
                            i -= length2 - i15;
                            break;
                        }
                        i--;
                    }
                    i15++;
                }
            } else if (bytes[length2 - 1] == 61) {
                i = length2 - 1;
                if (bytes[length2 - 2] == 61) {
                    i = length2 - 2;
                }
            } else {
                i = length2;
            }
            i10 = (int) ((i * 6) / 8);
        }
        byte[] bArr = new byte[i10];
        int[] iArr = c0062a.f5012a ? b.f5016b : b.f5015a;
        int i17 = -8;
        int i18 = 0;
        int i19 = -8;
        int i20 = 0;
        while (true) {
            if (i18 >= length2) {
                i11 = -2;
                z9 = false;
                break;
            }
            if (i19 == i17 && (i13 = i18 + 3) < length2) {
                int i21 = i18 + 4;
                int i22 = (iArr[bytes[i18] & 255] << 18) | (iArr[bytes[i18 + 1] & 255] << 12) | (iArr[bytes[i18 + 2] & 255] << 6) | iArr[bytes[i13] & 255];
                if (i22 >= 0) {
                    bArr[i14] = (byte) (i22 >> 16);
                    int i23 = i14 + 2;
                    bArr[i14 + 1] = (byte) (i22 >> 8);
                    i14 += 3;
                    bArr[i23] = (byte) i22;
                    i18 = i21;
                    i17 = -8;
                }
            }
            int i24 = bytes[i18] & 255;
            int i25 = iArr[i24];
            if (i25 >= 0) {
                i18++;
                i20 = (i20 << 6) | i25;
                int i26 = i19 + 6;
                if (i26 >= 0) {
                    bArr[i14] = (byte) (i20 >>> i26);
                    i20 &= (1 << i26) - 1;
                    i19 -= 2;
                    i14++;
                } else {
                    i19 = i26;
                }
            } else if (i25 == -2) {
                if (i19 == -8) {
                    throw new IllegalArgumentException(I.g.i(i18, "Redundant pad character at index "));
                }
                if (i19 == -6) {
                    i12 = 1;
                    a.b[] bVarArr = a.b.f5014a;
                } else if (i19 == -4) {
                    a.b[] bVarArr2 = a.b.f5014a;
                    i18++;
                    if (z10) {
                        while (i18 < length2) {
                            if (b.f5015a[bytes[i18] & 255] != -1) {
                                break;
                            }
                            i18++;
                        }
                    }
                    i12 = 1;
                    if (i18 == length2 || bytes[i18] != 61) {
                        throw new IllegalArgumentException(I.g.i(i18, "Missing one pad character at index "));
                    }
                } else {
                    if (i19 != -2) {
                        throw new IllegalStateException("Unreachable");
                    }
                    i18++;
                    i11 = -2;
                    z9 = true;
                }
                i18 += i12;
                i11 = -2;
                z9 = true;
            } else {
                if (!z10) {
                    StringBuilder sb2 = new StringBuilder("Invalid symbol '");
                    sb2.append((char) i24);
                    sb2.append("'(");
                    C0526m0.j(8);
                    String num = Integer.toString(i24, 8);
                    m.e(num, "toString(...)");
                    sb2.append(num);
                    sb2.append(") at index ");
                    sb2.append(i18);
                    throw new IllegalArgumentException(sb2.toString());
                }
                i18++;
            }
            i17 = -8;
        }
        if (i19 == i11) {
            throw new IllegalArgumentException("The last unit of input does not have enough bits");
        }
        if (i19 != -8 && !z9) {
            a.b[] bVarArr3 = a.b.f5014a;
            throw new IllegalArgumentException("The padding option is set to PRESENT, but the input is not properly padded");
        }
        if (i20 != 0) {
            throw new IllegalArgumentException("The pad bits must be zeros");
        }
        if (z10) {
            while (i18 < length2) {
                if (b.f5015a[bytes[i18] & 255] != -1) {
                    break;
                }
                i18++;
            }
        }
        if (i18 >= length2) {
            if (i14 != i10) {
                throw new IllegalStateException("Check failed.");
            }
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            if (generateCertificate instanceof X509Certificate) {
                return (X509Certificate) generateCertificate;
            }
            return null;
        }
        int i27 = bytes[i18] & 255;
        StringBuilder sb3 = new StringBuilder("Symbol '");
        sb3.append((char) i27);
        sb3.append("'(");
        C0526m0.j(8);
        String num2 = Integer.toString(i27, 8);
        m.e(num2, "toString(...)");
        sb3.append(num2);
        sb3.append(") at index ");
        throw new IllegalArgumentException(C0743k.o(sb3, i18 - 1, " is prohibited after the pad character"));
    }

    private final PublicKey getPublicKeyFromHeader(p pVar) {
        List<C2419a> list = pVar.f9235L;
        m.e(list, "getX509CertChain(...)");
        PublicKey publicKey = C0690x.z(((C2419a) u.s0(list)).a()).getPublicKey();
        m.e(publicKey, "getPublicKey(...)");
        return publicKey;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r5v13, types: [S8.d] */
    /* JADX WARN: Type inference failed for: r5v9, types: [S8.f] */
    private final r getVerifier(p pVar) {
        c cVar;
        X8.a aVar = new U8.a().f10199a;
        if (C3516a.f34211c == null) {
            C3516a.f34211c = new Sb.a();
        }
        aVar.f11223a = C3516a.f34211c;
        PublicKey publicKeyFromHeader = getPublicKeyFromHeader(pVar);
        if (!h.f10659d.contains((R8.o) pVar.f9237a)) {
            Set<R8.o> set = j.f10663c;
            R8.o oVar = (R8.o) pVar.f9237a;
            if (set.contains(oVar)) {
                if (!(publicKeyFromHeader instanceof RSAPublicKey)) {
                    throw new R8.u(RSAPublicKey.class);
                }
                cVar = new f((RSAPublicKey) publicKeyFromHeader);
            } else {
                if (!V8.f.f10653c.contains(oVar)) {
                    throw new Exception("Unsupported JWS algorithm: " + oVar);
                }
                if (!(publicKeyFromHeader instanceof ECPublicKey)) {
                    throw new R8.u(ECPublicKey.class);
                }
                cVar = new c((ECPublicKey) publicKeyFromHeader);
            }
        } else {
            if (!(publicKeyFromHeader instanceof SecretKey)) {
                throw new R8.u(SecretKey.class);
            }
            cVar = new d((SecretKey) publicKeyFromHeader);
        }
        ((X8.a) cVar.f2868b).f11223a = aVar.f11223a;
        return cVar;
    }

    private final boolean isValid(q qVar, List<? extends X509Certificate> list) {
        boolean a10;
        if (qVar.f9323b.f9231H != null) {
            this.errorReporter.reportError(new IllegalArgumentException("Encountered a JWK in " + qVar.f9323b));
        }
        Companion companion = Companion;
        p pVar = qVar.f9323b;
        m.e(pVar, "getHeader(...)");
        p sanitizedJwsHeader$3ds2sdk_release = companion.sanitizedJwsHeader$3ds2sdk_release(pVar);
        if (!isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.f9235L, list)) {
            return false;
        }
        r verifier = getVerifier(sanitizedJwsHeader$3ds2sdk_release);
        synchronized (qVar) {
            AtomicReference<q.a> atomicReference = qVar.f9326e;
            if (atomicReference.get() != q.a.f9327a && atomicReference.get() != q.a.f9328b) {
                throw new IllegalStateException("The JWS object must be in a signed or verified state");
            }
            try {
                try {
                    a10 = verifier.a(qVar.f9323b, qVar.f9324c.getBytes(i9.f.f25643a), qVar.f9325d);
                    if (a10) {
                        qVar.f9326e.set(q.a.f9328b);
                    }
                } catch (R8.f e7) {
                    throw e7;
                }
            } catch (Exception e10) {
                throw new Exception(e10.getMessage(), e10);
            }
        }
        return a10;
    }

    @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
    public JSONObject getPayload(String jws) {
        m.f(jws, "jws");
        C2420b[] a10 = R8.g.a(jws);
        if (a10.length != 3) {
            throw new ParseException("Unexpected number of Base64URL parts, must be three", 0);
        }
        q qVar = new q(a10[0], a10[1], a10[2]);
        if (this.isLiveMode) {
            if (isValid(qVar, this.rootCerts)) {
                return new JSONObject(qVar.f9254a.toString());
            }
            throw new IllegalStateException("Could not validate JWS");
        }
        p pVar = qVar.f9323b;
        List<C2419a> list = pVar.f9235L;
        if (list == null || list.isEmpty()) {
            return new JSONObject(qVar.f9254a.toString());
        }
        List<C2419a> list2 = pVar.f9235L;
        m.e(list2, "getX509CertChain(...)");
        ArrayList arrayList = new ArrayList();
        Iterator<T> it = list2.iterator();
        while (it.hasNext()) {
            String str = ((C2419a) it.next()).f25640a;
            m.e(str, "toString(...)");
            X509Certificate certificateFromString = certificateFromString(str);
            if (certificateFromString != null) {
                arrayList.add(certificateFromString);
            }
        }
        if (arrayList.isEmpty() || !isValid(qVar, arrayList)) {
            throw new IllegalStateException("Could not validate JWS");
        }
        return new JSONObject(qVar.f9254a.toString());
    }

    public final boolean isCertificateChainValid(List<? extends C2419a> list, List<? extends X509Certificate> rootCerts) {
        Object a10;
        m.f(rootCerts, "rootCerts");
        if (list != null) {
            try {
            } catch (Throwable th) {
                a10 = C3402q.a(th);
            }
            if (!list.isEmpty()) {
                if (rootCerts.isEmpty()) {
                    throw new IllegalArgumentException("Root certificates are empty");
                }
                Companion.validateChain(list, rootCerts);
                a10 = C3384E.f33615a;
                Throwable a11 = C3401p.a(a10);
                if (a11 != null) {
                    this.errorReporter.reportError(a11);
                }
                return !(a10 instanceof C3401p.a);
            }
        }
        throw new IllegalArgumentException("JWSHeader's X.509 certificate chain is null or empty");
    }
}
