package com.stripe.android.stripe3ds2.transaction;

import A6.b;
import A6.c;
import A6.d;
import H5.h;
import H5.p;
import H5.q;
import H5.r;
import H5.s;
import H5.t;
import H5.u;
import K4.u0;
import L5.e;
import L5.g;
import L5.i;
import Y5.a;
import com.google.android.gms.internal.measurement.E1;
import com.google.android.gms.internal.measurement.Y1;
import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.SecretKey;
import kotlin.jvm.internal.f;
import kotlin.jvm.internal.l;
import l2.AbstractC1774a;
import o4.VGx.ArWeCiKmeupk;
import o6.C1909l;
import o6.C1910m;
import o6.C1923z;
import p6.m;
import w4.AbstractC2245b;

/* loaded from: classes2.dex */
public final class DefaultJwsValidator implements JwsValidator {
    public static final Companion Companion = new Companion(null);
    private final ErrorReporter errorReporter;
    private final boolean isLiveMode;
    private final List<X509Certificate> rootCerts;

    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(f fVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void validateChain(List<? extends a> list, List<? extends X509Certificate> list2) {
            LinkedList m02 = E6.a.m0(list);
            KeyStore createKeyStore = createKeyStore(list2);
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) m02.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(m02)));
            CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
        }

        public final KeyStore createKeyStore(List<? extends X509Certificate> rootCerts) {
            l.f(rootCerts, "rootCerts");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            int i7 = 0;
            for (Object obj : rootCerts) {
                int i9 = i7 + 1;
                if (i7 < 0) {
                    m.a0();
                    throw null;
                }
                keyStore.setCertificateEntry(String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i7)}, 1)), rootCerts.get(i7));
                i7 = i9;
            }
            return keyStore;
        }

        public final q sanitizedJwsHeader$3ds2sdk_release(q jwsHeader) {
            l.f(jwsHeader, "jwsHeader");
            p pVar = (p) jwsHeader.f3970b;
            if (pVar.f3965b.equals(H5.a.f3964f.f3965b)) {
                throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
            }
            return new q(pVar, jwsHeader.f3971f, jwsHeader.f3972s, jwsHeader.f3973t, jwsHeader.f3976w, null, jwsHeader.f3978y, jwsHeader.f3979z, jwsHeader.f3967A, jwsHeader.f3968B, jwsHeader.f3969C, jwsHeader.f4057E, jwsHeader.f3974u, null);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public DefaultJwsValidator(boolean z3, List<? extends X509Certificate> rootCerts, ErrorReporter errorReporter) {
        l.f(rootCerts, "rootCerts");
        l.f(errorReporter, "errorReporter");
        this.isLiveMode = z3;
        this.rootCerts = rootCerts;
        this.errorReporter = errorReporter;
    }

    private final X509Certificate certificateFromString(String str) {
        int i7;
        int i9;
        int i10;
        int i11;
        int i12;
        int i13;
        A6.a aVar = c.f1133c;
        int length = str.length();
        aVar.getClass();
        int i14 = 0;
        Y1.q(0, length, str.length());
        String substring = str.substring(0, length);
        l.e(substring, "substring(...)");
        byte[] bytes = substring.getBytes(L6.a.f5994c);
        l.e(bytes, "getBytes(...)");
        int length2 = bytes.length;
        Y1.q(0, length2, bytes.length);
        boolean z3 = aVar.f1135b;
        if (length2 == 0) {
            i9 = 0;
        } else {
            if (length2 == 1) {
                throw new IllegalArgumentException(com.stripe.android.common.model.a.c(length2, "Input should have at least 2 symbols for Base64 decoding, startIndex: 0, endIndex: "));
            }
            if (z3) {
                i7 = length2;
                int i15 = 0;
                while (true) {
                    if (i15 >= length2) {
                        break;
                    }
                    int i16 = d.f1136a[bytes[i15] & 255];
                    if (i16 < 0) {
                        if (i16 == -2) {
                            i7 -= length2 - i15;
                            break;
                        }
                        i7--;
                    }
                    i15++;
                }
            } else if (bytes[length2 - 1] == 61) {
                i7 = length2 - 1;
                if (bytes[length2 - 2] == 61) {
                    i7 = length2 - 2;
                }
            } else {
                i7 = length2;
            }
            i9 = (int) ((i7 * 6) / 8);
        }
        byte[] bArr = new byte[i9];
        int[] iArr = aVar.f1134a ? d.f1137b : d.f1136a;
        int i17 = -8;
        int i18 = 0;
        int i19 = 0;
        int i20 = -8;
        while (true) {
            if (i18 >= length2) {
                i10 = -2;
                i11 = 0;
                break;
            }
            if (i20 == i17 && (i13 = i18 + 3) < length2) {
                int i21 = i18 + 4;
                int i22 = (iArr[bytes[i18] & 255] << 18) | (iArr[bytes[i18 + 1] & 255] << 12) | (iArr[bytes[i18 + 2] & 255] << 6) | iArr[bytes[i13] & 255];
                if (i22 >= 0) {
                    bArr[i14] = (byte) (i22 >> 16);
                    int i23 = i14 + 2;
                    bArr[i14 + 1] = (byte) (i22 >> 8);
                    i14 += 3;
                    bArr[i23] = (byte) i22;
                    i18 = i21;
                    i17 = -8;
                }
            }
            int i24 = bytes[i18] & 255;
            int i25 = iArr[i24];
            if (i25 >= 0) {
                i18++;
                i19 = (i19 << 6) | i25;
                int i26 = i20 + 6;
                if (i26 >= 0) {
                    bArr[i14] = (byte) (i19 >>> i26);
                    i19 &= (1 << i26) - 1;
                    i20 -= 2;
                    i14++;
                    i17 = -8;
                } else {
                    i20 = i26;
                    i17 = -8;
                }
            } else if (i25 == -2) {
                if (i20 == -8) {
                    throw new IllegalArgumentException(com.stripe.android.common.model.a.c(i18, "Redundant pad character at index "));
                }
                if (i20 == -6) {
                    i12 = 1;
                    b[] bVarArr = b.f1132b;
                } else if (i20 == -4) {
                    b[] bVarArr2 = b.f1132b;
                    i18++;
                    if (z3) {
                        while (i18 < length2) {
                            if (d.f1136a[bytes[i18] & 255] != -1) {
                                break;
                            }
                            i18++;
                        }
                    }
                    i12 = 1;
                    if (i18 == length2 || bytes[i18] != 61) {
                        throw new IllegalArgumentException(com.stripe.android.common.model.a.c(i18, "Missing one pad character at index "));
                    }
                } else {
                    if (i20 != -2) {
                        throw new IllegalStateException("Unreachable");
                    }
                    i18++;
                    i12 = 1;
                    i11 = i12;
                    i10 = -2;
                }
                i18 += i12;
                i11 = i12;
                i10 = -2;
            } else {
                if (!z3) {
                    StringBuilder sb = new StringBuilder("Invalid symbol '");
                    sb.append((char) i24);
                    sb.append("'(");
                    E1.s(8);
                    String num = Integer.toString(i24, 8);
                    l.e(num, "toString(...)");
                    sb.append(num);
                    sb.append(") at index ");
                    sb.append(i18);
                    throw new IllegalArgumentException(sb.toString());
                }
                i18++;
                i17 = -8;
            }
        }
        if (i20 == i10) {
            throw new IllegalArgumentException("The last unit of input does not have enough bits");
        }
        if (i20 != -8 && i11 == 0) {
            b[] bVarArr3 = b.f1132b;
            throw new IllegalArgumentException("The padding option is set to PRESENT, but the input is not properly padded");
        }
        if (i19 != 0) {
            throw new IllegalArgumentException("The pad bits must be zeros");
        }
        if (z3) {
            while (i18 < length2) {
                if (d.f1136a[bytes[i18] & 255] != -1) {
                    break;
                }
                i18++;
            }
        }
        if (i18 >= length2) {
            if (i14 != i9) {
                throw new IllegalStateException(ArWeCiKmeupk.mkgVizztYHFwAv);
            }
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            if (generateCertificate instanceof X509Certificate) {
                return (X509Certificate) generateCertificate;
            }
            return null;
        }
        int i27 = bytes[i18] & 255;
        StringBuilder sb2 = new StringBuilder("Symbol '");
        sb2.append((char) i27);
        sb2.append("'(");
        E1.s(8);
        String num2 = Integer.toString(i27, 8);
        l.e(num2, "toString(...)");
        sb2.append(num2);
        sb2.append(") at index ");
        throw new IllegalArgumentException(AbstractC1774a.h(sb2, i18 - 1, " is prohibited after the pad character"));
    }

    private final PublicKey getPublicKeyFromHeader(q qVar) {
        List list = qVar.f3968B;
        l.e(list, "getX509CertChain(...)");
        PublicKey publicKey = u0.D(((a) p6.l.o0(list)).a()).getPublicKey();
        l.e(publicKey, "getPublicKey(...)");
        return publicKey;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r5v13, types: [I5.d] */
    /* JADX WARN: Type inference failed for: r5v9, types: [I5.f] */
    private final t getVerifier(q qVar) {
        I5.c cVar;
        N5.a aVar = new K5.a().f5758a;
        if (AbstractC2245b.f22420a == null) {
            AbstractC2245b.f22420a = new C7.d();
        }
        aVar.f6501a = AbstractC2245b.f22420a;
        PublicKey publicKeyFromHeader = getPublicKeyFromHeader(qVar);
        if (!g.f5987d.contains((p) qVar.f3970b)) {
            Set set = i.f5991c;
            p pVar = (p) qVar.f3970b;
            if (set.contains(pVar)) {
                if (!(publicKeyFromHeader instanceof RSAPublicKey)) {
                    throw new u(RSAPublicKey.class);
                }
                cVar = new I5.f((RSAPublicKey) publicKeyFromHeader);
            } else {
                if (!e.f5981c.contains(pVar)) {
                    throw new Exception("Unsupported JWS algorithm: " + pVar);
                }
                if (!(publicKeyFromHeader instanceof ECPublicKey)) {
                    throw new u(ECPublicKey.class);
                }
                cVar = new I5.c((ECPublicKey) publicKeyFromHeader);
            }
        } else {
            if (!(publicKeyFromHeader instanceof SecretKey)) {
                throw new u(SecretKey.class);
            }
            cVar = new I5.d((SecretKey) publicKeyFromHeader);
        }
        ((N5.a) cVar.f4404b).f6501a = aVar.f6501a;
        return cVar;
    }

    private final boolean isValid(s sVar, List<? extends X509Certificate> list) {
        boolean a4;
        if (sVar.f4061f.f3977x != null) {
            this.errorReporter.reportError(new IllegalArgumentException("Encountered a JWK in " + sVar.f4061f));
        }
        Companion companion = Companion;
        q qVar = sVar.f4061f;
        l.e(qVar, "getHeader(...)");
        q sanitizedJwsHeader$3ds2sdk_release = companion.sanitizedJwsHeader$3ds2sdk_release(qVar);
        if (!isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.f3968B, list)) {
            return false;
        }
        t verifier = getVerifier(sanitizedJwsHeader$3ds2sdk_release);
        synchronized (sVar) {
            AtomicReference atomicReference = sVar.f4064u;
            if (atomicReference.get() != r.f4058b && atomicReference.get() != r.f4059f) {
                throw new IllegalStateException("The JWS object must be in a signed or verified state");
            }
            try {
                try {
                    a4 = verifier.a(sVar.f4061f, sVar.f4062s.getBytes(Y5.g.f11965a), sVar.f4063t);
                    if (a4) {
                        sVar.f4064u.set(r.f4059f);
                    }
                } catch (Exception e3) {
                    throw new Exception(e3.getMessage(), e3);
                }
            } catch (H5.g e5) {
                throw e5;
            }
        }
        return a4;
    }

    @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
    public t8.c getPayload(String jws) {
        l.f(jws, "jws");
        Y5.b[] a4 = h.a(jws);
        if (a4.length != 3) {
            throw new ParseException("Unexpected number of Base64URL parts, must be three", 0);
        }
        s sVar = new s(a4[0], a4[1], a4[2]);
        if (this.isLiveMode) {
            if (isValid(sVar, this.rootCerts)) {
                return new t8.c(sVar.f3993b.toString());
            }
            throw new IllegalStateException("Could not validate JWS");
        }
        q qVar = sVar.f4061f;
        List list = qVar.f3968B;
        if (list == null || list.isEmpty()) {
            return new t8.c(sVar.f3993b.toString());
        }
        List list2 = qVar.f3968B;
        l.e(list2, "getX509CertChain(...)");
        ArrayList arrayList = new ArrayList();
        Iterator it = list2.iterator();
        while (it.hasNext()) {
            String str = ((a) it.next()).f11961b;
            l.e(str, "toString(...)");
            X509Certificate certificateFromString = certificateFromString(str);
            if (certificateFromString != null) {
                arrayList.add(certificateFromString);
            }
        }
        if (arrayList.isEmpty() || !isValid(sVar, arrayList)) {
            throw new IllegalStateException("Could not validate JWS");
        }
        return new t8.c(sVar.f3993b.toString());
    }

    public final boolean isCertificateChainValid(List<? extends a> list, List<? extends X509Certificate> rootCerts) {
        Object V8;
        l.f(rootCerts, "rootCerts");
        if (list != null) {
            try {
            } catch (Throwable th) {
                V8 = E6.a.V(th);
            }
            if (!list.isEmpty()) {
                if (rootCerts.isEmpty()) {
                    throw new IllegalArgumentException("Root certificates are empty");
                }
                Companion.validateChain(list, rootCerts);
                V8 = C1923z.f20447a;
                Throwable a4 = C1910m.a(V8);
                if (a4 != null) {
                    this.errorReporter.reportError(a4);
                }
                return !(V8 instanceof C1909l);
            }
        }
        throw new IllegalArgumentException("JWSHeader's X.509 certificate chain is null or empty");
    }
}
