package com.stripe.android.stripe3ds2.transaction;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.h;
import com.nimbusds.jose.i;
import com.nimbusds.jose.util.d;
import com.nimbusds.jose.util.e;
import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import kotlin.jvm.internal.j;
import kotlin.jvm.internal.k0;
import kotlin.jvm.internal.r;
import mi.t;
import mi.v;
import org.json.JSONException;
import org.json.JSONObject;
import pf.a;

/* loaded from: classes3.dex */
public final class DefaultJwsValidator implements JwsValidator {
    public static final Companion Companion = new Companion(null);
    private final ErrorReporter errorReporter;
    private final boolean isLiveMode;
    private final List<X509Certificate> rootCerts;

    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(j jVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void validateChain(List<? extends a> list, List<? extends X509Certificate> list2) throws GeneralSecurityException, IOException, ParseException {
            List<X509Certificate> a10 = d.a(list);
            KeyStore createKeyStore = createKeyStore(list2);
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(a10.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(a10)));
            CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
        }

        public final KeyStore createKeyStore(List<? extends X509Certificate> rootCerts) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
            r.e(rootCerts, "rootCerts");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            int i10 = 0;
            for (Object obj : rootCerts) {
                int i11 = i10 + 1;
                if (i10 < 0) {
                    v.t();
                }
                k0 k0Var = k0.f34853a;
                String format = String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i10)}, 1));
                r.d(format, "java.lang.String.format(locale, format, *args)");
                keyStore.setCertificateEntry(format, rootCerts.get(i10));
                i10 = i11;
            }
            r.d(keyStore, "keyStore");
            return keyStore;
        }

        public final h sanitizedJwsHeader$3ds2sdk_release(h jwsHeader) {
            r.e(jwsHeader, "jwsHeader");
            h b10 = new h.a(jwsHeader).f(null).b();
            r.d(b10, "Builder(jwsHeader)\n                .jwk(null)\n                .build()");
            return b10;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public DefaultJwsValidator(boolean z10, List<? extends X509Certificate> rootCerts, ErrorReporter errorReporter) {
        r.e(rootCerts, "rootCerts");
        r.e(errorReporter, "errorReporter");
        this.isLiveMode = z10;
        this.rootCerts = rootCerts;
        this.errorReporter = errorReporter;
    }

    private final PublicKey getPublicKeyFromHeader(h hVar) throws CertificateException {
        List<a> q10 = hVar.q();
        r.d(q10, "jwsHeader.x509CertChain");
        PublicKey publicKey = e.b(((a) t.L(q10)).a()).getPublicKey();
        r.d(publicKey, "parseWithException(\n            jwsHeader.x509CertChain.first().decode()\n        ).publicKey");
        return publicKey;
    }

    private final com.nimbusds.jose.j getVerifier(h hVar) throws JOSEException, CertificateException {
        ff.a aVar = new ff.a();
        aVar.getJCAContext().c(ef.a.a());
        com.nimbusds.jose.j c10 = aVar.c(hVar, getPublicKeyFromHeader(hVar));
        r.d(c10, "verifierFactory.createJWSVerifier(jwsHeader, getPublicKeyFromHeader(jwsHeader))");
        return c10;
    }

    private final boolean isValid(i iVar, List<? extends X509Certificate> list) throws JOSEException, CertificateException {
        if (iVar.i().l() != null) {
            this.errorReporter.reportError(new IllegalArgumentException(r.l("Encountered a JWK in ", iVar.i())));
        }
        Companion companion = Companion;
        h i10 = iVar.i();
        r.d(i10, "jwsObject.header");
        h sanitizedJwsHeader$3ds2sdk_release = companion.sanitizedJwsHeader$3ds2sdk_release(i10);
        if (isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.q(), list)) {
            return iVar.r(getVerifier(sanitizedJwsHeader$3ds2sdk_release));
        }
        return false;
    }

    @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
    public JSONObject getPayload(String jws) throws JSONException, ParseException, JOSEException, CertificateException {
        r.e(jws, "jws");
        i jwsObject = i.m(jws);
        if (this.isLiveMode) {
            r.d(jwsObject, "jwsObject");
            if (!isValid(jwsObject, this.rootCerts)) {
                throw new IllegalStateException("Could not validate JWS");
            }
        }
        return new JSONObject(jwsObject.b().toString());
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x001d A[Catch: all -> 0x004c, TryCatch #0 {all -> 0x004c, blocks: (B:3:0x0006, B:5:0x000c, B:9:0x0019, B:11:0x001d, B:13:0x0024, B:20:0x0032, B:21:0x003e, B:22:0x003f, B:23:0x004b), top: B:2:0x0006 }] */
    /* JADX WARN: Removed duplicated region for block: B:22:0x003f A[Catch: all -> 0x004c, TryCatch #0 {all -> 0x004c, blocks: (B:3:0x0006, B:5:0x000c, B:9:0x0019, B:11:0x001d, B:13:0x0024, B:20:0x0032, B:21:0x003e, B:22:0x003f, B:23:0x004b), top: B:2:0x0006 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean isCertificateChainValid(java.util.List<? extends pf.a> r4, java.util.List<? extends java.security.cert.X509Certificate> r5) {
        /*
            r3 = this;
            java.lang.String r0 = "rootCerts"
            r2 = 7
            kotlin.jvm.internal.r.e(r5, r0)
            r2 = 0
            li.n$a r0 = li.n.f36016b     // Catch: java.lang.Throwable -> L4c
            r0 = 1
            if (r4 == 0) goto L17
            boolean r1 = r4.isEmpty()     // Catch: java.lang.Throwable -> L4c
            if (r1 == 0) goto L14
            r2 = 5
            goto L17
        L14:
            r1 = 0
            r2 = 6
            goto L19
        L17:
            r1 = 1
            r2 = r1
        L19:
            r1 = r1 ^ r0
            r2 = 2
            if (r1 == 0) goto L3f
            boolean r1 = r5.isEmpty()     // Catch: java.lang.Throwable -> L4c
            r0 = r0 ^ r1
            if (r0 == 0) goto L32
            com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator$Companion r0 = com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.Companion     // Catch: java.lang.Throwable -> L4c
            com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.Companion.access$validateChain(r0, r4, r5)     // Catch: java.lang.Throwable -> L4c
            r2 = 3
            li.v r4 = li.v.f36030a     // Catch: java.lang.Throwable -> L4c
            java.lang.Object r4 = li.n.b(r4)     // Catch: java.lang.Throwable -> L4c
            r2 = 0
            goto L59
        L32:
            java.lang.String r4 = "Root certificates are empty"
            r2 = 0
            java.lang.IllegalArgumentException r5 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L4c
            java.lang.String r4 = r4.toString()     // Catch: java.lang.Throwable -> L4c
            r5.<init>(r4)     // Catch: java.lang.Throwable -> L4c
            throw r5     // Catch: java.lang.Throwable -> L4c
        L3f:
            java.lang.String r4 = "JWSHeader's X.509 certificate chain is null or empty"
            java.lang.IllegalArgumentException r5 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L4c
            java.lang.String r4 = r4.toString()     // Catch: java.lang.Throwable -> L4c
            r2 = 7
            r5.<init>(r4)     // Catch: java.lang.Throwable -> L4c
            throw r5     // Catch: java.lang.Throwable -> L4c
        L4c:
            r4 = move-exception
            li.n$a r5 = li.n.f36016b
            r2 = 0
            java.lang.Object r4 = li.o.a(r4)
            r2 = 1
            java.lang.Object r4 = li.n.b(r4)
        L59:
            java.lang.Throwable r5 = li.n.d(r4)
            if (r5 == 0) goto L65
            com.stripe.android.stripe3ds2.observability.ErrorReporter r0 = r3.errorReporter
            r2 = 6
            r0.reportError(r5)
        L65:
            r2 = 6
            boolean r4 = li.n.g(r4)
            r2 = 6
            return r4
        */
        throw new UnsupportedOperationException("Method not decompiled: com.stripe.android.stripe3ds2.transaction.DefaultJwsValidator.isCertificateChainValid(java.util.List, java.util.List):boolean");
    }
}
