package com.stripe.android.stripe3ds2.transaction;

import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import defpackage.C11589fPk;
import defpackage.C11590fPl;
import defpackage.C13892gXr;
import defpackage.C14387giH;
import defpackage.C14392giM;
import defpackage.C14393giN;
import defpackage.C14402giW;
import defpackage.C14403giX;
import defpackage.C14405giZ;
import defpackage.C14442gjJ;
import defpackage.C14443gjK;
import defpackage.C14462gjd;
import defpackage.C14464gjf;
import defpackage.C14468gjj;
import defpackage.C14474gjp;
import defpackage.C14476gjr;
import defpackage.C14478gjt;
import defpackage.C14480gjv;
import defpackage.C15772hav;
import defpackage.C16173hiY;
import defpackage.InterfaceC14459gja;
import defpackage.fOX;
import defpackage.fOY;
import defpackage.gUF;
import defpackage.gUQ;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import javax.crypto.SecretKey;
import kotlin.jvm.internal.DefaultConstructorMarker;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.json.JSONException;
import org.json.JSONObject;

/* compiled from: PG */
/* loaded from: classes5.dex */
public final class DefaultJwsValidator implements JwsValidator {
    public static final Companion Companion = new Companion(null);
    private final ErrorReporter errorReporter;
    private final boolean isLiveMode;
    private final List<X509Certificate> rootCerts;

    /* compiled from: PG */
    /* loaded from: classes5.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void validateChain(List<? extends C14442gjJ> list, List<? extends X509Certificate> list2) throws GeneralSecurityException, IOException, ParseException {
            List d = C11589fPk.d(list);
            KeyStore createKeyStore = createKeyStore(list2);
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) d.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(d)));
            CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
        }

        public final KeyStore createKeyStore(List<? extends X509Certificate> list) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
            list.getClass();
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            int i = 0;
            for (Object obj : list) {
                int i2 = i + 1;
                if (i < 0) {
                    C15772hav.V();
                }
                String format = String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i)}, 1));
                format.getClass();
                keyStore.setCertificateEntry(format, list.get(i));
                i = i2;
            }
            keyStore.getClass();
            return keyStore;
        }

        public final C14403giX sanitizedJwsHeader$3ds2sdk_release(C14403giX c14403giX) {
            c14403giX.getClass();
            C14402giW e = c14403giX.e();
            if (e.name.equals(C14387giH.a.name)) {
                throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
            }
            return fOX.a(e, c14403giX.typ, c14403giX.cty, c14403giX.crit, c14403giX.jku, null, c14403giX.x5u, c14403giX.x5t, c14403giX.x5t256, c14403giX.x5c, c14403giX.kid, c14403giX.b64, c14403giX.customParams, null);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public DefaultJwsValidator(boolean z, List<? extends X509Certificate> list, ErrorReporter errorReporter) {
        list.getClass();
        errorReporter.getClass();
        this.isLiveMode = z;
        this.rootCerts = list;
        this.errorReporter = errorReporter;
    }

    private final PublicKey getPublicKeyFromHeader(C14403giX c14403giX) throws CertificateException {
        List<C14442gjJ> list = c14403giX.x5c;
        list.getClass();
        PublicKey publicKey = C11590fPl.d(((C14442gjJ) C15772hav.an(list)).c()).getPublicKey();
        publicKey.getClass();
        return publicKey;
    }

    private final InterfaceC14459gja getVerifier(C14403giX c14403giX) throws C14392giM, CertificateException {
        InterfaceC14459gja c14474gjp;
        C14468gjj c14468gjj = new C14468gjj();
        C14480gjv c14480gjv = c14468gjj.a;
        if (fOY.a == null) {
            fOY.a = new BouncyCastleProvider();
        }
        c14480gjv.a = fOY.a;
        PublicKey publicKeyFromHeader = getPublicKeyFromHeader(c14403giX);
        if (C14476gjr.c.contains(c14403giX.e())) {
            if (!(publicKeyFromHeader instanceof SecretKey)) {
                throw new C14462gjd(SecretKey.class);
            }
            c14474gjp = new C14476gjr((SecretKey) publicKeyFromHeader);
        } else if (C14478gjt.c.contains(c14403giX.e())) {
            if (!(publicKeyFromHeader instanceof RSAPublicKey)) {
                throw new C14462gjd(RSAPublicKey.class);
            }
            c14474gjp = new C14478gjt((RSAPublicKey) publicKeyFromHeader);
        } else {
            if (!C14474gjp.c.contains(c14403giX.e())) {
                throw new C14392giM("Unsupported JWS algorithm: ".concat(String.valueOf(String.valueOf(c14403giX.e()))));
            }
            if (!(publicKeyFromHeader instanceof ECPublicKey)) {
                throw new C14462gjd(ECPublicKey.class);
            }
            c14474gjp = new C14474gjp((ECPublicKey) publicKeyFromHeader);
        }
        c14474gjp.getJCAContext().a = c14468gjj.a.a;
        c14474gjp.getClass();
        return c14474gjp;
    }

    private final boolean isValid(C14405giZ c14405giZ, List<? extends X509Certificate> list) throws C14392giM, CertificateException {
        C14403giX c14403giX = c14405giZ.header;
        if (c14403giX.jwk != null) {
            this.errorReporter.reportError(new IllegalArgumentException(C13892gXr.c("Encountered a JWK in ", c14403giX)));
        }
        Companion companion = Companion;
        C14403giX c14403giX2 = c14405giZ.header;
        c14403giX2.getClass();
        C14403giX sanitizedJwsHeader$3ds2sdk_release = companion.sanitizedJwsHeader$3ds2sdk_release(c14403giX2);
        if (isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.x5c, list)) {
            return c14405giZ.e(getVerifier(sanitizedJwsHeader$3ds2sdk_release));
        }
        return false;
    }

    @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
    public JSONObject getPayload(String str) throws JSONException, ParseException, C14392giM, CertificateException {
        str.getClass();
        C14443gjK[] c = C14393giN.c(str);
        if (c.length != 3) {
            throw new ParseException("Unexpected number of Base64URL parts, must be three", 0);
        }
        C14443gjK c14443gjK = c[0];
        C14443gjK c14443gjK2 = c[1];
        C14405giZ c14405giZ = new C14405giZ(c14443gjK, new C14464gjf(c14443gjK2), c[2]);
        if (!this.isLiveMode || isValid(c14405giZ, this.rootCerts)) {
            return new JSONObject(c14405giZ.payload.toString());
        }
        throw new IllegalStateException("Could not validate JWS");
    }

    public final boolean isCertificateChainValid(List<? extends C14442gjJ> list, List<? extends X509Certificate> list2) {
        Object f;
        list2.getClass();
        if (list != null) {
            try {
            } catch (Throwable th) {
                f = C16173hiY.f(th);
            }
            if (!list.isEmpty()) {
                if (list2.isEmpty()) {
                    throw new IllegalArgumentException("Root certificates are empty");
                }
                Companion.validateChain(list, list2);
                f = gUQ.a;
                Throwable a = gUF.a(f);
                if (a != null) {
                    this.errorReporter.reportError(a);
                }
                return gUF.c(f);
            }
        }
        throw new IllegalArgumentException("JWSHeader's X.509 certificate chain is null or empty");
    }
}
