package in.juspay.trident.security;

import android.util.Base64;
import in.juspay.hyper.constants.LogCategory;
import in.juspay.trident.exception.InvalidInputException;
import java.io.ByteArrayInputStream;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.json.JSONObject;

/* loaded from: classes5.dex */
public abstract class s {
    public static JSONObject a(String rootCert, String jwtS, in.juspay.trident.analytics.a tracker) {
        Intrinsics.checkNotNullParameter(rootCert, "rootCert");
        Intrinsics.checkNotNullParameter(jwtS, "jwtS");
        Intrinsics.checkNotNullParameter(tracker, "tracker");
        in.juspay.trident.utils.a.b(jwtS);
        f7.a signedJWT = f7.a.n(jwtS);
        try {
            List<e7.a> g10 = signedJWT.h().g();
            Intrinsics.checkNotNullExpressionValue(g10, "signedJWT.header.x509CertChain");
            a(g10, rootCert);
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("certificate_validation", "success");
            bl.q qVar = bl.q.f6341a;
            tracker.b("trident", "certificate_validation", "info", jSONObject);
        } catch (Exception e10) {
            tracker.a(LogCategory.LIFECYCLE, "trident", "certificate_validation", "certificate chain validation failed", e10);
        }
        v6.m h10 = signedJWT.h().h();
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("signature_algorithm", h10.toString());
        bl.q qVar2 = bl.q.f6341a;
        tracker.a("signature_algorithm", jSONObject2);
        if (Intrinsics.a(h10.toString(), "ES256")) {
            Intrinsics.checkNotNullExpressionValue(signedJWT, "signedJWT");
            String aVar = signedJWT.h().g().get(0).toString();
            Intrinsics.checkNotNullExpressionValue(aVar, "signedJWT.header.x509CertChain[0].toString()");
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Intrinsics.checkNotNullExpressionValue(certificateFactory, "getInstance(\"X.509\")");
            byte[] decode = Base64.decode(aVar, 2);
            Intrinsics.checkNotNullExpressionValue(decode, "decode(certStr, Base64.NO_WRAP)");
            Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(decode));
            Intrinsics.checkNotNullExpressionValue(generateCertificate, "cf.generateCertificate(`is`)");
            PublicKey publicKey = generateCertificate.getPublicKey();
            if (signedJWT.m(new w6.a(publicKey instanceof ECPublicKey ? (ECPublicKey) publicKey : null))) {
                return new JSONObject(signedJWT.b().toString());
            }
            throw new InvalidInputException();
        }
        if (!Intrinsics.a(h10.toString(), "PS256")) {
            RuntimeException runtimeException = new RuntimeException("ALGORITHM NOT SUPPORTED");
            tracker.a(LogCategory.LIFECYCLE, "trident", "encryption_algorithm", "algorithm not supported", runtimeException);
            throw runtimeException;
        }
        Intrinsics.checkNotNullExpressionValue(signedJWT, "signedJWT");
        byte[] a10 = signedJWT.i().a();
        byte[] a11 = signedJWT.h().g().get(0).a();
        CertificateFactory certificateFactory2 = CertificateFactory.getInstance("X.509");
        Intrinsics.checkNotNullExpressionValue(certificateFactory2, "getInstance(\"X.509\")");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(a11);
        Signature signature = Signature.getInstance("SHA256withRSAandMGF1", new BouncyCastleProvider());
        signature.initVerify(certificateFactory2.generateCertificate(byteArrayInputStream));
        signature.update(signedJWT.j());
        if (signature.verify(a10)) {
            return new JSONObject(signedJWT.b().toString());
        }
        throw new InvalidInputException();
    }

    public static void a(List list, String str) {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Intrinsics.checkNotNullExpressionValue(certificateFactory, "getInstance(\"X.509\")");
        byte[] decode = Base64.decode(str, 2);
        Intrinsics.checkNotNullExpressionValue(decode, "decode(certStr, Base64.NO_WRAP)");
        Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(decode));
        Intrinsics.checkNotNullExpressionValue(generateCertificate, "cf.generateCertificate(`is`)");
        Intrinsics.d(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        X509Certificate x509Certificate = (X509Certificate) generateCertificate;
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            X509Certificate parsed = e7.n.a(((e7.a) it.next()).a());
            parsed.checkValidity();
            Intrinsics.checkNotNullExpressionValue(parsed, "parsed");
            arrayList.add(parsed);
        }
        arrayList.add(x509Certificate);
        int i10 = 0;
        int size = arrayList.size() - 1;
        while (i10 < size) {
            X509Certificate x509Certificate2 = (X509Certificate) arrayList.get(i10);
            i10++;
            x509Certificate2.verify(((X509Certificate) arrayList.get(i10)).getPublicKey());
        }
    }
}
