package xh;

import ek.i;
import ek.k;
import fk.r;
import fk.u;
import java.io.ByteArrayInputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import kn.v;
import kn.w;
import kotlin.jvm.internal.DefaultConstructorMarker;
import rk.l;
import rk.n;
import so.q1;
import so.z;

/* compiled from: CertificateChain.kt */
/* loaded from: classes2.dex */
public final class a {

    /* renamed from: c, reason: collision with root package name */
    public static final C0599a f32158c = new C0599a(null);

    /* renamed from: a, reason: collision with root package name */
    private final List<String> f32159a;

    /* renamed from: b, reason: collision with root package name */
    private final i f32160b;

    /* compiled from: CertificateChain.kt */
    /* renamed from: xh.a$a, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    public static final class C0599a {
        private C0599a() {
        }

        public /* synthetic */ C0599a(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final X509Certificate d(String str) {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            byte[] bytes = str.getBytes(kn.d.f24526b);
            l.e(bytes, "this as java.lang.String).getBytes(charset)");
            Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
            Objects.requireNonNull(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            X509Certificate x509Certificate = (X509Certificate) generateCertificate;
            x509Certificate.checkValidity();
            return x509Certificate;
        }

        private final boolean f(X509Certificate x509Certificate) {
            if (x509Certificate.getBasicConstraints() <= -1 || x509Certificate.getKeyUsage() == null) {
                return false;
            }
            boolean[] keyUsage = x509Certificate.getKeyUsage();
            l.e(keyUsage, "keyUsage");
            return ((keyUsage.length == 0) ^ true) && x509Certificate.getKeyUsage()[5];
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final boolean g(X509Certificate x509Certificate) {
            if (x509Certificate.getKeyUsage() != null) {
                boolean[] keyUsage = x509Certificate.getKeyUsage();
                l.e(keyUsage, "keyUsage");
                if ((!(keyUsage.length == 0)) && x509Certificate.getKeyUsage()[0] && x509Certificate.getExtendedKeyUsage() != null && x509Certificate.getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.3")) {
                    return true;
                }
            }
            return false;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void h(List<? extends X509Certificate> list) {
            int size = list.size() - 1;
            if (size > 0) {
                int i10 = 0;
                while (true) {
                    int i11 = i10 + 1;
                    X509Certificate x509Certificate = list.get(i10);
                    X509Certificate x509Certificate2 = list.get(i11);
                    if (!x509Certificate.getIssuerX500Principal().equals(x509Certificate2.getSubjectX500Principal())) {
                        throw new CertificateException("Certificates do not chain");
                    }
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    if (i11 >= size) {
                        break;
                    } else {
                        i10 = i11;
                    }
                }
            }
            if (!((X509Certificate) r.q0(list)).getIssuerX500Principal().equals(((X509Certificate) r.q0(list)).getSubjectX500Principal())) {
                throw new CertificateException("Root certificate not self-signed");
            }
            ((X509Certificate) r.q0(list)).verify(((X509Certificate) r.q0(list)).getPublicKey());
            if (list.size() > 1) {
                X509Certificate x509Certificate3 = (X509Certificate) r.q0(list);
                if (!f(x509Certificate3)) {
                    throw new CertificateException("Root certificate subject must be a Certificate Authority");
                }
                d e10 = e(x509Certificate3);
                int basicConstraints = x509Certificate3.getBasicConstraints();
                int size2 = list.size() - 2;
                if (1 <= size2) {
                    while (true) {
                        int i12 = size2 - 1;
                        X509Certificate x509Certificate4 = list.get(size2);
                        if (!f(x509Certificate4)) {
                            throw new CertificateException("Non-leaf certificate subject must be a Certificate Authority");
                        }
                        d e11 = e(x509Certificate4);
                        if (e10 != null && !l.b(e10, e11)) {
                            throw new CertificateException("Expo project information must be a subset or equal of that of parent certificates");
                        }
                        if (basicConstraints <= 0) {
                            throw new CertificateException("pathLenConstraint violated by intermediate certificate");
                        }
                        basicConstraints = Math.min(x509Certificate4.getBasicConstraints(), basicConstraints - 1);
                        if (1 > i12) {
                            e10 = e11;
                            break;
                        } else {
                            size2 = i12;
                            e10 = e11;
                        }
                    }
                }
                if (e10 != null && !l.b(e10, e((X509Certificate) r.f0(list)))) {
                    throw new CertificateException("Expo project information must be a subset of or equal to that of parent certificates");
                }
            }
        }

        public final d e(X509Certificate x509Certificate) {
            String str;
            List v02;
            int u10;
            CharSequence S0;
            String p10;
            l.f(x509Certificate, "<this>");
            byte[] extensionValue = x509Certificate.getExtensionValue("1.2.840.113556.1.8000.2554.43437.254.128.102.157.7894389.20439.2.1");
            z C = extensionValue == null ? null : z.C(extensionValue);
            if (C == null) {
                return null;
            }
            if (C instanceof q1) {
                byte[] M = ((q1) C).M();
                l.e(M, "it.octets");
                p10 = v.p(M);
                str = p10;
            } else {
                str = null;
            }
            if (str == null) {
                return null;
            }
            v02 = w.v0(str, new char[]{','}, false, 0, 6, null);
            u10 = u.u(v02, 10);
            ArrayList arrayList = new ArrayList(u10);
            Iterator it = v02.iterator();
            while (it.hasNext()) {
                S0 = w.S0((String) it.next());
                arrayList.add(S0.toString());
            }
            if (arrayList.size() == 2) {
                return new d((String) arrayList.get(0), (String) arrayList.get(1));
            }
            throw new CertificateException("Invalid Expo project information extension value");
        }
    }

    /* compiled from: CertificateChain.kt */
    /* loaded from: classes2.dex */
    static final class b extends n implements qk.a<X509Certificate> {
        b() {
            super(0);
        }

        @Override // qk.a
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final X509Certificate invoke() {
            int u10;
            if (a.this.f32159a.isEmpty()) {
                throw new CertificateException("No code signing certificates provided");
            }
            List list = a.this.f32159a;
            u10 = u.u(list, 10);
            ArrayList arrayList = new ArrayList(u10);
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(a.f32158c.d((String) it.next()));
            }
            C0599a c0599a = a.f32158c;
            c0599a.h(arrayList);
            X509Certificate x509Certificate = (X509Certificate) arrayList.get(0);
            if (c0599a.g(x509Certificate)) {
                return x509Certificate;
            }
            throw new CertificateException("First certificate in chain is not a code signing certificate. Must have X509v3 Key Usage: Digital Signature and X509v3 Extended Key Usage: Code Signing");
        }
    }

    public a(List<String> list) {
        i b10;
        l.f(list, "certificateStrings");
        this.f32159a = list;
        b10 = k.b(new b());
        this.f32160b = b10;
    }

    public final X509Certificate b() {
        return (X509Certificate) this.f32160b.getValue();
    }
}
