package zn;

import androidx.annotation.VisibleForTesting;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.crypto.IllegalBlockSizeException;
import kotlin.Metadata;

@Metadata(d1 = {"\u0000(\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0004\n\u0002\u0010\u000e\n\u0002\b\u0005\bÆ\u0002\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u000f\u0010\u0010J+\u0010\b\u001a\u00020\u00072\f\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00030\u00022\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00030\u0005H\u0007¢\u0006\u0004\b\b\u0010\tJ \u0010\u000e\u001a\u00020\u00072\u0006\u0010\n\u001a\u00020\u00032\u0006\u0010\u000b\u001a\u00020\u00032\u0006\u0010\r\u001a\u00020\fH\u0007¨\u0006\u0011"}, d2 = {"Lzn/u;", "", "", "Ljava/security/cert/X509Certificate;", "chain", "", "trustedCerts", "", "b", "([Ljava/security/cert/X509Certificate;Ljava/util/List;)Z", "cert", "intermediate", "", "certSubject", "a", "<init>", "()V", "AWFramework_release"}, k = 1, mv = {1, 7, 1})
/* loaded from: classes3.dex */
public final class u {

    /* renamed from: a, reason: collision with root package name */
    public static final u f58477a = new u();

    private u() {
    }

    public static final boolean b(X509Certificate[] chain, List<? extends X509Certificate> trustedCerts) {
        StringBuilder sb2;
        kotlin.jvm.internal.o.g(chain, "chain");
        kotlin.jvm.internal.o.g(trustedCerts, "trustedCerts");
        String certSubject = chain[0].getSubjectX500Principal().getName();
        g0.i("CertUtils", "isTrusted called for " + certSubject + " with chain length: " + chain.length, null, 4, null);
        if (new w().f(chain)) {
            int length = chain.length - 1;
            if (length >= 0) {
                while (true) {
                    int i11 = length - 1;
                    X509Certificate x509Certificate = chain[length];
                    Iterator<? extends X509Certificate> it = trustedCerts.iterator();
                    while (it.hasNext()) {
                        if (Arrays.equals(x509Certificate.getSignature(), it.next().getSignature())) {
                            g0.i("CertUtils", "Cert in provided chain found in trust store. Cert chain is valid.", null, 4, null);
                            return true;
                        }
                    }
                    if (i11 < 0) {
                        break;
                    }
                    length = i11;
                }
            }
            X509Certificate x509Certificate2 = chain[chain.length - 1];
            for (X509Certificate x509Certificate3 : trustedCerts) {
                if (kotlin.jvm.internal.o.b(x509Certificate2.getIssuerX500Principal(), x509Certificate3.getSubjectX500Principal())) {
                    u uVar = f58477a;
                    kotlin.jvm.internal.o.f(certSubject, "certSubject");
                    if (uVar.a(x509Certificate3, x509Certificate2, certSubject)) {
                        return true;
                    }
                }
            }
            sb2 = new StringBuilder();
        } else {
            sb2 = new StringBuilder();
        }
        sb2.append(certSubject);
        sb2.append(" is not trusted");
        g0.i("CertUtils", sb2.toString(), null, 4, null);
        return false;
    }

    @VisibleForTesting
    public final boolean a(X509Certificate cert, X509Certificate intermediate, String certSubject) {
        String str;
        kotlin.jvm.internal.o.g(cert, "cert");
        kotlin.jvm.internal.o.g(intermediate, "intermediate");
        kotlin.jvm.internal.o.g(certSubject, "certSubject");
        try {
            intermediate.verify(cert.getPublicKey());
            g0.i("CertUtils", "Issuer found for: " + certSubject + " in trust store. Cert chain is trusted.", null, 4, null);
            return true;
        } catch (Exception e11) {
            if (e11 instanceof SignatureException ? true : e11 instanceof CertificateException ? true : e11 instanceof NoSuchAlgorithmException ? true : e11 instanceof InvalidKeyException ? true : e11 instanceof NoSuchProviderException) {
                str = "Issuer name matched, but not signature. Continuing to check for right issuer";
            } else {
                if (!(e11 instanceof IllegalBlockSizeException)) {
                    throw e11;
                }
                str = "Issuer found, but signature verification failed";
            }
            g0.i("CertUtils", str, null, 4, null);
            return false;
        }
    }
}
