package com.microsoft.identity.common.internal.broker;

import a0.q2;
import android.content.Context;
import com.microsoft.identity.common.internal.util.PackageUtils;
import com.microsoft.identity.common.logging.Logger;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import k50.l;
import k50.p;
import kotlin.jvm.internal.a0;
import kotlin.jvm.internal.k;
import kotlin.jvm.internal.m;
import t50.q;
import y40.n;

/* loaded from: classes3.dex */
public class BrokerValidator implements IBrokerValidator {
    public static final Companion Companion = new Companion(null);
    private static final String TAG = a0.a(BrokerValidator.class).d();
    private final Set<BrokerData> allowedBrokerApps;
    private final l<String, List<X509Certificate>> getSigningCertificateForApp;
    private final p<String, List<? extends X509Certificate>, n> validateSigningCertificate;

    /* renamed from: com.microsoft.identity.common.internal.broker.BrokerValidator$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static final class AnonymousClass1 extends m implements l<String, List<X509Certificate>> {
        final /* synthetic */ Context $context;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public AnonymousClass1(Context context) {
            super(1);
            this.$context = context;
        }

        @Override // k50.l
        public final List<X509Certificate> invoke(String packageName) {
            kotlin.jvm.internal.l.h(packageName, "packageName");
            List<X509Certificate> readCertDataForApp = PackageUtils.readCertDataForApp(packageName, this.$context);
            kotlin.jvm.internal.l.g(readCertDataForApp, "readCertDataForApp(packageName, context)");
            return readCertDataForApp;
        }
    }

    /* renamed from: com.microsoft.identity.common.internal.broker.BrokerValidator$2, reason: invalid class name */
    /* loaded from: classes3.dex */
    public /* synthetic */ class AnonymousClass2 extends k implements p<String, List<? extends X509Certificate>, n> {
        public AnonymousClass2(Object obj) {
            super(2, obj, Companion.class, "validateSigningCertificate", "validateSigningCertificate(Ljava/lang/String;Ljava/util/List;)V", 0);
        }

        @Override // k50.p
        public /* bridge */ /* synthetic */ n invoke(String str, List<? extends X509Certificate> list) {
            invoke2(str, list);
            return n.f53063a;
        }

        /* renamed from: invoke, reason: avoid collision after fix types in other method */
        public final void invoke2(String p02, List<? extends X509Certificate> p12) {
            kotlin.jvm.internal.l.h(p02, "p0");
            kotlin.jvm.internal.l.h(p12, "p1");
            ((Companion) this.receiver).validateSigningCertificate(p02, p12);
        }
    }

    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(kotlin.jvm.internal.g gVar) {
            this();
        }

        public final void validateSigningCertificate(String expectedSigningCertificateThumbprint, List<? extends X509Certificate> signingCertificates) {
            kotlin.jvm.internal.l.h(expectedSigningCertificateThumbprint, "expectedSigningCertificateThumbprint");
            kotlin.jvm.internal.l.h(signingCertificates, "signingCertificates");
            PackageUtils.verifySignatureHash(signingCertificates, cm.c.k(expectedSigningCertificateThumbprint).iterator());
            if (signingCertificates.size() > 1) {
                PackageUtils.verifyCertificateChain(signingCertificates);
            }
        }
    }

    public BrokerValidator(Context context) {
        kotlin.jvm.internal.l.h(context, "context");
        this.allowedBrokerApps = BrokerData.Companion.getKnownBrokerApps();
        this.getSigningCertificateForApp = new AnonymousClass1(context);
        this.validateSigningCertificate = new AnonymousClass2(Companion);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public BrokerValidator(Set<BrokerData> allowedBrokerApps, l<? super String, ? extends List<? extends X509Certificate>> getSigningCertificateForApp, p<? super String, ? super List<? extends X509Certificate>, n> validateSigningCertificate) {
        kotlin.jvm.internal.l.h(allowedBrokerApps, "allowedBrokerApps");
        kotlin.jvm.internal.l.h(getSigningCertificateForApp, "getSigningCertificateForApp");
        kotlin.jvm.internal.l.h(validateSigningCertificate, "validateSigningCertificate");
        this.allowedBrokerApps = allowedBrokerApps;
        this.getSigningCertificateForApp = getSigningCertificateForApp;
        this.validateSigningCertificate = validateSigningCertificate;
    }

    @Override // com.microsoft.identity.common.internal.broker.IBrokerValidator
    public boolean isSignedByKnownKeys(BrokerData brokerData) {
        kotlin.jvm.internal.l.h(brokerData, "brokerData");
        String a11 = q2.a(new StringBuilder(), TAG, ":isSignedByKnownKeys");
        try {
            this.validateSigningCertificate.invoke(brokerData.getSigningCertificateThumbprint(), this.getSigningCertificateForApp.invoke(brokerData.getPackageName()));
            Logger.verbose(a11, brokerData + " is a valid broker app.");
            return true;
        } catch (Throwable th2) {
            Logger.verbose(a11, brokerData + " verification failed: " + th2.getMessage());
            return false;
        }
    }

    @Override // com.microsoft.identity.common.internal.broker.IBrokerValidator
    public boolean isValidBrokerPackage(String packageName) {
        Object obj;
        kotlin.jvm.internal.l.h(packageName, "packageName");
        String a11 = q2.a(new StringBuilder(), TAG, ":isValidBrokerPackage");
        Set<BrokerData> set = this.allowedBrokerApps;
        ArrayList arrayList = new ArrayList();
        for (Object obj2 : set) {
            if (q.j(((BrokerData) obj2).getPackageName(), packageName, true)) {
                arrayList.add(obj2);
            }
        }
        Iterator it = arrayList.iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            if (isSignedByKnownKeys((BrokerData) obj)) {
                break;
            }
        }
        if (((BrokerData) obj) != null) {
            return true;
        }
        Logger.info(a11, packageName.concat(" does not match with any known broker apps."));
        return false;
    }

    public boolean verifySignature(String packageName) {
        kotlin.jvm.internal.l.h(packageName, "packageName");
        return isValidBrokerPackage(packageName);
    }
}
