package jb;

import df.u;
import df.v;
import java.io.ByteArrayInputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import kc.k;
import kc.m;
import kotlin.Metadata;
import lg.q1;
import lg.z;
import xb.h;
import xb.j;
import yb.r;
import yb.y;

/* compiled from: CertificateChain.kt */
@Metadata(d1 = {"\u0000\u001c\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010 \n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\b\u0018\u0000 \u000e2\u00020\u0001:\u0001\u0004B\u0015\u0012\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00030\u0002¢\u0006\u0004\b\f\u0010\rR\u001a\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00030\u00028\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0004\u0010\u0005R\u001b\u0010\u000b\u001a\u00020\u00078FX\u0086\u0084\u0002¢\u0006\f\n\u0004\b\b\u0010\t\u001a\u0004\b\b\u0010\n¨\u0006\u000f"}, d2 = {"Ljb/a;", "", "", "", "a", "Ljava/util/List;", "certificateStrings", "Ljava/security/cert/X509Certificate;", "b", "Lxb/h;", "()Ljava/security/cert/X509Certificate;", "codeSigningCertificate", "<init>", "(Ljava/util/List;)V", w5.c.f23218i, "expo-updates_release"}, k = 1, mv = {1, 8, 0})
/* loaded from: classes.dex */
public final class a {

    /* renamed from: c, reason: collision with root package name and from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);

    /* renamed from: a, reason: collision with root package name and from kotlin metadata */
    private final List<String> certificateStrings;

    /* renamed from: b, reason: collision with root package name and from kotlin metadata */
    private final h codeSigningCertificate;

    /* compiled from: CertificateChain.kt */
    @Metadata(d1 = {"\u0000.\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0086\u0003\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u000e\u0010\u000fJ\u0010\u0010\u0005\u001a\u00020\u00042\u0006\u0010\u0003\u001a\u00020\u0002H\u0002J\f\u0010\u0007\u001a\u00020\u0006*\u00020\u0004H\u0002J\f\u0010\b\u001a\u00020\u0006*\u00020\u0004H\u0002J\u0012\u0010\u000b\u001a\u00020\n*\b\u0012\u0004\u0012\u00020\u00040\tH\u0002J\f\u0010\r\u001a\u0004\u0018\u00010\f*\u00020\u0004¨\u0006\u0010"}, d2 = {"Ljb/a$a;", "", "", "certificateString", "Ljava/security/cert/X509Certificate;", w5.d.f23227o, "", "g", "f", "", "Lxb/c0;", "h", "Ljb/d;", "e", "<init>", "()V", "expo-updates_release"}, k = 1, mv = {1, 8, 0})
    /* renamed from: jb.a$a, reason: collision with other inner class name and from kotlin metadata */
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(kc.g gVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final X509Certificate d(String certificateString) {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            byte[] bytes = certificateString.getBytes(df.d.UTF_8);
            k.d(bytes, "this as java.lang.String).getBytes(charset)");
            Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
            k.c(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            X509Certificate x509Certificate = (X509Certificate) generateCertificate;
            x509Certificate.checkValidity();
            return x509Certificate;
        }

        private final boolean f(X509Certificate x509Certificate) {
            if (x509Certificate.getBasicConstraints() <= -1 || x509Certificate.getKeyUsage() == null) {
                return false;
            }
            boolean[] keyUsage = x509Certificate.getKeyUsage();
            k.d(keyUsage, "keyUsage");
            return ((keyUsage.length == 0) ^ true) && x509Certificate.getKeyUsage()[5];
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final boolean g(X509Certificate x509Certificate) {
            if (x509Certificate.getKeyUsage() == null) {
                return false;
            }
            boolean[] keyUsage = x509Certificate.getKeyUsage();
            k.d(keyUsage, "keyUsage");
            return ((keyUsage.length == 0) ^ true) && x509Certificate.getKeyUsage()[0] && x509Certificate.getExtendedKeyUsage() != null && x509Certificate.getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.3");
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void h(List<? extends X509Certificate> list) {
            Object i02;
            Object i03;
            Object i04;
            Object i05;
            Object i06;
            Object X;
            int size = list.size() - 1;
            int i10 = 0;
            while (i10 < size) {
                X509Certificate x509Certificate = list.get(i10);
                i10++;
                X509Certificate x509Certificate2 = list.get(i10);
                if (!x509Certificate.getIssuerX500Principal().equals(x509Certificate2.getSubjectX500Principal())) {
                    throw new CertificateException("Certificates do not chain");
                }
                x509Certificate.verify(x509Certificate2.getPublicKey());
            }
            i02 = y.i0(list);
            X500Principal issuerX500Principal = ((X509Certificate) i02).getIssuerX500Principal();
            i03 = y.i0(list);
            if (!issuerX500Principal.equals(((X509Certificate) i03).getSubjectX500Principal())) {
                throw new CertificateException("Root certificate not self-signed");
            }
            i04 = y.i0(list);
            i05 = y.i0(list);
            ((X509Certificate) i04).verify(((X509Certificate) i05).getPublicKey());
            if (list.size() > 1) {
                i06 = y.i0(list);
                X509Certificate x509Certificate3 = (X509Certificate) i06;
                if (!f(x509Certificate3)) {
                    throw new CertificateException("Root certificate subject must be a Certificate Authority");
                }
                ExpoProjectInformation e10 = e(x509Certificate3);
                int basicConstraints = x509Certificate3.getBasicConstraints();
                int size2 = list.size() - 2;
                while (size2 > 0) {
                    X509Certificate x509Certificate4 = list.get(size2);
                    if (!f(x509Certificate4)) {
                        throw new CertificateException("Non-leaf certificate subject must be a Certificate Authority");
                    }
                    ExpoProjectInformation e11 = e(x509Certificate4);
                    if (e10 != null && !k.a(e10, e11)) {
                        throw new CertificateException("Expo project information must be a subset or equal of that of parent certificates");
                    }
                    if (basicConstraints <= 0) {
                        throw new CertificateException("pathLenConstraint violated by intermediate certificate");
                    }
                    basicConstraints = Math.min(x509Certificate4.getBasicConstraints(), basicConstraints - 1);
                    size2--;
                    e10 = e11;
                }
                if (e10 != null) {
                    X = y.X(list);
                    if (!k.a(e10, e((X509Certificate) X))) {
                        throw new CertificateException("Expo project information must be a subset of or equal to that of parent certificates");
                    }
                }
            }
        }

        public final ExpoProjectInformation e(X509Certificate x509Certificate) {
            z x10;
            String str;
            List s02;
            int t10;
            CharSequence M0;
            String n10;
            k.e(x509Certificate, "<this>");
            byte[] extensionValue = x509Certificate.getExtensionValue("1.2.840.113556.1.8000.2554.43437.254.128.102.157.7894389.20439.2.1");
            if (extensionValue == null || (x10 = z.x(extensionValue)) == null) {
                return null;
            }
            if (x10 instanceof q1) {
                byte[] D = ((q1) x10).D();
                k.d(D, "it.octets");
                n10 = u.n(D);
                str = n10;
            } else {
                str = null;
            }
            if (str == null) {
                return null;
            }
            s02 = v.s0(str, new char[]{','}, false, 0, 6, null);
            t10 = r.t(s02, 10);
            ArrayList arrayList = new ArrayList(t10);
            Iterator it = s02.iterator();
            while (it.hasNext()) {
                M0 = v.M0((String) it.next());
                arrayList.add(M0.toString());
            }
            if (arrayList.size() == 2) {
                return new ExpoProjectInformation((String) arrayList.get(0), (String) arrayList.get(1));
            }
            throw new CertificateException("Invalid Expo project information extension value");
        }
    }

    /* compiled from: CertificateChain.kt */
    @Metadata(d1 = {"\u0000\b\n\u0002\u0018\u0002\n\u0002\b\u0002\u0010\u0001\u001a\u00020\u0000H\n¢\u0006\u0004\b\u0001\u0010\u0002"}, d2 = {"Ljava/security/cert/X509Certificate;", "a", "()Ljava/security/cert/X509Certificate;"}, k = 3, mv = {1, 8, 0})
    /* loaded from: classes.dex */
    static final class b extends m implements jc.a<X509Certificate> {
        b() {
            super(0);
        }

        @Override // jc.a
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final X509Certificate d() {
            int t10;
            if (a.this.certificateStrings.isEmpty()) {
                throw new CertificateException("No code signing certificates provided");
            }
            List list = a.this.certificateStrings;
            t10 = r.t(list, 10);
            ArrayList arrayList = new ArrayList(t10);
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(a.INSTANCE.d((String) it.next()));
            }
            Companion companion = a.INSTANCE;
            companion.h(arrayList);
            X509Certificate x509Certificate = (X509Certificate) arrayList.get(0);
            if (companion.g(x509Certificate)) {
                return x509Certificate;
            }
            throw new CertificateException("First certificate in chain is not a code signing certificate. Must have X509v3 Key Usage: Digital Signature and X509v3 Extended Key Usage: Code Signing");
        }
    }

    public a(List<String> list) {
        h a10;
        k.e(list, "certificateStrings");
        this.certificateStrings = list;
        a10 = j.a(new b());
        this.codeSigningCertificate = a10;
    }

    public final X509Certificate b() {
        return (X509Certificate) this.codeSigningCertificate.getValue();
    }
}
