package x9;

import java.security.MessageDigest;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jmrtd.lds.LDSFileUtil;
import org.jmrtd.lds.SODFile;

/* loaded from: classes.dex */
public final class v1 implements e3 {

    /* renamed from: c, reason: collision with root package name */
    public static final String f23413c = "dot-nfc:".concat(v1.class.getSimpleName());

    /* renamed from: a, reason: collision with root package name */
    public final Set f23414a;

    /* renamed from: b, reason: collision with root package name */
    public final u f23415b;

    public v1(Set set, u uVar) {
        wc.m.e(set, "authorityCertificates");
        wc.m.e(uVar, "documentSignerCertificateValidator");
        this.f23414a = set;
        this.f23415b = uVar;
    }

    public static String b(SODFile sODFile) {
        String l10;
        String digestEncryptionAlgorithm = sODFile.getDigestEncryptionAlgorithm();
        if (!wc.m.a("SSAwithRSA/PSS", digestEncryptionAlgorithm)) {
            wc.m.d(digestEncryptionAlgorithm, "{\n            digestEncryptionAlgorithm\n        }");
            return digestEncryptionAlgorithm;
        }
        String signerInfoDigestAlgorithm = sODFile.getSignerInfoDigestAlgorithm();
        wc.m.d(signerInfoDigestAlgorithm, "sodFile.signerInfoDigestAlgorithm");
        l10 = fd.o.l(signerInfoDigestAlgorithm, "-", "", false, 4, null);
        return l10 + "withRSA/PSS";
    }

    public static boolean c(l lVar, a3 a3Var) {
        Integer num;
        Map<Integer, byte[]> dataGroupHashes = a3Var.b().getDataGroupHashes();
        Set<Integer> keySet = dataGroupHashes.keySet();
        HashSet hashSet = new HashSet();
        int[] tagList = a3Var.a().getTagList();
        wc.m.d(tagList, "parsedLds.comFile.tagList");
        for (int i10 : tagList) {
            try {
                num = Integer.valueOf(LDSFileUtil.lookupDataGroupNumberByTag(i10));
            } catch (NumberFormatException unused) {
                v7.g.d(f23413c, "Unknown data group number " + i10);
                num = null;
            }
            if (num != null) {
                hashSet.add(Integer.valueOf(num.intValue()));
            }
        }
        boolean a10 = wc.m.a(hashSet, keySet);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(a3Var.b().getDigestAlgorithm(), BouncyCastleProvider.PROVIDER_NAME);
            wc.m.d(messageDigest, "{\n            MessageDig….PROVIDER_NAME)\n        }");
            Iterator<Integer> it = keySet.iterator();
            while (it.hasNext()) {
                int intValue = it.next().intValue();
                byte[] bArr = dataGroupHashes.get(Integer.valueOf(intValue));
                byte[] b10 = lVar.b(intValue);
                if (b10 != null) {
                    byte[] digest = messageDigest.digest(b10);
                    messageDigest.reset();
                    a10 = a10 && MessageDigest.isEqual(bArr, digest);
                }
            }
            return a10;
        } catch (Exception e10) {
            v7.g.e(f23413c, "Invalid digest algorithm", e10);
            return false;
        }
    }

    public static X509Certificate d(SODFile sODFile) {
        boolean o10;
        Object x10;
        int size = sODFile.getDocSigningCertificates().size();
        List<X509Certificate> docSigningCertificates = sODFile.getDocSigningCertificates();
        wc.m.d(docSigningCertificates, "docSigningCertificates");
        if (size == 1) {
            x10 = lc.v.x(docSigningCertificates);
            return (X509Certificate) x10;
        }
        for (X509Certificate x509Certificate : docSigningCertificates) {
            boolean[] keyUsage = x509Certificate.getKeyUsage();
            wc.m.d(keyUsage, "it.keyUsage");
            o10 = lc.j.o(keyUsage);
            if (o10) {
                return x509Certificate;
            }
        }
        throw new NoSuchElementException("Collection contains no element matching the predicate.");
    }

    @Override // x9.e3
    public final ea.a a(ga.b bVar, a3 a3Var) {
        boolean z10;
        wc.m.e(bVar, "lds1eMrtdApplication");
        wc.m.e(a3Var, "parsedLds");
        boolean z11 = true;
        if (!n.f23365a) {
            System.setProperty("org.bouncycastle.rsa.max_mr_tests", "0");
            Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
            Security.insertProviderAt(new BouncyCastleProvider(), 1);
            n.f23365a = true;
        }
        if (this.f23414a.isEmpty()) {
            return ea.a.AUTHORITY_CERTIFICATES_NOT_PROVIDED;
        }
        SODFile sODFile = a3Var.f23279b;
        wc.m.d(sODFile, "parsedLds.sodFile");
        try {
            Signature signature = Signature.getInstance(b(sODFile), BouncyCastleProvider.PROVIDER_NAME);
            AlgorithmParameterSpec digestEncryptionAlgorithmParams = sODFile.getDigestEncryptionAlgorithmParams();
            if (digestEncryptionAlgorithmParams != null) {
                signature.setParameter(digestEncryptionAlgorithmParams);
            }
            signature.initVerify(d(sODFile).getPublicKey());
            signature.update(sODFile.getEContent());
            z10 = signature.verify(sODFile.getEncryptedDigest());
        } catch (Exception e10) {
            v7.g.e(f23413c, "Failed to verify signature", e10);
            z10 = false;
        }
        u uVar = this.f23415b;
        X509Certificate docSigningCertificate = a3Var.f23279b.getDocSigningCertificate();
        Set set = this.f23414a;
        uVar.getClass();
        try {
            docSigningCertificate.checkValidity();
            Iterator it = set.iterator();
            while (it.hasNext()) {
                try {
                    docSigningCertificate.verify(((X509Certificate) it.next()).getPublicKey());
                    break;
                } catch (Exception unused) {
                }
            }
        } catch (Exception unused2) {
        }
        z11 = false;
        return (z10 && z11 && c(new l(bVar), a3Var)) ? ea.a.AUTHENTICATED : ea.a.DENIED;
    }
}
