package com.stripe.android.stripe3ds2.transaction;

import com.deliveroo.orderapp.base.model.MenuTag;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.X509CertChainUtils;
import com.nimbusds.jose.util.X509CertUtils;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.List;
import java.util.Locale;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public final class n {
    public static PublicKey a(JWSHeader jWSHeader) throws CertificateException {
        List<Base64> x509CertChain = jWSHeader.getX509CertChain();
        if (x509CertChain == null) {
            return null;
        }
        return X509CertUtils.parseWithException(x509CertChain.get(0).decode()).getPublicKey();
    }

    public static boolean a(List<Base64> list, List<X509Certificate> list2) {
        if (list != null && !list.isEmpty() && !list2.isEmpty()) {
            try {
                List<X509Certificate> parse = X509CertChainUtils.parse(list);
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                for (int i = 0; i < list2.size(); i++) {
                    keyStore.setCertificateEntry(String.format(Locale.ROOT, "ca_%d", Integer.valueOf(i)), list2.get(i));
                }
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificate(parse.get(0));
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, x509CertSelector);
                pKIXBuilderParameters.setRevocationEnabled(false);
                pKIXBuilderParameters.addCertStore(CertStore.getInstance(MenuTag.COLLECTION_TAG, new CollectionCertStoreParameters(parse)));
                CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
                return true;
            } catch (IOException | GeneralSecurityException | ParseException unused) {
            }
        }
        return false;
    }

    public final JSONObject a(String str, boolean z, List<X509Certificate> list) throws JSONException, ParseException, JOSEException, CertificateException {
        JWSVerifier rSASSAVerifier;
        JWSVerifier rSASSAVerifier2;
        boolean verify;
        JWSObject parse = JWSObject.parse(str);
        if (z) {
            JWSHeader header = parse.getHeader();
            if (a(header.getX509CertChain(), list)) {
                JWSAlgorithm algorithm = header.getAlgorithm();
                if (algorithm.equals(JWSAlgorithm.PS256) || algorithm.equals(JWSAlgorithm.RS256)) {
                    PublicKey a = a(header);
                    if (a instanceof RSAPublicKey) {
                        rSASSAVerifier2 = new RSASSAVerifier((RSAPublicKey) a);
                        rSASSAVerifier2.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
                        verify = parse.verify(rSASSAVerifier2);
                    } else {
                        rSASSAVerifier = new RSASSAVerifier(RSAKey.parse(header.getJWK().toJSONString()));
                        rSASSAVerifier2 = rSASSAVerifier;
                        rSASSAVerifier2.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
                        verify = parse.verify(rSASSAVerifier2);
                    }
                } else {
                    if (!algorithm.equals(JWSAlgorithm.ES256)) {
                        throw new IllegalArgumentException("Unsupported algorithm: " + algorithm.toString());
                    }
                    PublicKey a2 = a(header);
                    if (a2 instanceof ECPublicKey) {
                        rSASSAVerifier2 = new ECDSAVerifier((ECPublicKey) a2);
                        rSASSAVerifier2.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
                        verify = parse.verify(rSASSAVerifier2);
                    } else {
                        rSASSAVerifier = new ECDSAVerifier(ECKey.parse(header.getJWK().toJSONString()));
                        rSASSAVerifier2 = rSASSAVerifier;
                        rSASSAVerifier2.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
                        verify = parse.verify(rSASSAVerifier2);
                    }
                }
            } else {
                verify = false;
            }
            if (!verify) {
                throw new IllegalStateException("Could not validate JWS");
            }
        }
        return new JSONObject(parse.getPayload().toString());
    }
}
