package g5;

import android.util.Base64;
import com.hp.sdd.hpc.lib.authz.AuthZToken;
import com.hp.sdd.hpc.lib.authz.models.JWKS;
import com.hp.sdd.hpc.lib.authz.models.Key;
import com.hp.sdd.hpc.lib.hpidaccount.data.HpidIDTokenInfo;
import f8.q;
import f8.r;
import g8.p;
import io.jsonwebtoken.Jwts;
import java.io.ByteArrayInputStream;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
import kotlin.jvm.internal.k;
import vd.a;

/* compiled from: JwksUtils.kt */
/* loaded from: classes.dex */
public final class e {

    /* renamed from: a, reason: collision with root package name */
    public static final e f7674a = new e();

    private e() {
    }

    public static final boolean a(JWKS jwks, AuthZToken authZToken) {
        if (jwks == null) {
            vd.a.f15208a.d("signingKeys is null!", new Object[0]);
            return false;
        }
        List<Key> keys = jwks.getKeys();
        if (keys == null || keys.isEmpty()) {
            vd.a.f15208a.d("signingKeysList.size() <= 0!", new Object[0]);
            return false;
        }
        while (true) {
            boolean z10 = false;
            for (Key key : keys) {
                PublicKey publicKey = null;
                if (k.a(key.getKid(), authZToken == null ? null : authZToken.getKid())) {
                    List<String> x5c = key.getX5c();
                    String str = x5c == null ? null : (String) p.U(x5c);
                    if (str == null || str.length() == 0) {
                        continue;
                    } else {
                        try {
                            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str, 0)));
                            X509Certificate x509Certificate = generateCertificate instanceof X509Certificate ? (X509Certificate) generateCertificate : null;
                            if (x509Certificate != null) {
                                publicKey = x509Certificate.getPublicKey();
                            }
                            if (publicKey != null && f7674a.b(publicKey, authZToken)) {
                                z10 = true;
                            }
                        } catch (CertificateException e10) {
                            vd.a.f15208a.g(e10, "generateRSAPublicKey() : CertificateException encountered.", new Object[0]);
                        }
                    }
                }
            }
            return z10;
        }
    }

    private final boolean b(PublicKey publicKey, AuthZToken authZToken) {
        Object b10;
        try {
            q.a aVar = q.f7469p;
            b10 = q.b(Jwts.parserBuilder().setAllowedClockSkewSeconds(300L).setSigningKey(publicKey).build().parseClaimsJws(authZToken == null ? null : authZToken.getAccess_token()).getBody().getSubject());
        } catch (Throwable th) {
            q.a aVar2 = q.f7469p;
            b10 = q.b(r.a(th));
        }
        Throwable d10 = q.d(b10);
        if (d10 != null) {
            vd.a.f15208a.e(d10);
        }
        if (q.f(b10)) {
            b10 = null;
        }
        String str = (String) b10;
        a.b bVar = vd.a.f15208a;
        bVar.a("the gotten Subject is : %s", str);
        HpidIDTokenInfo.HpidUserInfo tokenInfo = authZToken == null ? null : authZToken.getTokenInfo();
        if (str != null) {
            if (k.a(tokenInfo != null ? tokenInfo.getSub() : null, str)) {
                return true;
            }
        }
        bVar.a("validatePublicKey() - Token is not Authentic! Token Subject mismatch found!", new Object[0]);
        return false;
    }
}
