package com.norton.staplerclassifiers.devicedetections.untrustedcertificate;

import android.content.Context;
import android.util.Base64;
import bl.l;
import bo.k;
import com.norton.staplerclassifiers.BaseTask;
import com.norton.staplerclassifiers.config.d;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.collections.EmptyList;
import kotlin.collections.t0;
import kotlin.collections.x1;
import kotlin.collections.y0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.sequences.Sequence;
import kotlin.sequences.p;
import kotlin.text.o;
import kotlinx.serialization.KSerializer;
import kotlinx.serialization.json.a;
import org.jetbrains.annotations.NotNull;

@Metadata(d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0000\u0018\u0000 \u00022\u00020\u0001:\u0001\u0003¨\u0006\u0004"}, d2 = {"Lcom/norton/staplerclassifiers/devicedetections/untrustedcertificate/UntrustedCertificateTask;", "Lcom/norton/staplerclassifiers/BaseTask;", "Companion", "a", "device-detections_debug"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes2.dex */
public final class UntrustedCertificateTask extends BaseTask {

    /* renamed from: f, reason: collision with root package name */
    @NotNull
    public final a f34251f;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public UntrustedCertificateTask(Context context, d configurationProvider, String configurationKey) {
        super(context, configurationProvider, configurationKey);
        b keyStoreProvider = new b();
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(configurationProvider, "configurationProvider");
        Intrinsics.checkNotNullParameter(configurationKey, "configurationKey");
        Intrinsics.checkNotNullParameter(keyStoreProvider, "keyStoreProvider");
        this.f34251f = keyStoreProvider;
        Intrinsics.checkNotNullParameter(UntrustedCertificateClassifier.NAME, "<set-?>");
        this.f34190d = UntrustedCertificateClassifier.NAME;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r13v0 */
    /* JADX WARN: Type inference failed for: r13v1 */
    /* JADX WARN: Type inference failed for: r13v3, types: [java.util.ArrayList] */
    public static BaseTask.c d(Map map) {
        EmptyList emptyList;
        ?? r13;
        Collection<List<?>> subjectAlternativeNames;
        X500Principal subjectX500Principal;
        X500Principal issuerX500Principal;
        a.C0923a c0923a = kotlinx.serialization.json.a.f47960d;
        KSerializer<TelemetryPayload> serializer = TelemetryPayload.INSTANCE.serializer();
        Collection<Certificate> values = map.values();
        ArrayList arrayList = new ArrayList(t0.s(values, 10));
        for (Certificate certificate : values) {
            X509Certificate x509Certificate = certificate instanceof X509Certificate ? (X509Certificate) certificate : null;
            String name = (x509Certificate == null || (issuerX500Principal = x509Certificate.getIssuerX500Principal()) == null) ? null : issuerX500Principal.getName("RFC2253");
            if (name == null) {
                name = "";
            } else {
                Intrinsics.checkNotNullExpressionValue(name, "x509Certificate?.issuerX…0Principal.RFC2253) ?: \"\"");
            }
            String name2 = (x509Certificate == null || (subjectX500Principal = x509Certificate.getSubjectX500Principal()) == null) ? null : subjectX500Principal.getName("RFC2253");
            if (name2 == null) {
                name2 = "";
            } else {
                Intrinsics.checkNotNullExpressionValue(name2, "x509Certificate?.subject…0Principal.RFC2253) ?: \"\"");
            }
            if (x509Certificate != null) {
                Intrinsics.checkNotNullParameter(x509Certificate, "<this>");
                try {
                    subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                } catch (Exception unused) {
                    emptyList = EmptyList.INSTANCE;
                }
                if (subjectAlternativeNames != null) {
                    r13 = new ArrayList();
                    Iterator it = subjectAlternativeNames.iterator();
                    while (it.hasNext()) {
                        List list = (List) it.next();
                        if (Intrinsics.e(list.get(0), 2)) {
                            Object obj = list.get(1);
                            String str = obj instanceof String ? (String) obj : null;
                            if (str != null) {
                                r13.add(str);
                            }
                        }
                    }
                    if (r13 != 0 && (r5 = t0.t0((Iterable) r13, 5)) != null) {
                        Intrinsics.checkNotNullParameter(certificate, "<this>");
                        String encodeToString = Base64.encodeToString(certificate.getPublicKey().getEncoded(), 0);
                        Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(this.publ….encoded, Base64.DEFAULT)");
                        arrayList.add(new UntrustedCertificateTelemetry(name, name2, o.R(encodeToString, "\n", ""), r5));
                    }
                } else {
                    emptyList = EmptyList.INSTANCE;
                    r13 = emptyList;
                    if (r13 != 0) {
                        Intrinsics.checkNotNullParameter(certificate, "<this>");
                        String encodeToString2 = Base64.encodeToString(certificate.getPublicKey().getEncoded(), 0);
                        Intrinsics.checkNotNullExpressionValue(encodeToString2, "encodeToString(this.publ….encoded, Base64.DEFAULT)");
                        arrayList.add(new UntrustedCertificateTelemetry(name, name2, o.R(encodeToString2, "\n", ""), r5));
                    }
                }
            }
            List list2 = EmptyList.INSTANCE;
            Intrinsics.checkNotNullParameter(certificate, "<this>");
            String encodeToString22 = Base64.encodeToString(certificate.getPublicKey().getEncoded(), 0);
            Intrinsics.checkNotNullExpressionValue(encodeToString22, "encodeToString(this.publ….encoded, Base64.DEFAULT)");
            arrayList.add(new UntrustedCertificateTelemetry(name, name2, o.R(encodeToString22, "\n", ""), list2));
        }
        return new BaseTask.c(null, c0923a.g(serializer, new TelemetryPayload(arrayList)));
    }

    @Override // com.norton.staplerclassifiers.BaseTask
    public final void c() {
        boolean z6;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (Pair<String, Certificate> pair : e("user:")) {
            String alias = pair.component1();
            Certificate component2 = pair.component2();
            Iterator<Pair<String, Certificate>> it = e("system:").iterator();
            while (true) {
                z6 = false;
                if (!it.hasNext()) {
                    break;
                }
                Certificate certificate = it.next().component2();
                Intrinsics.checkNotNullParameter(component2, "<this>");
                Intrinsics.checkNotNullParameter(certificate, "certificate");
                try {
                    component2.verify(certificate.getPublicKey());
                    z6 = true;
                } catch (Exception unused) {
                }
                if (z6) {
                    z6 = true;
                    break;
                }
            }
            if (!z6) {
                Intrinsics.checkNotNullExpressionValue(alias, "alias");
                linkedHashMap.put(alias, component2);
            }
        }
        boolean isEmpty = linkedHashMap.isEmpty();
        BaseTask.d dVar = this.f34189c;
        if (isEmpty) {
            dVar.b(BaseTask.StateType.SAFE, "No untrusted certificates found on device");
            dVar.f34201d = EmptyList.INSTANCE;
            dVar.f34202e = d(x1.d());
        } else {
            dVar.b(BaseTask.StateType.UNSAFE, "Found untrusted certificates on device");
            dVar.f34201d = t0.C0(linkedHashMap.keySet());
            dVar.f34202e = d(linkedHashMap);
        }
    }

    public final Sequence<Pair<String, Certificate>> e(final String str) {
        final KeyStore a10 = this.f34251f.a();
        if (a10 == null) {
            return p.g();
        }
        Enumeration<String> aliases = a10.aliases();
        Intrinsics.checkNotNullExpressionValue(aliases, "keyStore.aliases()");
        Intrinsics.checkNotNullParameter(aliases, "<this>");
        return p.v(p.h(p.b(new y0(aliases)), new l<String, Boolean>() { // from class: com.norton.staplerclassifiers.devicedetections.untrustedcertificate.UntrustedCertificateTask$getInstalledCertificates$1$1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            @Override // bl.l
            @NotNull
            public final Boolean invoke(String it) {
                Intrinsics.checkNotNullExpressionValue(it, "it");
                return Boolean.valueOf(o.X(it, str, true));
            }
        }), new l<String, Pair<? extends String, ? extends Certificate>>() { // from class: com.norton.staplerclassifiers.devicedetections.untrustedcertificate.UntrustedCertificateTask$getInstalledCertificates$1$2
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            @Override // bl.l
            @k
            public final Pair<String, Certificate> invoke(String str2) {
                try {
                    Certificate certificate = a10.getCertificate(str2);
                    if (certificate != null) {
                        return new Pair<>(str2, certificate);
                    }
                    return null;
                } catch (Exception e10) {
                    com.symantec.symlog.d.a(6, "UntrustedCertificateTask", e10.getMessage(), e10);
                    return null;
                }
            }
        });
    }
}
