package com.microsoft.intune.mam.http;

import com.microsoft.identity.common.java.platform.AbstractDevicePopManager;
import com.microsoft.intune.mam.client.telemetry.TelemetryLogger;
import com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence;
import java.lang.reflect.Array;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;

/* loaded from: classes3.dex */
class f implements CertChainValidator {

    /* renamed from: e, reason: collision with root package name */
    private static final ew.c f35284e = ew.d.a(f.class);

    /* renamed from: a, reason: collision with root package name */
    private final String f35285a;

    /* renamed from: b, reason: collision with root package name */
    private final TelemetryLogger f35286b;

    /* renamed from: c, reason: collision with root package name */
    final byte[][] f35287c;

    /* renamed from: d, reason: collision with root package name */
    final byte[][] f35288d;

    /* JADX INFO: Access modifiers changed from: package-private */
    public f(String str, TelemetryLogger telemetryLogger, String str2) {
        this.f35286b = telemetryLogger;
        this.f35285a = str2;
        KnownClouds fromAuthority = KnownClouds.fromAuthority(str);
        this.f35287c = fromAuthority.getIntermediateCertPubkeys();
        this.f35288d = fromAuthority.getRootCertPubkey();
    }

    private void a(TrackedOccurrence trackedOccurrence, X509Certificate[] x509CertificateArr) {
        if (Array.getLength(x509CertificateArr) == 0) {
            this.f35286b.logTrackedOccurrence(this.f35285a, trackedOccurrence, "no certs in chain");
            return;
        }
        StringBuilder sb2 = new StringBuilder();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            sb2.append(x509Certificate.getSubjectDN().getName());
            sb2.append(" -> ");
        }
        this.f35286b.logTrackedOccurrence(this.f35285a, trackedOccurrence, sb2.toString());
    }

    private void b(TrackedOccurrence trackedOccurrence, X509Certificate x509Certificate) {
        this.f35286b.logTrackedOccurrence(this.f35285a, trackedOccurrence, x509Certificate == null ? "empty" : x509Certificate.getSubjectDN().getName());
    }

    private void c(X509Certificate x509Certificate, byte[][] bArr) throws CertificateException {
        boolean z10 = false;
        int i10 = 0;
        while (true) {
            if (i10 >= bArr.length) {
                break;
            }
            try {
                x509Certificate.verify(KeyFactory.getInstance(AbstractDevicePopManager.KeyPairGeneratorAlgorithms.RSA).generatePublic(new X509EncodedKeySpec(bArr[i10])));
                z10 = true;
                break;
            } catch (Exception unused) {
                i10++;
            }
        }
        if (z10) {
            return;
        }
        b(TrackedOccurrence.SSL_CERT_VALIDATION_FAILED_NOT_SIGNED_BY_ROOT, x509Certificate);
        throw new CertificateException("Unable to verify certificate.");
    }

    @Override // com.microsoft.intune.mam.http.CertChainValidator
    public void validateChain(X509Certificate[] x509CertificateArr) throws CertificateException {
        int length = Array.getLength(x509CertificateArr);
        boolean z10 = false;
        for (int i10 = 1; i10 < length; i10++) {
            X509Certificate x509Certificate = x509CertificateArr[i10];
            X509Certificate x509Certificate2 = x509CertificateArr[i10 - 1];
            PublicKey publicKey = x509Certificate.getPublicKey();
            try {
                x509Certificate2.verify(publicKey);
                if (!z10) {
                    byte[] encoded = publicKey.getEncoded();
                    byte[][] bArr = this.f35287c;
                    int length2 = bArr.length;
                    int i11 = 0;
                    while (true) {
                        if (i11 >= length2) {
                            break;
                        }
                        if (Arrays.equals(encoded, bArr[i11])) {
                            z10 = true;
                            break;
                        }
                        i11++;
                    }
                }
            } catch (Exception unused) {
                b(TrackedOccurrence.SSL_CERT_VALIDATION_FAILED_WRONG_PUBLIC_KEY, x509Certificate2);
                throw new CertificateException("Unable to verify certificate.");
            }
        }
        if (!z10) {
            a(TrackedOccurrence.SSL_CERT_VALIDATION_FAILED_MSIT_CERT_NOT_FOUND, x509CertificateArr);
            throw new CertificateException("Unable to verify certificate.");
        }
        c(x509CertificateArr[length - 1], this.f35288d);
        f35284e.g("cert validated");
    }
}
