package com.microsoft.intune.mam.k;

import com.microsoft.identity.common.internal.platform.DevicePopManager;
import com.microsoft.intune.mam.client.telemetry.TelemetryLogger;
import com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence;
import com.microsoft.intune.mam.http.CertChainValidator;
import com.microsoft.intune.mam.http.KnownClouds;
import com.microsoft.intune.mam.j.d.l0;
import com.microsoft.intune.mam.log.MAMLogger;
import java.lang.reflect.Array;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Objects;
import java.util.logging.Level;

/* loaded from: classes3.dex */
public class f implements CertChainValidator {
    public static final MAMLogger a = l0.m(f.class);

    /* renamed from: b, reason: collision with root package name */
    public final String f11487b;
    public final TelemetryLogger c;
    public final byte[][] d;
    public final byte[][] e;

    public f(String str, TelemetryLogger telemetryLogger, String str2) {
        this.c = telemetryLogger;
        this.f11487b = str2;
        KnownClouds fromAuthority = KnownClouds.fromAuthority(str);
        this.d = fromAuthority.getIntermediateCertPubkeys();
        this.e = fromAuthority.getRootCertPubkey();
    }

    public final void a(TrackedOccurrence trackedOccurrence, X509Certificate x509Certificate) {
        this.c.logTrackedOccurrence(this.f11487b, trackedOccurrence, x509Certificate == null ? "empty" : x509Certificate.getSubjectDN().getName());
    }

    @Override // com.microsoft.intune.mam.http.CertChainValidator
    public void validateChain(X509Certificate[] x509CertificateArr) throws CertificateException {
        TelemetryLogger telemetryLogger;
        String str;
        String str2;
        int length = Array.getLength(x509CertificateArr);
        int i2 = 0;
        boolean z2 = false;
        for (int i3 = 1; i3 < length; i3++) {
            X509Certificate x509Certificate = x509CertificateArr[i3];
            X509Certificate x509Certificate2 = x509CertificateArr[i3 - 1];
            PublicKey publicKey = x509Certificate.getPublicKey();
            try {
                x509Certificate2.verify(publicKey);
                if (!z2) {
                    byte[] encoded = publicKey.getEncoded();
                    byte[][] bArr = this.d;
                    int length2 = bArr.length;
                    int i4 = 0;
                    while (true) {
                        if (i4 >= length2) {
                            break;
                        }
                        if (Arrays.equals(encoded, bArr[i4])) {
                            z2 = true;
                            break;
                        }
                        i4++;
                    }
                }
            } catch (Exception unused) {
                a(TrackedOccurrence.SSL_CERT_VALIDATION_FAILED_WRONG_PUBLIC_KEY, x509Certificate2);
                throw new CertificateException("Unable to verify certificate.");
            }
        }
        if (!z2) {
            TrackedOccurrence trackedOccurrence = TrackedOccurrence.SSL_CERT_VALIDATION_FAILED_MSIT_CERT_NOT_FOUND;
            if (Array.getLength(x509CertificateArr) != 0) {
                StringBuilder sb = new StringBuilder();
                int length3 = x509CertificateArr.length;
                while (i2 < length3) {
                    sb.append(x509CertificateArr[i2].getSubjectDN().getName());
                    sb.append(" -> ");
                    i2++;
                }
                telemetryLogger = this.c;
                str = this.f11487b;
                str2 = sb.toString();
            } else {
                telemetryLogger = this.c;
                str = this.f11487b;
                str2 = "no certs in chain";
            }
            telemetryLogger.logTrackedOccurrence(str, trackedOccurrence, str2);
            throw new CertificateException("Unable to verify certificate.");
        }
        X509Certificate x509Certificate3 = x509CertificateArr[length - 1];
        byte[][] bArr2 = this.e;
        int i5 = 0;
        while (true) {
            if (i5 >= bArr2.length) {
                break;
            }
            try {
                x509Certificate3.verify(KeyFactory.getInstance(DevicePopManager.KeyPairGeneratorAlgorithms.RSA).generatePublic(new X509EncodedKeySpec(bArr2[i5])));
                i2 = 1;
                break;
            } catch (Exception unused2) {
                i5++;
            }
        }
        if (i2 == 0) {
            a(TrackedOccurrence.SSL_CERT_VALIDATION_FAILED_NOT_SIGNED_BY_ROOT, x509Certificate3);
            throw new CertificateException("Unable to verify certificate.");
        }
        MAMLogger mAMLogger = a;
        Objects.requireNonNull(mAMLogger);
        mAMLogger.e(Level.FINE, "cert validated");
    }
}
