package com.microsoft.mmx.agents.ypp.pairingproxyclient.auth;

import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.microsoft.appmanager.telemetry.TraceContext;
import com.microsoft.mmx.agents.ypp.authclient.crypto.JwtHelper;
import com.microsoft.mmx.agents.ypp.configuration.EnvironmentMappingUtils;
import com.microsoft.mmx.agents.ypp.configuration.PlatformConfiguration;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.stream.Collectors;
import javax.inject.Inject;
import k3.a;
import org.joda.time.DateTime;

/* loaded from: classes3.dex */
public class PairingProxyCertificateValidator {
    private final JwtHelper jwtHelper;
    private final PlatformConfiguration platformConfiguration;

    @Inject
    public PairingProxyCertificateValidator(@NonNull JwtHelper jwtHelper, @NonNull PlatformConfiguration platformConfiguration) {
        this.jwtHelper = jwtHelper;
        this.platformConfiguration = platformConfiguration;
    }

    private boolean isCertificateExpired(X509Certificate x509Certificate) {
        return new DateTime(x509Certificate.getNotAfter()).getMillis() < DateTime.now().getMillis();
    }

    public List<X509Certificate> getStaticPairingProxyCertificates() {
        return (List) EnvironmentMappingUtils.getBase64EncodedAccountDeviceServiceCertificates(this.platformConfiguration).stream().map(a.f12126h).collect(Collectors.toList());
    }

    public List<X509Certificate> getStaticPairingProxyCertificatesSecondary() {
        return (List) EnvironmentMappingUtils.getBase64EncodedAccountDeviceServiceCertificatesSecondary(this.platformConfiguration).stream().map(a.f12127i).collect(Collectors.toList());
    }

    @Nullable
    public String validateAndGetDataWithStaticCertificate(@NonNull String str, @NonNull TraceContext traceContext) {
        String verifyAndGetDataFromJwt;
        for (X509Certificate x509Certificate : getStaticPairingProxyCertificates()) {
            if (!isCertificateExpired(x509Certificate) && (verifyAndGetDataFromJwt = this.jwtHelper.verifyAndGetDataFromJwt(str, x509Certificate, traceContext)) != null) {
                return verifyAndGetDataFromJwt;
            }
        }
        return null;
    }

    @Nullable
    public String validateAndGetDataWithStaticCertificateSecondary(@NonNull String str, @NonNull TraceContext traceContext) {
        String verifyAndGetDataFromJwt;
        for (X509Certificate x509Certificate : getStaticPairingProxyCertificatesSecondary()) {
            if (!isCertificateExpired(x509Certificate) && (verifyAndGetDataFromJwt = this.jwtHelper.verifyAndGetDataFromJwt(str, x509Certificate, traceContext)) != null) {
                return verifyAndGetDataFromJwt;
            }
        }
        return null;
    }
}
