package com.microsoft.intune.mam.http;

import com.microsoft.intune.mam.client.telemetry.TelemetryLogger;
import com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import java.lang.reflect.Array;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* compiled from: PG */
/* loaded from: classes2.dex */
public class MAMTrustManager implements X509TrustManager {
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger((Class<?>) MAMTrustManager.class);
    protected byte[][] mIntermediateCertPubkeys;
    private X509TrustManager mManager;
    private String mPackageName;
    protected byte[][] mRootCertPubkey;
    private TelemetryLogger mTelemetryLogger;

    protected MAMTrustManager(X509TrustManager x509TrustManager, String str, TelemetryLogger telemetryLogger, String str2) throws GeneralSecurityException {
        this.mManager = x509TrustManager;
        this.mTelemetryLogger = telemetryLogger;
        this.mPackageName = str2;
        mapAuthorityToCerts(str);
    }

    public static SSLContext createSslContext(String str, TelemetryLogger telemetryLogger, String str2) throws GeneralSecurityException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        TrustManager[] trustManagerArr = new TrustManager[Array.getLength(trustManagers)];
        int i = 0;
        for (TrustManager trustManager : trustManagers) {
            trustManagerArr[i] = new MAMTrustManager((X509TrustManager) trustManager, str, telemetryLogger, str2);
            i++;
        }
        sSLContext.init(null, trustManagerArr, null);
        return sSLContext;
    }

    private void logCertificateChainError(TrackedOccurrence trackedOccurrence, X509Certificate[] x509CertificateArr) {
        if (Array.getLength(x509CertificateArr) == 0) {
            this.mTelemetryLogger.logTrackedOccurrence(this.mPackageName, trackedOccurrence, "no certs in chain");
            return;
        }
        StringBuilder sb = new StringBuilder();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            sb.append(x509Certificate.getSubjectDN().getName());
            sb.append(" -> ");
        }
        this.mTelemetryLogger.logTrackedOccurrence(this.mPackageName, trackedOccurrence, sb.toString());
    }

    private void logCertificateError(TrackedOccurrence trackedOccurrence, X509Certificate x509Certificate) {
        this.mTelemetryLogger.logTrackedOccurrence(this.mPackageName, trackedOccurrence, x509Certificate == null ? "empty" : x509Certificate.getSubjectDN().getName());
    }

    private void mapAuthorityToCerts(String str) {
        KnownClouds fromAuthority = KnownClouds.fromAuthority(str);
        this.mIntermediateCertPubkeys = fromAuthority.getIntermediateCertPubkeys();
        this.mRootCertPubkey = fromAuthority.getRootCertPubkey();
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Found unreachable blocks
        	at jadx.core.dex.visitors.blocks.DominatorTree.sortBlocks(DominatorTree.java:34)
        	at jadx.core.dex.visitors.blocks.DominatorTree.compute(DominatorTree.java:24)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.computeDominators(BlockProcessor.java:209)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:50)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private void validateCertAgainstRoot(java.security.cert.X509Certificate r5, byte[][] r6) throws java.security.cert.CertificateException {
        /*
            r4 = this;
            r0 = 0
            r1 = 0
        L2:
            int r2 = r6.length
            if (r1 >= r2) goto L1e
            r2 = r6[r1]     // Catch: java.lang.Exception -> L1b
            java.security.spec.X509EncodedKeySpec r3 = new java.security.spec.X509EncodedKeySpec     // Catch: java.lang.Exception -> L1b
            r3.<init>(r2)     // Catch: java.lang.Exception -> L1b
            java.lang.String r2 = "RSA"
            java.security.KeyFactory r2 = java.security.KeyFactory.getInstance(r2)     // Catch: java.lang.Exception -> L1b
            java.security.PublicKey r2 = r2.generatePublic(r3)     // Catch: java.lang.Exception -> L1b
            r5.verify(r2)     // Catch: java.lang.Exception -> L1b
            r0 = 1
            goto L1e
        L1b:
            int r1 = r1 + 1
            goto L2
        L1e:
            if (r0 == 0) goto L21
            return
        L21:
            com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence r6 = com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence.SSL_CERT_VALIDATION_FAILED_NOT_SIGNED_BY_ROOT
            r4.logCertificateError(r6, r5)
            java.security.cert.CertificateException r5 = new java.security.cert.CertificateException
            java.lang.String r6 = "Unable to verify certificate."
            r5.<init>(r6)
            throw r5
        L2e:
            goto L2e
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.intune.mam.http.MAMTrustManager.validateCertAgainstRoot(java.security.cert.X509Certificate, byte[][]):void");
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Found unreachable blocks
        	at jadx.core.dex.visitors.blocks.DominatorTree.sortBlocks(DominatorTree.java:34)
        	at jadx.core.dex.visitors.blocks.DominatorTree.compute(DominatorTree.java:24)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.computeDominators(BlockProcessor.java:209)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:50)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private void validateChain(java.security.cert.X509Certificate[] r11) throws java.security.cert.CertificateException {
        /*
            r10 = this;
            int r0 = java.lang.reflect.Array.getLength(r11)
            r1 = 0
            r2 = 1
            r3 = 1
            r4 = 0
        L8:
            java.lang.String r5 = "Unable to verify certificate."
            if (r3 >= r0) goto L40
            r6 = r11[r3]
            int r7 = r3 + (-1)
            r7 = r11[r7]
            java.security.PublicKey r6 = r6.getPublicKey()
            r7.verify(r6)     // Catch: java.lang.Exception -> L35
            if (r4 != 0) goto L32
            byte[] r5 = r6.getEncoded()
            byte[][] r6 = r10.mIntermediateCertPubkeys
            int r7 = r6.length
            r8 = 0
        L23:
            if (r8 >= r7) goto L32
            r9 = r6[r8]
            boolean r9 = java.util.Arrays.equals(r5, r9)
            if (r9 == 0) goto L2f
            r4 = 1
            goto L32
        L2f:
            int r8 = r8 + 1
            goto L23
        L32:
            int r3 = r3 + 1
            goto L8
        L35:
            com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence r11 = com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence.SSL_CERT_VALIDATION_FAILED_WRONG_PUBLIC_KEY
            r10.logCertificateError(r11, r7)
            java.security.cert.CertificateException r11 = new java.security.cert.CertificateException
            r11.<init>(r5)
            throw r11
        L40:
            if (r4 == 0) goto L52
            int r0 = r0 - r2
            r11 = r11[r0]
            byte[][] r0 = r10.mRootCertPubkey
            r10.validateCertAgainstRoot(r11, r0)
            com.microsoft.intune.mam.log.MAMLogger r11 = com.microsoft.intune.mam.http.MAMTrustManager.LOGGER
            java.lang.String r0 = "cert validated"
            r11.fine(r0)
            return
        L52:
            com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence r0 = com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence.SSL_CERT_VALIDATION_FAILED_MSIT_CERT_NOT_FOUND
            r10.logCertificateChainError(r0, r11)
            java.security.cert.CertificateException r11 = new java.security.cert.CertificateException
            r11.<init>(r5)
            throw r11
        L5d:
            goto L5d
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.intune.mam.http.MAMTrustManager.validateChain(java.security.cert.X509Certificate[]):void");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.mManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.mManager.checkServerTrusted(x509CertificateArr, str);
        validateChain(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.mManager.getAcceptedIssuers();
    }
}
