package com.microsoft.intune.mam.http;

import com.microsoft.identity.common.internal.platform.DevicePopManager;
import com.microsoft.intune.mam.client.telemetry.TelemetryLogger;
import com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence;
import java.lang.reflect.Array;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Objects;
import java.util.logging.Level;

/* loaded from: classes.dex */
public class d implements CertChainValidator {

    /* renamed from: e, reason: collision with root package name */
    public static final l9.b f6569e = f.e.o(d.class);

    /* renamed from: a, reason: collision with root package name */
    public final String f6570a;

    /* renamed from: b, reason: collision with root package name */
    public final TelemetryLogger f6571b;

    /* renamed from: c, reason: collision with root package name */
    public final byte[][] f6572c;

    /* renamed from: d, reason: collision with root package name */
    public final byte[][] f6573d;

    public d(String str, TelemetryLogger telemetryLogger, String str2) {
        this.f6571b = telemetryLogger;
        this.f6570a = str2;
        KnownClouds d10 = KnownClouds.d(str);
        this.f6572c = d10.m();
        this.f6573d = d10.u();
    }

    public final void a(TrackedOccurrence trackedOccurrence, X509Certificate x509Certificate) {
        this.f6571b.logTrackedOccurrence(this.f6570a, trackedOccurrence, x509Certificate == null ? "empty" : x509Certificate.getSubjectDN().getName());
    }

    @Override // com.microsoft.intune.mam.http.CertChainValidator
    public void validateChain(X509Certificate[] x509CertificateArr) throws CertificateException {
        TelemetryLogger telemetryLogger;
        String str;
        String str2;
        int length = Array.getLength(x509CertificateArr);
        int i10 = 0;
        boolean z10 = false;
        for (int i11 = 1; i11 < length; i11++) {
            X509Certificate x509Certificate = x509CertificateArr[i11];
            X509Certificate x509Certificate2 = x509CertificateArr[i11 - 1];
            PublicKey publicKey = x509Certificate.getPublicKey();
            try {
                x509Certificate2.verify(publicKey);
                if (!z10) {
                    byte[] encoded = publicKey.getEncoded();
                    byte[][] bArr = this.f6572c;
                    int length2 = bArr.length;
                    int i12 = 0;
                    while (true) {
                        if (i12 >= length2) {
                            break;
                        }
                        if (Arrays.equals(encoded, bArr[i12])) {
                            z10 = true;
                            break;
                        }
                        i12++;
                    }
                }
            } catch (Exception unused) {
                a(TrackedOccurrence.f6547j, x509Certificate2);
                throw new CertificateException("Unable to verify certificate.");
            }
        }
        if (!z10) {
            TrackedOccurrence trackedOccurrence = TrackedOccurrence.f6549l;
            if (Array.getLength(x509CertificateArr) != 0) {
                StringBuilder sb2 = new StringBuilder();
                int length3 = x509CertificateArr.length;
                while (i10 < length3) {
                    sb2.append(x509CertificateArr[i10].getSubjectDN().getName());
                    sb2.append(" -> ");
                    i10++;
                }
                telemetryLogger = this.f6571b;
                str = this.f6570a;
                str2 = sb2.toString();
            } else {
                telemetryLogger = this.f6571b;
                str = this.f6570a;
                str2 = "no certs in chain";
            }
            telemetryLogger.logTrackedOccurrence(str, trackedOccurrence, str2);
            throw new CertificateException("Unable to verify certificate.");
        }
        X509Certificate x509Certificate3 = x509CertificateArr[length - 1];
        byte[][] bArr2 = this.f6573d;
        int i13 = 0;
        while (true) {
            if (i13 >= bArr2.length) {
                break;
            }
            try {
                x509Certificate3.verify(KeyFactory.getInstance(DevicePopManager.KeyPairGeneratorAlgorithms.RSA).generatePublic(new X509EncodedKeySpec(bArr2[i13])));
                i10 = 1;
                break;
            } catch (Exception unused2) {
                i13++;
            }
        }
        if (i10 == 0) {
            a(TrackedOccurrence.f6548k, x509Certificate3);
            throw new CertificateException("Unable to verify certificate.");
        }
        l9.b bVar = f6569e;
        Objects.requireNonNull(bVar);
        bVar.e(Level.FINE, "cert validated");
    }
}
