package com.kms.libadminkit;

import com.kms.libadminkit.certificates.Certificates;
import com.kms.libadminkit.certificates.X509FieldRecord;
import com.kms.libadminkit.certificates.X509FieldRecordFormatException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;

/* loaded from: classes.dex */
public class TrustedSubjectsCertificateChecker implements CertificateChecker<X509Certificate> {
    private final Collection<String> mTrustedSubjectNames;

    public TrustedSubjectsCertificateChecker(Collection<String> collection) {
        this.mTrustedSubjectNames = new HashSet(collection.size());
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            this.mTrustedSubjectNames.add(it.next().toLowerCase());
        }
    }

    @Override // com.kms.libadminkit.CertificateChecker
    public void check(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509Certificate x509Certificate = x509CertificateArr[0];
        x509Certificate.checkValidity();
        try {
            X509FieldRecord x509FieldRecord = Certificates.parseX509Field(x509Certificate.getSubjectDN().getName()).get("CN");
            if (x509FieldRecord == null) {
                throw new CertificateException("Untrusted server found in X.509 subject field record!");
            }
            String lowerCase = x509FieldRecord.getValue().toLowerCase();
            if (!this.mTrustedSubjectNames.contains(lowerCase)) {
                throw new CertificateException(lowerCase + " is not trusted server!");
            }
        } catch (X509FieldRecordFormatException e) {
            throw new CertificateException(e);
        }
    }
}
