package net.soti.ssl;

import com.google.inject.Inject;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import net.soti.mobicontrol.logging.Logger;
import net.soti.ssl.certificate.CertificateStore;
import org.jetbrains.annotations.NotNull;

/* loaded from: classes.dex */
public class AppCatalogUserTrustedChecker extends DelegatingTrustChecker {
    private final KeyStorePasswordProvider keyStorePasswordProvider;
    private final CertificateStore userTrustedKeyStore;

    @Inject
    public AppCatalogUserTrustedChecker(@AppCatalogUserTrustedPKI CertificateStore certificateStore, DefaultHostnameVerifier defaultHostnameVerifier, Logger logger, KeyStorePasswordProvider keyStorePasswordProvider) {
        super(certificateStore, defaultHostnameVerifier, logger);
        this.userTrustedKeyStore = certificateStore;
        this.keyStorePasswordProvider = keyStorePasswordProvider;
    }

    private void doCheckServerTrusted(X509Certificate[] x509CertificateArr) throws KeyStoreException, CertificateException {
        KeyStore keyStore = this.userTrustedKeyStore.getKeyStore(this.keyStorePasswordProvider.getPassword());
        String certificateAlias = keyStore.getCertificateAlias(x509CertificateArr[0]);
        if (certificateAlias == null) {
            throw new CertificateException("The certificate with hash " + x509CertificateArr[0].getSubjectDN() + " is not found in the user certificate storage");
        }
        if (!Arrays.equals(keyStore.getCertificate(certificateAlias).getEncoded(), x509CertificateArr[0].getEncoded())) {
            throw new CertificateException("The certificate with hash " + x509CertificateArr[0].getSubjectDN() + " is not trusted.");
        }
    }

    @Override // net.soti.ssl.DelegatingTrustChecker
    public void checkServerTrusted(@NotNull X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
        if (!hasCerts()) {
            throw new CertificateException("No certificate entries found in user certificate storage");
        }
        try {
            doCheckServerTrusted(x509CertificateArr);
        } catch (KeyStoreException e) {
            throw new CertificateException(e);
        }
    }
}
