package net.soti.ssl;

import com.google.common.base.Optional;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import net.soti.mobicontrol.logging.Logger;
import net.soti.mobicontrol.util.func.collections.FIterable;
import net.soti.mobicontrol.util.func.functions.Predicate;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class CertVerifier {
    private final TrustCheckerChainBuilder builder;
    private final Logger logger;

    public CertVerifier(TrustCheckerChainBuilder trustCheckerChainBuilder, Logger logger) {
        this.logger = logger;
        this.builder = trustCheckerChainBuilder;
    }

    private boolean checkCertTimeInvalid(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity();
        } catch (CertificateNotYetValidException e) {
            return true;
        } catch (CertificateException e2) {
            this.logger.error("Exception", e2);
        }
        return false;
    }

    private boolean checkCertificateChainIncomplete(X509Certificate[] x509CertificateArr) {
        Optional<X509Certificate> findCert;
        Optional<X509Certificate> fromNullable = Optional.fromNullable(x509CertificateArr[0]);
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(Arrays.asList(x509CertificateArr));
            arrayList.addAll(this.builder.getAcceptedIssuers());
            do {
                findCert = findCert(fromNullable.get().getIssuerX500Principal(), arrayList);
                if (!findCert.isPresent()) {
                    this.logger.error("[checkServerTrusted] incomplete chain", new Object[0]);
                    throw new CertificateException("incomplete chain");
                }
                fromNullable.get().verify(findCert.get().getPublicKey());
                fromNullable = findCert;
            } while (!findCert.get().getSubjectX500Principal().equals(findCert.get().getIssuerX500Principal()));
            return false;
        } catch (InvalidKeyException e) {
            this.logger.error("exception", e);
            return true;
        } catch (NoSuchAlgorithmException e2) {
            this.logger.error("exception", e2);
            return true;
        } catch (NoSuchProviderException e3) {
            this.logger.error("exception", e3);
            return true;
        } catch (SignatureException e4) {
            this.logger.error("exception", e4);
            return true;
        } catch (CertificateException e5) {
            this.logger.error("exception", e5);
            return true;
        }
    }

    private boolean checkCertificateExpiration(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity();
        } catch (CertificateExpiredException e) {
            return true;
        } catch (CertificateException e2) {
            this.logger.error("Exception", e2);
        }
        return false;
    }

    private static Optional<X509Certificate> findCert(final X500Principal x500Principal, List<X509Certificate> list) {
        return FIterable.of(list).findFirst(new Predicate<X509Certificate>() { // from class: net.soti.ssl.CertVerifier.1
            @Override // net.soti.mobicontrol.util.func.functions.Predicate, net.soti.mobicontrol.util.func.functions.F
            public Boolean f(X509Certificate x509Certificate) {
                return Boolean.valueOf(x509Certificate.getSubjectX500Principal().equals(x500Principal));
            }
        });
    }

    private static boolean nonEmpty(X509Certificate[] x509CertificateArr) {
        return x509CertificateArr != null && x509CertificateArr.length > 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<CertificateValidationErrorType> getCertificateValidationErrorType(X509Certificate[] x509CertificateArr) {
        return isCertificateTimeInvalid(x509CertificateArr) ? Optional.of(CertificateValidationErrorType.CERT_TIME_IS_NOT_VALID) : isCertificateExpired(x509CertificateArr) ? Optional.of(CertificateValidationErrorType.CERT_EXPIRED) : isCertificateChainIncomplete(x509CertificateArr) ? Optional.of(CertificateValidationErrorType.GENERAL_CERT_ERROR) : Optional.absent();
    }

    public boolean isCertificateChainIncomplete(X509Certificate[] x509CertificateArr) {
        return nonEmpty(x509CertificateArr) && checkCertificateChainIncomplete(x509CertificateArr);
    }

    public boolean isCertificateExpired(X509Certificate[] x509CertificateArr) {
        return nonEmpty(x509CertificateArr) && checkCertificateExpiration(x509CertificateArr[0]);
    }

    public boolean isCertificateTimeInvalid(X509Certificate[] x509CertificateArr) {
        return nonEmpty(x509CertificateArr) && checkCertTimeInvalid(x509CertificateArr[0]);
    }
}
