package net.soti.ssl;

import com.google.common.base.Optional;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import net.soti.mobicontrol.ai.k;
import net.soti.mobicontrol.bk.a.a.b;
import net.soti.mobicontrol.bk.a.b.c;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class CertVerifier {
    private final TrustCheckerChainBuilder builder;
    private final k logger;

    public CertVerifier(TrustCheckerChainBuilder trustCheckerChainBuilder, k kVar) {
        this.logger = kVar;
        this.builder = trustCheckerChainBuilder;
    }

    private boolean checkCertTimeInvalid(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity();
        } catch (CertificateNotYetValidException e) {
            return true;
        } catch (CertificateException e2) {
            this.logger.b("Exception", e2);
        }
        return false;
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x0032, code lost:
    
        r6.logger.d("[checkServerTrusted] incomplete chain", new java.lang.Object[0]);
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x0043, code lost:
    
        throw new java.security.cert.CertificateException("incomplete chain");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean checkCertificateChainIncomplete(java.security.cert.X509Certificate[] r7) {
        /*
            r6 = this;
            r2 = 0
            r3 = 1
            r0 = r7[r2]
            com.google.common.base.Optional r0 = com.google.common.base.Optional.fromNullable(r0)
            java.util.ArrayList r5 = new java.util.ArrayList     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            r5.<init>()     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.util.List r1 = java.util.Arrays.asList(r7)     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            r5.addAll(r1)     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            net.soti.ssl.TrustCheckerChainBuilder r1 = r6.builder     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.util.List r1 = r1.getAcceptedIssuers()     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            r5.addAll(r1)     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            r1 = r0
        L1e:
            java.lang.Object r0 = r1.get()     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            javax.security.auth.x500.X500Principal r0 = r0.getIssuerX500Principal()     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            com.google.common.base.Optional r4 = findCert(r0, r5)     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            boolean r0 = r4.isPresent()     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            if (r0 != 0) goto L4e
            net.soti.mobicontrol.ai.k r0 = r6.logger     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.lang.String r1 = "[checkServerTrusted] incomplete chain"
            r2 = 0
            java.lang.Object[] r2 = new java.lang.Object[r2]     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            r0.d(r1, r2)     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.lang.String r1 = "incomplete chain"
            r0.<init>(r1)     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            throw r0     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
        L44:
            r0 = move-exception
            net.soti.mobicontrol.ai.k r1 = r6.logger
            java.lang.String r2 = "exception"
            r1.b(r2, r0)
            r0 = r3
        L4d:
            return r0
        L4e:
            java.lang.Object r0 = r1.get()     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.lang.Object r1 = r4.get()     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.security.cert.X509Certificate r1 = (java.security.cert.X509Certificate) r1     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.security.PublicKey r1 = r1.getPublicKey()     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            r0.verify(r1)     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.lang.Object r0 = r4.get()     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            javax.security.auth.x500.X500Principal r1 = r0.getSubjectX500Principal()     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.lang.Object r0 = r4.get()     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            javax.security.auth.x500.X500Principal r0 = r0.getIssuerX500Principal()     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            boolean r0 = r1.equals(r0)     // Catch: java.security.cert.CertificateException -> L44 java.security.NoSuchAlgorithmException -> L7d java.security.InvalidKeyException -> L87 java.security.NoSuchProviderException -> L91 java.security.SignatureException -> L9b
            if (r0 == 0) goto La5
            r0 = r2
            goto L4d
        L7d:
            r0 = move-exception
            net.soti.mobicontrol.ai.k r1 = r6.logger
            java.lang.String r2 = "exception"
            r1.b(r2, r0)
            r0 = r3
            goto L4d
        L87:
            r0 = move-exception
            net.soti.mobicontrol.ai.k r1 = r6.logger
            java.lang.String r2 = "exception"
            r1.b(r2, r0)
            r0 = r3
            goto L4d
        L91:
            r0 = move-exception
            net.soti.mobicontrol.ai.k r1 = r6.logger
            java.lang.String r2 = "exception"
            r1.b(r2, r0)
            r0 = r3
            goto L4d
        L9b:
            r0 = move-exception
            net.soti.mobicontrol.ai.k r1 = r6.logger
            java.lang.String r2 = "exception"
            r1.b(r2, r0)
            r0 = r3
            goto L4d
        La5:
            r1 = r4
            goto L1e
        */
        throw new UnsupportedOperationException("Method not decompiled: net.soti.ssl.CertVerifier.checkCertificateChainIncomplete(java.security.cert.X509Certificate[]):boolean");
    }

    private boolean checkCertificateExpiration(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity();
        } catch (CertificateExpiredException e) {
            return true;
        } catch (CertificateException e2) {
            this.logger.b("Exception", e2);
        }
        return false;
    }

    private static Optional<X509Certificate> findCert(final X500Principal x500Principal, List<X509Certificate> list) {
        return b.a(list).a((c) new c<X509Certificate>() { // from class: net.soti.ssl.CertVerifier.1
            @Override // net.soti.mobicontrol.bk.a.b.c, net.soti.mobicontrol.bk.a.b.a
            public Boolean f(X509Certificate x509Certificate) {
                return Boolean.valueOf(x509Certificate.getSubjectX500Principal().equals(x500Principal));
            }
        });
    }

    private static boolean nonEmpty(X509Certificate[] x509CertificateArr) {
        return x509CertificateArr != null && x509CertificateArr.length > 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<CertificateValidationErrorType> getCertificateValidationErrorType(X509Certificate[] x509CertificateArr) {
        return isCertificateTimeInvalid(x509CertificateArr) ? Optional.of(CertificateValidationErrorType.CERT_TIME_IS_NOT_VALID) : isCertificateExpired(x509CertificateArr) ? Optional.of(CertificateValidationErrorType.CERT_EXPIRED) : isCertificateChainIncomplete(x509CertificateArr) ? Optional.of(CertificateValidationErrorType.GENERAL_CERT_ERROR) : Optional.absent();
    }

    public boolean isCertificateChainIncomplete(X509Certificate[] x509CertificateArr) {
        return nonEmpty(x509CertificateArr) && checkCertificateChainIncomplete(x509CertificateArr);
    }

    public boolean isCertificateExpired(X509Certificate[] x509CertificateArr) {
        return nonEmpty(x509CertificateArr) && checkCertificateExpiration(x509CertificateArr[0]);
    }

    public boolean isCertificateTimeInvalid(X509Certificate[] x509CertificateArr) {
        return nonEmpty(x509CertificateArr) && checkCertTimeInvalid(x509CertificateArr[0]);
    }
}
