package com.sec.enterprise.knox.cloudmdm.smdms.security;

import android.util.Base64;
import com.sec.enterprise.knox.cloudmdm.smdms.policyinterface.Utils;
import com.sec.enterprise.knox.cloudmdm.smdms.utilities.Log;
import com.sec.enterprise.knox.express.ExpressApp;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.io.IOUtils;

/* loaded from: classes.dex */
public class CertificateValidator {
    static final String BEGIN = "-----BEGIN CERTIFICATE-----";
    static final String CERT = "^-----BEGIN CERTIFICATE-----.*-----END CERTIFICATE-----";
    static final String END = "-----END CERTIFICATE-----";
    private static final String MYKNOX_CHINA_SERVER_CERT = "MYKNOX_CHINA_SERVER_CERT.PEM";
    private static final String TAG = "MyKNOX:CertificateValidator";

    public static List<X509Certificate> readCerts(String str) throws CertificateException, IOException {
        ArrayList arrayList = new ArrayList();
        String replaceAll = str.replaceAll(IOUtils.LINE_SEPARATOR_UNIX, "");
        try {
            CertificateFactory.getInstance("X.509");
            BufferedReader bufferedReader = new BufferedReader(new StringReader(replaceAll));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    return arrayList;
                }
                for (String str2 : readLine.split(BEGIN)) {
                    if (str2 != null && !str2.isEmpty()) {
                        arrayList.add(readPem(str2));
                    }
                }
            }
        } catch (CertificateException e) {
            Log.e(TAG, "Exception: " + e.getMessage());
            return null;
        }
    }

    public static X509Certificate readPem(String str) throws IOException, CertificateException {
        Log.d(TAG, "Cert readPem!");
        if (str == null) {
            Log.e(TAG, "Cert String is Null!");
            return null;
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            byte[] readPemBytes = readPemBytes(str);
            return readPemBytes != null ? (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(readPemBytes)) : null;
        } catch (CertificateException e) {
            Log.e(TAG, "Exception: " + e.getMessage());
            return null;
        }
    }

    private static byte[] readPemBytes(String str) throws IOException {
        String readLine = new BufferedReader(new StringReader(str)).readLine();
        if (readLine == null) {
            return null;
        }
        if (readLine.startsWith(BEGIN)) {
            readLine = readLine.substring(BEGIN.length());
        }
        if (readLine.endsWith(END) || readLine.contains(END)) {
            readLine = readLine.substring(0, readLine.indexOf(END));
        }
        return Base64.decode(readLine.trim(), 0);
    }

    public static boolean validateCertificateChain(String str) throws Exception {
        List<X509Certificate> readCerts = readCerts(str);
        try {
            try {
                X509Certificate x509Certificate = readCerts.get(0);
                KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
                keyStore.load(null, null);
                Enumeration<String> aliases = keyStore.aliases();
                HashSet hashSet = new HashSet();
                while (aliases.hasMoreElements()) {
                    hashSet.add((X509Certificate) keyStore.getCertificate(aliases.nextElement()));
                }
                try {
                } catch (Exception e) {
                    Log.d(TAG, "Exception caught in pinning...");
                    e.printStackTrace();
                }
                if (readCerts(Utils.readFile(ExpressApp.getInstance().getApplicationContext().getAssets().open(MYKNOX_CHINA_SERVER_CERT))).get(0).equals(x509Certificate)) {
                    Log.d(TAG, "SAME :)");
                    return true;
                }
                Log.d(TAG, "NOT SAME :(");
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificate(x509Certificate);
                HashSet hashSet2 = new HashSet();
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    hashSet2.add(new TrustAnchor((X509Certificate) it.next(), null));
                }
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet2, x509CertSelector);
                pKIXBuilderParameters.setRevocationEnabled(false);
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(readCerts)));
                CertPath certPath = ((PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters)).getCertPath();
                PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
                pKIXParameters.setRevocationEnabled(false);
                PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX").validate(certPath, pKIXParameters);
                Log.d(TAG, "Server Cert validation!");
                return pKIXCertPathValidatorResult != null;
            } catch (Exception e2) {
                Log.d(TAG, "@validateCertificateChain - Other exception caught!");
                Log.e(TAG, "Exception: " + e2.getMessage());
                return false;
            }
        } catch (CertPathBuilderException e3) {
            Log.d(TAG, "@validateCertificateChain - CertPathBuilderException ---> validateCertificateChain fails");
            Log.e(TAG, "Exception: " + e3.getMessage());
            return false;
        }
    }
}
