package com.lookout.networksecurity.probing;

import android.util.Base64;
import com.lookout.networksecurity.utils.FallbackHashUtils;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x500.X500NameStyle;
import org.spongycastle.asn1.x500.style.BCStyle;
import org.spongycastle.cert.jcajce.JcaX509CertificateHolder;

/* loaded from: classes.dex */
public class X509CertificateUtils {
    private static final Logger a = LoggerFactory.a(X509CertificateUtils.class);
    private static final X500NameStyle b = BCStyle.INSTANCE;
    private static final FallbackHashUtils c = new FallbackHashUtils();

    /* loaded from: classes.dex */
    public class ConstructionException extends Exception {
        public ConstructionException(String str) {
            super(str);
        }
    }

    public X509CertificateWrapper a(List list, X509CertificateWrapper x509CertificateWrapper) {
        JcaX509CertificateHolder b2 = x509CertificateWrapper.b();
        if (b2 == null) {
            return null;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            X509CertificateWrapper x509CertificateWrapper2 = (X509CertificateWrapper) it.next();
            JcaX509CertificateHolder b3 = x509CertificateWrapper2.b();
            if (b3 != null && a(b2.getIssuer(), b3.getSubject())) {
                if (StringUtils.equals(x509CertificateWrapper.c(), x509CertificateWrapper2.c())) {
                    return null;
                }
                try {
                    x509CertificateWrapper.a().verify(x509CertificateWrapper2.a().getPublicKey());
                    return x509CertificateWrapper2;
                } catch (Exception e) {
                    a.d("The root certificate " + x509CertificateWrapper2 + " indicated that it signed " + x509CertificateWrapper + " but cryptographic verification failed", (Throwable) e);
                }
            }
        }
        return null;
    }

    public String a(JcaX509CertificateHolder jcaX509CertificateHolder) {
        try {
            return a(jcaX509CertificateHolder.getSubjectPublicKeyInfo().getEncoded());
        } catch (IOException e) {
            a.c("Exception when trying to generate spki hash", (Throwable) e);
            return null;
        }
    }

    public String a(byte[] bArr) {
        return bArr.length == 0 ? "" : Base64.encodeToString(c.a(bArr), 2);
    }

    public X509TrustManager a() {
        X509TrustManager x509TrustManager;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        int length = trustManagers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                x509TrustManager = null;
                break;
            }
            TrustManager trustManager = trustManagers[i];
            if (trustManager instanceof X509TrustManager) {
                x509TrustManager = (X509TrustManager) trustManager;
                break;
            }
            i++;
        }
        if (x509TrustManager == null) {
            throw new ConstructionException("Unable to find system X509TrustManager implementation");
        }
        return x509TrustManager;
    }

    public JcaX509CertificateHolder a(X509Certificate x509Certificate) {
        return new JcaX509CertificateHolder(x509Certificate);
    }

    public boolean a(X500Name x500Name, X500Name x500Name2) {
        return b.areEqual(x500Name, x500Name2);
    }
}
