package by.avest.crypto.conscrypt;

import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes.dex */
public class PinListEntry {
    private final TrustedCertificateStore certStore;
    private final String cn;
    private final boolean enforcing;
    private final Set<String> pinnedFingerprints = new HashSet();

    public PinListEntry(String str, TrustedCertificateStore trustedCertificateStore) throws PinEntryException {
        if (str == null) {
            throw new NullPointerException("entry == null");
        }
        this.certStore = trustedCertificateStore;
        String[] split = str.split("[=,|]");
        if (split.length < 3) {
            throw new PinEntryException("Received malformed pin entry");
        }
        this.cn = split[0];
        this.enforcing = enforcementValueFromString(split[1]);
        addPins((String[]) Arrays.copyOfRange(split, 2, split.length));
    }

    private void addPins(String[] strArr) {
        for (String str : strArr) {
            validatePin(str);
        }
        Collections.addAll(this.pinnedFingerprints, strArr);
    }

    private boolean chainContainsUserCert(List<X509Certificate> list) {
        if (this.certStore == null) {
            return false;
        }
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            if (this.certStore.isUserAddedCertificate(it.next())) {
                return true;
            }
        }
        return false;
    }

    private static boolean enforcementValueFromString(String str) throws PinEntryException {
        if (str.equals("true")) {
            return true;
        }
        if (str.equals("false")) {
            return false;
        }
        throw new PinEntryException("Enforcement status is not a valid value");
    }

    private static String getFingerprint(X509Certificate x509Certificate) {
        try {
            return Hex.bytesToHexString(MessageDigest.getInstance("SHA512").digest(x509Certificate.getPublicKey().getEncoded()));
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    private void logPinFailure(List<X509Certificate> list, boolean z) {
        PinFailureLogger.log(this.cn, z, this.enforcing, list);
    }

    private static void validatePin(String str) {
        if (str.length() != 128) {
            throw new IllegalArgumentException("Pin is not a valid length");
        }
        try {
            new BigInteger(str, 16);
        } catch (NumberFormatException e) {
            throw new IllegalArgumentException("Pin is not a valid hex string", e);
        }
    }

    public String getCommonName() {
        return this.cn;
    }

    public boolean getEnforcing() {
        return this.enforcing;
    }

    public boolean isChainValid(List<X509Certificate> list) {
        boolean chainContainsUserCert = chainContainsUserCert(list);
        if (!chainContainsUserCert) {
            Iterator<X509Certificate> it = list.iterator();
            while (it.hasNext()) {
                if (this.pinnedFingerprints.contains(getFingerprint(it.next()))) {
                    return true;
                }
            }
        }
        logPinFailure(list, chainContainsUserCert);
        return !this.enforcing || chainContainsUserCert;
    }
}
