package com.blackberry.security.trustmgr.blacklist;

import android.content.Context;
import android.util.Log;
import com.blackberry.security.trustmgr.BlacklistProfile;
import com.blackberry.security.trustmgr.FutureResult;
import com.blackberry.security.trustmgr.ValidationContext;
import com.blackberry.security.trustmgr.a.aa;
import com.blackberry.security.trustmgr.a.c;
import com.blackberry.security.trustmgr.a.k;
import com.blackberry.security.trustmgr.a.p;
import com.blackberry.security.trustmgr.a.u;
import com.blackberry.security.trustmgr.a.y;
import com.blackberry.security.trustmgr.a.z;
import java.security.cert.CertPath;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: classes.dex */
class BlacklistValidator extends c {
    private static final int ALT_DNS_NAME = 2;
    private static final String LOG_TAG = "certmgr:trustmgr:BlacklistValidator";
    private CertBlacklist certBlacklist;

    public BlacklistValidator(Context context) {
        addSupportedProfileType(BlacklistProfile.class);
        this.certBlacklist = new CertBlacklist(context);
    }

    private boolean isAlternativeSubjectNameBlacklisted(X509Certificate x509Certificate) {
        Integer num;
        String str;
        if (x509Certificate == null) {
            return false;
        }
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    if (list != null && 2 <= list.size() && (num = (Integer) list.get(0)) != null && num.intValue() == 2 && (str = (String) list.get(1)) != null && this.certBlacklist.isBbDomainSerialBlacklisted(str, x509Certificate.getSerialNumber())) {
                        return true;
                    }
                }
            }
        } catch (CertificateParsingException e) {
            String message = e.getMessage();
            if (message == null) {
                message = "failed to parse certificate";
            }
            Log.w(LOG_TAG, "DomainNameValidator.matchDns(): " + message);
        }
        return false;
    }

    private boolean isSubjectNameBlacklisted(X509Certificate x509Certificate) {
        String name;
        if (x509Certificate != null && (name = x509Certificate.getSubjectDN().getName()) != null && !name.isEmpty()) {
            Matcher matcher = Pattern.compile("(?i)(cn=)([^,]*)").matcher(name);
            while (matcher.find()) {
                if (this.certBlacklist.isBbDomainSerialBlacklisted(matcher.group(2), x509Certificate.getSerialNumber())) {
                    return true;
                }
            }
        }
        return false;
    }

    @Override // com.blackberry.security.trustmgr.Validator
    public FutureResult<Void> validate(ValidationContext validationContext) {
        if (((BlacklistProfile) getProfile(BlacklistProfile.class)) == null) {
            throw new z("Missing Blacklist Profile");
        }
        if (validationContext == null) {
            throw new z("Null context");
        }
        CertPath certPath = (CertPath) validationContext.get(p.cpA);
        if (certPath == null) {
            throw new z("No certificate path provided");
        }
        ArrayList arrayList = new ArrayList(certPath.getCertificates());
        X509Certificate[] x509CertificateArr = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        u uVar = new u();
        int length = x509CertificateArr.length;
        int i = 0;
        while (true) {
            k kVar = null;
            if (i >= length) {
                ((aa) validationContext.get(ValidationContext.WARNINGS)).a(BlacklistProfile.class, uVar);
                return new y(null);
            }
            X509Certificate x509Certificate = x509CertificateArr[i];
            if (x509Certificate.getBasicConstraints() == -1) {
                if (this.certBlacklist.isSerialNumberBlackListed(x509Certificate.getSerialNumber())) {
                    kVar = new k(k.a.STATUS_REVOKED);
                    kVar.hs("Certificate serial number is blacklisted");
                    Log.d(LOG_TAG, "Certificate serial number is blacklisted, subject field =" + x509Certificate.getSubjectDN().toString());
                }
            } else if (this.certBlacklist.isPublicKeyBlackListed(x509Certificate.getPublicKey())) {
                kVar = new k(k.a.STATUS_REVOKED);
                kVar.hs("Certificate public key is blacklisted");
                Log.d(LOG_TAG, "Certificate public key is blacklisted, subject field =" + x509Certificate.getSubjectDN().toString());
            }
            if (this.certBlacklist.isBbSerialBlacklisted(x509Certificate.getSerialNumber())) {
                kVar = new k(k.a.STATUS_REVOKED);
                kVar.hs("Certificate serial number is BlackBerry blacklisted");
                Log.d(LOG_TAG, "Certificate serial number is BlackBerry blacklisted, subject field =" + x509Certificate.getSubjectDN().toString());
            }
            if (isSubjectNameBlacklisted(x509Certificate)) {
                kVar = new k(k.a.STATUS_REVOKED);
                kVar.hs("Certificate subject name is BlackBerry blacklisted");
                Log.d(LOG_TAG, "Certificate subject name is BlackBerry blacklisted, subject field =" + x509Certificate.getSubjectDN().toString());
            }
            if (isAlternativeSubjectNameBlacklisted(x509Certificate)) {
                kVar = new k(k.a.STATUS_REVOKED);
                kVar.hs("Certificate alternative subject name is BlackBerry blacklisted");
                Log.d(LOG_TAG, "Certificate alternative subject name is BlackBerry blacklisted, subject field =" + x509Certificate.getSubjectDN().toString());
            }
            if (kVar != null) {
                k kVar2 = new k(kVar.Sn());
                kVar2.f(kVar.getDebugInfo());
                uVar.b(kVar2);
                uVar.a(x509Certificate, kVar);
            }
            i++;
        }
    }
}
