package com.lookout.networksecurity;

import com.lookout.androidcommons.util.Immutable;
import com.lookout.androidcommons.util.URLUtils;
import com.lookout.bluffdale.enums.AnomalousProperties;
import com.lookout.bluffdale.enums.ProbingTrigger;
import com.lookout.bluffdale.messages.security.HostCertificate;
import com.lookout.bluffdale.messages.security.NetworkContext;
import com.lookout.bluffdale.messages.security.ProbingResult;
import com.lookout.shaded.slf4j.Logger;
import com.lookout.shaded.slf4j.LoggerFactory;
import java.io.ByteArrayInputStream;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes4.dex */
public class NetworkSecurityStatus {
    public static final int DEFAULT_NETWORK_ID = -1;
    public static final List<AnomalousProperties> a = Immutable.newList(AnomalousProperties.HOST_CERTIFICATE, AnomalousProperties.PROTOCOL_PARAMETERS, AnomalousProperties.ROOT_OF_TRUST);
    public final ProbingTrigger b;

    /* renamed from: c, reason: collision with root package name */
    public final List<ProbingResult> f3065c;
    public final List<AnomalousProperties> d;
    public final NetworkContext e;
    public final int f;
    private final Logger g = LoggerFactory.getLogger(NetworkSecurityStatus.class);

    public NetworkSecurityStatus(ProbingTrigger probingTrigger, List<ProbingResult> list, List<AnomalousProperties> list2, NetworkContext networkContext, int i) {
        this.b = probingTrigger;
        this.f3065c = Collections.unmodifiableList(list);
        this.d = Collections.unmodifiableList(list2);
        this.e = networkContext;
        this.f = i;
    }

    private static X509Certificate a(Collection<? extends X509Certificate> collection, X509Certificate x509Certificate) {
        for (X509Certificate x509Certificate2 : collection) {
            if (x509Certificate == null) {
                x509Certificate = x509Certificate2;
            }
            if (x509Certificate.getIssuerX500Principal().equals(x509Certificate2.getSubjectX500Principal())) {
                x509Certificate.verify(x509Certificate2.getPublicKey());
                return x509Certificate2;
            }
        }
        return null;
    }

    public List<AnomalousProperties> getAnomalousProperties() {
        return this.d;
    }

    public String getCertificateHashes() {
        StringBuilder sb = new StringBuilder();
        Iterator<ProbingResult> it = this.f3065c.iterator();
        while (it.hasNext()) {
            Iterator<HostCertificate> it2 = it.next().certificate_chain.iterator();
            while (it2.hasNext()) {
                sb.append(it2.next().spki_hash.p());
            }
        }
        return sb.toString();
    }

    public NetworkContext getNetworkContext() {
        return this.e;
    }

    public int getNetworkId() {
        return this.f;
    }

    public List<ProbingResult> getProbingResults() {
        return this.f3065c;
    }

    public ProbingTrigger getProbingTrigger() {
        return this.b;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.Iterator] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.util.Iterator] */
    /* JADX WARN: Type inference failed for: r0v4 */
    /* JADX WARN: Type inference failed for: r0v5 */
    /* JADX WARN: Type inference failed for: r0v6, types: [java.lang.String] */
    public String getRootCertificateHash() {
        ?? it = this.f3065c.iterator();
        while (it.hasNext()) {
            ProbingResult probingResult = (ProbingResult) it.next();
            try {
                if (URLUtils.HTTPS.equals(new URL(probingResult.endpoint).getProtocol())) {
                    if (!probingResult.certificate_chain.isEmpty()) {
                        it = this.f3065c.get(1).certificate_chain.get(this.f3065c.get(1).certificate_chain.size() - 1).spki_hash.p();
                        return it;
                    }
                    this.g.warn("Network Security HostCertificates in https probingResults is empty..continuing");
                }
            } catch (Exception e) {
                this.g.warn("Network Security Probing result Endpoint '{" + probingResult.endpoint + "}' is invalid...continuing", (Throwable) e);
            }
        }
        return "";
    }

    public boolean isValidCertChain() {
        ArrayList arrayList = new ArrayList();
        X509Certificate x509Certificate = null;
        for (ProbingResult probingResult : this.f3065c) {
            if (!probingResult.certificate_chain.isEmpty()) {
                Iterator<HostCertificate> it = probingResult.certificate_chain.iterator();
                while (it.hasNext()) {
                    try {
                        X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(it.next().encoded_certificate.o()));
                        arrayList.add(x509Certificate2);
                        if (x509Certificate2.getBasicConstraints() == -1) {
                            x509Certificate = x509Certificate2;
                        }
                    } catch (CertificateException unused) {
                    }
                }
            }
        }
        if (!arrayList.isEmpty()) {
            try {
                X509Certificate a2 = a(arrayList, x509Certificate);
                new StringBuilder("Network Security Is certificate chain verified: ").append(a2 != null);
                return a2 != null;
            } catch (NullPointerException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
                this.g.warn("Network Security Can't verify issuer of the leaf certificate: ", e);
            }
        }
        return false;
    }

    public boolean shouldBackChannel() {
        return !Collections.disjoint(a, this.d);
    }
}
