package com.microsoft.windowsintune.companyportal.utils;

import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes5.dex */
public final class CertUtils {
    private static final String ANDROID_CA_KEYSTORE_TYPE = "AndroidCAStore";
    private static final Logger LOGGER = Logger.getLogger(CertUtils.class.getName());

    private CertUtils() {
    }

    private static boolean checkCertFromKeyStoreByIssuerCommonName(KeyStore keyStore, String str) throws Exception {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            if (checkCertIssuerFromKeyStoreByAlias(keyStore, aliases.nextElement(), str)) {
                return true;
            }
        }
        return false;
    }

    private static boolean checkCertIssuerFromKeyStoreByAlias(KeyStore keyStore, String str, String str2) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
            if (x509Certificate == null || x509Certificate.getIssuerDN() == null) {
                return false;
            }
            return x509Certificate.getIssuerDN().toString().contains(str2);
        } catch (Exception unused) {
            return false;
        }
    }

    public static boolean isCertificateTrustedOnTheDevice(String str, String str2, boolean z) {
        KeyStore keyStore;
        if (StringUtils.isBlank(str)) {
            return false;
        }
        try {
            keyStore = KeyStore.getInstance(ANDROID_CA_KEYSTORE_TYPE);
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, "failed when checking certificate from keyStore.", (Throwable) e);
        }
        if (keyStore != null) {
            keyStore.load(null, null);
            return checkCertIssuerFromKeyStoreByAlias(keyStore, str2, str) || checkCertFromKeyStoreByIssuerCommonName(keyStore, str);
        }
        LOGGER.warning("Key store instance is null. Unable to check certificates.");
        return z;
    }
}
