package com.tomtom.navcloud.common.security;

import com.tomtom.navcloud.common.Logger;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.annotation.ParametersAreNonnullByDefault;

@ParametersAreNonnullByDefault
/* loaded from: classes.dex */
public class X509CertificateChainNormaliser {

    /* renamed from: a, reason: collision with root package name */
    private final TrustedRootsData f697a;

    /* renamed from: b, reason: collision with root package name */
    private final Logger f698b;

    public X509CertificateChainNormaliser(TrustedRootsData trustedRootsData, Logger logger) {
        this.f697a = trustedRootsData;
        this.f698b = logger;
    }

    private boolean a(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (!x509Certificate.getSubjectX500Principal().equals(x509Certificate2.getIssuerX500Principal())) {
            String str = "Certificate encountered that is not part of trust chain: " + x509Certificate2;
            this.f698b.c();
            return false;
        }
        try {
            x509Certificate2.verify(x509Certificate.getPublicKey());
            return true;
        } catch (GeneralSecurityException e) {
            String str2 = "Certificate signature is incorrect: " + x509Certificate2;
            this.f698b.b();
            return false;
        }
    }

    public final List<X509Certificate> a(X509Certificate... x509CertificateArr) {
        boolean z;
        ArrayList arrayList = new ArrayList();
        X509Certificate x509Certificate = null;
        int length = x509CertificateArr.length;
        int i = 0;
        boolean z2 = false;
        while (i < length) {
            X509Certificate x509Certificate2 = x509CertificateArr[i];
            if (x509Certificate == null || a(x509Certificate2, x509Certificate)) {
                z = this.f697a.b().contains(SubjectPublicKeyInfo.a(x509Certificate2)) ? true : z2;
                arrayList.add(x509Certificate2);
            } else {
                x509Certificate2 = x509Certificate;
                z = z2;
            }
            i++;
            z2 = z;
            x509Certificate = x509Certificate2;
        }
        if (!z2 && x509Certificate != null) {
            X509Certificate x509Certificate3 = this.f697a.a().get(x509Certificate.getIssuerX500Principal());
            if (x509Certificate3 == null || !a(x509Certificate3, x509Certificate)) {
                throw new CertificateException("Certificate chain contains no trusted authority.");
            }
            arrayList.add(x509Certificate3);
        }
        return Collections.unmodifiableList(arrayList);
    }
}
