package com.microsoft.intune.mam.http;

import android.net.http.SslError;
import android.webkit.SslErrorHandler;
import android.webkit.WebView;
import com.microsoft.intune.mam.client.identity.IdentityResolver;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import java.net.URI;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import kotlin.HubConnectionExternalSyntheticLambda36;
import kotlin.Metadata;
import kotlin.getMinimumRequiredSecurity;

@Metadata(d1 = {"\u0000>\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0007\u0018\u0000 \u00192\u00020\u0001:\u0001\u0019B\u0019\b\u0007\u0012\u0006\u0010\u0003\u001a\u00020\u0014\u0012\u0006\u0010\u0005\u001a\u00020\u0011¢\u0006\u0004\b\u0017\u0010\u0018J#\u0010\u0007\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0003\u001a\u00020\u00022\b\u0010\u0005\u001a\u0004\u0018\u00010\u0004H\u0002¢\u0006\u0004\b\u0007\u0010\bJ#\u0010\t\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0003\u001a\u00020\u00022\b\u0010\u0005\u001a\u0004\u0018\u00010\u0006H\u0002¢\u0006\u0004\b\t\u0010\nJ'\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u000b2\u0006\u0010\r\u001a\u00020\fH\u0016¢\u0006\u0004\b\u000f\u0010\u0010R\u0014\u0010\u0012\u001a\u00020\u00118\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0012\u0010\u0013R\u0014\u0010\u0015\u001a\u00020\u00148\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0015\u0010\u0016"}, d2 = {"Lcom/microsoft/intune/mam/http/WebViewClientBehaviorImpl;", "Lcom/microsoft/intune/mam/http/WebViewClientBehavior;", "Landroid/webkit/WebView;", "p0", "Ljava/security/cert/X509Certificate;", "p1", "", "detectAuthTypeFromCertificate", "(Landroid/webkit/WebView;Ljava/security/cert/X509Certificate;)Ljava/lang/String;", "getHost", "(Landroid/webkit/WebView;Ljava/lang/String;)Ljava/lang/String;", "Landroid/webkit/SslErrorHandler;", "Landroid/net/http/SslError;", "p2", "", "onReceivedSslError", "(Landroid/webkit/WebView;Landroid/webkit/SslErrorHandler;Landroid/net/http/SslError;)Z", "Lcom/microsoft/intune/mam/client/identity/IdentityResolver;", "identityResolver", "Lcom/microsoft/intune/mam/client/identity/IdentityResolver;", "Lcom/microsoft/intune/mam/http/TrustedRootCerts;", "trustedRootCerts", "Lcom/microsoft/intune/mam/http/TrustedRootCerts;", "<init>", "(Lcom/microsoft/intune/mam/http/TrustedRootCerts;Lcom/microsoft/intune/mam/client/identity/IdentityResolver;)V", "Companion"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes4.dex */
public final class WebViewClientBehaviorImpl implements WebViewClientBehavior {
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger(WebViewClientBehaviorImpl.class);
    private final IdentityResolver identityResolver;
    private final TrustedRootCerts trustedRootCerts;

    @HubConnectionExternalSyntheticLambda36
    public WebViewClientBehaviorImpl(TrustedRootCerts trustedRootCerts, IdentityResolver identityResolver) {
        getMinimumRequiredSecurity.glTexBufferRangeEXT(trustedRootCerts, "");
        getMinimumRequiredSecurity.glTexBufferRangeEXT(identityResolver, "");
        this.trustedRootCerts = trustedRootCerts;
        this.identityResolver = identityResolver;
    }

    private final String detectAuthTypeFromCertificate(WebView p0, X509Certificate p1) {
        if (p1 == null || p1.getPublicKey() == null) {
            LOGGER.warning("Unable to detect auth type on WebView instance " + p0 + '.', new Object[0]);
            return null;
        }
        String algorithm = p1.getPublicKey().getAlgorithm();
        LOGGER.fine("Detected auth type " + algorithm + " on WebView instance " + p0 + '.', new Object[0]);
        return algorithm;
    }

    private final String getHost(WebView p0, String p1) {
        if (p1 == null) {
            LOGGER.warning("Received null URL on WebView instance " + p0 + '.', new Object[0]);
            return null;
        }
        try {
            return URI.create(p1).getHost();
        } catch (IllegalArgumentException unused) {
            LOGGER.warning("Unable to detect host from URL on WebView instance " + p0 + '.', new Object[0]);
            return null;
        }
    }

    @Override // com.microsoft.intune.mam.http.WebViewClientBehavior
    public boolean onReceivedSslError(WebView p0, SslErrorHandler p1, SslError p2) {
        X509Certificate x509Certificate;
        X509Certificate x509Certificate2;
        String str;
        boolean z;
        String str2 = "";
        getMinimumRequiredSecurity.glTexBufferRangeEXT(p0, "");
        getMinimumRequiredSecurity.glTexBufferRangeEXT(p1, "");
        getMinimumRequiredSecurity.glTexBufferRangeEXT(p2, "");
        if (!p2.hasError(3)) {
            LOGGER.fine("SslError " + p2 + " does not contain error SSL_UNTRUSTED for a host on WebView instance " + p0 + '.', new Object[0]);
            return false;
        }
        if (p2.getCertificate() == null) {
            LOGGER.warning("Received null SslCertificate on WebView instance " + p0 + '.', new Object[0]);
            return false;
        }
        String host = getHost(p0, p2.getUrl());
        if (host == null) {
            return false;
        }
        x509Certificate = p2.getCertificate().getX509Certificate();
        String detectAuthTypeFromCertificate = detectAuthTypeFromCertificate(p0, x509Certificate);
        if (detectAuthTypeFromCertificate == null) {
            return false;
        }
        MAMIdentity viewIdentity = this.identityResolver.getViewIdentity(p0);
        TrustedRootCerts trustedRootCerts = this.trustedRootCerts;
        getMinimumRequiredSecurity.isLayoutRequested(viewIdentity, "");
        TrustManager[] intuneCertsTrustManagers = trustedRootCerts.getIntuneCertsTrustManagers(viewIdentity);
        x509Certificate2 = p2.getCertificate().getX509Certificate();
        X509Certificate[] x509CertificateArr = {x509Certificate2};
        if (intuneCertsTrustManagers.length == 0) {
            LOGGER.warning("No custom trust managers received for WebView instance " + p0 + '.', new Object[0]);
            return false;
        }
        int length = intuneCertsTrustManagers.length;
        int i = 0;
        boolean z2 = true;
        while (i < length) {
            TrustManager trustManager = intuneCertsTrustManagers[i];
            try {
                getMinimumRequiredSecurity.BCSNTRUPrimePrivateKey(trustManager, str2);
                ((HostAwareX509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, detectAuthTypeFromCertificate, host);
                str = str2;
                try {
                    LOGGER.fine("TrustManager " + trustManager + " succeeded to trust a host on WebView instance " + p0 + " with SslError " + p2 + '.', new Object[0]);
                    z = true;
                } catch (CertificateException e) {
                    e = e;
                    LOGGER.warning("TrustManager " + trustManager + " failed to trust a host on WebView instance " + p0 + " with SslError " + p2 + '.', e);
                    z = false;
                    if (z2) {
                    }
                    i++;
                    str2 = str;
                }
            } catch (CertificateException e2) {
                e = e2;
                str = str2;
            }
            z2 = !z2 && z;
            i++;
            str2 = str;
        }
        if (z2) {
            LOGGER.fine("The handling of SslError " + p2 + " succeeded for a host on WebView instance " + p0 + '.', new Object[0]);
            p1.proceed();
        } else {
            LOGGER.info("Failed to trust a host on WebView instance " + p0 + " with SslError " + p2 + '.', new Object[0]);
        }
        return z2;
    }
}
