package de.idnow.sdk.network;

import de.idnow.sdk.CertificateProvider;
import de.idnow.sdk.util.Util_Log;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;

/* loaded from: classes.dex */
public class CertificateProviderEx {
    private static final String LOGTAG = "CertificateProviderEx";
    private final CertificateProvider provider;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificateProviderEx(CertificateProvider certificateProvider) {
        this.provider = certificateProvider;
    }

    private static boolean isFingerprintTrusted(byte[] bArr, byte[][] bArr2) {
        for (byte[] bArr3 : bArr2) {
            if (Arrays.equals(bArr, bArr3)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean validateServerCertificateChain(X509Certificate[] x509CertificateArr) {
        boolean z4;
        boolean z5;
        if (!this.provider.featureServerCert() && !this.provider.featureFingerPrint()) {
            return true;
        }
        if (this.provider.featureFingerPrint()) {
            byte[][] provideServerFingerPrintByteStreams = this.provider.provideServerFingerPrintByteStreams();
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    if (isFingerprintTrusted(messageDigest.digest(x509Certificate.getEncoded()), provideServerFingerPrintByteStreams)) {
                        z4 = true;
                        break;
                    }
                }
            } catch (NoSuchAlgorithmException | CertificateEncodingException unused) {
                Util_Log.e(LOGTAG, "Cannot encode server certificate");
                return false;
            }
        }
        z4 = false;
        if (this.provider.featureServerCert()) {
            z5 = false;
            for (X509Certificate x509Certificate2 : x509CertificateArr) {
                try {
                    if (this.provider.verifyServerCertificate(x509Certificate2.getEncoded())) {
                        z5 = true;
                    }
                } catch (CertificateEncodingException unused2) {
                    Util_Log.e(LOGTAG, "Cannot encode server certificate");
                    return false;
                }
            }
        } else {
            z5 = false;
        }
        return z5 || z4;
    }
}
