package com.microsoft.intune.mam.http;

import com.microsoft.intune.mam.client.identity.IdentityParamConverter;
import com.microsoft.intune.mam.client.identity.IdentityResolver;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.log.MAMLogPIIFactory;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import kotlin.getBrokerInteractiveTokenParameters;

/* loaded from: classes4.dex */
public class CertChainValidatorFactoryImpl implements CertChainValidatorFactory {
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger(CertChainValidatorFactoryImpl.class);
    private final CertPinConfigManager mConfigManager;
    private final IdentityParamConverter mIdentityParamConverter;
    private final IdentityResolver mIdentityResolver;
    private final MAMLogPIIFactory mMAMLogPIIFactory;

    @getBrokerInteractiveTokenParameters
    public CertChainValidatorFactoryImpl(CertPinConfigManager certPinConfigManager, IdentityResolver identityResolver, MAMLogPIIFactory mAMLogPIIFactory, IdentityParamConverter identityParamConverter) {
        this.mConfigManager = certPinConfigManager;
        this.mIdentityResolver = identityResolver;
        this.mMAMLogPIIFactory = mAMLogPIIFactory;
        this.mIdentityParamConverter = identityParamConverter;
    }

    private MAMIdentity getEffectiveIdentity(MAMIdentity mAMIdentity) {
        if (!MAMIdentity.isNullOrEmpty(mAMIdentity)) {
            LOGGER.info("identity provided for pinning configuration: {0}", this.mMAMLogPIIFactory.getPIIUPN(mAMIdentity));
            return mAMIdentity;
        }
        MAMIdentity currentIdentity = this.mIdentityResolver.getCurrentIdentity(null);
        if (MAMIdentity.isNullOrEmpty(currentIdentity)) {
            LOGGER.warning("no identity provided for pinning configuration, connection will not be pinned.", new Object[0]);
            return null;
        }
        LOGGER.info("identity not provided for pinning configuration, using resolved identity: {0}", this.mMAMLogPIIFactory.getPIIUPN(currentIdentity));
        return currentIdentity;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$getValidator$0(X509Certificate[] x509CertificateArr) throws CertificateException {
    }

    @Override // com.microsoft.intune.mam.http.CertChainValidatorFactory
    public CertChainValidator getValidator(MAMIdentity mAMIdentity, URL url) {
        CertPinConfig config;
        MAMIdentity effectiveIdentity = getEffectiveIdentity(mAMIdentity);
        if (MAMIdentity.isNullOrEmpty(effectiveIdentity) || (config = this.mConfigManager.getConfig(effectiveIdentity, url.getHost())) == null) {
            return new CertChainValidator() { // from class: com.microsoft.intune.mam.http.CertChainValidatorFactoryImpl$$ExternalSyntheticLambda0
                @Override // com.microsoft.intune.mam.http.CertChainValidator
                public final void validateChain(X509Certificate[] x509CertificateArr) {
                    CertChainValidatorFactoryImpl.lambda$getValidator$0(x509CertificateArr);
                }
            };
        }
        LOGGER.info("found pinning configuration for " + url.getHost() + "; connection will be pinned", new Object[0]);
        return new PinningValidator(config.getExpectedHashes(), config.getHashAlgorithm());
    }

    @Override // com.microsoft.intune.mam.http.CertChainValidatorFactory
    @Deprecated
    public CertChainValidator getValidator(String str, URL url) {
        return getValidator(this.mIdentityParamConverter.fromUpnParam(str), url);
    }
}
