package com.bria.common.util;

import android.net.http.SslCertificate;
import android.text.TextUtils;
import java.io.ByteArrayInputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes3.dex */
public class CustomX509TrustManager implements X509TrustManager {
    private List<PublicKey> mLocalPublicKeys;
    private X509TrustManager mStandardTrustManager;
    private boolean mStrictLocalPinning;
    private boolean mTrustAll;

    public CustomX509TrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        this(keyStore, null, false, false);
    }

    public CustomX509TrustManager(KeyStore keyStore, List<String> list, boolean z, boolean z2) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length == 0) {
            Log.e("No trust manager found");
            throw new NoSuchAlgorithmException("No trust manager found");
        }
        this.mStandardTrustManager = (X509TrustManager) trustManagers[0];
        this.mTrustAll = z2;
        this.mStrictLocalPinning = z;
        loadLocalPublicKeys(list);
    }

    public CustomX509TrustManager(KeyStore keyStore, boolean z) throws NoSuchAlgorithmException, KeyStoreException {
        this(keyStore, null, false, z);
    }

    private boolean isCertificateMatchedByLocalKey(X509Certificate x509Certificate) {
        if (!this.mLocalPublicKeys.isEmpty() && x509Certificate != null) {
            PublicKey publicKey = x509Certificate.getPublicKey();
            for (PublicKey publicKey2 : this.mLocalPublicKeys) {
                if (publicKey2 != null && publicKey2.equals(publicKey)) {
                    return true;
                }
            }
        }
        return false;
    }

    private void loadLocalPublicKeys(List<String> list) {
        this.mLocalPublicKeys = new ArrayList();
        if (list == null || list.isEmpty()) {
            return;
        }
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            for (String str : list) {
                if (!TextUtils.isEmpty(str)) {
                    try {
                        this.mLocalPublicKeys.add(keyFactory.generatePublic(new X509EncodedKeySpec(Base64.decode(str))));
                    } catch (Exception unused) {
                        StringBuilder sb = new StringBuilder("Error creating PublicKey for: ");
                        if (str.length() > 20) {
                            str = str.substring(0, 9) + "..." + str.substring(str.length() - 10);
                        }
                        Log.e(sb.append(str).toString());
                    }
                }
            }
        } catch (NoSuchAlgorithmException unused2) {
            Log.e("No RSA key factory");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.mStandardTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.mTrustAll) {
            return;
        }
        int length = x509CertificateArr.length;
        ArrayList arrayList = new ArrayList();
        int i = 0;
        while (i < length) {
            int i2 = i + 1;
            int i3 = i2;
            while (true) {
                if (i3 >= length) {
                    arrayList.add(x509CertificateArr[i]);
                    break;
                } else if (x509CertificateArr[i].equals(x509CertificateArr[i3])) {
                    break;
                } else {
                    i3++;
                }
            }
            i = i2;
        }
        int size = arrayList.size();
        X509Certificate[] x509CertificateArr2 = new X509Certificate[size];
        arrayList.toArray(x509CertificateArr2);
        if (size > 1) {
            length = 0;
            loop2: while (length < size) {
                int i4 = length + 1;
                for (int i5 = i4; i5 < size; i5++) {
                    if (x509CertificateArr2[length].getIssuerDN().equals(x509CertificateArr2[i5].getSubjectDN())) {
                        if (i5 != i4) {
                            X509Certificate x509Certificate = x509CertificateArr2[i5];
                            x509CertificateArr2[i5] = x509CertificateArr2[i4];
                            x509CertificateArr2[i4] = x509Certificate;
                        }
                        length = i4;
                    }
                }
                break loop2;
            }
            int i6 = length + 1;
            X509Certificate x509Certificate2 = x509CertificateArr2[length];
            Date date = new Date();
            if (!x509Certificate2.getSubjectDN().equals(x509Certificate2.getIssuerDN()) || !date.after(x509Certificate2.getNotAfter())) {
                length = i6;
            }
        }
        if (!this.mLocalPublicKeys.isEmpty()) {
            for (int i7 = 0; i7 < length; i7++) {
                if (isCertificateMatchedByLocalKey(x509CertificateArr2[i7])) {
                    return;
                }
            }
        }
        if (this.mStrictLocalPinning && !this.mLocalPublicKeys.isEmpty()) {
            throw new CertificateException("Unrecognized https certificate");
        }
        this.mStandardTrustManager.checkServerTrusted(x509CertificateArr2, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.mStandardTrustManager.getAcceptedIssuers();
    }

    public boolean serverCertMatchedLocalKeys(SslCertificate sslCertificate) {
        byte[] byteArray;
        X509Certificate x509Certificate;
        if (sslCertificate != null && !this.mLocalPublicKeys.isEmpty() && (byteArray = SslCertificate.saveState(sslCertificate).getByteArray("x509-certificate")) != null) {
            try {
                x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
            } catch (Exception unused) {
                x509Certificate = null;
            }
            if (x509Certificate != null) {
                return isCertificateMatchedByLocalKey(x509Certificate);
            }
        }
        return false;
    }
}
