package com.gto.shd.tnrsdk.a.a;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
final class g implements X509TrustManager {
    private X509TrustManager a;

    public g(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers == null || trustManagers.length == 0) {
            a.d("PKPinningTrustManager", "PKPinningTrustManager", "No trust manager found");
        } else {
            this.a = (X509TrustManager) trustManagers[0];
        }
    }

    private void a(X509Certificate[] x509CertificateArr) throws CertificateException {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (a(x509Certificate)) {
                x509Certificate.checkValidity();
                a.a("PKPinningTrustManager", "checkPinTrust", "Public key pinning PASSED");
                return;
            }
        }
        a.a("PKPinningTrustManager", "checkPinTrust", "Public key pinning FAILED. No matching public key in chain.", null);
        throw new CertificateException("No matching public key in chain.");
    }

    private static boolean a(X509Certificate x509Certificate) throws CertificateException {
        try {
            byte[] digest = MessageDigest.getInstance("SHA256").digest(x509Certificate.getPublicKey().getEncoded());
            a.a("PKPinningTrustManager", "isValidPin", "Public key hash to pin: " + a.a(digest, ""));
            String[] strArr = com.gto.shd.tnrsdk.a.c;
            for (int i = 0; i < 2; i++) {
                String str = strArr[i];
                byte[] a = a.a(str);
                a.a("PKPinningTrustManager", "isValidPin", "Valid Public Key Pin: " + str);
                if (Arrays.equals(a, digest)) {
                    a.b("PKPinningTrustManager", "isValidPin", "Matched Valid Pin!");
                    return true;
                }
            }
            return false;
        } catch (NumberFormatException | NoSuchAlgorithmException e) {
            throw new CertificateException(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null) {
            throw new CertificateException("checkServerTrusted: X509Certificate array is null");
        }
        if (x509CertificateArr.length <= 0) {
            throw new CertificateException("checkServerTrusted: X509Certificate is empty");
        }
        X509TrustManager x509TrustManager = this.a;
        if (x509TrustManager != null) {
            try {
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                a.a("PKPinningTrustManager", "checkServerTrusted", "OK");
            } catch (CertificateException e) {
                a.a("PKPinningTrustManager", "checkServerTrusted", "Failed", e);
                throw new CertificateException(e);
            }
        }
        a(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
