package com.hangseng.hscertpinninglib;

import android.util.Log;
import dcjxkjaf.hhB13Gpp;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class HSCPTrustManager implements X509TrustManager {
    private final HSCPConfig config;

    public HSCPTrustManager(HSCPConfig hSCPConfig) {
        this.config = hSCPConfig;
    }

    private X509Certificate[] getProcessedCertificateChain(X509Certificate[] x509CertificateArr) {
        ArrayList arrayList;
        X509Certificate[] x509CertificateArr2;
        X509Certificate[] x509CertificateArr3 = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(hhB13Gpp.IbBtGYp4(22582));
            keyStore.load(null, null);
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setSerialNumber(x509CertificateArr[0].getSerialNumber());
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, x509CertSelector);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance(hhB13Gpp.IbBtGYp4(22583), new CollectionCertStoreParameters(Arrays.asList(x509CertificateArr)), Security.getProvider(hhB13Gpp.IbBtGYp4(22584))));
            pKIXBuilderParameters.setRevocationEnabled(false);
            PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) CertPathBuilder.getInstance(hhB13Gpp.IbBtGYp4(22585), Security.getProvider(hhB13Gpp.IbBtGYp4(22586))).build(pKIXBuilderParameters);
            CertPath certPath = pKIXCertPathBuilderResult.getCertPath();
            arrayList = new ArrayList();
            arrayList.addAll(certPath.getCertificates());
            arrayList.add(pKIXCertPathBuilderResult.getTrustAnchor().getTrustedCert());
            x509CertificateArr2 = new X509Certificate[arrayList.size()];
        } catch (Exception e) {
            e = e;
        }
        try {
            arrayList.toArray(x509CertificateArr2);
            return x509CertificateArr2;
        } catch (Exception e2) {
            x509CertificateArr3 = x509CertificateArr2;
            e = e2;
            if (this.config.isUAT() || this.config.isLIVETEST()) {
                Log.e(hhB13Gpp.IbBtGYp4(22587), Log.getStackTraceString(e));
            }
            return x509CertificateArr3;
        }
    }

    private boolean performCertPinning(X509Certificate[] x509CertificateArr) throws CertificateException {
        boolean z = false;
        for (int i = 0; i < x509CertificateArr.length; i++) {
            String[] localCertHash = this.config.localCertHash(i);
            if (localCertHash.length > 0) {
                int i2 = 0;
                while (true) {
                    if (i2 >= localCertHash.length) {
                        z = false;
                        break;
                    }
                    try {
                    } catch (NoSuchAlgorithmException e) {
                        if (this.config.isUAT() || this.config.isLIVETEST()) {
                            Log.e(hhB13Gpp.IbBtGYp4(22588), Log.getStackTraceString(e));
                        }
                    }
                    if (HSCPHelper.getSha512Hash(x509CertificateArr[i].getEncoded()).equalsIgnoreCase(localCertHash[i2])) {
                        z = true;
                        break;
                    }
                    i2++;
                }
                if (!z) {
                    break;
                }
            } else {
                z = true;
            }
        }
        return z;
    }

    private void validateHTTPS(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            if (this.config.getKeyStore() != null) {
                trustManagerFactory.init(this.config.getKeyStore());
            } else {
                trustManagerFactory.init((KeyStore) null);
            }
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
            }
        } catch (KeyStoreException e) {
            throw new AssertionError(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError(e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.config.isValidateHTTPS() || this.config.isPerformCertPinning()) {
            if (x509CertificateArr == null) {
                throw new IllegalArgumentException(hhB13Gpp.IbBtGYp4(22589));
            }
            if (x509CertificateArr.length <= 0) {
                throw new IllegalArgumentException(hhB13Gpp.IbBtGYp4(22590));
            }
        }
        if (this.config.isValidateHTTPS()) {
            validateHTTPS(x509CertificateArr, str);
        }
        if (this.config.isPerformCertPinning()) {
            if (!this.config.isUAT()) {
                x509CertificateArr = getProcessedCertificateChain(x509CertificateArr);
            }
            if (!performCertPinning(x509CertificateArr)) {
                throw new CertificateException(hhB13Gpp.IbBtGYp4(22591));
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
