package com.airwatch.certpinning;

import android.support.v4.util.Pair;
import android.text.TextUtils;
import com.airwatch.sdk.context.SDKContext;
import com.airwatch.util.r;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.net.InetAddress;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class n extends e {

    /* renamed from: a, reason: collision with root package name */
    static final /* synthetic */ boolean f2992a = true;
    private final m b;
    private final l c;
    private final SSLPinningContext d;
    private final HashMap<String, Pair<String, X509Certificate>> e;
    private final X509HostnameVerifier f;
    private final String g;
    private X509TrustManager h;

    /* JADX INFO: Access modifiers changed from: package-private */
    public n(String str) {
        this(str, com.airwatch.sdk.context.m.a());
    }

    n(String str, SSLPinningContext sSLPinningContext, l lVar, m mVar) {
        this.e = new HashMap<>();
        this.g = str;
        this.d = sSLPinningContext;
        this.c = lVar;
        this.b = mVar;
        this.f = new StrictHostnameVerifier();
        b();
    }

    n(String str, SDKContext sDKContext) {
        this(str, (SSLPinningContext) sDKContext.j(), sDKContext.n(), (m) sDKContext.n());
    }

    private com.airwatch.certpinning.a.d a(String str) {
        List<com.airwatch.certpinning.a.d> a2 = this.d.ao().a(new com.airwatch.certpinning.a.a(str));
        if (a2.size() > 0) {
            return a2.get(0);
        }
        return null;
    }

    private String a(X509Certificate x509Certificate) {
        return a(x509Certificate.getPublicKey().getEncoded()).toUpperCase();
    }

    private static String a(byte[] bArr) {
        return String.format("%40x", new BigInteger(1, bArr));
    }

    private List<Pair<String, Pair<String, X509Certificate>>> a() {
        List<Pair<String, Pair<String, X509Certificate>>> emptyList = Collections.emptyList();
        com.airwatch.certpinning.a.c ao = this.d.ao();
        List<com.airwatch.certpinning.a.g> b = ao.b();
        if (b.size() <= 0) {
            return emptyList;
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            com.airwatch.certpinning.a.g gVar = b.get(0);
            List<com.airwatch.certpinning.a.d> a2 = ao.a(new com.airwatch.certpinning.a.b(gVar.f2966a));
            int size = a2.size();
            r.a("CertPinningTrustMgr", "loadCerts: loading %d pins for host %s", Integer.valueOf(size), gVar.b);
            ArrayList arrayList = new ArrayList(size);
            for (com.airwatch.certpinning.a.d dVar : a2) {
                if (dVar.b != null) {
                    try {
                        arrayList.add(new Pair(dVar.f2963a, new Pair(gVar.b, (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(dVar.b)))));
                    } catch (CertificateException e) {
                        r.d("CertPinningTrustMgr", "could not read certificate", (Throwable) e);
                    }
                } else {
                    arrayList.add(new Pair(dVar.f2963a, new Pair(gVar.b, (X509Certificate) null)));
                }
            }
            return arrayList;
        } catch (CertificateException e2) {
            throw new RuntimeException("could not get x509 certificate factory", e2);
        }
    }

    private void a(InetAddress inetAddress, String str) throws CertificateException {
        String hostName = inetAddress.getHostName();
        if (TextUtils.isEmpty(hostName)) {
            hostName = inetAddress.getHostAddress();
            r.d("CertPinningTrustMgr", "verifyHostPin: could not resolve host. using host address %s", hostName);
        }
        r.a("CertPinningTrustMgr", "verifyHostPin called for host = %s", inetAddress);
        Pair<String, X509Certificate> pair = this.e.get(str);
        if (pair == null) {
            throw new SSLPinningCertificateException(hostName, "no pins match hostname " + hostName);
        }
        String str2 = pair.first;
        if (str2.equalsIgnoreCase(hostName)) {
            return;
        }
        r.d("CertPinningTrustMgr", "verifyHostPin: hostname pin mismatch for %s. Using targetHost %s for match", hostName, this.g);
        if (this.g.equalsIgnoreCase(str2)) {
            return;
        }
        r.c("CertPinningTrustMgr", "verifyHostPin: hostname pin mismatch for %s, targetHost=%s", hostName, this.g);
        throw new SSLPinningCertificateException(hostName, "hostname pin mismatch for host " + hostName);
    }

    private boolean a(String str, X509Certificate x509Certificate) {
        com.airwatch.certpinning.a.c ao = this.d.ao();
        com.airwatch.certpinning.a.d a2 = a(str.toUpperCase());
        if (a2 != null) {
            try {
                a2.b = x509Certificate.getEncoded();
                if (ao.b(a2) > 0) {
                    return true;
                }
            } catch (CertificateEncodingException e) {
                throw new RuntimeException("could not get x509 certificate encoding", e);
            }
        }
        return false;
    }

    private String b(String str) {
        for (String str2 : this.e.keySet()) {
            if (str.contains(str2)) {
                return str2;
            }
        }
        return null;
    }

    private void b() {
        try {
            this.h = c();
            d();
        } catch (KeyStoreException e) {
            throw new RuntimeException("could not init trust manager", e);
        }
    }

    private void b(InetAddress inetAddress, X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509Certificate x509Certificate = x509CertificateArr[0];
        String b = b(a(x509Certificate));
        if (e()) {
            r.a("CertPinningTrustMgr", "Validating server trust with system trust manager");
            this.h.checkServerTrusted(x509CertificateArr, str);
            return;
        }
        if (b == null) {
            r.e("CertPinningTrustMgr", "doCheckServerTrusted: no matching pin for target host " + inetAddress);
            throw new SSLPinningCertificateException(inetAddress.getHostName(), "No matching certificate pin for target host");
        }
        a(inetAddress, b);
        if (d(b) && !b(b, x509Certificate)) {
            throw new SSLPinningCertificateException(inetAddress.getHostName(), "Invalid certificate pin");
        }
        a(b, x509Certificate);
        c(b, x509Certificate);
    }

    private boolean b(String str, X509Certificate x509Certificate) {
        X509Certificate c = c(str);
        if (!f2992a && c == null) {
            throw new AssertionError();
        }
        if (i.a(x509Certificate.getPublicKey(), c.getPublicKey())) {
            return true;
        }
        r.d("CertPinningTrustMgr", "validatePinCache: public key content for pin " + str + " not equal");
        return false;
    }

    private X509Certificate c(String str) {
        Pair<String, X509Certificate> pair = this.e.get(str);
        if (pair != null) {
            return pair.second;
        }
        return null;
    }

    private X509TrustManager c() throws KeyStoreException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private void c(String str, X509Certificate x509Certificate) {
        Pair<String, X509Certificate> pair = this.e.get(str);
        if (pair != null) {
            this.e.put(str, new Pair<>(pair.first, x509Certificate));
        }
    }

    private void d() {
        for (Pair<String, Pair<String, X509Certificate>> pair : a()) {
            this.e.put(pair.first, pair.second);
        }
    }

    private boolean d(String str) {
        Pair<String, X509Certificate> pair = this.e.get(str);
        return (pair == null || pair.second == null) ? false : true;
    }

    private boolean e() {
        return this.e.isEmpty();
    }

    @Override // com.airwatch.certpinning.e
    public void a(InetAddress inetAddress, X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            r.b("CertPinningTrustMgr", "No Certificate chain from server, throwing Exception");
            throw new CertificateException("SSL pinning failure enforced: No server certificate");
        }
        try {
            b(inetAddress, x509CertificateArr, str);
            this.b.h();
        } catch (SSLPinningCertificateException e) {
            X509Certificate x509Certificate = x509CertificateArr[0];
            this.b.a(this.g, x509Certificate);
            r.b("CertPinningTrustMgr", "Server is not trusted. public key verification fails, throwing exception", (Throwable) e);
            if (h.a() || this.c.d()) {
                new h(this.d).c(false);
                this.b.c(this.g, x509Certificate);
                throw e;
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new UnsupportedOperationException("client certificate trust not implemented");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        if (e()) {
            return this.h.getAcceptedIssuers();
        }
        return null;
    }
}
