package com.tomtom.mobilenavapp.secureconnectionprovider.trustmanagers;

import com.google.a.a.at;
import com.google.a.c.cn;
import com.tomtom.mobilenavapp.secureconnectionprovider.util.X509CertificateChainUtil;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import org.apache.a.a.a.a;

/* loaded from: classes.dex */
public class RootPinningTrustManager implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    private final at<X509Certificate> f2965a;

    /* renamed from: b, reason: collision with root package name */
    private final List<byte[]> f2966b;

    /* renamed from: c, reason: collision with root package name */
    private final byte[] f2967c;

    public RootPinningTrustManager(at<X509Certificate> atVar, List<byte[]> list, byte[] bArr) {
        this.f2965a = atVar;
        if (list == null || list.size() <= 0) {
            throw new GeneralSecurityException("Accepted hashes list cannot be null or empty");
        }
        this.f2966b = cn.a((Collection) list);
        if (bArr == null || bArr.length <= 0) {
            throw new GeneralSecurityException("salt cannot be null or empty");
        }
        this.f2967c = bArr;
    }

    private void a(X509Certificate x509Certificate) {
        byte[] encoded = x509Certificate.getPublicKey().getEncoded();
        if (encoded == null || encoded.length <= 0) {
            throw new CertificateException("Encoded public key not provided");
        }
        MessageDigest a2 = a.a("SHA-256");
        a2.update(encoded);
        byte[] digest = a2.digest(this.f2967c);
        Iterator<byte[]> it = this.f2966b.iterator();
        while (it.hasNext()) {
            if (Arrays.equals(digest, it.next())) {
                return;
            }
        }
        throw new CertificateException("Could not find valid root certificate");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        throw new CertificateException("Client trust validation not supported");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (!X509CertificateChainUtil.a(x509CertificateArr[x509CertificateArr.length - 1])) {
            if (!this.f2965a.b()) {
                throw new IllegalArgumentException("The chain did not have a root certificate and no default one was available");
            }
            X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
            System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 0, x509CertificateArr.length);
            x509CertificateArr2[x509CertificateArr.length] = this.f2965a.c();
            x509CertificateArr = x509CertificateArr2;
        }
        a(X509CertificateChainUtil.a(x509CertificateArr)[r0.length - 1]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
