package com.sandblast.core.common.http.a;

import android.os.Build;
import com.sandblast.core.common.http.CertificatePinningException;
import com.sandblast.core.common.http.InvalidCertificateException;
import com.sandblast.core.common.utils.NetworkUtils;
import java.math.BigInteger;
import java.net.Socket;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
class e {
    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509TrustManager a() {
        int i2 = Build.VERSION.SDK_INT;
        com.sandblast.core.common.logging.d.a("Fetching public key default trust manager. [api=" + i2 + "]");
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (i2 >= 24 && (trustManager instanceof X509ExtendedTrustManager)) {
                    return (X509ExtendedTrustManager) trustManager;
                }
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            throw new CertificateException("Could find public key X509 trust manager. [api=" + i2 + "]");
        } catch (Exception e2) {
            throw new CertificateException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine, Socket socket, String str2, NetworkUtils networkUtils, String str3) {
        com.sandblast.core.common.logging.d.a("Started. [sslEngine=" + sSLEngine + "] [socket=" + socket + "] [caller=" + str3 + "]");
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate array is null");
        }
        if (x509CertificateArr.length <= 0) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate is empty");
        }
        Exception exc = null;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if ((sSLEngine == null && socket == null) || Build.VERSION.SDK_INT < 24) {
                    ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                } else if (sSLEngine != null) {
                    ((X509ExtendedTrustManager) trustManager).checkServerTrusted(x509CertificateArr, str, sSLEngine);
                } else {
                    ((X509ExtendedTrustManager) trustManager).checkServerTrusted(x509CertificateArr, str, socket);
                }
            }
        } catch (Exception e2) {
            exc = e2;
        }
        String bigInteger = new BigInteger(1, x509CertificateArr[0].getPublicKey().getEncoded()).toString(16);
        if ((str2.equalsIgnoreCase(bigInteger) && exc == null) || a(x509CertificateArr, networkUtils)) {
            return;
        }
        if (exc != null) {
            throw new InvalidCertificateException(exc, x509CertificateArr, str2);
        }
        throw new CertificatePinningException("Expected public key: " + str2 + ", got public key: " + bigInteger, x509CertificateArr, str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(X509Certificate[] x509CertificateArr, X509TrustManager x509TrustManager, String str, SSLEngine sSLEngine, Socket socket, NetworkUtils networkUtils, String str2) {
        com.sandblast.core.common.logging.d.a("Started. [sslEngine=" + sSLEngine + "] [socket=" + socket + "] [caller=" + str2 + "]");
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate array is null");
        }
        if (x509CertificateArr.length <= 0) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate is empty");
        }
        if (sSLEngine != null || socket != null) {
            try {
                if (Build.VERSION.SDK_INT >= 24) {
                    if (sSLEngine != null) {
                        ((X509ExtendedTrustManager) x509TrustManager).checkServerTrusted(x509CertificateArr, str, sSLEngine);
                    } else {
                        ((X509ExtendedTrustManager) x509TrustManager).checkServerTrusted(x509CertificateArr, str, socket);
                    }
                }
            } catch (Exception e2) {
                if (!a(x509CertificateArr, networkUtils)) {
                    throw new InvalidCertificateException(e2, x509CertificateArr, null);
                }
                return;
            }
        }
        x509TrustManager.checkServerTrusted(x509CertificateArr, str);
    }

    private static boolean a(X509Certificate[] x509CertificateArr, NetworkUtils networkUtils) {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            PublicKey publicKey = x509Certificate.getPublicKey();
            String bigInteger = new BigInteger(1, publicKey.getEncoded()).toString(16);
            com.sandblast.core.common.logging.d.a(String.format("Checking key: %s encoded: %s", publicKey, bigInteger));
            if (networkUtils.isWifiWhiteListPublicKey(bigInteger)) {
                com.sandblast.core.common.logging.d.a("Cert found in whitelist");
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509TrustManager b() {
        int i2 = Build.VERSION.SDK_INT;
        com.sandblast.core.common.logging.d.a("Fetching while list default trust manager. [api=" + i2 + "]");
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (i2 >= 24 && (trustManager instanceof X509ExtendedTrustManager)) {
                    return (X509ExtendedTrustManager) trustManager;
                }
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            throw new CertificateException("Could find white list X509 trust manager. [api=" + i2 + "]");
        } catch (Exception e2) {
            throw new CertificateException(e2);
        }
    }
}
