package com.sonymobile.trackidcommon.volley;

import com.sonymobile.trackidcommon.Config;
import com.sonymobile.trackidcommon.util.Log;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class PinningCertTrustManager implements X509TrustManager {
    private MessageDigest digest;
    private static final String LOG_TAG = Config.APPLICATION_TAG + PinningCertTrustManager.class.getSimpleName();
    private static final char[] HEX_ARRAY = "0123456789abcdef".toCharArray();
    private static final byte[] EMPTY_HASH = new byte[0];
    private HashSet<X509Certificate> validCerts = new HashSet<>();
    private HashSet<String> preApprovedHashes = new HashSet<>();

    public PinningCertTrustManager(String[] strArr) {
        if (strArr != null) {
            for (String str : strArr) {
                this.preApprovedHashes.add(str);
            }
        }
        try {
            this.digest = MessageDigest.getInstance("SHA-1");
        } catch (NoSuchAlgorithmException e) {
            Log.e(LOG_TAG, "Failed to create message digest, no networking will work");
        }
    }

    private static String byteArrayToHexString(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            cArr[i * 2] = HEX_ARRAY[i2 >>> 4];
            cArr[(i * 2) + 1] = HEX_ARRAY[i2 & 15];
        }
        return new String(cArr);
    }

    private byte[] createHash(X509Certificate x509Certificate) {
        return this.digest != null ? this.digest.digest(x509Certificate.getPublicKey().getEncoded()) : EMPTY_HASH;
    }

    private X509Certificate findCertificate(X509Certificate[] x509CertificateArr, X500Principal x500Principal) {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (x509Certificate.getSubjectX500Principal().equals(x500Principal)) {
                return x509Certificate;
            }
        }
        return null;
    }

    private boolean isAlreadyCheckedAndValid(X509Certificate x509Certificate) {
        return this.validCerts.contains(x509Certificate);
    }

    private boolean isValidHash(byte[] bArr) {
        return this.preApprovedHashes.contains(byteArrayToHexString(bArr));
    }

    private void setAsAlreadyCheckedAndValid(X509Certificate x509Certificate) {
        this.validCerts.add(x509Certificate);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("Client trust not supported");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (isAlreadyCheckedAndValid(x509CertificateArr[0])) {
            return;
        }
        boolean z = false;
        int length = x509CertificateArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            X509Certificate x509Certificate = x509CertificateArr[i];
            x509Certificate.checkValidity();
            if (isValidHash(createHash(x509Certificate))) {
                setAsAlreadyCheckedAndValid(x509CertificateArr[0]);
                z = true;
                break;
            }
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            if (!subjectX500Principal.equals(issuerX500Principal)) {
                X509Certificate findCertificate = findCertificate(x509CertificateArr, issuerX500Principal);
                if (findCertificate == null) {
                    throw new CertificateException("Cannot validate certificate. (Issuer not found)");
                }
                try {
                    x509Certificate.verify(findCertificate.getPublicKey());
                } catch (InvalidKeyException e) {
                    throw new CertificateException("Cannot validate certificate. " + e.getMessage());
                } catch (NoSuchAlgorithmException e2) {
                    throw new CertificateException("Cannot validate certificate. " + e2.getMessage());
                } catch (NoSuchProviderException e3) {
                    throw new CertificateException("Cannot validate certificate. " + e3.getMessage());
                } catch (SignatureException e4) {
                    throw new CertificateException("Cannot validate certificate. " + e4.getMessage());
                }
            }
            i++;
        }
        if (!z) {
            throw new CertificateException("Cannot validate certificate. (No valid hash found)");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
