package com.quixey.android.net;

import android.os.Build;
import android.util.Base64;
import com.quixey.android.util.Logs;
import java.io.File;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* JADX WARN: Classes with same name are omitted:
  classes.dex
 */
/* loaded from: input_file:assets/quixey-android-sdk.aar:classes.jar:com/quixey/android/net/QPinTrustManager.class */
public class QPinTrustManager implements X509TrustManager {
    private static final String LOG_TAG = QPinTrustManager.class.getSimpleName();
    private static final Map<String, QPinTrustManager> PIN_MAP;
    private final List<byte[]> mPinList;
    private X509TrustManager mDefaultTrustManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TrustManager getTrustManager(String str) {
        return PIN_MAP.get(str);
    }

    private QPinTrustManager(Set<String> set) {
        initDefaultTrustManager();
        this.mPinList = new ArrayList();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            this.mPinList.add(Base64.decode(it.next(), 2));
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x0038, code lost:
    
        r4.mDefaultTrustManager = (javax.net.ssl.X509TrustManager) r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void initDefaultTrustManager() {
        /*
            r4 = this;
            r0 = 0
            r5 = r0
            java.lang.String r0 = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()     // Catch: java.security.NoSuchAlgorithmException -> L4d java.security.KeyStoreException -> L5a
            javax.net.ssl.TrustManagerFactory r0 = javax.net.ssl.TrustManagerFactory.getInstance(r0)     // Catch: java.security.NoSuchAlgorithmException -> L4d java.security.KeyStoreException -> L5a
            r6 = r0
            r0 = r6
            r1 = r5
            r0.init(r1)     // Catch: java.security.NoSuchAlgorithmException -> L4d java.security.KeyStoreException -> L5a
            r0 = r6
            javax.net.ssl.TrustManager[] r0 = r0.getTrustManagers()     // Catch: java.security.NoSuchAlgorithmException -> L4d java.security.KeyStoreException -> L5a
            r7 = r0
            r0 = r7
            if (r0 == 0) goto L4a
            r0 = r7
            r8 = r0
            r0 = r8
            int r0 = r0.length     // Catch: java.security.NoSuchAlgorithmException -> L4d java.security.KeyStoreException -> L5a
            r9 = r0
            r0 = 0
            r10 = r0
        L22:
            r0 = r10
            r1 = r9
            if (r0 >= r1) goto L4a
            r0 = r8
            r1 = r10
            r0 = r0[r1]     // Catch: java.security.NoSuchAlgorithmException -> L4d java.security.KeyStoreException -> L5a
            r11 = r0
            r0 = r11
            boolean r0 = r0 instanceof javax.net.ssl.X509TrustManager     // Catch: java.security.NoSuchAlgorithmException -> L4d java.security.KeyStoreException -> L5a
            if (r0 == 0) goto L44
            r0 = r4
            r1 = r11
            javax.net.ssl.X509TrustManager r1 = (javax.net.ssl.X509TrustManager) r1     // Catch: java.security.NoSuchAlgorithmException -> L4d java.security.KeyStoreException -> L5a
            r0.mDefaultTrustManager = r1     // Catch: java.security.NoSuchAlgorithmException -> L4d java.security.KeyStoreException -> L5a
            goto L4a
        L44:
            int r10 = r10 + 1
            goto L22
        L4a:
            goto L64
        L4d:
            r5 = move-exception
            java.lang.String r0 = com.quixey.android.net.QPinTrustManager.LOG_TAG
            java.lang.String r1 = "Error in init "
            r2 = r5
            com.quixey.android.util.Logs.error(r0, r1, r2)
            goto L64
        L5a:
            r5 = move-exception
            java.lang.String r0 = com.quixey.android.net.QPinTrustManager.LOG_TAG
            java.lang.String r1 = "Error in init "
            r2 = r5
            com.quixey.android.util.Logs.error(r0, r1, r2)
        L64:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.quixey.android.net.QPinTrustManager.initDefaultTrustManager():void");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("Client Certificates are not supported.");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (Build.VERSION.SDK_INT < 21) {
            this.mDefaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            if (hasUserAddedCertificate(x509CertificateArr)) {
                return;
            }
        } else if (checkTrustViaReflection(x509CertificateArr, str)) {
            return;
        }
        hasPinnedCert(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.mDefaultTrustManager.getAcceptedIssuers();
    }

    private boolean checkTrustViaReflection(X509Certificate[] x509CertificateArr, String str) {
        try {
            Class<?> cls = Class.forName("android.net.http.X509TrustManagerExtensions");
            Object newInstance = cls.getConstructor(X509TrustManager.class).newInstance(this.mDefaultTrustManager);
            Method declaredMethod = cls.getDeclaredMethod("checkServerTrusted", X509Certificate[].class, String.class, String.class);
            Method declaredMethod2 = cls.getDeclaredMethod("isUserAddedCertificate", X509Certificate.class);
            List<X509Certificate> list = (List) declaredMethod.invoke(newInstance, x509CertificateArr, str, null);
            Boolean bool = Boolean.FALSE;
            for (X509Certificate x509Certificate : list) {
                if (x509Certificate.getBasicConstraints() != -1) {
                    Boolean bool2 = (Boolean) declaredMethod2.invoke(newInstance, x509Certificate);
                    if (bool2 != null && bool2.booleanValue()) {
                        return true;
                    }
                }
            }
            return false;
        } catch (ClassNotFoundException e) {
            return false;
        } catch (IllegalAccessException e2) {
            return false;
        } catch (InstantiationException e3) {
            return false;
        } catch (NoSuchMethodException e4) {
            return false;
        } catch (InvocationTargetException e5) {
            return false;
        }
    }

    private boolean hasUserAddedCertificate(X509Certificate[] x509CertificateArr) {
        String x509NameHash;
        File file = new File(System.getenv(SecurityConstants.ENV_KEY_ANDROID_DATA) + SecurityConstants.DIR_USER_ADDED_CERTS);
        if (!file.exists()) {
            return false;
        }
        int length = x509CertificateArr.length;
        for (int i = 0; i < length && (x509NameHash = CertUtils.getX509NameHash(x509CertificateArr[i].getIssuerX500Principal())) != null; i++) {
            if (new File(file, x509NameHash + SecurityConstants.CERT_EXTENSION).exists()) {
                return true;
            }
        }
        return false;
    }

    private void hasPinnedCert(X509Certificate[] x509CertificateArr) throws CertificateException {
        boolean z = false;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (x509Certificate.getBasicConstraints() != -1) {
                z = hasValidPin(x509Certificate);
                if (z) {
                    break;
                }
            }
        }
        if (!z) {
            throw new CertificateException("Valid Pin Not Found");
        }
    }

    private boolean hasValidPin(X509Certificate x509Certificate) {
        try {
            byte[] digest = MessageDigest.getInstance(SecurityConstants.ALG_SHA256).digest(x509Certificate.getPublicKey().getEncoded());
            Iterator<byte[]> it = this.mPinList.iterator();
            while (it.hasNext()) {
                if (Arrays.equals(digest, it.next())) {
                    return true;
                }
            }
            return false;
        } catch (NoSuchAlgorithmException e) {
            Logs.error(LOG_TAG, "Error in hasValidPin ", e);
            return false;
        }
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put(".quixey.com", new QPinTrustManager(PinDomains.QUIXEY_PIN_SET));
        hashMap.put(".cloudfront.net", new QPinTrustManager(PinDomains.CLOUDFRONT_PIN_SET));
        PIN_MAP = Collections.unmodifiableMap(hashMap);
    }
}
