package g.m.a.a.a;

import android.content.Context;
import com.orange.authentication.lowLevelApi.api.LowLevelAuthenticationCPListener;
import com.orange.authentication.lowLevelApi.api.LowLevelAuthenticationConfiguration;
import com.orange.authentication.lowLevelApi.api.LowLevelAuthenticationPlatform;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.TypeCastException;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.StringCompanionObject;
import kotlin.text.StringsKt__StringsKt;
import kotlin.text.StringsKt___StringsKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: classes2.dex */
public final class n implements X509TrustManager {

    /* renamed from: e, reason: collision with root package name */
    public static final String f10599e = "TLS";

    /* renamed from: a, reason: collision with root package name */
    @Nullable
    public final LowLevelAuthenticationCPListener f10602a;

    @Nullable
    public final String[] b;
    public final boolean c;

    /* renamed from: d, reason: collision with root package name */
    @NotNull
    public final LowLevelAuthenticationPlatform f10603d;

    /* renamed from: g, reason: collision with root package name */
    public static final a f10601g = new a(null);

    /* renamed from: f, reason: collision with root package name */
    public static final MessageDigest f10600f = MessageDigest.getInstance("SHA-256");

    /* loaded from: classes2.dex */
    public static final class a {
        public a() {
        }

        public /* synthetic */ a(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        @NotNull
        public final String a(@NotNull byte[] digestSha256) {
            Intrinsics.checkParameterIsNotNull(digestSha256, "digestSha256");
            StringBuilder sb = new StringBuilder();
            for (byte b : digestSha256) {
                StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
                String format = String.format("%1$02X", Arrays.copyOf(new Object[]{Byte.valueOf(b)}, 1));
                Intrinsics.checkExpressionValueIsNotNull(format, "java.lang.String.format(format, *args)");
                sb.append(format);
                sb.append(":");
            }
            String sb2 = sb.toString();
            Intrinsics.checkExpressionValueIsNotNull(sb2, "sb.toString()");
            return StringsKt___StringsKt.dropLast(sb2, 1);
        }

        @Nullable
        public final X509TrustManager b() {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                if (trustManagerFactory == null) {
                    return null;
                }
                trustManagerFactory.init((KeyStore) null);
                TrustManager trustManager = trustManagerFactory.getTrustManagers()[0];
                if (trustManager != null) {
                    return (X509TrustManager) trustManager;
                }
                throw new TypeCastException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            } catch (Exception unused) {
                return null;
            }
        }

        public final void c(@NotNull Context ctx, @Nullable LowLevelAuthenticationCPListener lowLevelAuthenticationCPListener, @NotNull LowLevelAuthenticationConfiguration conf) {
            Intrinsics.checkParameterIsNotNull(ctx, "ctx");
            Intrinsics.checkParameterIsNotNull(conf, "conf");
            SSLContext sslcontext = SSLContext.getInstance(n.f10599e);
            sslcontext.init(null, new TrustManager[]{new n(ctx, lowLevelAuthenticationCPListener, conf.getExpectedFPs(), conf.isCPEnforced(), conf.getLowLevelAuthenticationPlatform())}, new SecureRandom());
            Intrinsics.checkExpressionValueIsNotNull(sslcontext, "sslcontext");
            HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext.getSocketFactory());
        }
    }

    static {
        Intrinsics.checkExpressionValueIsNotNull(n.class.getSimpleName(), "WtApiTrustManager::class.java.simpleName");
    }

    public n(@NotNull Context context, @Nullable LowLevelAuthenticationCPListener lowLevelAuthenticationCPListener, @Nullable String[] strArr, boolean z, @NotNull LowLevelAuthenticationPlatform platform) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(platform, "platform");
        this.f10602a = lowLevelAuthenticationCPListener;
        this.b = strArr;
        this.c = z;
        this.f10603d = platform;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(@Nullable X509Certificate[] x509CertificateArr, @Nullable String str) {
        X509TrustManager b = f10601g.b();
        if (b != null) {
            b.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(@Nullable X509Certificate[] x509CertificateArr, @NotNull String authType) {
        boolean z;
        Intrinsics.checkParameterIsNotNull(authType, "authType");
        if (x509CertificateArr != null) {
            try {
                if (x509CertificateArr.length > 0) {
                    Principal subjectDN = x509CertificateArr[0].getSubjectDN();
                    Intrinsics.checkExpressionValueIsNotNull(subjectDN, "certificates[0].subjectDN");
                    String name = subjectDN.getName();
                    Intrinsics.checkExpressionValueIsNotNull(name, "certificates[0].subjectDN.name");
                    Iterator it = StringsKt__StringsKt.split$default((CharSequence) name, new String[]{","}, false, 0, 6, (Object) null).iterator();
                    String str = null;
                    while (true) {
                        z = true;
                        if (!it.hasNext()) {
                            break;
                        }
                        String str2 = (String) it.next();
                        if (StringsKt__StringsKt.contains$default((CharSequence) str2, (CharSequence) "CN=", false, 2, (Object) null)) {
                            str = (String) StringsKt__StringsKt.split$default((CharSequence) str2, new char[]{'='}, false, 0, 6, (Object) null).get(1);
                        }
                    }
                    if (str != null) {
                        if (StringsKt__StringsKt.contains$default((CharSequence) LowLevelAuthenticationPlatform.INSTANCE.getUrl(this.f10603d), (CharSequence) str, false, 2, (Object) null) || StringsKt__StringsKt.contains$default((CharSequence) LowLevelAuthenticationPlatform.INSTANCE.getMcUrl(this.f10603d), (CharSequence) str, false, 2, (Object) null)) {
                            if (this.b == null || this.b.length <= 0 || x509CertificateArr.length <= 0 || x509CertificateArr.length != this.b.length) {
                                LowLevelAuthenticationCPListener lowLevelAuthenticationCPListener = this.f10602a;
                                if (lowLevelAuthenticationCPListener != null) {
                                    lowLevelAuthenticationCPListener.certificatePinningResult(LowLevelAuthenticationCPListener.CPStatus.CP_NOT_DONE, null, null);
                                }
                                if (this.c) {
                                    throw new CertificateException();
                                }
                            } else {
                                a aVar = f10601g;
                                byte[] digest = f10600f.digest(x509CertificateArr[0].getEncoded());
                                Intrinsics.checkExpressionValueIsNotNull(digest, "md.digest(certificates[0].encoded)");
                                String a2 = aVar.a(digest);
                                String obj = x509CertificateArr[0].getIssuerDN().toString();
                                int length = x509CertificateArr.length;
                                for (int i2 = 0; i2 < length; i2++) {
                                    a aVar2 = f10601g;
                                    byte[] digest2 = f10600f.digest(x509CertificateArr[i2].getEncoded());
                                    Intrinsics.checkExpressionValueIsNotNull(digest2, "md.digest(certificates[i].encoded)");
                                    String a3 = aVar2.a(digest2);
                                    String obj2 = x509CertificateArr[i2].getIssuerDN().toString();
                                    if (!this.b[i2].equals(a3)) {
                                        LowLevelAuthenticationCPListener lowLevelAuthenticationCPListener2 = this.f10602a;
                                        if (lowLevelAuthenticationCPListener2 != null) {
                                            lowLevelAuthenticationCPListener2.certificatePinningResult(LowLevelAuthenticationCPListener.CPStatus.CP_TRUST_FAILED, a3, obj2);
                                        }
                                        z = false;
                                    }
                                }
                                if (z) {
                                    LowLevelAuthenticationCPListener lowLevelAuthenticationCPListener3 = this.f10602a;
                                    if (lowLevelAuthenticationCPListener3 != null) {
                                        lowLevelAuthenticationCPListener3.certificatePinningResult(LowLevelAuthenticationCPListener.CPStatus.CP_EXPECTED, a2, obj);
                                    }
                                } else if (this.c) {
                                    throw new CertificateException();
                                }
                            }
                            X509TrustManager b = f10601g.b();
                            if (b != null) {
                                b.checkServerTrusted(x509CertificateArr, authType);
                            }
                        }
                    }
                }
            } catch (Exception e2) {
                LowLevelAuthenticationCPListener lowLevelAuthenticationCPListener4 = this.f10602a;
                if (lowLevelAuthenticationCPListener4 != null) {
                    lowLevelAuthenticationCPListener4.certificatePinningResult(LowLevelAuthenticationCPListener.CPStatus.CP_EXCEPTION, null, null);
                }
                throw e2;
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    @NotNull
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] acceptedIssuers;
        X509TrustManager b = f10601g.b();
        return (b == null || (acceptedIssuers = b.getAcceptedIssuers()) == null) ? new X509Certificate[0] : acceptedIssuers;
    }
}
