package com.jumio.core.network;

import android.net.http.X509TrustManagerExtensions;
import com.jumio.commons.log.Log;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import jumio.core.m6;
import kotlin.Metadata;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.CharsKt;
import kotlin.text.StringsKt;

@Metadata(d1 = {"\u0000,\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0002\n\u0002\b\f\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0002\b\n\u0018\u00002\u00020\u0001B\u0007¢\u0006\u0004\b\u001d\u0010\u001eJ%\u0010\b\u001a\u00020\u00072\f\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00030\u00022\u0006\u0010\u0006\u001a\u00020\u0005H\u0016¢\u0006\u0004\b\b\u0010\tJ%\u0010\n\u001a\u00020\u00072\f\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00030\u00022\u0006\u0010\u0006\u001a\u00020\u0005H\u0016¢\u0006\u0004\b\n\u0010\tJ\u0015\u0010\u000b\u001a\b\u0012\u0004\u0012\u00020\u00030\u0002H\u0016¢\u0006\u0004\b\u000b\u0010\fR\"\u0010\u0013\u001a\u00020\u00058\u0016@\u0016X\u0096\u000e¢\u0006\u0012\n\u0004\b\r\u0010\u000e\u001a\u0004\b\u000f\u0010\u0010\"\u0004\b\u0011\u0010\u0012R(\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\u00150\u00148\u0016@\u0016X\u0096\u000e¢\u0006\u0012\n\u0004\b\u0016\u0010\u0017\u001a\u0004\b\u0018\u0010\u0019\"\u0004\b\u001a\u0010\u001b¨\u0006\u001f"}, d2 = {"Lcom/jumio/core/network/AWSTrustManager;", "Lcom/jumio/core/network/TrustManagerInterface;", "", "Ljava/security/cert/X509Certificate;", "chain", "", "authType", "", "checkServerTrusted", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "checkClientTrusted", "getAcceptedIssuers", "()[Ljava/security/cert/X509Certificate;", "b", "Ljava/lang/String;", "getHostname", "()Ljava/lang/String;", "setHostname", "(Ljava/lang/String;)V", "hostname", "Lkotlin/Function0;", "", "c", "Lkotlin/jvm/functions/Function0;", "getKeyPinning", "()Lkotlin/jvm/functions/Function0;", "setKeyPinning", "(Lkotlin/jvm/functions/Function0;)V", "keyPinning", "<init>", "()V", "jumio-core_release"}, k = 1, mv = {1, 9, 0})
/* loaded from: classes5.dex */
public final class AWSTrustManager implements TrustManagerInterface {

    /* renamed from: a, reason: collision with root package name */
    public final X509TrustManager f705a;

    /* renamed from: b, reason: from kotlin metadata */
    public String hostname = "";

    /* renamed from: c, reason: from kotlin metadata */
    public Function0 keyPinning = jumio.core.a.f802a;
    public final byte[][] d = {m6.a("fbe3018031f9586bcbf41727e417b7d1c45c2f47f93be372a17b96b50757d5a2"), m6.a("7f4296fc5b6a4e3b35d3c369623e364ab1af381d8fa7121533c9d6c633ea2461"), m6.a("36abc32656acfc645c61b71613c4bf21c787f5cabbee48348d58597803d7abc9"), m6.a("f7ecded5c66047d28ed6466b543c40e0743abe81d109254dcf845d4c2c7853c5"), m6.a("2b071c59a0a0ae76b0eadb2bad23bad4580b69c3601b630c2eaf0613afa83f92")};

    public AWSTrustManager() {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager trustManager = trustManagerFactory.getTrustManagers()[0];
        Intrinsics.checkNotNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        this.f705a = (X509TrustManager) trustManager;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        Intrinsics.checkNotNullParameter(chain, "chain");
        Intrinsics.checkNotNullParameter(authType, "authType");
        this.f705a.checkClientTrusted(chain, authType);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        Intrinsics.checkNotNullParameter(chain, "chain");
        Intrinsics.checkNotNullParameter(authType, "authType");
        if (chain.length < 2) {
            throw new CertificateException("SSL Certificate Chain is not sufficient");
        }
        new X509TrustManagerExtensions(this.f705a).checkServerTrusted(chain, authType, getHostname());
        if (getKeyPinning().invoke().booleanValue()) {
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(chain[chain.length - 1].getPublicKey().getEncoded());
            for (byte[] bArr : this.d) {
                if (MessageDigest.isEqual(digest, bArr)) {
                    X509Certificate x509Certificate = chain[0];
                    try {
                        try {
                            x509Certificate.checkValidity();
                        } catch (CertificateNotYetValidException e) {
                            Log.w("JumioTrustManager", "SSL Certificate is not yet valid", e);
                        }
                        String name = x509Certificate.getSubjectDN().getName();
                        Intrinsics.checkNotNullExpressionValue(name, "getName(...)");
                        StringBuilder sb = new StringBuilder();
                        for (int i = 0; i < name.length(); i++) {
                            char charAt = name.charAt(i);
                            if (!CharsKt.isWhitespace(charAt)) {
                                sb.append(charAt);
                            }
                        }
                        String sb2 = sb.toString();
                        Intrinsics.checkNotNullExpressionValue(sb2, "toString(...)");
                        if (!StringsKt.contains((CharSequence) sb2, (CharSequence) ("CN=" + getHostname()), true)) {
                            throw new CertificateException("Certificate pinning failed");
                        }
                        return;
                    } catch (Exception e2) {
                        throw new CertificateException("SSL Certificate match error", e2);
                    }
                }
            }
            throw new CertificateException("Certificate pinning failed");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] acceptedIssuers = this.f705a.getAcceptedIssuers();
        Intrinsics.checkNotNullExpressionValue(acceptedIssuers, "getAcceptedIssuers(...)");
        return acceptedIssuers;
    }

    @Override // com.jumio.core.network.TrustManagerInterface
    public String getHostname() {
        return this.hostname;
    }

    @Override // com.jumio.core.network.TrustManagerInterface
    public Function0<Boolean> getKeyPinning() {
        return this.keyPinning;
    }

    @Override // com.jumio.core.network.TrustManagerInterface
    public void setHostname(String str) {
        Intrinsics.checkNotNullParameter(str, "<set-?>");
        this.hostname = str;
    }

    @Override // com.jumio.core.network.TrustManagerInterface
    public void setKeyPinning(Function0<Boolean> function0) {
        Intrinsics.checkNotNullParameter(function0, "<set-?>");
        this.keyPinning = function0;
    }
}
