package io.fabric.sdk.android.services.network;

import a.a;
import com.crashlytics.android.core.CrashlyticsPinningInfoProvider;
import io.fabric.sdk.android.DefaultLogger;
import io.fabric.sdk.android.Fabric;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class PinningTrustManager implements X509TrustManager {
    public static final X509Certificate[] NO_ISSUERS = new X509Certificate[0];
    public final long pinCreationTimeMillis;
    public final SystemKeyStore systemKeyStore;
    public final TrustManager[] systemTrustManagers;
    public final List<byte[]> pins = new LinkedList();
    public final Set<X509Certificate> cache = Collections.synchronizedSet(new HashSet());

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public PinningTrustManager(SystemKeyStore systemKeyStore, CrashlyticsPinningInfoProvider crashlyticsPinningInfoProvider) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(systemKeyStore.trustStore);
            this.systemTrustManagers = trustManagerFactory.getTrustManagers();
            this.systemKeyStore = systemKeyStore;
            crashlyticsPinningInfoProvider.getPinCreationTimeInMillis();
            this.pinCreationTimeMillis = -1L;
            for (String str : crashlyticsPinningInfoProvider.pinningInfo.getPins()) {
                List<byte[]> list = this.pins;
                int length = str.length();
                byte[] bArr = new byte[length / 2];
                for (int i = 0; i < length; i += 2) {
                    bArr[i / 2] = (byte) (Character.digit(str.charAt(i + 1), 16) + (Character.digit(str.charAt(i), 16) << 4));
                }
                list.add(bArr);
            }
        } catch (KeyStoreException e) {
            throw new AssertionError(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError(e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        throw new CertificateException("Client certificates not supported!");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        boolean z;
        boolean z2;
        if (this.cache.contains(x509CertificateArr[0])) {
            return;
        }
        for (TrustManager trustManager : this.systemTrustManagers) {
            ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
        }
        X509Certificate x509Certificate = null;
        if (this.pinCreationTimeMillis == -1 || System.currentTimeMillis() - this.pinCreationTimeMillis <= 15552000000L) {
            SystemKeyStore systemKeyStore = this.systemKeyStore;
            LinkedList linkedList = new LinkedList();
            boolean isTrustRoot = systemKeyStore.isTrustRoot(x509CertificateArr[0]);
            linkedList.add(x509CertificateArr[0]);
            int i = 1;
            while (i < x509CertificateArr.length) {
                if (systemKeyStore.isTrustRoot(x509CertificateArr[i])) {
                    isTrustRoot = true;
                }
                X509Certificate x509Certificate2 = x509CertificateArr[i];
                X509Certificate x509Certificate3 = x509CertificateArr[i - 1];
                if (x509Certificate2.getSubjectX500Principal().equals(x509Certificate3.getIssuerX500Principal())) {
                    try {
                        x509Certificate3.verify(x509Certificate2.getPublicKey());
                        z2 = true;
                    } catch (GeneralSecurityException unused) {
                        z2 = false;
                    }
                } else {
                    z2 = false;
                }
                if (!z2) {
                    break;
                }
                linkedList.add(x509CertificateArr[i]);
                i++;
            }
            X509Certificate x509Certificate4 = x509CertificateArr[i - 1];
            X509Certificate x509Certificate5 = systemKeyStore.trustRoots.get(x509Certificate4.getIssuerX500Principal());
            if (x509Certificate5 != null && !x509Certificate5.getSubjectX500Principal().equals(x509Certificate4.getSubjectX500Principal())) {
                try {
                    x509Certificate4.verify(x509Certificate5.getPublicKey());
                    x509Certificate = x509Certificate5;
                } catch (GeneralSecurityException unused2) {
                }
            }
            if (x509Certificate != null) {
                linkedList.add(x509Certificate);
                isTrustRoot = true;
            }
            if (!isTrustRoot) {
                throw new CertificateException("Didn't find a trust anchor in chain cleanup!");
            }
            X509Certificate[] x509CertificateArr2 = (X509Certificate[]) linkedList.toArray(new X509Certificate[linkedList.size()]);
            for (X509Certificate x509Certificate6 : x509CertificateArr2) {
                try {
                    byte[] digest = MessageDigest.getInstance("SHA1").digest(x509Certificate6.getPublicKey().getEncoded());
                    Iterator<byte[]> it = this.pins.iterator();
                    while (true) {
                        if (it.hasNext()) {
                            if (Arrays.equals(it.next(), digest)) {
                                z = true;
                                break;
                            }
                        } else {
                            z = false;
                            break;
                        }
                    }
                    if (!z) {
                    }
                } catch (NoSuchAlgorithmException e) {
                    throw new CertificateException(e);
                }
            }
            throw new CertificateException("No valid pins found in chain!");
        }
        DefaultLogger a2 = Fabric.a();
        StringBuilder a3 = a.a("Certificate pins are stale, (");
        a3.append(System.currentTimeMillis() - this.pinCreationTimeMillis);
        a3.append(" millis vs ");
        a3.append(15552000000L);
        a3.append(" millis) falling back to system trust.");
        a2.w("Fabric", a3.toString(), null);
        this.cache.add(x509CertificateArr[0]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return NO_ISSUERS;
    }
}
