package jumio.core;

import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import com.iproov.sdk.IProov;
import com.jumio.commons.log.Log;
import com.jumio.core.network.TrustManagerInterface;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes5.dex */
public final class a implements TrustManagerInterface {

    /* renamed from: a, reason: collision with root package name */
    public final X509TrustManager f46754a;

    /* renamed from: b, reason: collision with root package name */
    public String f46755b = IProov.Options.Defaults.title;

    /* renamed from: c, reason: collision with root package name */
    public d00.a f46756c = C1106a.f46758a;

    /* renamed from: d, reason: collision with root package name */
    public final byte[][] f46757d = {q2.a("fbe3018031f9586bcbf41727e417b7d1c45c2f47f93be372a17b96b50757d5a2"), q2.a("7f4296fc5b6a4e3b35d3c369623e364ab1af381d8fa7121533c9d6c633ea2461"), q2.a("36abc32656acfc645c61b71613c4bf21c787f5cabbee48348d58597803d7abc9"), q2.a("f7ecded5c66047d28ed6466b543c40e0743abe81d109254dcf845d4c2c7853c5"), q2.a("2b071c59a0a0ae76b0eadb2bad23bad4580b69c3601b630c2eaf0613afa83f92")};

    /* renamed from: jumio.core.a$a, reason: collision with other inner class name */
    /* loaded from: classes5.dex */
    public static final class C1106a extends kotlin.jvm.internal.u implements d00.a {

        /* renamed from: a, reason: collision with root package name */
        public static final C1106a f46758a = new C1106a();

        public C1106a() {
            super(0);
        }

        @Override // d00.a
        public final Object invoke() {
            return Boolean.TRUE;
        }
    }

    public a() {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager trustManager = trustManagerFactory.getTrustManagers()[0];
        kotlin.jvm.internal.s.e(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        this.f46754a = (X509TrustManager) trustManager;
    }

    public final void a(X509Certificate[] x509CertificateArr) throws CertificateException {
        boolean z11;
        boolean Q;
        boolean c11;
        byte[] digest = MessageDigest.getInstance("SHA-256").digest(x509CertificateArr[x509CertificateArr.length - 1].getPublicKey().getEncoded());
        byte[][] bArr = this.f46757d;
        int length = bArr.length;
        int i11 = 0;
        while (true) {
            if (i11 >= length) {
                z11 = false;
                break;
            } else {
                if (MessageDigest.isEqual(digest, bArr[i11])) {
                    z11 = true;
                    break;
                }
                i11++;
            }
        }
        if (!z11) {
            throw new CertificateException("Certificate pinning failed");
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        try {
            try {
                x509Certificate.checkValidity();
            } catch (CertificateNotYetValidException e11) {
                Log.w("JumioTrustManager", "SSL Certificate is not yet valid", e11);
            }
            String name = x509Certificate.getSubjectDN().getName();
            kotlin.jvm.internal.s.f(name, "clientCertificate.subjectDN.name");
            StringBuilder sb2 = new StringBuilder();
            for (int i12 = 0; i12 < name.length(); i12++) {
                char charAt = name.charAt(i12);
                c11 = kotlin.text.b.c(charAt);
                if (!c11) {
                    sb2.append(charAt);
                }
            }
            String sb3 = sb2.toString();
            kotlin.jvm.internal.s.f(sb3, "filterNotTo(StringBuilder(), predicate).toString()");
            Q = kotlin.text.x.Q(sb3, "CN=" + this.f46755b, true);
            if (!Q) {
                throw new CertificateException("Certificate pinning failed");
            }
        } catch (Exception e12) {
            throw new CertificateException("SSL Certificate match error", e12);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        kotlin.jvm.internal.s.g(chain, "chain");
        kotlin.jvm.internal.s.g(authType, "authType");
        this.f46754a.checkClientTrusted(chain, authType);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        kotlin.jvm.internal.s.g(chain, "chain");
        kotlin.jvm.internal.s.g(authType, "authType");
        if (chain.length < 2) {
            throw new CertificateException("SSL Certificate Chain is not sufficient");
        }
        if (Build.VERSION.SDK_INT >= 24) {
            new X509TrustManagerExtensions(this.f46754a).checkServerTrusted(chain, authType, this.f46755b);
        } else {
            this.f46754a.checkServerTrusted(chain, authType);
        }
        if (((Boolean) this.f46756c.invoke()).booleanValue()) {
            a(chain);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] acceptedIssuers = this.f46754a.getAcceptedIssuers();
        kotlin.jvm.internal.s.f(acceptedIssuers, "defaultTrustManager.acceptedIssuers");
        return acceptedIssuers;
    }

    @Override // com.jumio.core.network.TrustManagerInterface
    public final String getHostname() {
        return this.f46755b;
    }

    @Override // com.jumio.core.network.TrustManagerInterface
    public final d00.a getKeyPinning() {
        return this.f46756c;
    }

    @Override // com.jumio.core.network.TrustManagerInterface
    public final void setHostname(String str) {
        kotlin.jvm.internal.s.g(str, "<set-?>");
        this.f46755b = str;
    }

    @Override // com.jumio.core.network.TrustManagerInterface
    public final void setKeyPinning(d00.a aVar) {
        kotlin.jvm.internal.s.g(aVar, "<set-?>");
        this.f46756c = aVar;
    }
}
