package l0;

import com.cequint.hs.client.core.Constants;
import com.cequint.hs.client.core.ShellApplication;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class o implements X509TrustManager {

    /* renamed from: b, reason: collision with root package name */
    private static final AtomicBoolean f9272b;

    /* renamed from: c, reason: collision with root package name */
    private static final AtomicBoolean f9273c;

    /* renamed from: d, reason: collision with root package name */
    private static final g f9274d;

    /* renamed from: a, reason: collision with root package name */
    private final TrustManager f9275a;

    static {
        AtomicBoolean atomicBoolean = new AtomicBoolean(Constants.HTTPS_ALLOW_UNPINNED_CN);
        f9272b = atomicBoolean;
        AtomicBoolean atomicBoolean2 = new AtomicBoolean(Constants.HTTPS_CHECK_CERT_CHAIN);
        f9273c = atomicBoolean2;
        f9274d = new g(ShellApplication.getGlobalAppContext());
        if (!atomicBoolean.get() || atomicBoolean2.get()) {
            return;
        }
        atomicBoolean.set(false);
    }

    public o(TrustManager trustManager) {
        i.k("hs/FetchUtils", "PinningTrustManager constructor");
        this.f9275a = trustManager;
    }

    public static g a() {
        return f9274d;
    }

    public static void b(boolean z3) {
        f9272b.set(z3);
        i.k("hs/FetchUtils", "PinningTrustManager.setAllowUnpinnedCN(" + z3 + ")");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        TrustManager trustManager = this.f9275a;
        if (trustManager != null) {
            ((X509TrustManager) trustManager).checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        String str2;
        i.k("hs/FetchUtils", "PinningTrustManager.checkServerTrusted(chain[" + x509CertificateArr.length + "], \"" + str + "\")");
        if (this.f9275a == null) {
            str2 = "System TrustManager is null: certificate chain verification skipped";
        } else if (f9273c.get()) {
            i.k("hs/FetchUtils", "System TrustManager certificate chain verification enabled");
            ((X509TrustManager) this.f9275a).checkServerTrusted(x509CertificateArr, str);
            str2 = "System TrustManager has verified the certificate chain";
        } else {
            str2 = "System TrustManager certificate chain verification skipped";
        }
        i.k("hs/FetchUtils", str2);
        X509Certificate x509Certificate = x509CertificateArr[0];
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        PublicKey publicKey = x509Certificate.getPublicKey();
        String name = subjectX500Principal.getName();
        String a4 = new c(name).a("CN");
        i.k("hs/FetchUtils", "cert[0] CN=" + a4 + "[" + name + "]");
        String format = publicKey.getFormat();
        byte[] encoded = publicKey.getEncoded();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(encoded);
            String c4 = a.c(messageDigest.digest(), 2);
            i.k("hs/FetchUtils", "cert[0] SPKI: format=" + format + " key=" + c4);
            int e4 = f9272b.get() ? f9274d.e(a4, c4) : f9274d.d(a4, c4);
            i.k("hs/FetchUtils", "KeyPinSet.hasPinnedKey(\"" + a4 + "\", *key) returned " + e4 + " :: " + g.k(e4));
            StringBuilder sb = new StringBuilder();
            sb.append("CN[\"");
            sb.append(a4);
            sb.append("\"]");
            String sb2 = sb.toString();
            if (e4 == 0) {
                i.k("hs/FetchUtils", "PinningTrustManager has verified cert[0]");
                return;
            }
            if (e4 == 2) {
                String str3 = sb2 + " is not found in our pin set";
                i.g("hs/FetchUtils", str3);
                throw new CertificateException(str3);
            }
            String str4 = sb2 + " found but with an invalid public key: Attack suspected";
            i.g("hs/FetchUtils", str4 + " INVALID-KEY=" + c4);
            throw new CertificateException(str4);
        } catch (NoSuchAlgorithmException e5) {
            String str5 = "Digest error: " + e5;
            i.o("hs/FetchUtils", str5);
            throw new CertificateException(str5);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        TrustManager trustManager = this.f9275a;
        return trustManager != null ? ((X509TrustManager) trustManager).getAcceptedIssuers() : new X509Certificate[0];
    }
}
