package com.datatheorem.android.trustkit.pinning;

import android.net.http.X509TrustManagerExtensions;
import androidx.annotation.NonNull;
import androidx.annotation.RequiresApi;
import com.datatheorem.android.trustkit.config.DomainPinningPolicy;
import com.datatheorem.android.trustkit.config.PublicKeyPin;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
@RequiresApi(api = 17)
/* loaded from: classes5.dex */
public class PinningTrustManager implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    private final X509TrustManagerExtensions f2975a;

    /* renamed from: b, reason: collision with root package name */
    private final String f2976b;

    /* renamed from: c, reason: collision with root package name */
    private final DomainPinningPolicy f2977c;

    public PinningTrustManager(@NonNull String str, @NonNull DomainPinningPolicy domainPinningPolicy, @NonNull X509TrustManager x509TrustManager) {
        this.f2976b = str;
        this.f2977c = domainPinningPolicy;
        this.f2975a = new X509TrustManagerExtensions(x509TrustManager);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("Client certificates not supported!");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z2;
        boolean z3;
        List<X509Certificate> list;
        List<X509Certificate> asList = Arrays.asList(x509CertificateArr);
        boolean z4 = !OkHostnameVerifier.f2974a.b(this.f2976b, x509CertificateArr[0]);
        try {
            list = this.f2975a.checkServerTrusted(x509CertificateArr, str, this.f2976b);
            z2 = z4;
            z3 = false;
        } catch (CertificateException e2) {
            if (e2.getMessage().startsWith("Pin verification failed")) {
                z2 = z4;
                z3 = true;
            } else {
                z2 = true;
                z3 = false;
            }
            list = asList;
        }
        if (z2 || z3) {
            PinningValidationResult pinningValidationResult = PinningValidationResult.FAILED;
            if (z2) {
                pinningValidationResult = PinningValidationResult.FAILED_CERTIFICATE_CHAIN_NOT_TRUSTED;
            }
            TrustManagerBuilder.a().c(this.f2976b, 0, asList, list, this.f2977c, pinningValidationResult);
        }
        if (z2) {
            throw new CertificateException("Certificate validation failed for " + this.f2976b);
        }
        if (z3 && this.f2977c.d()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Pin verification failed");
            sb.append("\n  Configured pins: ");
            Iterator<PublicKeyPin> it2 = this.f2977c.b().iterator();
            while (it2.hasNext()) {
                sb.append(it2.next());
                sb.append(" ");
            }
            sb.append("\n  Peer certificate chain: ");
            for (X509Certificate x509Certificate : list) {
                sb.append("\n    ");
                sb.append(new PublicKeyPin(x509Certificate));
                sb.append(" - ");
                sb.append(x509Certificate.getSubjectDN());
            }
            throw new CertificateException(sb.toString());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
