package pt.inm.jscml.utils.security.pinning;

import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import pt.inm.jscml.utils.DLog;

/* loaded from: classes.dex */
public class PinningTrustManager implements X509TrustManager {
    static final String[] allowedAuthTypes = {"SSL", "RSA", "ECDHE_RSA", "ECDHE_ECDSA"};
    private PinnedEndpointStrategyBase middlewareCertificatePinningStrategy;

    private static boolean isAllowedAuthType(String str) {
        for (String str2 : allowedAuthTypes) {
            if (str2.equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    private static String listSupportedAuthTypes() {
        StringBuilder sb = new StringBuilder();
        for (String str : allowedAuthTypes) {
            sb.append(str);
            sb.append(";");
        }
        return sb.toString();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate array is null");
        }
        if (x509CertificateArr.length <= 0) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate is empty");
        }
        if (str == null || !isAllowedAuthType(str)) {
            String format = String.format("checkServerTrusted: AuthType is %s. Supported types: %s", str, listSupportedAuthTypes());
            DLog.e("PINNING_DEBUG", format);
            throw new CertificateException(format);
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
            }
            if (x509CertificateArr[0].getSubjectDN().getName().contains("CN=www.jogossantacasa.pt")) {
                PinnedEndpointStrategyBase middlewareCertificatePinningStrategy = getMiddlewareCertificatePinningStrategy();
                if (middlewareCertificatePinningStrategy == null) {
                    throw new CertificateException("Unsupported DN");
                }
                middlewareCertificatePinningStrategy.performPinning(x509CertificateArr);
            }
        } catch (Exception e) {
            DLog.e("PINNING_DEBUG", e.getMessage());
            throw new CertificateException(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    public PinnedEndpointStrategyBase getMiddlewareCertificatePinningStrategy() {
        return this.middlewareCertificatePinningStrategy;
    }

    public void setMiddlewareCertificatePinningStrategy(PinnedEndpointStrategyBase pinnedEndpointStrategyBase) {
        this.middlewareCertificatePinningStrategy = pinnedEndpointStrategyBase;
    }
}
