package com.datatheorem.android.trustkit.pinning;

import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import com.datatheorem.android.trustkit.config.DomainPinningPolicy;
import com.datatheorem.android.trustkit.config.PublicKeyPin;
import com.datatheorem.android.trustkit.reporting.BackgroundReporter;
import defpackage.af0;
import defpackage.xm1;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class a implements X509TrustManager {
    public final X509TrustManagerExtensions a;
    public final String b;
    public final DomainPinningPolicy c;

    public a(String str, DomainPinningPolicy domainPinningPolicy, X509TrustManager x509TrustManager) {
        this.b = str;
        this.c = domainPinningPolicy;
        this.a = new X509TrustManagerExtensions(x509TrustManager);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        throw new CertificateException("Client certificates not supported!");
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        List<X509Certificate> list;
        boolean z;
        boolean z2;
        boolean z3;
        List<X509Certificate> asList = Arrays.asList(x509CertificateArr);
        X509Certificate x509Certificate = x509CertificateArr[0];
        String str2 = this.b;
        boolean z4 = !xm1.b(str2, x509Certificate);
        try {
            list = this.a.checkServerTrusted(x509CertificateArr, str, str2);
        } catch (CertificateException e) {
            if (Build.VERSION.SDK_INT < 24 || !e.getMessage().startsWith("Pin verification failed")) {
                z4 = true;
                list = asList;
            } else {
                z = z4;
                list = asList;
                z2 = true;
            }
        }
        z2 = false;
        z = z4;
        int i = Build.VERSION.SDK_INT;
        DomainPinningPolicy domainPinningPolicy = this.c;
        if (i < 24 && !z) {
            if (!(domainPinningPolicy.getExpirationDate() != null && domainPinningPolicy.getExpirationDate().compareTo(new Date()) < 0)) {
                Set<PublicKeyPin> publicKeyPins = domainPinningPolicy.getPublicKeyPins();
                Iterator<X509Certificate> it = list.iterator();
                while (true) {
                    if (it.hasNext()) {
                        if (publicKeyPins.contains(new PublicKeyPin(it.next()))) {
                            z3 = true;
                            break;
                        }
                    } else {
                        z3 = false;
                        break;
                    }
                }
                z2 = !z3;
            }
        }
        if (z || z2) {
            PinningValidationResult pinningValidationResult = PinningValidationResult.FAILED;
            if (z) {
                pinningValidationResult = PinningValidationResult.FAILED_CERTIFICATE_CHAIN_NOT_TRUSTED;
            }
            PinningValidationResult pinningValidationResult2 = pinningValidationResult;
            BackgroundReporter backgroundReporter = TrustManagerBuilder.backgroundReporter;
            if (backgroundReporter == null) {
                throw new IllegalStateException("TrustManagerBuilder has not been initialized");
            }
            backgroundReporter.pinValidationFailed(this.b, 0, asList, list, this.c, pinningValidationResult2);
        }
        if (z) {
            throw new CertificateException(af0.y("Certificate validation failed for ", str2));
        }
        if (z2 && domainPinningPolicy.shouldEnforcePinning()) {
            StringBuilder sb = new StringBuilder("Pin verification failed\n  Configured pins: ");
            Iterator<PublicKeyPin> it2 = domainPinningPolicy.getPublicKeyPins().iterator();
            while (it2.hasNext()) {
                sb.append(it2.next());
                sb.append(" ");
            }
            sb.append("\n  Peer certificate chain: ");
            for (X509Certificate x509Certificate2 : list) {
                sb.append("\n    ");
                sb.append(new PublicKeyPin(x509Certificate2));
                sb.append(" - ");
                sb.append(x509Certificate2.getSubjectDN());
            }
            throw new CertificateException(sb.toString());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
