package com.samsung.android.knox.efota.network.certificate;

import android.net.http.X509TrustManagerExtensions;
import android.util.Log;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class c extends g {

    /* renamed from: b, reason: collision with root package name */
    public final e f3388b;

    /* renamed from: c, reason: collision with root package name */
    public final String f3389c;

    /* renamed from: d, reason: collision with root package name */
    public final ArrayList f3390d;

    public c(a aVar, String str, ArrayList arrayList, h hVar) {
        super(hVar);
        this.f3388b = aVar;
        this.f3389c = str;
        this.f3390d = arrayList;
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        com.samsung.android.knox.efota.unenroll.c.n(x509CertificateArr, "chain");
        o5.e.a("CertificatePinning", "CustomTrustManager [endpointUrl:" + this.f3389c + "] --check CLIENT Trusted--");
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        com.samsung.android.knox.efota.unenroll.c.n(x509CertificateArr, "chain");
        ArrayList arrayList = this.f3390d;
        boolean isEmpty = arrayList.isEmpty();
        e eVar = this.f3388b;
        String str2 = this.f3389c;
        if (isEmpty) {
            o5.e.a("CertificatePinning", "CustomTrustManager [endpointUrl:" + str2 + "] --check SERVER Trusted-- SERVER IS NOT TRUSTED. NO CERT FOR " + str2);
            ((a) eVar).a();
            throw new CertificateException(t.h.c("[pinning] No trusted certificate for : ", str2));
        }
        if (x509CertificateArr.length == 0) {
            ((a) eVar).a();
            throw new IllegalArgumentException("[pinning] This server does not provide a certificate chain");
        }
        try {
            o5.e.a("CertificatePinning", "CustomTrustManager [endpointUrl:" + str2 + "] --check SERVER Trusted-- ...... performing customary SSL/TLS checks...");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            com.samsung.android.knox.efota.unenroll.c.m(trustManagerFactory, "getInstance(X509_ALGORITHM)");
            List<X509Certificate> list = null;
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            com.samsung.android.knox.efota.unenroll.c.m(trustManagers, "makeTrustManager().trustManagers");
            int length = trustManagers.length;
            int i10 = 0;
            while (i10 < length) {
                TrustManager trustManager = trustManagers[i10];
                h hVar = this.f3395a;
                com.samsung.android.knox.efota.unenroll.c.j(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                hVar.getClass();
                i10++;
                list = new X509TrustManagerExtensions((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str, str2);
            }
            if (list == null || list.isEmpty()) {
                ((a) eVar).a();
                o5.e.a("CertificatePinning", "CustomTrustManager [endpointUrl:" + str2 + "] --check SERVER Trusted-- ...... SERVER DOES NOT PROVIDE A CERTIFICATE CHAIN!");
                throw new IllegalArgumentException("[pinning] This server does not provide a certificate chain");
            }
            final PublicKey publicKey = list.get(0).getPublicKey();
            com.samsung.android.knox.efota.unenroll.c.m(publicKey, "cleanCerts.let {\n       …it[0].publicKey\n        }");
            boolean anyMatch = arrayList.stream().anyMatch(new com.samsung.android.knox.efota.abupdate.h(1, new b7.b() { // from class: com.samsung.android.knox.efota.network.certificate.CustomTrustManager$isMatch$isMatch$1
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(1);
                }

                @Override // b7.b
                public final Object n(Object obj) {
                    String str3 = (String) obj;
                    c cVar = c.this;
                    com.samsung.android.knox.efota.unenroll.c.m(str3, "it");
                    cVar.getClass();
                    return Boolean.valueOf(g.a(str3).getPublicKey().equals(publicKey));
                }
            }));
            o5.e.a("CertificatePinning", "Certificate chain match is " + anyMatch);
            if (anyMatch) {
                return;
            }
            ((a) eVar).a();
            String str3 = "CustomTrustManager [endpointUrl:" + str2 + "] --check SERVER Trusted-- ...... SERVER IS NOT TRUSTED!";
            if (str3 == null) {
                str3 = "";
            }
            String concat = "## KFM Agent ## ".concat(str3);
            com.samsung.android.knox.efota.common.log.a.f2836a.f("CertificatePinning---" + concat);
            Log.e("CertificatePinning", concat);
            throw new CertificateException("[pinning] This server does not have the correct certificate");
        } catch (Exception e10) {
            ((a) eVar).a();
            o5.e.a("CertificatePinning", "CustomTrustManager [endpointUrl:" + str2 + "] --check SERVER Trusted-- exception when performing customary SSL/TLS check! : " + e10.getMessage());
            StringBuilder sb = new StringBuilder("CustomTrustManager [endpointUrl:");
            sb.append(str2);
            sb.append("] --check SERVER Trusted-- ...... SERVER IS NOT TRUSTED! failed customary SSL/TLS check!");
            o5.e.a("CertificatePinning", sb.toString());
            throw new CertificateException("[pinning] Server certificate does not pass SSL/TLS check");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        o5.e.a("CertificatePinning", "CustomTrustManager [endpointUrl:" + this.f3389c + "] --getAcceptedIssuers--");
        return new X509Certificate[0];
    }
}
