package de.validio.cdand.model.api;

import android.util.Base64;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang3.ArrayUtils;

/* loaded from: classes2.dex */
public class PublicKeyPinningX509TrustManager implements X509TrustManager {
    private static final String[] PUB_KEY_PINS = {"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQ7odhLnoBMPC3C2GJoyefzy3TfNbxXQ8Mh70DLRjsOMwf7O41HybuAals4G7vQzgXtSSrV4sTe7JGz6TzZj43FT13Cs7/iBaD4vscHizpSXWIoo4bHdVWiEOu6zoZPU0uf4OUzgKq/DYTo2y/Z0QZ3/nGI0VPWwqga0izp7009K4e562OTq86Dpni9HC7dEhv1rwoKmCXPc1fMF34XM8gHhzfE7rS+PJNVnxoHLtDyMi0qBKEYRmPJ4Fm+O3VufpFhjAkNG87EWTsuRebNl89X0woCJqE67d54oX37p1feBoiafYhBvZ7HCLKRFqHaQnecYbEMsOXghtGb8Fs1WpQIDAQAB", "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbi9pYmOFh7lQGT8nXyVv7jPtxlGdSYsshcYj9ToWGVR1nURvqGvCbcay3esztR5r+Wvl9D14+zLaPXHoPBY6LqiGKJxtwLN/x58lDU5VlHbgkKzC+8JoTDxozQXxAIhcZq5n2Z/QKDOaAgLjYTen+8WcddHzFPlVA1nrrPEyeQJ9Oe6fTwfHpwhEJDlQMJy1Sjt66cSczNptrzxKwUHvjAk5tX/kiWiBBBnSRFZgQr2LEH7TGyXTQM3cpP4CuSj3Aa7oN9iGnM4TxvqMc2eZ2oe13nqwqEcpKhFPM/2c70MoKtTuR7+KBnvAkoqk/lX7kMVYk7qMuF4bdxmV/Wo5QIDAQAB", "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz55sCQ1qeICVd+0Tt9db89fLJyOcNI+9AT0GgY7hnI89Q3stdPlJvUU7jpwqc5SCQRvLPhhbhHbEDLymQ4DwnS5Lkit2Fwxz8T8ACHsPBqMWa4alhBH9LsVC9CSVWiCIV3FMz+BGOCu/pVsyrait0XYJrhglXCSF7gphRsPPatmHpHvDnopFUjjVzRrkA3WbbMeCCfdIkFm+rzArv2w7/Zzfk6P+lKELGRG0gbLJszbi0wPc3+OnuMBgV0cn3kK7jbXVnQ2gezFPgkJu5shFuOcZM/lte5aaWj4AHXzs2fqADdV+wingEx2p7e0VIi6EXtMy/NNmDHLnrjUXMhDSGwIDAQAB"};

    private void performDefaultTrustChecks(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
            }
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new CertificateException(e);
        }
    }

    private void performPublicKeyPinning(X509Certificate[] x509CertificateArr) throws CertificateException {
        String encodeToString = Base64.encodeToString(x509CertificateArr[0].getPublicKey().getEncoded(), 2);
        for (String str : PUB_KEY_PINS) {
            if (str.equalsIgnoreCase(encodeToString)) {
                return;
            }
        }
        throw new CertificateException("public key pinning failed");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (ArrayUtils.isEmpty(x509CertificateArr)) {
            throw new IllegalArgumentException("chain must not be empty or null");
        }
        if ("ECDHE_RSA".equalsIgnoreCase(str)) {
            performDefaultTrustChecks(x509CertificateArr, str);
            performPublicKeyPinning(x509CertificateArr);
        } else {
            throw new CertificateException("unsupported auth type " + str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        throw new UnsupportedOperationException();
    }
}
