package com.webtrekk.webtrekksdk.Utils;

import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import android.util.Base64;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class PinConnectionValidator {

    /* renamed from: a, reason: collision with root package name */
    public final Set<String> f5531a;

    /* renamed from: b, reason: collision with root package name */
    public c f5532b = b();

    /* loaded from: classes.dex */
    public class a implements c {

        /* renamed from: a, reason: collision with root package name */
        public X509TrustManagerExtensions f5533a;

        /* renamed from: b, reason: collision with root package name */
        public final /* synthetic */ X509TrustManager f5534b;

        public a(PinConnectionValidator pinConnectionValidator, X509TrustManager x509TrustManager) {
            this.f5534b = x509TrustManager;
            this.f5533a = new X509TrustManagerExtensions(this.f5534b);
        }

        @Override // com.webtrekk.webtrekksdk.Utils.PinConnectionValidator.c
        public List<X509Certificate> a(X509Certificate[] x509CertificateArr, String str, String str2) {
            return this.f5533a.checkServerTrusted(x509CertificateArr, str, str2);
        }
    }

    /* loaded from: classes.dex */
    public class b implements c {
        public b(PinConnectionValidator pinConnectionValidator) {
        }

        @Override // com.webtrekk.webtrekksdk.Utils.PinConnectionValidator.c
        public List<X509Certificate> a(X509Certificate[] x509CertificateArr, String str, String str2) {
            throw new CertificateException("No valid certificate checker");
        }
    }

    /* loaded from: classes.dex */
    public interface c {
        List<X509Certificate> a(X509Certificate[] x509CertificateArr, String str, String str2);
    }

    public PinConnectionValidator(Set<String> set) {
        this.f5531a = set;
    }

    public final List<X509Certificate> a(HttpsURLConnection httpsURLConnection) {
        Certificate[] serverCertificates = httpsURLConnection.getServerCertificates();
        try {
            return this.f5532b.a((X509Certificate[]) Arrays.copyOf(serverCertificates, serverCertificates.length, X509Certificate[].class), "RSA", httpsURLConnection.getURL().getHost());
        } catch (CertificateException e2) {
            throw new SSLException(e2);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:18:0x003d A[ORIG_RETURN, RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:7:0x0028  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final javax.net.ssl.X509TrustManager a() {
        /*
            r6 = this;
            java.lang.String r0 = "Trust"
            r1 = 0
            java.lang.String r2 = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()     // Catch: java.security.KeyStoreException -> L13 java.security.NoSuchAlgorithmException -> L1d
            javax.net.ssl.TrustManagerFactory r2 = javax.net.ssl.TrustManagerFactory.getInstance(r2)     // Catch: java.security.KeyStoreException -> L13 java.security.NoSuchAlgorithmException -> L1d
            r2.init(r1)     // Catch: java.security.KeyStoreException -> Lf java.security.NoSuchAlgorithmException -> L11
            goto L26
        Lf:
            r3 = move-exception
            goto L15
        L11:
            r3 = move-exception
            goto L1f
        L13:
            r3 = move-exception
            r2 = r1
        L15:
            java.lang.String r4 = r3.getMessage()
            android.util.Log.e(r0, r4, r3)
            goto L26
        L1d:
            r3 = move-exception
            r2 = r1
        L1f:
            java.lang.String r4 = r3.getMessage()
            android.util.Log.e(r0, r4, r3)
        L26:
            if (r2 == 0) goto L3d
            javax.net.ssl.TrustManager[] r0 = r2.getTrustManagers()
            int r2 = r0.length
            r3 = 0
        L2e:
            if (r3 >= r2) goto L3d
            r4 = r0[r3]
            boolean r5 = r4 instanceof javax.net.ssl.X509TrustManager
            if (r5 == 0) goto L3a
            r1 = r4
            javax.net.ssl.X509TrustManager r1 = (javax.net.ssl.X509TrustManager) r1
            goto L3d
        L3a:
            int r3 = r3 + 1
            goto L2e
        L3d:
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.webtrekk.webtrekksdk.Utils.PinConnectionValidator.a():javax.net.ssl.X509TrustManager");
    }

    public final c b() {
        X509TrustManager a2 = a();
        return (a2 == null || Build.VERSION.SDK_INT < 17) ? new b(this) : new a(this, a2);
    }

    public void validatePinning(HttpsURLConnection httpsURLConnection) {
        Set<String> set = this.f5531a;
        if (set == null || set.isEmpty()) {
            WebtrekkLogging.log("PinConnectionValidator: Warning - No public pins provided. Pinning will be ignored.");
            return;
        }
        StringBuilder sb = new StringBuilder();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            for (X509Certificate x509Certificate : a(httpsURLConnection)) {
                byte[] encoded = x509Certificate.getPublicKey().getEncoded();
                messageDigest.update(encoded, 0, encoded.length);
                String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
                sb.append("    sha256/");
                sb.append(encodeToString);
                sb.append(" : ");
                sb.append(x509Certificate.getPublicKey().toString());
                sb.append("\n");
                if (this.f5531a.contains(encodeToString)) {
                    return;
                }
            }
            throw new SSLPeerUnverifiedException("Certificate pinning failure\n  Peer certificate chain:\n" + ((Object) sb));
        } catch (NoSuchAlgorithmException e2) {
            throw new SSLException(e2);
        }
    }
}
