package ata.core.clients;

import com.facebook.AppEventsConstants;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;

/* compiled from: RemoteClient.java */
/* loaded from: classes.dex */
class ATAPinningTrustManager implements X509TrustManager {
    private static final BrowserCompatHostnameVerifier verifier = new BrowserCompatHostnameVerifier();
    private final List<byte[]> fingerprints = new ArrayList();
    private final String hostname;
    private final TrustManager[] systemTrustManagers;

    public ATAPinningTrustManager(String str, String[] strArr) throws CertificateException {
        for (String str2 : strArr) {
            this.fingerprints.add(hexDecode(str2));
        }
        this.hostname = str;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            this.systemTrustManagers = trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new CertificateException(e);
        }
    }

    private static byte[] hexDecode(String str) {
        if (str.startsWith("0x")) {
            str = str.substring(2);
        }
        if (str.length() % 2 == 1) {
            str = AppEventsConstants.EVENT_PARAM_VALUE_NO + str;
        }
        byte[] bArr = new byte[str.length() / 2];
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = (byte) Integer.parseInt(str.substring(i * 2, (i * 2) + 2), 16);
        }
        return bArr;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        for (TrustManager trustManager : this.systemTrustManagers) {
            ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
        }
        try {
            verifier.verify(this.hostname, x509CertificateArr[0]);
            for (X509Certificate x509Certificate : x509CertificateArr) {
                byte[] digest = MessageDigest.getInstance("SHA-256").digest(x509Certificate.getEncoded());
                Iterator<byte[]> it = this.fingerprints.iterator();
                while (it.hasNext()) {
                    if (Arrays.equals(digest, it.next())) {
                        return;
                    }
                }
            }
            throw new CertificateException("Certificate chain does not match any pins");
        } catch (NoSuchAlgorithmException e) {
            throw new CertificateException(e);
        } catch (SSLException e2) {
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
