package com.getqardio.android.io.network;

import android.net.http.X509TrustManagerExtensions;
import android.util.Base64;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import timber.log.Timber;

/* loaded from: classes.dex */
public class PinningValidator {
    private static List<X509Certificate> trustedChain(X509TrustManagerExtensions x509TrustManagerExtensions, HttpsURLConnection httpsURLConnection) throws SSLException {
        Certificate[] serverCertificates = httpsURLConnection.getServerCertificates();
        try {
            return x509TrustManagerExtensions.checkServerTrusted((X509Certificate[]) Arrays.copyOf(serverCertificates, serverCertificates.length, X509Certificate[].class), "RSA", httpsURLConnection.getURL().getHost());
        } catch (CertificateException e) {
            throw new SSLException(e);
        }
    }

    public static void validatePinning(String str, X509TrustManagerExtensions x509TrustManagerExtensions, HttpsURLConnection httpsURLConnection, Set<String> set) throws SSLException {
        if ("oauth2.getqardio.com".equals(str) || "api.getqardio.com".equals(str)) {
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                String str2 = "";
                for (X509Certificate x509Certificate : trustedChain(x509TrustManagerExtensions, httpsURLConnection)) {
                    byte[] encoded = x509Certificate.getPublicKey().getEncoded();
                    messageDigest.update(encoded, 0, encoded.length);
                    String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
                    str2 = str2 + "    sha256/" + encodeToString + " : " + x509Certificate.getSubjectDN().toString() + "\n";
                    if (set.contains(encodeToString)) {
                        Timber.d("cert pinned!", new Object[0]);
                        return;
                    }
                }
                throw new SSLPeerUnverifiedException("Certificate pinning failure\n  Peer certificate chain:\n" + str2);
            } catch (Exception e) {
                Timber.d("cert not pinned!", new Object[0]);
                throw new SSLException(e);
            }
        }
    }
}
