package com.bestpay.android.networkbase.util.https;

import android.text.TextUtils;
import io.dcloud.common.DHInterface.IApp;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import net.lingala.zip4j.crypto.PBKDF2.BinTools;

/* loaded from: classes.dex */
public class BestpayX509TrustManager implements X509TrustManager {
    private X509TrustManager defaultX509Manager;
    private boolean isIllegal = true;
    private boolean is_Ssl;

    public BestpayX509TrustManager(boolean z) throws NoSuchAlgorithmException, KeyStoreException {
        this.is_Ssl = z;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length == 0) {
            throw new NoSuchAlgorithmException("no trust manager found!");
        }
        this.defaultX509Manager = (X509TrustManager) trustManagers[0];
    }

    public static String bytesToHex(byte[] bArr) {
        char[] charArray = BinTools.hex.toCharArray();
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & IApp.ABS_PRIVATE_WWW_DIR_APP_MODE;
            int i3 = i * 2;
            cArr[i3] = charArray[i2 >>> 4];
            cArr[i3 + 1] = charArray[i2 & 15];
        }
        return new String(cArr);
    }

    private String getFingerPrint(X509Certificate x509Certificate) {
        try {
            return bytesToHex(MessageDigest.getInstance("SHA-256").digest(x509Certificate.getEncoded()));
        } catch (NoSuchAlgorithmException | CertificateEncodingException unused) {
            return null;
        }
    }

    private boolean isIllegal(String str) {
        List<String> fingerPrintByHost = FingerPrintsCache.getInstance().getFingerPrintByHost("bestpay.com.cn");
        List<String> fingerPrintByHost2 = FingerPrintsCache.getInstance().getFingerPrintByHost("bestpay.net");
        List<String> fingerPrintByHost3 = FingerPrintsCache.getInstance().getFingerPrintByHost("bestpay.cn");
        ArrayList<String> arrayList = new ArrayList();
        if (fingerPrintByHost != null && fingerPrintByHost.size() > 0) {
            arrayList.addAll(fingerPrintByHost);
        }
        if (fingerPrintByHost2 != null && fingerPrintByHost2.size() > 0) {
            arrayList.addAll(fingerPrintByHost2);
        }
        if (fingerPrintByHost3 != null && fingerPrintByHost3.size() > 0) {
            arrayList.addAll(fingerPrintByHost3);
        }
        if (arrayList.size() > 0) {
            for (String str2 : arrayList) {
                if (!TextUtils.isEmpty(str) && str.equalsIgnoreCase(str2)) {
                    this.isIllegal = false;
                    return false;
                }
            }
        }
        return this.isIllegal;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.is_Ssl) {
            this.defaultX509Manager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.is_Ssl) {
            this.defaultX509Manager.checkServerTrusted(x509CertificateArr, str);
            if (isIllegal(getFingerPrint(x509CertificateArr[0]))) {
                throw new CertificateException();
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.is_Ssl ? this.defaultX509Manager.getAcceptedIssuers() : new X509Certificate[0];
    }

    public void setIs_Ssl(boolean z) {
        this.is_Ssl = z;
    }
}
