package com.cerebralfix.iaparentapplib.web;

import android.content.Context;
import android.util.Log;
import com.cerebralfix.iaparentapplib.MainActivityLib;
import com.cerebralfix.iaparentapplib.R;
import com.cerebralfix.iaparentapplib.data.DataManager;
import com.cerebralfix.iaparentapplib.jni.RESTClient_JNI;
import com.mobilenetwork.referralstore.DMNReferralStoreConstants;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class PinningTrustManager implements X509TrustManager {
    private final Set<X509Certificate> cache = Collections.synchronizedSet(new HashSet());
    HashMap<String, HashMap<String, String>> m_pins;

    public PinningTrustManager(HashMap<String, HashMap<String, String>> hashMap) {
        this.m_pins = hashMap;
    }

    private static String byteToHex(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            String format = String.format("%02x", Byte.valueOf(b));
            if (format.length() == 1) {
                sb.append("0");
            }
            sb.append(format);
        }
        return sb.toString();
    }

    private void checkPinTrust(X509Certificate[] x509CertificateArr) throws CertificateException {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (isValidPin(x509Certificate)) {
                return;
            }
        }
        handleFailure();
        throw new CertificateException("No valid pinned certificates found");
    }

    private String getCnFromCertificateDn(String str) {
        for (String str2 : str.split(",")) {
            if (str2.contains("CN=")) {
                return str2.trim().replace("CN=", "");
            }
        }
        return "";
    }

    private void handleFailure() {
        if (RESTClient.canMakeNewRequests()) {
            RESTClient.disableNewRequests();
            MainActivityLib.GetInstance().runOnUiThread(new Runnable() { // from class: com.cerebralfix.iaparentapplib.web.PinningTrustManager.1
                @Override // java.lang.Runnable
                public void run() {
                    HashMap hashMap = new HashMap();
                    Context IAApplicationContext = MainActivityLib.IAApplicationContext();
                    hashMap.put("title", IAApplicationContext.getString(R.string.LIB_check_for_updates));
                    hashMap.put(DMNReferralStoreConstants.DMO_ANALYTICS_MESSAGE_KEY, IAApplicationContext.getString(R.string.LIB_check_for_updates_message));
                    DataManager.getInstance().dispatchEvent(DataManager.EVT_DisplaySSLFailureDialog, hashMap);
                }
            });
        }
    }

    private boolean isValidPin(X509Certificate x509Certificate) throws CertificateException {
        byte[] encoded = x509Certificate.getPublicKey().getEncoded();
        byte[] copyOfRange = Arrays.copyOfRange(encoded, 24, encoded.length);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            String byteToHex = byteToHex(messageDigest.digest(copyOfRange));
            String byteToHex2 = byteToHex(messageDigest.digest(x509Certificate.getEncoded()));
            HashMap<String, String> hashMap = this.m_pins.get(getCnFromCertificateDn(x509Certificate.getSubjectX500Principal().getName()));
            if (!RESTClient_JNI.isCertificatePinningEnabled()) {
                Log.d("PinningTrustManager.isValidPin", "WARNING: Certificate pinning is disabled. Remember to re-enable it for the store build.");
                return true;
            }
            if (hashMap == null) {
                return true;
            }
            String str = hashMap.get("SubjectHash");
            String str2 = hashMap.get("CertificateHash");
            String str3 = hashMap.get("PinningMode");
            boolean equals = str.equals(byteToHex);
            if (str2.equals(byteToHex2)) {
                return true;
            }
            if ((equals && (str3.equals("PERMISSIVE") || str3.equals("ADVISORY"))) || str3.equals("ADVISORY")) {
                return true;
            }
            handleFailure();
            return false;
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            handleFailure();
            throw new CertificateException(e);
        } catch (CertificateEncodingException e2) {
            e2.printStackTrace();
            handleFailure();
            throw new CertificateException(e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.cache.contains(x509CertificateArr[0])) {
            return;
        }
        checkPinTrust(x509CertificateArr);
        this.cache.add(x509CertificateArr[0]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
