package com.commonsware.cwac.netsecurity.config;

import com.commonsware.cwac.netsecurity.conscrypt.TrustManagerImpl;
import com.commonsware.cwac.netsecurity.luni.X509ExtendedTrustManager;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes.dex */
public class NetworkSecurityTrustManager extends X509ExtendedTrustManager {

    /* renamed from: a, reason: collision with root package name */
    public final TrustManagerImpl f2067a;
    public final NetworkSecurityConfig b;

    /* renamed from: c, reason: collision with root package name */
    public final Object f2068c = new Object();
    public X509Certificate[] d;

    public NetworkSecurityTrustManager(NetworkSecurityConfig networkSecurityConfig) {
        if (networkSecurityConfig == null) {
            throw new NullPointerException("config must not be null");
        }
        this.b = networkSecurityConfig;
        try {
            TrustedCertificateStoreAdapter trustedCertificateStoreAdapter = new TrustedCertificateStoreAdapter(networkSecurityConfig);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            this.f2067a = new TrustManagerImpl(keyStore, trustedCertificateStoreAdapter);
        } catch (IOException | GeneralSecurityException e2) {
            throw new RuntimeException(e2);
        }
    }

    public final void a(List list) {
        boolean z2;
        NetworkSecurityConfig networkSecurityConfig = this.b;
        PinSet pinSet = networkSecurityConfig.f2061a;
        if (pinSet.b.isEmpty() || System.currentTimeMillis() > pinSet.f2072a) {
            return;
        }
        if (list.isEmpty()) {
            z2 = false;
        } else {
            TrustAnchor a2 = networkSecurityConfig.a((X509Certificate) list.get(list.size() - 1));
            if (a2 == null) {
                throw new CertificateException("Trusted chain does not end in a TrustAnchor");
            }
            z2 = !a2.b;
        }
        if (z2) {
            HashSet hashSet = new HashSet();
            Set set = pinSet.b;
            Iterator it = set.iterator();
            while (it.hasNext()) {
                hashSet.add(((Pin) it.next()).f2069a);
            }
            HashMap hashMap = new HashMap(hashSet.size());
            for (int size = list.size() - 1; size >= 0; size--) {
                byte[] encoded = ((X509Certificate) list.get(size)).getPublicKey().getEncoded();
                Iterator it2 = hashSet.iterator();
                while (it2.hasNext()) {
                    String str = (String) it2.next();
                    MessageDigest messageDigest = (MessageDigest) hashMap.get(str);
                    if (messageDigest == null) {
                        try {
                            messageDigest = MessageDigest.getInstance(str);
                            hashMap.put(str, messageDigest);
                        } catch (GeneralSecurityException e2) {
                            throw new RuntimeException(e2);
                        }
                    }
                    if (set.contains(new Pin(str, messageDigest.digest(encoded)))) {
                        return;
                    }
                }
            }
            throw new CertificateException("Pin verification failed");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        this.f2067a.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        a(this.f2067a.b(x509CertificateArr, str, null, false));
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr;
        synchronized (this.f2068c) {
            try {
                if (this.d == null) {
                    HashSet hashSet = (HashSet) this.b.c();
                    X509Certificate[] x509CertificateArr2 = new X509Certificate[hashSet.size()];
                    Iterator it = hashSet.iterator();
                    int i = 0;
                    while (it.hasNext()) {
                        x509CertificateArr2[i] = ((TrustAnchor) it.next()).f2078a;
                        i++;
                    }
                    this.d = x509CertificateArr2;
                }
                x509CertificateArr = (X509Certificate[]) this.d.clone();
            } catch (Throwable th) {
                throw th;
            }
        }
        return x509CertificateArr;
    }
}
