package com.iplum.android.iplumcore.security;

import android.annotation.SuppressLint;
import android.content.Context;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class PlumTrustManager implements X509TrustManager {
    private static final String TAG = "PlumTrustManager";
    private static Context context;

    @SuppressLint({"UseSparseArrays"})
    public static final Map<String, String[]> pinset = new HashMap();

    static {
        pinset.put("*.mobiplum.com", new String[]{"63e41e8fe450017dc542e8de9733088e23cfc700139556e4966b098e779b39ea", "68513a85c9e60d82686c5e48f5d5ef33e368deb8a163571d1b282155b10b4adb"});
        pinset.put("*.iplum.com", new String[]{"517bc6776e976d6ff619d72b71302bde94905b330d75cf7508cb2df94f5428f3", "3337d20a6cc23f28e3e070d6e9cb9240d50b4c7b8a3be301b7736b26c4d0a14c"});
    }

    public PlumTrustManager(Context context2) {
        context = context2;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate array is null");
        }
        if (x509CertificateArr.length <= 0) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate is empty");
        }
        if (str == null || !(str.equalsIgnoreCase("ECDHE_RSA") || str.equalsIgnoreCase("DHE_RSA") || str.equalsIgnoreCase("RSA"))) {
            throw new CertificateException("checkServerTrusted: AuthType is not RSA, it came as = " + str);
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(PlumTrustStore.loadTrustKeyStore(context));
            boolean z = false;
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
            }
            String valByAttributeTypeFromDN = CertUtils.getValByAttributeTypeFromDN(x509CertificateArr[0].getSubjectDN().getName(), "CN");
            String[] strArr = pinset.containsKey(valByAttributeTypeFromDN) ? pinset.get(valByAttributeTypeFromDN) : null;
            int length = x509CertificateArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String computeSHA256Hash = CryptoUtils.computeSHA256Hash(new BigInteger(1, ((RSAPublicKey) x509CertificateArr[i].getPublicKey()).getEncoded()).toString(16));
                if (strArr != null && Arrays.asList(strArr).contains(computeSHA256Hash)) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                throw new CertificateException("checkServerTrusted: public key pinning failed");
            }
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
