package com.payoneermobilessl.utils;

import android.util.Base64;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
class PayoneerTrustManager implements X509TrustManager {
    private String commonName;
    private String rootPublicKey;
    private X509Certificate[] systemTrustedCertificates;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PayoneerTrustManager(String str, String str2) throws NoSuchAlgorithmException, KeyStoreException {
        this.commonName = str;
        this.rootPublicKey = str2;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                this.systemTrustedCertificates = ((X509TrustManager) trustManager).getAcceptedIssuers();
                return;
            }
        }
    }

    private X509Certificate[] completeCertificatesChainWithRoot(X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2;
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        X509Certificate[] x509CertificateArr3 = (X509Certificate[]) Arrays.copyOf(x509CertificateArr, x509CertificateArr.length);
        for (X509Certificate x509Certificate2 : this.systemTrustedCertificates) {
            try {
                x509Certificate.verify(x509Certificate2.getPublicKey());
                x509CertificateArr2 = (X509Certificate[]) Arrays.copyOf(x509CertificateArr, x509CertificateArr.length + 1);
            } catch (Exception unused) {
            }
            try {
                x509CertificateArr2[x509CertificateArr2.length - 1] = x509Certificate2;
                return x509CertificateArr2;
            } catch (Exception unused2) {
                x509CertificateArr3 = x509CertificateArr2;
            }
        }
        return x509CertificateArr3;
    }

    private String getCNfromCertificate(X509Certificate x509Certificate) {
        String str = "";
        for (String str2 : x509Certificate.getSubjectDN().getName().split(",")) {
            if (str2.startsWith("CN=")) {
                str = str2.replace("CN=", "");
            }
        }
        return str;
    }

    private List<String> getCertificateCNandSANS(X509Certificate x509Certificate) throws CertificateParsingException {
        ArrayList arrayList = new ArrayList();
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            for (List<?> list : subjectAlternativeNames) {
                if (((Integer) list.get(0)).intValue() == 2) {
                    arrayList.add((String) list.get(1));
                }
            }
        }
        arrayList.add(getCNfromCertificate(x509Certificate));
        return arrayList;
    }

    private String getCertificatePublicKey(X509Certificate x509Certificate) {
        return Base64.encodeToString(x509Certificate.getPublicKey().getEncoded(), 2);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509Certificate[] completeCertificatesChainWithRoot = completeCertificatesChainWithRoot(x509CertificateArr);
        boolean contains = getCertificateCNandSANS(completeCertificatesChainWithRoot[0]).contains(this.commonName);
        boolean equals = this.rootPublicKey.equals(getCertificatePublicKey(completeCertificatesChainWithRoot[completeCertificatesChainWithRoot.length - 1]));
        if (!contains || !equals) {
            throw new CertificateException("Certificates chain validation error");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
