package de.avm.efa.core.soap;

import de.avm.efa.api.exceptions.SslCertificateException;
import de.avm.efa.api.models.Fingerprint;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class p implements X509TrustManager {

    /* renamed from: e, reason: collision with root package name */
    private static final a f22623e = new a();

    /* renamed from: a, reason: collision with root package name */
    private X509TrustManager f22624a;

    /* renamed from: b, reason: collision with root package name */
    private dl.i f22625b;

    /* renamed from: c, reason: collision with root package name */
    private String f22626c;

    /* renamed from: d, reason: collision with root package name */
    private final el.e f22627d;

    /* loaded from: classes2.dex */
    private static class a {

        /* renamed from: a, reason: collision with root package name */
        X509Certificate[] f22628a;

        private a() {
            this.f22628a = null;
        }
    }

    public p(String str, dl.i iVar, el.e eVar) {
        this.f22624a = null;
        this.f22625b = null;
        if (eVar == null) {
            throw new IllegalArgumentException("The passed logger must not be null");
        }
        this.f22627d = eVar;
        if (iVar != null) {
            if (iVar.a() == null) {
                throw new IllegalArgumentException("Argument pinningStore must not return null on certificateFingerprintType().");
            }
            if (bm.i.b(str)) {
                throw new IllegalArgumentException("Argument host must not be empty.");
            }
            try {
                this.f22624a = c();
            } catch (Exception e10) {
                eVar.b("Failed to get trust manager for checking with CAs known by Android.");
                eVar.a(e10);
            }
            this.f22625b = iVar;
            this.f22626c = str;
        }
    }

    private boolean a() {
        return this.f22625b != null;
    }

    public static void b() {
        a aVar = f22623e;
        synchronized (aVar) {
            aVar.f22628a = null;
        }
    }

    private static X509TrustManager c() {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (X509TrustManager.class.isAssignableFrom(trustManager.getClass())) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new NoSuchAlgorithmException("No X509TrustManager for " + TrustManagerFactory.getDefaultAlgorithm());
    }

    private boolean d(X509Certificate[] x509CertificateArr) {
        List<Fingerprint> c10 = this.f22625b.c();
        if (c10 == null) {
            return false;
        }
        Fingerprint[] fingerprintArr = new Fingerprint[Fingerprint.Type.values().length];
        for (Fingerprint fingerprint : c10) {
            if (fingerprint != null) {
                int ordinal = fingerprint.b().ordinal();
                if (fingerprintArr[ordinal] == null) {
                    fingerprintArr[ordinal] = new Fingerprint(x509CertificateArr[0].getPublicKey(), fingerprint.b());
                }
                if (fingerprint.equals(fingerprintArr[ordinal])) {
                    return true;
                }
            }
        }
        return false;
    }

    private void e(X509Certificate[] x509CertificateArr) {
        dl.i iVar = this.f22625b;
        if (iVar != null) {
            Fingerprint r10 = iVar.r();
            if (r10 == null || !r10.equals(new Fingerprint(x509CertificateArr[0], r10.b()))) {
                this.f22625b.b(new Fingerprint(x509CertificateArr[0], this.f22625b.a()));
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        X509TrustManager x509TrustManager = this.f22624a;
        if (x509TrustManager != null) {
            x509TrustManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            throw new IllegalArgumentException("Certificate chain is empty or null");
        }
        if (!a()) {
            this.f22627d.b("checkServerTrusted: no checking");
            return;
        }
        if (d(x509CertificateArr)) {
            this.f22627d.b("checkServerTrusted: pinned");
            e(x509CertificateArr);
            return;
        }
        X509TrustManager x509TrustManager = this.f22624a;
        if (x509TrustManager == null) {
            this.f22627d.b("checkServerTrusted: not default trust manager");
            throw new SslCertificateException(x509CertificateArr);
        }
        try {
            x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            this.f22627d.b("checkServerTrusted: trusted by Android");
            if (!fp.d.f23967a.e(this.f22626c, x509CertificateArr[0])) {
                throw new SSLException(SslCertificateException.a(this.f22626c));
            }
            e(x509CertificateArr);
        } catch (CertificateEncodingException e10) {
            e = e10;
            this.f22627d.b("checkServerTrusted: failed checking");
            this.f22627d.a(e);
            throw e;
        } catch (CertificateParsingException e11) {
            e = e11;
            this.f22627d.b("checkServerTrusted: failed checking");
            this.f22627d.a(e);
            throw e;
        } catch (CertificateException e12) {
            e = e12;
            this.f22627d.b("checkServerTrusted: not trusted");
            this.f22627d.a(e);
            throw new SslCertificateException(x509CertificateArr, e);
        } catch (SSLException e13) {
            e = e13;
            this.f22627d.b("checkServerTrusted: not trusted");
            this.f22627d.a(e);
            throw new SslCertificateException(x509CertificateArr, e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr;
        if (this.f22624a == null) {
            return new X509Certificate[0];
        }
        a aVar = f22623e;
        synchronized (aVar) {
            if (aVar.f22628a == null) {
                aVar.f22628a = this.f22624a.getAcceptedIssuers();
            }
            x509CertificateArr = aVar.f22628a;
        }
        return x509CertificateArr;
    }
}
