package defpackage;

import android.util.Base64;
import com.paypal.android.foundation.core.DesignByContract;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* compiled from: PinningTrustManager.java */
/* renamed from: Xab, reason: case insensitive filesystem */
/* loaded from: classes2.dex */
public class C2365Xab implements X509TrustManager {
    public static final C1067Kbb a = C1067Kbb.a(C2365Xab.class);
    public static final String[] b = {"25b41b506e4930952823a6eb9f1d31def645ea38a5c6c6a96d71957e384df058", "5a889647220e54d6bd8a16817224520bb5c78e58984bd570506388b9de0f075f", "967b0cd93fcef7f27ce2c245767ae9b05a776b0649f9965b6290968469686872", "59df317bfa9f4f0ab7ca514d7772296aa2c765b87664d08b96e57399e364729c", "8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26"};
    public static List<String> c = null;
    public TrustManager[] f;
    public AbstractC2567Zab h;
    public final List<byte[]> d = new LinkedList();
    public final Set<X509Certificate> e = Collections.synchronizedSet(new HashSet());
    public C2467Yab g = C2467Yab.a();

    public C2365Xab() {
        C2467Yab c2467Yab = this.g;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(c2467Yab.b);
            this.f = trustManagerFactory.getTrustManagers();
            for (String str : b) {
                List<byte[]> list = this.d;
                int length = str.length();
                byte[] bArr = new byte[length / 2];
                for (int i = 0; i < length; i += 2) {
                    bArr[i / 2] = (byte) (Character.digit(str.charAt(i + 1), 16) + (Character.digit(str.charAt(i), 16) << 4));
                }
                list.add(bArr);
            }
            this.h = C0562Fab.f;
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public final void a(List<String> list, List<String> list2, String str) {
        AbstractC2567Zab abstractC2567Zab = this.h;
        if (abstractC2567Zab != null) {
            if (list != null) {
                abstractC2567Zab.b(list);
            }
            if (list2 != null) {
                this.h.a(list2);
            }
            if (str != null) {
                this.h.a(str);
            }
            this.h.a((AbstractC5361mcb) new C2265Wab(this));
        }
    }

    public synchronized boolean a(X509Certificate[] x509CertificateArr) {
        if (c == null) {
            a.a("FoundationPayPalCore.setup() is not done yet. mServerWhiteList is initialized there", new Object[0]);
            return false;
        }
        boolean z = false;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                if (subjectAlternativeNames != null) {
                    Iterator<List<?>> it = subjectAlternativeNames.iterator();
                    while (true) {
                        if (it.hasNext()) {
                            List<?> next = it.next();
                            if (((Integer) next.get(0)).intValue() == 2 && c.contains(next.get(1))) {
                                z = true;
                                break;
                            }
                        }
                    }
                }
            } catch (CertificateParsingException e) {
                a.a("*** chainContainsWhitelistedServer failed = " + e.getMessage(), new Object[0]);
                return false;
            }
        }
        return z;
    }

    public final byte[] a(X509Certificate x509Certificate) {
        try {
            return MessageDigest.getInstance("SHA256").digest(x509Certificate.getPublicKey().getEncoded());
        } catch (NoSuchAlgorithmException e) {
            C1067Kbb c1067Kbb = a;
            StringBuilder a2 = C0932Is.a("getPinFromCertificate failed : ");
            a2.append(e.getMessage());
            c1067Kbb.b(a2.toString(), new Object[0]);
            return null;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        throw new CertificateException("Client certificates not supported!");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        boolean z;
        DesignByContract.c(!this.d.isEmpty(), "Empty pins. PinningTrustManager.initialize must be called prior to calling checkServerTrusted()", new Object[0]);
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate chain is empty");
        }
        if (this.e.contains(x509CertificateArr[0])) {
            return;
        }
        C1067Kbb c1067Kbb = a;
        StringBuilder a2 = C0932Is.a("*** chain[0] = ");
        a2.append(x509CertificateArr[0].getSubjectDN().getName());
        c1067Kbb.a(a2.toString(), new Object[0]);
        for (TrustManager trustManager : this.f) {
            ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
        }
        if (a(x509CertificateArr)) {
            a.a("*** after chainLoggingServer check. Found logging server. Complete.", new Object[0]);
            this.e.add(x509CertificateArr[0]);
            return;
        }
        try {
            x509CertificateArr = C0963Jab.a(x509CertificateArr, this.g);
        } catch (CertificateException unused) {
            a.a("*** after CertificateChainCleaner.getCleanChain check. Chain not clean. Logging.", new Object[0]);
            ArrayList arrayList = new ArrayList();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                arrayList.add(Base64.encodeToString(x509Certificate.getEncoded(), 0));
            }
            a(null, arrayList, "FAILED CERT CHAIN CLEANSING");
        }
        a.a("*** after CertificateChainCleaner.getCleanChain. Will validate cert pinning.", new Object[0]);
        List<String> arrayList2 = new ArrayList<>();
        List<String> arrayList3 = new ArrayList<>();
        for (X509Certificate x509Certificate2 : x509CertificateArr) {
            Iterator<byte[]> it = this.d.iterator();
            while (true) {
                if (!it.hasNext()) {
                    z = false;
                    break;
                }
                byte[] next = it.next();
                byte[] a3 = a(x509Certificate2);
                if (Arrays.equals(next, a3)) {
                    a.a("*** isValidPin- found cert pinned!", a3);
                    z = true;
                    break;
                }
            }
            if (z) {
                a.a("*** after isValidPin check. Will cache chain cert.", new Object[0]);
                this.e.add(x509Certificate2);
                return;
            } else {
                arrayList2.add(Base64.encodeToString(a(x509Certificate2), 0));
                arrayList3.add(Base64.encodeToString(x509Certificate2.getEncoded(), 0));
            }
        }
        a.a("*** isValidPin- failed cert pinning. Will log!", new Object[0]);
        a(arrayList2, arrayList3, "FAILED CERT PINNING");
        throw new CertificateException("FAILED CERT PINNING");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
