package com.microstrategy.android.network;

import android.annotation.TargetApi;
import android.content.res.AssetManager;
import android.net.http.X509TrustManagerExtensions;
import android.util.Log;
import com.microstrategy.android.MstrApplication;
import com.microstrategy.android.ui.Utils;
import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class PinningTrustManager implements X509TrustManager {
    private static final String PINS_FOLDER = "pins";
    private static final String TAG = "PinningTrustManager";
    private static final Pattern cnPattern = Pattern.compile("(?i)(cn=)([^,]*)");
    private X509TrustManager defaultTrustManager;
    private Map<String, List<byte[]>> hostPins = new HashMap();
    private X509TrustManagerExtensions x509TrustManagerExtensions;

    @TargetApi(17)
    public PinningTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int i = 0;
            while (true) {
                if (i >= trustManagers.length) {
                    break;
                }
                if (trustManagers[i] instanceof X509TrustManager) {
                    this.defaultTrustManager = (X509TrustManager) trustManagers[i];
                    if (Utils.hasJellyBeanMR1()) {
                        this.x509TrustManagerExtensions = new X509TrustManagerExtensions(this.defaultTrustManager);
                    }
                } else {
                    i++;
                }
            }
            readPinsFromAsset();
        } catch (KeyStoreException e) {
            Log.e(TAG, e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            Log.e(TAG, e2.getMessage(), e2);
        }
    }

    private void checkPinTrust(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (this.hostPins.size() == 0) {
            return;
        }
        List<byte[]> pins = getPins(x509CertificateArr);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (hasValidPin(x509Certificate, pins)) {
                return;
            }
        }
        throw new CertificateException("No valid pins found in chain!");
    }

    private List<byte[]> getPins(X509Certificate[] x509CertificateArr) {
        String subjectCommonName = getSubjectCommonName(x509CertificateArr[0]);
        if (subjectCommonName == null) {
            return null;
        }
        return this.hostPins.get(subjectCommonName);
    }

    private String getSubjectCommonName(X509Certificate x509Certificate) {
        Matcher matcher = cnPattern.matcher(x509Certificate.getSubjectDN().getName());
        if (matcher.find()) {
            return matcher.group(2);
        }
        return null;
    }

    private byte[] getSubjectPublicKeyInfoHash(Certificate certificate) throws CertificateException {
        try {
            return MessageDigest.getInstance("SHA1").digest(certificate.getPublicKey().getEncoded());
        } catch (NoSuchAlgorithmException e) {
            throw new CertificateException(e);
        }
    }

    private boolean hasValidPin(X509Certificate x509Certificate, List<byte[]> list) throws CertificateException {
        if (list == null || list.size() == 0) {
            return false;
        }
        byte[] subjectPublicKeyInfoHash = getSubjectPublicKeyInfoHash(x509Certificate);
        Iterator<byte[]> it = list.iterator();
        while (it.hasNext()) {
            if (Arrays.equals(it.next(), subjectPublicKeyInfoHash)) {
                return true;
            }
        }
        return false;
    }

    private void readPinsFromAsset() {
        AssetManager assets = MstrApplication.getInstance().getAssets();
        String[] strArr = null;
        try {
            strArr = assets.list(PINS_FOLDER);
        } catch (IOException e) {
        }
        if (strArr == null || strArr.length == 0) {
            return;
        }
        for (String str : strArr) {
            String str2 = PINS_FOLDER + File.separator + str;
            String[] strArr2 = null;
            try {
                strArr2 = assets.list(str2);
            } catch (IOException e2) {
            }
            if (strArr2 == null || strArr2.length == 0) {
                return;
            }
            for (String str3 : strArr2) {
                byte[] bArr = null;
                try {
                    bArr = getSubjectPublicKeyInfoHash(CertificateFactory.getInstance("X.509").generateCertificate(assets.open(str2 + File.separator + str3)));
                } catch (IOException e3) {
                } catch (CertificateException e4) {
                    Log.e(TAG, e4.toString());
                }
                if (bArr != null) {
                    List<byte[]> list = this.hostPins.get(str);
                    if (list == null) {
                        ArrayList arrayList = new ArrayList();
                        arrayList.add(bArr);
                        this.hostPins.put(str, arrayList);
                    } else {
                        list.add(bArr);
                    }
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.defaultTrustManager != null) {
            this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    @TargetApi(17)
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.x509TrustManagerExtensions != null) {
            List<X509Certificate> checkServerTrusted = this.x509TrustManagerExtensions.checkServerTrusted(x509CertificateArr, str, null);
            checkPinTrust((X509Certificate[]) checkServerTrusted.toArray(new X509Certificate[checkServerTrusted.size()]));
        } else if (this.defaultTrustManager != null) {
            this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            checkPinTrust(x509CertificateArr);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        if (this.defaultTrustManager != null) {
            return this.defaultTrustManager.getAcceptedIssuers();
        }
        return null;
    }
}
