package ca.bc.gov.id.servicescard.e.f;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class a implements X509TrustManager {
    private String a;
    private Map<BigInteger, String> b;

    public a(String str, Map<BigInteger, String> map) {
        this.a = str;
        this.b = map;
    }

    private String a(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(cArr[(bArr[i] & 240) >> 4]);
            stringBuffer.append(cArr[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }

    private static void b(String str) {
        System.out.println(str);
    }

    private static void c(X509Certificate[] x509CertificateArr, String str) {
        b("chain.length:" + x509CertificateArr.length + ", authType:" + str);
        for (int i = 0; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            b(i + ": [subject=" + x509Certificate.getSubjectDN().getName() + ", issuer=" + x509Certificate.getIssuerDN().getName() + "]");
        }
    }

    private X509TrustManager d() {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    private String e(X509Certificate x509Certificate) {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(x509Certificate.getEncoded());
        return a(messageDigest.digest());
    }

    private X509TrustManager f() {
        return (X509TrustManager) Objects.requireNonNull(d());
    }

    static final X509Certificate g(String str, X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            String name = x509Certificate.getSubjectDN().getName();
            if (name != null && str.equals(name.split(",", 2)[0].substring(3))) {
                return x509Certificate;
            }
        }
        return null;
    }

    private void h(X509Certificate x509Certificate) {
        b("verifyRoot: " + x509Certificate.getIssuerDN().getName());
        X509Certificate[] acceptedIssuers = getAcceptedIssuers();
        boolean z = true;
        if (acceptedIssuers.length < 1) {
            throw new CertificateException("The system does not have any accepted issuers!");
        }
        int length = acceptedIssuers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                z = false;
                break;
            }
            X509Certificate x509Certificate2 = acceptedIssuers[i];
            if (x509Certificate2.getSubjectDN().getName().equals(x509Certificate.getIssuerDN().getName())) {
                x509Certificate.verify(x509Certificate2.getPublicKey());
                x509Certificate.checkValidity();
                if (e(x509Certificate2).equals(this.b.get(x509Certificate2.getSerialNumber()))) {
                    break;
                }
            }
            i++;
        }
        if (z) {
            return;
        }
        throw new CertificateException("Untrusted root certificate: [" + x509Certificate.getIssuerDN().getName() + "]");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        try {
            f().checkClientTrusted(x509CertificateArr, str);
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (x509CertificateArr == null) {
            throw new CertificateException("X509Certificate chain is null and shouldn't be.");
        }
        if (x509CertificateArr.length < 2) {
            throw new CertificateException(String.format(Locale.CANADA, "Expected at least %d certificates in the chain but only found %d", 2, Integer.valueOf(x509CertificateArr.length)));
        }
        c(x509CertificateArr, str);
        try {
            f().checkServerTrusted(x509CertificateArr, str);
            X509Certificate g2 = g(this.a, x509CertificateArr);
            if (g2 == null) {
                throw new CertificateException("No certificate found in the presented chain for the expected host: [" + this.a + "]");
            }
            b("serverCert is " + g2.getSubjectDN().getName());
            HashMap hashMap = new HashMap();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (!x509Certificate.equals(g2)) {
                    hashMap.put(x509Certificate.getSubjectDN().getName(), x509Certificate);
                }
            }
            while (true) {
                X509Certificate x509Certificate2 = (X509Certificate) hashMap.get(g2.getIssuerDN().getName());
                if (x509Certificate2 == null) {
                    b("highest=" + g2.getSubjectDN().getName());
                    b("root=" + g2.getIssuerDN().getName());
                    h(g2);
                    return;
                }
                g2.verify(x509Certificate2.getPublicKey());
                g2 = x509Certificate2;
            }
        } catch (GeneralSecurityException e2) {
            throw new CertificateException(e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            X509Certificate[] acceptedIssuers = f().getAcceptedIssuers();
            ArrayList arrayList = new ArrayList();
            for (X509Certificate x509Certificate : acceptedIssuers) {
                if (this.b.get(x509Certificate.getSerialNumber()) != null) {
                    b("adding trusted root [name=" + x509Certificate.getSubjectDN().getName() + "], serial=[" + x509Certificate.getSerialNumber() + "]");
                    arrayList.add(x509Certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException(e2);
        }
    }
}
