package io.fabric.sdk.android.services.network;

import android.support.v8.renderscript.ScriptIntrinsicBLAS;
import com.google.android.gms.common.util.AndroidUtilsLight;
import com.vis.meinvodafone.utils.constants.ErrorConstants;
import com.vis.meinvodafone.utils.constants.NetworkConstants;
import com.vodafone.lib.seclibng.ExceptionHandler;
import io.fabric.sdk.android.Fabric;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.reflect.Factory;

/* loaded from: classes3.dex */
class PinningTrustManager implements X509TrustManager {
    private static final X509Certificate[] NO_ISSUERS;
    private static final long PIN_FRESHNESS_DURATION_MILLIS = 15552000000L;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_0;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_1;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_2;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_3;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_4;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_5;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_6;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_7;
    private final long pinCreationTimeMillis;
    private final SystemKeyStore systemKeyStore;
    private final TrustManager[] systemTrustManagers;
    private final List<byte[]> pins = new LinkedList();
    private final Set<X509Certificate> cache = Collections.synchronizedSet(new HashSet());

    static {
        ajc$preClinit();
        NO_ISSUERS = new X509Certificate[0];
    }

    public PinningTrustManager(SystemKeyStore systemKeyStore, PinningInfoProvider pinningInfoProvider) {
        this.systemTrustManagers = initializeSystemTrustManagers(systemKeyStore);
        this.systemKeyStore = systemKeyStore;
        this.pinCreationTimeMillis = pinningInfoProvider.getPinCreationTimeInMillis();
        for (String str : pinningInfoProvider.getPins()) {
            this.pins.add(hexStringToByteArray(str));
        }
    }

    private static /* synthetic */ void ajc$preClinit() {
        Factory factory = new Factory("PinningTrustManager.java", PinningTrustManager.class);
        ajc$tjp_0 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "initializeSystemTrustManagers", "io.fabric.sdk.android.services.network.PinningTrustManager", "io.fabric.sdk.android.services.network.SystemKeyStore", "keyStore", "", "[Ljavax.net.ssl.TrustManager;"), 103);
        ajc$tjp_1 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "isValidPin", "io.fabric.sdk.android.services.network.PinningTrustManager", "java.security.cert.X509Certificate", "certificate", "java.security.cert.CertificateException", "boolean"), 116);
        ajc$tjp_2 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "checkSystemTrust", "io.fabric.sdk.android.services.network.PinningTrustManager", "[Ljava.security.cert.X509Certificate;:java.lang.String", "chain:authType", "java.security.cert.CertificateException", NetworkConstants.MVF_VOID_KEY), ErrorConstants.MVF_TYPE_RED_PLUS_TASK);
        ajc$tjp_3 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "checkPinTrust", "io.fabric.sdk.android.services.network.PinningTrustManager", "[Ljava.security.cert.X509Certificate;", "chain", "java.security.cert.CertificateException", NetworkConstants.MVF_VOID_KEY), ScriptIntrinsicBLAS.RIGHT);
        ajc$tjp_4 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "checkClientTrusted", "io.fabric.sdk.android.services.network.PinningTrustManager", "[Ljava.security.cert.X509Certificate;:java.lang.String", "chain:authType", "java.security.cert.CertificateException", NetworkConstants.MVF_VOID_KEY), 166);
        ajc$tjp_5 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "checkServerTrusted", "io.fabric.sdk.android.services.network.PinningTrustManager", "[Ljava.security.cert.X509Certificate;:java.lang.String", "chain:authType", "java.security.cert.CertificateException", NetworkConstants.MVF_VOID_KEY), 171);
        ajc$tjp_6 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "getAcceptedIssuers", "io.fabric.sdk.android.services.network.PinningTrustManager", "", "", "", "[Ljava.security.cert.X509Certificate;"), 184);
        ajc$tjp_7 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "hexStringToByteArray", "io.fabric.sdk.android.services.network.PinningTrustManager", "java.lang.String", NetworkConstants.VF_KEY_SHOPFINDER_STREET, "", "[B"), 188);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void checkPinTrust(X509Certificate[] x509CertificateArr) throws CertificateException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_3, (Object) this, (Object) this, (Object) x509CertificateArr);
        try {
            if (this.pinCreationTimeMillis == -1 || System.currentTimeMillis() - this.pinCreationTimeMillis <= PIN_FRESHNESS_DURATION_MILLIS) {
                for (X509Certificate x509Certificate : CertificateChainCleaner.getCleanChain(x509CertificateArr, this.systemKeyStore)) {
                    if (isValidPin(x509Certificate)) {
                        return;
                    }
                }
                throw new CertificateException("No valid pins found in chain!");
            }
            Fabric.getLogger().w(Fabric.TAG, "Certificate pins are stale, (" + (System.currentTimeMillis() - this.pinCreationTimeMillis) + " millis vs " + PIN_FRESHNESS_DURATION_MILLIS + " millis) falling back to system trust.");
        } catch (Throwable th) {
            ExceptionHandler.aspectOf().ExceptionLogging(makeJP, th);
            throw th;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void checkSystemTrust(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, x509CertificateArr, str);
        try {
            for (TrustManager trustManager : this.systemTrustManagers) {
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
            }
        } catch (Throwable th) {
            ExceptionHandler.aspectOf().ExceptionLogging(makeJP, th);
            throw th;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private byte[] hexStringToByteArray(String str) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_7, this, this, str);
        try {
            int length = str.length();
            byte[] bArr = new byte[length / 2];
            for (int i = 0; i < length; i += 2) {
                bArr[i / 2] = (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
            }
            return bArr;
        } catch (Throwable th) {
            ExceptionHandler.aspectOf().ExceptionLogging(makeJP, th);
            throw th;
        }
    }

    private TrustManager[] initializeSystemTrustManagers(SystemKeyStore systemKeyStore) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, systemKeyStore);
        try {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                trustManagerFactory.init(systemKeyStore.trustStore);
                return trustManagerFactory.getTrustManagers();
            } catch (KeyStoreException e) {
                throw new AssertionError(e);
            } catch (NoSuchAlgorithmException e2) {
                throw new AssertionError(e2);
            }
        } catch (Throwable th) {
            ExceptionHandler.aspectOf().ExceptionLogging(makeJP, th);
            throw th;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private boolean isValidPin(X509Certificate x509Certificate) throws CertificateException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, x509Certificate);
        try {
            try {
                byte[] digest = MessageDigest.getInstance(AndroidUtilsLight.DIGEST_ALGORITHM_SHA1).digest(x509Certificate.getPublicKey().getEncoded());
                Iterator<byte[]> it = this.pins.iterator();
                while (it.hasNext()) {
                    if (Arrays.equals(it.next(), digest)) {
                        return true;
                    }
                }
                return false;
            } catch (NoSuchAlgorithmException e) {
                throw new CertificateException(e);
            }
        } catch (Throwable th) {
            ExceptionHandler.aspectOf().ExceptionLogging(makeJP, th);
            throw th;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_4, this, this, x509CertificateArr, str);
        try {
            throw new CertificateException("Client certificates not supported!");
        } catch (Throwable th) {
            ExceptionHandler.aspectOf().ExceptionLogging(makeJP, th);
            throw th;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_5, this, this, x509CertificateArr, str);
        try {
            if (this.cache.contains(x509CertificateArr[0])) {
                return;
            }
            checkSystemTrust(x509CertificateArr, str);
            checkPinTrust(x509CertificateArr);
            this.cache.add(x509CertificateArr[0]);
        } catch (Throwable th) {
            ExceptionHandler.aspectOf().ExceptionLogging(makeJP, th);
            throw th;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_6, this, this);
        try {
            return NO_ISSUERS;
        } catch (Throwable th) {
            ExceptionHandler.aspectOf().ExceptionLogging(makeJP, th);
            throw th;
        }
    }
}
