package com.artech.common;

import android.net.http.X509TrustManagerExtensions;
import android.util.Base64;
import com.artech.R;
import com.artech.application.MyApplication;
import com.artech.base.services.Services;
import com.artech.utils.FileUtils2;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.scheme.SocketFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;

/* loaded from: classes.dex */
public class PinningHostnameVerifier implements X509HostnameVerifier {
    private final X509HostnameVerifier delegate;

    public PinningHostnameVerifier(X509HostnameVerifier x509HostnameVerifier) {
        this.delegate = x509HostnameVerifier;
    }

    public static String[] getPinSet() {
        return MyApplication.getAppContext().getResources().getStringArray(R.array.serverPinSet);
    }

    private X509TrustManagerExtensions getTrustManager() throws SSLException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            X509TrustManager x509TrustManager = null;
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int length = trustManagers.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                TrustManager trustManager = trustManagers[i];
                if (trustManager instanceof X509TrustManager) {
                    x509TrustManager = (X509TrustManager) trustManager;
                    break;
                }
                i++;
            }
            return new X509TrustManagerExtensions(x509TrustManager);
        } catch (KeyStoreException e) {
            throw new SSLException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SSLException(e2);
        }
    }

    public static void registerVerifier(DefaultHttpClient defaultHttpClient) {
        SocketFactory socketFactory = defaultHttpClient.getConnectionManager().getSchemeRegistry().getScheme(FileUtils2.SCHEME_HTTPS).getSocketFactory();
        if (socketFactory instanceof SSLSocketFactory) {
            SSLSocketFactory sSLSocketFactory = (SSLSocketFactory) socketFactory;
            sSLSocketFactory.setHostnameVerifier(new PinningHostnameVerifier(sSLSocketFactory.getHostnameVerifier()));
        } else if (socketFactory instanceof TlsSniSocketFactory) {
            ((TlsSniSocketFactory) socketFactory).setHostnameVerifier(new PinningHostnameVerifier(new StrictHostnameVerifier()));
        }
    }

    private List<X509Certificate> trustedChain(X509TrustManagerExtensions x509TrustManagerExtensions, Certificate[] certificateArr, String str) throws SSLException {
        try {
            return x509TrustManagerExtensions.checkServerTrusted((X509Certificate[]) Arrays.copyOf(certificateArr, certificateArr.length, X509Certificate[].class), "RSA", str);
        } catch (CertificateException e) {
            throw new SSLException(e);
        }
    }

    private void validatePinning(Certificate[] certificateArr, String str, Set<String> set) throws SSLException {
        X509TrustManagerExtensions trustManager = getTrustManager();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            String str2 = "";
            for (X509Certificate x509Certificate : trustedChain(trustManager, certificateArr, str)) {
                byte[] encoded = x509Certificate.getPublicKey().getEncoded();
                messageDigest.update(encoded, 0, encoded.length);
                String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
                str2 = str2 + "    sha256/" + encodeToString + " : " + x509Certificate.getSubjectDN().toString() + "\n";
                if (set.contains(encodeToString)) {
                    return;
                }
            }
            Services.Log.debug("Certificate pinning failure, Peer certificate chain:\n" + str2);
            throw new SSLPeerUnverifiedException("Certificate pinning failure");
        } catch (NoSuchAlgorithmException e) {
            throw new SSLException(e);
        }
    }

    @Override // org.apache.http.conn.ssl.X509HostnameVerifier
    public void verify(String str, X509Certificate x509Certificate) throws SSLException {
        this.delegate.verify(str, x509Certificate);
    }

    @Override // org.apache.http.conn.ssl.X509HostnameVerifier
    public void verify(String str, SSLSocket sSLSocket) throws IOException {
        this.delegate.verify(str, sSLSocket);
        try {
            if (verify(str, sSLSocket.getSession())) {
            } else {
                throw new SSLPeerUnverifiedException("Certificate pinning failure");
            }
        } catch (RuntimeException e) {
            throw new IOException(e);
        }
    }

    @Override // org.apache.http.conn.ssl.X509HostnameVerifier
    public void verify(String str, String[] strArr, String[] strArr2) throws SSLException {
        this.delegate.verify(str, strArr, strArr2);
    }

    @Override // org.apache.http.conn.ssl.X509HostnameVerifier, javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        if (!this.delegate.verify(str, sSLSession)) {
            return false;
        }
        try {
            HashSet hashSet = new HashSet();
            for (String str2 : getPinSet()) {
                hashSet.add(str2);
            }
            validatePinning(sSLSession.getPeerCertificates(), str, hashSet);
            return true;
        } catch (SSLException e) {
            throw new RuntimeException(e);
        }
    }
}
