package com.zimperium.zips;

import android.util.Base64;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class ZTrustManager implements X509TrustManager {
    private X509Certificate[] certAccepted;
    private boolean isWhitelistCertFound = false;

    public boolean HasWhitelistedCert() {
        return this.isWhitelistCertFound;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        boolean z;
        this.certAccepted = x509CertificateArr;
        com.zimperium.e.d.c.c("checkServerTrusted: DN=" + x509CertificateArr[0].getIssuerDN(), new Object[0]);
        TrustManager[] trustManagerArr = new TrustManager[0];
        try {
            trustManagerArr = com.zimperium.e.b.a.b().c();
        } catch (Exception e) {
            com.zimperium.e.d.c.b("checkServerTrusted: " + e.getMessage(), new Object[0]);
        }
        try {
            z = com.zimperium.e.b.a.b().d();
        } catch (Exception e2) {
            com.zimperium.e.d.c.b("checkServerTrusted: exception=" + e2, new Object[0]);
            z = false;
        }
        try {
            for (TrustManager trustManager : trustManagerArr) {
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
            }
        } catch (CertificateException e3) {
            if (!z) {
                throw e3;
            }
            com.zimperium.e.d.c.b("checkServerTrusted: has whitelisted cert.", new Object[0]);
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            int i = 0;
            boolean z2 = false;
            boolean z3 = false;
            while (i < this.certAccepted.length) {
                byte[] encoded = this.certAccepted[i].getPublicKey().getEncoded();
                messageDigest.update(encoded, 0, encoded.length);
                String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
                boolean d = com.zimperium.e.b.a.b().d(encodeToString);
                boolean a2 = com.zimperium.e.b.a.b().a(this.certAccepted);
                this.isWhitelistCertFound = com.zimperium.e.b.a.b().b(encodeToString);
                com.zimperium.e.d.c.c("checkServerTrusted, pinned in public key=" + d + ", pinned in cert=" + a2 + ", whitelist=" + this.isWhitelistCertFound, new Object[0]);
                if (!d && !a2) {
                    i++;
                    z2 = d;
                    z3 = a2;
                }
                com.zimperium.e.d.c.c("checkServerTrusted: cert is pinned.", new Object[0]);
                z2 = d;
                z3 = a2;
            }
            if (!z2 && !z3) {
                com.zimperium.e.d.c.b("This is not one of pinned cert.", new Object[0]);
                throw new CertificateException("No pinned cert found: invalid certificate exception.");
            }
        } catch (IOException | KeyManagementException | KeyStoreException unused) {
            com.zimperium.e.d.c.b("Cannot generate key store. ", new Object[0]);
        } catch (NoSuchAlgorithmException unused2) {
            com.zimperium.e.d.c.b("Cannot generate hash. ", new Object[0]);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.certAccepted;
    }

    public X509Certificate[] getCertAccepted() {
        return this.certAccepted;
    }
}
