package com.vkey.android.secure.net.trustmanager;

import android.content.Context;
import com.vkey.android.internal.vguard.util.Config;
import com.vkey.android.internal.vguard.util.DevLog;
import com.vkey.android.internal.vguard.util.Log;
import com.vkey.android.internal.vguard.util.Utility;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import vkey.android.vos.VosWrapper;

/* loaded from: classes.dex */
public class StrictTrustManager implements X509TrustManager {
    static final String SSL_PINING_MESSAGE_DISABLED = "SSL Pinning disabled";
    static final String SSL_PINING_MESSAGE_ENABLED = "SSL Pinning enabled";
    private static final String TAG = "com.vkey.android.secure.net.trustmanager.StrictTrustManager";
    private static boolean allowsArbitraryNetworking = false;
    private String mHost;
    private Map<String, List<String>> mSslLookup;
    private X509TrustManager mTrustManager;

    public StrictTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length > 0) {
                this.mTrustManager = (X509TrustManager) trustManagers[0];
            }
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            Log.d(TAG, "StrictTrustManager, " + e.getMessage());
        }
        this.mSslLookup = Config.globalSSLLookup;
    }

    public StrictTrustManager(String str) {
        this();
        this.mHost = str;
    }

    private void checkSSLCert(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (this.mSslLookup == null) {
            Log.e(TAG, "Lookup is null");
            return;
        }
        String lowerCase = this.mHost.toLowerCase(Locale.ENGLISH);
        this.mHost = lowerCase;
        if (!this.mSslLookup.containsKey(lowerCase)) {
            Log.i(TAG, this.mHost + " not in lookup list");
            return;
        }
        List<String> list = this.mSslLookup.get(this.mHost);
        boolean z = false;
        if (list != null && !list.isEmpty()) {
            int length = x509CertificateArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String sha256Ssl = getSha256Ssl(x509CertificateArr[i].getEncoded());
                Log.d(TAG, "Checking SSL SHA256 fingerprint (" + sha256Ssl + ") for " + this.mHost);
                if (list.contains(sha256Ssl)) {
                    z = true;
                    Log.d(TAG, sha256Ssl + " found");
                    break;
                }
                i++;
            }
        }
        if (z) {
            Log.i(TAG, "Certificate Match");
            return;
        }
        Log.e(TAG, "Certificate Not Match");
        DevLog.e("VGuard", this.mHost + " SSL mismatch!");
        StrictTrustManagerProvider.showAlert(new CertificateException("Certificate not match exception"));
    }

    private String getSha256Ssl(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.reset();
            return new String(Utility.encodeHex(messageDigest.digest(bArr)));
        } catch (Exception e) {
            Log.e(TAG, TAG, e);
            return null;
        }
    }

    public static void setAllowsArbitraryNetworking(final boolean z) {
        Context context = Config.appCtx;
        if (context != null) {
            VosWrapper.getInstance(context).execute(new Runnable() { // from class: com.vkey.android.secure.net.trustmanager.StrictTrustManager.1
                @Override // java.lang.Runnable
                public void run() {
                    boolean unused = StrictTrustManager.allowsArbitraryNetworking = z;
                }
            });
        } else {
            Log.e(TAG, "setAllowsArbitraryNetworking failed because of context null");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.mTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate array is null");
        }
        if (x509CertificateArr.length <= 0) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate is empty");
        }
        DevLog.i("vg", "shoudlBlockNetwork " + Config.shoudlBlockNetwork);
        DevLog.i("vg", "mHost " + this.mHost);
        if (Config.shoudlBlockNetwork) {
            throw new CertificateException("V-Guard has detected threat, blocking network");
        }
        X509TrustManager x509TrustManager = this.mTrustManager;
        if (x509TrustManager != null) {
            try {
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                StrictTrustManagerProvider.showAlert(e);
            }
        }
        if (allowsArbitraryNetworking) {
            Log.i(TAG, SSL_PINING_MESSAGE_DISABLED);
        } else {
            Log.i(TAG, SSL_PINING_MESSAGE_ENABLED);
            checkSSLCert(x509CertificateArr);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[1];
    }
}
