package de.idnow.sdk.network;

import android.net.http.X509TrustManagerExtensions;
import de.idnow.sdk.CertificateProvider;
import de.idnow.sdk.Config;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class IDNowDefaultTrustManager implements X509TrustManager {
    private final X509TrustManager systemTrustManager;
    private final X509TrustManagerExtensions systemTrustManagerExt;

    public IDNowDefaultTrustManager() {
        X509TrustManager createSystemTrustManager = createSystemTrustManager();
        this.systemTrustManager = createSystemTrustManager;
        this.systemTrustManagerExt = new X509TrustManagerExtensions(createSystemTrustManager);
    }

    private static X509TrustManager createSystemTrustManager() {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }

    private static boolean isFingerprintTrusted(byte[] bArr, byte[][] bArr2) {
        for (byte[] bArr3 : bArr2) {
            if (Arrays.equals(bArr, bArr3)) {
                return true;
            }
        }
        return false;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        this.systemTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    public List<X509Certificate> checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) {
        this.systemTrustManagerExt.checkServerTrusted(x509CertificateArr, str, str2);
        checkServerTrusted(x509CertificateArr, str);
        return Arrays.asList(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        CertificateProvider certificateProvider = Config.CERTIFICATE_PROVIDER;
        if (certificateProvider != null && !new CertificateProviderEx(certificateProvider).validateServerCertificateChain(x509CertificateArr)) {
            throw new CertificateException("Server certificate invalid");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.systemTrustManager.getAcceptedIssuers();
    }
}
