package t;

import android.os.Build;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.sandblast.core.common.http.InvalidCertificateException;
import com.sandblast.core.common.utils.NetworkUtils;
import java.math.BigInteger;
import java.net.Socket;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Set;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class g {
    /* JADX INFO: Access modifiers changed from: package-private */
    @NonNull
    public static X509TrustManager a() {
        int i2 = Build.VERSION.SDK_INT;
        StringBuilder sb = new StringBuilder();
        sb.append("Fetching public key default trust manager. [api=");
        sb.append(i2);
        sb.append("]");
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (i2 >= 24 && (trustManager instanceof X509ExtendedTrustManager)) {
                    return (X509ExtendedTrustManager) trustManager;
                }
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            throw new CertificateException("Could find public key X509 trust manager. [api=" + i2 + "]");
        } catch (Exception e2) {
            throw new CertificateException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void b(X509Certificate[] x509CertificateArr, String str, @Nullable SSLEngine sSLEngine, @Nullable Socket socket, @NonNull Set<String> set, @NonNull NetworkUtils networkUtils, @NonNull String str2) {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate array is null");
        }
        if (x509CertificateArr.length <= 0) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate is empty");
        }
        Exception exc = null;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if ((sSLEngine == null && socket == null) || Build.VERSION.SDK_INT < 24) {
                    ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                } else if (sSLEngine != null) {
                    ((X509ExtendedTrustManager) trustManager).checkServerTrusted(x509CertificateArr, str, sSLEngine);
                } else {
                    ((X509ExtendedTrustManager) trustManager).checkServerTrusted(x509CertificateArr, str, socket);
                }
            }
        } catch (Exception e2) {
            exc = e2;
        }
        b bVar = new b(x509CertificateArr);
        bVar.b(set, exc);
        a aVar = new a();
        if (bVar.d()) {
            if (bVar.c() < 0) {
                g.b.g("Certificate pinning has detected");
            } else {
                aVar.b(bVar, networkUtils);
                aVar.a();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void c(@Nullable X509Certificate[] x509CertificateArr, X509TrustManager x509TrustManager, String str, @Nullable SSLEngine sSLEngine, @Nullable Socket socket, @NonNull NetworkUtils networkUtils, @NonNull String str2) {
        StringBuilder sb = new StringBuilder();
        sb.append("Started. [sslEngine=");
        sb.append(sSLEngine);
        sb.append("] [socket=");
        sb.append(socket);
        sb.append("] [caller=");
        sb.append(str2);
        sb.append("]");
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate array is null");
        }
        if (x509CertificateArr.length <= 0) {
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate is empty");
        }
        if (sSLEngine != null || socket != null) {
            try {
                if (Build.VERSION.SDK_INT >= 24) {
                    if (sSLEngine != null) {
                        ((X509ExtendedTrustManager) x509TrustManager).checkServerTrusted(x509CertificateArr, str, sSLEngine);
                    } else {
                        ((X509ExtendedTrustManager) x509TrustManager).checkServerTrusted(x509CertificateArr, str, socket);
                    }
                }
            } catch (Exception e2) {
                if (!d(x509CertificateArr, networkUtils)) {
                    throw new InvalidCertificateException(e2, x509CertificateArr, null);
                }
                return;
            }
        }
        x509TrustManager.checkServerTrusted(x509CertificateArr, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean d(@NonNull X509Certificate[] x509CertificateArr, @NonNull NetworkUtils networkUtils) {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (networkUtils.isWifiWhiteListPublicKey(new BigInteger(1, x509Certificate.getPublicKey().getEncoded()).toString(16))) {
                g.b.g("Cert found in whitelist");
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NonNull
    public static X509TrustManager e() {
        int i2 = Build.VERSION.SDK_INT;
        StringBuilder sb = new StringBuilder();
        sb.append("Fetching while list default trust manager. [api=");
        sb.append(i2);
        sb.append("]");
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (i2 >= 24 && (trustManager instanceof X509ExtendedTrustManager)) {
                    return (X509ExtendedTrustManager) trustManager;
                }
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            throw new CertificateException("Could find white list X509 trust manager. [api=" + i2 + "]");
        } catch (Exception e2) {
            throw new CertificateException(e2);
        }
    }
}
