package com.handelsbanken.mobile.android.pek2.tfa.ssl;

import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
class CaCertTrustManager implements X509TrustManager {
    private final boolean isTrustedSelfSigned;
    private X509Certificate trustedCert;

    public CaCertTrustManager(X509Certificate x509Certificate) {
        this.trustedCert = x509Certificate;
        this.isTrustedSelfSigned = x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal());
    }

    private CertPath buildCertPath(X509Certificate[] x509CertificateArr) {
        ArrayList arrayList = new ArrayList();
        if (x509CertificateArr.length != 1) {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (!x509Certificate.getPublicKey().equals(this.trustedCert.getPublicKey())) {
                    arrayList.add(x509Certificate);
                }
            }
        } else {
            arrayList.add(x509CertificateArr[0]);
        }
        return CertificateFactory.getInstance("X.509").generateCertPath(arrayList);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        try {
            CertPath buildCertPath = buildCertPath(x509CertificateArr);
            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
            X509CertSelector x509CertSelector = new X509CertSelector();
            TrustAnchor trustAnchor = new TrustAnchor(this.trustedCert, null);
            HashSet hashSet = new HashSet();
            hashSet.add(trustAnchor);
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            certPathValidator.validate(buildCertPath, pKIXBuilderParameters);
        } catch (Exception e10) {
            throw new RuntimeException(e10);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
