package com.zimperium.zips;

import android.util.Base64;
import com.zimperium.zdetection.apisecurity.PinnedCertStore;
import com.zimperium.zlog.ZLog;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
import ll.f;

/* loaded from: classes.dex */
public class ZTrustManager implements X509TrustManager {
    public X509Certificate[] certAccepted;
    public boolean isWhitelistCertFound = false;
    public boolean isServerCertValid = false;

    public boolean HasWhitelistedCert() {
        return this.isWhitelistCertFound;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        boolean isPublicKeyHashValid;
        boolean isCertValid;
        this.certAccepted = x509CertificateArr;
        ZLog.i("checkServerTrusted: DN=" + x509CertificateArr[0].getIssuerDN(), new Object[0]);
        this.isServerCertValid = true;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(f.f43311a);
            int i10 = 0;
            boolean z10 = false;
            boolean z11 = false;
            while (true) {
                X509Certificate[] x509CertificateArr2 = this.certAccepted;
                if (i10 >= x509CertificateArr2.length) {
                    break;
                }
                byte[] encoded = x509CertificateArr2[i10].getPublicKey().getEncoded();
                messageDigest.update(encoded, 0, encoded.length);
                String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
                isPublicKeyHashValid = PinnedCertStore.getInstance().isPublicKeyHashValid(encodeToString);
                isCertValid = PinnedCertStore.getInstance().isCertValid(this.certAccepted);
                this.isWhitelistCertFound = PinnedCertStore.getInstance().isCertInProxyWhitelist(encodeToString);
                ZLog.i("checkServerTrusted, pinned in public key=" + isPublicKeyHashValid + ", pinned in cert=" + isCertValid + ", whitelist=" + this.isWhitelistCertFound, new Object[0]);
                if (isPublicKeyHashValid || isCertValid) {
                    break;
                }
                i10++;
                z10 = isPublicKeyHashValid;
                z11 = isCertValid;
            }
            ZLog.i("checkServerTrusted: cert is pinned.", new Object[0]);
            z10 = isPublicKeyHashValid;
            z11 = isCertValid;
            if (z10 || z11) {
                return;
            }
            ZLog.e("This is not one of pinned cert.", new Object[0]);
            throw new CertificateException("No pinned cert found: invalid certificate exception.");
        } catch (IOException unused) {
            ZLog.e("Cannot generate key store. ", new Object[0]);
        } catch (KeyManagementException unused2) {
            ZLog.e("Cannot generate key store. ", new Object[0]);
        } catch (KeyStoreException unused3) {
            ZLog.e("Cannot generate key store. ", new Object[0]);
        } catch (NoSuchAlgorithmException unused4) {
            ZLog.e("Cannot generate hash. ", new Object[0]);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.certAccepted;
    }

    public X509Certificate[] getCertAccepted() {
        return this.certAccepted;
    }
}
