package com.ca.mdo;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class MDOSSLPinning {
    private static MDOSSLPinning ourInstance;
    private HostnameVerifier allHostsValid;
    private SSLContext sslContext;
    private String mSSLPinningMode = "none";
    private ArrayList pinningRawData = new ArrayList();
    private ArrayList<X509Certificate> _pinningCertificates = new ArrayList<>();

    private MDOSSLPinning() throws Exception {
        this.sslContext = null;
        this.allHostsValid = null;
        if (this.sslContext == null) {
            this.sslContext = SSLContext.getInstance("TLS");
        }
        if (this.allHostsValid == null) {
            this.allHostsValid = new HostnameVerifier() { // from class: com.ca.mdo.MDOSSLPinning.1
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            };
        }
    }

    private static ArrayList<X509Certificate> createCert(ArrayList<byte[]> arrayList) {
        ArrayList<X509Certificate> arrayList2 = new ArrayList<>();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
            Iterator<byte[]> it = arrayList.iterator();
            while (it.hasNext()) {
                arrayList2.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(it.next())));
            }
            return arrayList2;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static MDOSSLPinning getInstance() throws Exception {
        if (ourInstance == null) {
            ourInstance = new MDOSSLPinning();
        }
        return ourInstance;
    }

    private TrustManager getTrustManager() {
        return new X509TrustManager() { // from class: com.ca.mdo.MDOSSLPinning.2
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                if (MDOSSLPinning.this.getmSSLPinningMode().equals("none")) {
                    return;
                }
                if (MDOSSLPinning.this.pinningRawData == null || MDOSSLPinning.this.pinningRawData.size() <= 0) {
                    throw new CertificateException("No data for pinning is found");
                }
                boolean z = true;
                if (MDOSSLPinning.this.getmSSLPinningMode().equals("certificate")) {
                    ArrayList arrayList = MDOSSLPinning.this._pinningCertificates;
                    int length = x509CertificateArr.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            z = false;
                            break;
                        } else if (arrayList.contains(x509CertificateArr[i])) {
                            break;
                        } else {
                            i++;
                        }
                    }
                    if (!z) {
                        throw new CertificateException("Server certificate chain did not contain the pinned certificate");
                    }
                    return;
                }
                if (MDOSSLPinning.this.getmSSLPinningMode().equals("pk")) {
                    int length2 = x509CertificateArr.length;
                    int i2 = 0;
                    while (true) {
                        if (i2 >= length2) {
                            z = false;
                            break;
                        }
                        if (MDOSSLPinning.this.isPKPinned(x509CertificateArr[i2].getPublicKey().toString().getBytes())) {
                            break;
                        } else {
                            i2++;
                        }
                    }
                    if (!z) {
                        throw new CertificateException("Server certificate chain did not contain the pinned public key");
                    }
                    return;
                }
                if (!MDOSSLPinning.this.getmSSLPinningMode().equals("hash")) {
                    if (!MDOSSLPinning.this.getmSSLPinningMode().equals("sha1signature")) {
                        throw new CertificateException("No proper Mode is set");
                    }
                    ArrayList arrayList2 = MDOSSLPinning.this.pinningRawData;
                    int length3 = x509CertificateArr.length;
                    int i3 = 0;
                    while (true) {
                        if (i3 >= length3) {
                            z = false;
                            break;
                        } else if (arrayList2.contains(x509CertificateArr[i3].getSignature())) {
                            break;
                        } else {
                            i3++;
                        }
                    }
                    if (!z) {
                        throw new CertificateException("Server certificate chain did not contain matching signature");
                    }
                    return;
                }
                ArrayList arrayList3 = new ArrayList();
                Iterator it = MDOSSLPinning.this.pinningRawData.iterator();
                while (it.hasNext()) {
                    arrayList3.add(new String((byte[]) it.next()));
                }
                int length4 = x509CertificateArr.length;
                int i4 = 0;
                while (true) {
                    if (i4 >= length4) {
                        z = false;
                        break;
                    } else if (arrayList3.contains(MDOPublicKeyHash.toHash(x509CertificateArr[i4].getPublicKey()))) {
                        break;
                    } else {
                        i4++;
                    }
                }
                if (!z) {
                    throw new CertificateException("Server certificate chain did not contain the pinned public key HASH");
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isPKPinned(byte[] bArr) {
        try {
            ArrayList arrayList = this.pinningRawData;
            if (bArr != null) {
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    if (Arrays.equals((byte[]) it.next(), bArr)) {
                        return true;
                    }
                }
            }
            return false;
        } catch (Exception e) {
            CALog.w("Exception in isPKPinned " + e);
            return false;
        }
    }

    private void setPinningData(ArrayList<byte[]> arrayList) {
        this.pinningRawData.clear();
        if (arrayList != null) {
            this.pinningRawData = arrayList;
            if (getmSSLPinningMode().equals("certificate")) {
                this._pinningCertificates = createCert(arrayList);
            }
        }
    }

    public void enableSSLMode() throws Exception {
        this.sslContext.init(null, new TrustManager[]{getTrustManager()}, null);
        SDK.isSslMode = true;
    }

    public HostnameVerifier getMDOHostNameVerifiers() {
        return this.allHostsValid;
    }

    public SSLSocketFactory getMDOSSLFactory() {
        return this.sslContext.getSocketFactory();
    }

    public String getmSSLPinningMode() {
        return this.mSSLPinningMode;
    }

    public void setSSLPinning(String str, ArrayList<byte[]> arrayList) {
        this.mSSLPinningMode = str;
        setPinningData(arrayList);
    }
}
