package com.datatheorem.android.trustkit.pinning;

import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import androidx.annotation.j0;
import androidx.annotation.p0;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: PinningTrustManager.java */
@p0(api = 17)
/* loaded from: classes.dex */
public class i implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    private final X509TrustManagerExtensions f16042a;

    /* renamed from: b, reason: collision with root package name */
    private final String f16043b;

    /* renamed from: c, reason: collision with root package name */
    private final com.datatheorem.android.trustkit.config.b f16044c;

    public i(@j0 String str, @j0 com.datatheorem.android.trustkit.config.b bVar, @j0 X509TrustManager x509TrustManager) {
        this.f16043b = str;
        this.f16044c = bVar;
        if (Build.VERSION.SDK_INT < 17) {
            this.f16042a = null;
        } else {
            this.f16042a = new X509TrustManagerExtensions(x509TrustManager);
        }
    }

    private static boolean a(List<X509Certificate> list, Set<com.datatheorem.android.trustkit.config.d> set) {
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            if (set.contains(new com.datatheorem.android.trustkit.config.d(it.next()))) {
                return true;
            }
        }
        return false;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("Client certificates not supported!");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        List<X509Certificate> list;
        boolean z6;
        boolean z7;
        List<X509Certificate> asList = Arrays.asList(x509CertificateArr);
        boolean z8 = !c.f16034a.c(this.f16043b, x509CertificateArr[0]);
        try {
            list = this.f16042a.checkServerTrusted(x509CertificateArr, str, this.f16043b);
            z6 = z8;
        } catch (CertificateException e7) {
            if (Build.VERSION.SDK_INT < 24 || !e7.getMessage().startsWith("Pin verification failed")) {
                list = asList;
                z6 = true;
            } else {
                z6 = z8;
                list = asList;
                z7 = true;
            }
        }
        z7 = false;
        if (Build.VERSION.SDK_INT < 24 && !z6) {
            if (!(this.f16044c.a() != null && this.f16044c.a().compareTo(new Date()) < 0)) {
                z7 = !a(list, this.f16044c.c());
            }
        }
        boolean z9 = z7;
        if (z6 || z9) {
            j jVar = j.FAILED;
            if (z6) {
                jVar = j.FAILED_CERTIFICATE_CHAIN_NOT_TRUSTED;
            }
            l.a().c(this.f16043b, 0, asList, list, this.f16044c, jVar);
        }
        if (z6) {
            throw new CertificateException("Certificate validation failed for " + this.f16043b);
        }
        if (z9 && this.f16044c.e()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Pin verification failed");
            sb.append("\n  Configured pins: ");
            Iterator<com.datatheorem.android.trustkit.config.d> it = this.f16044c.c().iterator();
            while (it.hasNext()) {
                sb.append(it.next());
                sb.append(" ");
            }
            sb.append("\n  Peer certificate chain: ");
            for (X509Certificate x509Certificate : list) {
                sb.append("\n    ");
                sb.append(new com.datatheorem.android.trustkit.config.d(x509Certificate));
                sb.append(" - ");
                sb.append(x509Certificate.getSubjectDN());
            }
            throw new CertificateException(sb.toString());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
