package ctrip.android.network.sslpinning.pinning;

import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import android.text.TextUtils;
import androidx.annotation.NonNull;
import androidx.annotation.RequiresApi;
import com.meituan.robust.ChangeQuickRedirect;
import com.meituan.robust.PatchProxy;
import com.meituan.robust.PatchProxyResult;
import com.tencent.matrix.trace.config.SharePluginInfo;
import com.tencent.matrix.trace.core.AppMethodBeat;
import ctrip.android.imkit.viewmodel.ChatQADecorate;
import ctrip.foundation.util.StringUtil;
import ctrip.foundation.util.UBTLogUtil;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.X509TrustManager;

@RequiresApi(api = 17)
/* loaded from: classes5.dex */
public class PinningTrustManager implements X509TrustManager {
    public static ChangeQuickRedirect changeQuickRedirect;

    /* renamed from: a, reason: collision with root package name */
    private final X509TrustManagerExtensions f14793a;
    private final String b;
    private f c;

    /* loaded from: classes5.dex */
    public enum PinningValidationResult {
        SUCCESS,
        FAILED,
        FAILED_CERTIFICATE_CHAIN_NOT_TRUSTED,
        ERROR_INVALID_PARAMETERS,
        FAILED_USER_DEFINED_TRUST_ANCHOR,
        ERROR_COULD_NOT_GENERATE_SPKI_HASH;

        public static ChangeQuickRedirect changeQuickRedirect;

        static {
            AppMethodBeat.i(80584);
            AppMethodBeat.o(80584);
        }

        public static PinningValidationResult valueOf(String str) {
            PatchProxyResult proxy = PatchProxy.proxy(new Object[]{str}, null, changeQuickRedirect, true, 59954, new Class[]{String.class}, PinningValidationResult.class);
            if (proxy.isSupported) {
                return (PinningValidationResult) proxy.result;
            }
            AppMethodBeat.i(80564);
            PinningValidationResult pinningValidationResult = (PinningValidationResult) Enum.valueOf(PinningValidationResult.class, str);
            AppMethodBeat.o(80564);
            return pinningValidationResult;
        }

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static PinningValidationResult[] valuesCustom() {
            PatchProxyResult proxy = PatchProxy.proxy(new Object[0], null, changeQuickRedirect, true, 59953, new Class[0], PinningValidationResult[].class);
            if (proxy.isSupported) {
                return (PinningValidationResult[]) proxy.result;
            }
            AppMethodBeat.i(80556);
            PinningValidationResult[] pinningValidationResultArr = (PinningValidationResult[]) values().clone();
            AppMethodBeat.o(80556);
            return pinningValidationResultArr;
        }
    }

    public PinningTrustManager(@NonNull String str, @NonNull X509TrustManager x509TrustManager, @NonNull f fVar) {
        AppMethodBeat.i(80610);
        this.b = str;
        this.c = fVar;
        this.f14793a = new X509TrustManagerExtensions(x509TrustManager);
        AppMethodBeat.o(80610);
    }

    private static boolean a(List<X509Certificate> list, Set<ctrip.android.network.sslpinning.configuration.a> set) {
        boolean z = false;
        PatchProxyResult proxy = PatchProxy.proxy(new Object[]{list, set}, null, changeQuickRedirect, true, 59951, new Class[]{List.class, Set.class}, Boolean.TYPE);
        if (proxy.isSupported) {
            return ((Boolean) proxy.result).booleanValue();
        }
        AppMethodBeat.i(80657);
        Iterator<X509Certificate> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (set.contains(new ctrip.android.network.sslpinning.configuration.a(it.next()))) {
                z = true;
                break;
            }
        }
        AppMethodBeat.o(80657);
        return z;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (PatchProxy.proxy(new Object[]{x509CertificateArr, str}, this, changeQuickRedirect, false, 59952, new Class[]{X509Certificate[].class, String.class}, Void.TYPE).isSupported) {
            return;
        }
        AppMethodBeat.i(80667);
        CertificateException certificateException = new CertificateException("Client certificates not supported!");
        AppMethodBeat.o(80667);
        throw certificateException;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        String message;
        List<X509Certificate> list;
        boolean z = false;
        if (PatchProxy.proxy(new Object[]{x509CertificateArr, str}, this, changeQuickRedirect, false, 59950, new Class[]{X509Certificate[].class, String.class}, Void.TYPE).isSupported) {
            return;
        }
        AppMethodBeat.i(80648);
        if (!c.l(this.b)) {
            AppMethodBeat.o(80648);
            return;
        }
        if (c.i(this.b)) {
            AppMethodBeat.o(80648);
            return;
        }
        List<X509Certificate> asList = Arrays.asList(x509CertificateArr);
        boolean z2 = !b.f14796a.b(this.b, x509CertificateArr[0]);
        try {
            list = this.f14793a.checkServerTrusted(x509CertificateArr, str, this.b);
            message = "";
        } catch (CertificateException e) {
            message = e.getMessage();
            if (Build.VERSION.SDK_INT < 24 || StringUtil.emptyOrNull(e.getMessage()) || !e.getMessage().startsWith("Pin verification failed")) {
                list = asList;
                z2 = true;
            } else {
                list = asList;
                z = true;
            }
        }
        if (!z2) {
            z = !a(list, c.d());
        }
        if (z2 || z) {
            PinningValidationResult pinningValidationResult = PinningValidationResult.FAILED;
            if (z2) {
                pinningValidationResult = PinningValidationResult.FAILED_CERTIFICATE_CHAIN_NOT_TRUSTED;
            }
            f fVar = this.c;
            if (fVar != null) {
                fVar.a(this.b, asList, list, pinningValidationResult);
            }
        } else {
            f fVar2 = this.c;
            if (fVar2 != null) {
                fVar2.b(this.b, asList, list);
            }
        }
        if (z2) {
            CertificateException certificateException = new CertificateException("Certificate validation failed for " + this.b);
            AppMethodBeat.o(80648);
            throw certificateException;
        }
        if (!z) {
            AppMethodBeat.o(80648);
            return;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Pin verification failed");
        sb.append("\n  Configured pins: ");
        Iterator<ctrip.android.network.sslpinning.configuration.a> it = c.d().iterator();
        while (it.hasNext()) {
            sb.append(it.next());
            sb.append(ChatQADecorate.REPLACE_IDENTIFIER_FOR_ICON);
        }
        sb.append("\n  Peer certificate chain: ");
        for (X509Certificate x509Certificate : list) {
            sb.append("\n    ");
            sb.append(new ctrip.android.network.sslpinning.configuration.a(x509Certificate));
            sb.append(" - ");
            sb.append(x509Certificate.getSubjectDN());
        }
        HashMap hashMap = new HashMap();
        hashMap.put("hostName", this.b);
        hashMap.put(SharePluginInfo.ISSUE_STACK_TYPE, sb.toString());
        hashMap.put("servedServerChain", Integer.valueOf(asList == null ? -1 : asList.size()));
        if (!TextUtils.isEmpty(message)) {
            hashMap.put("checkServerTrustedExceptionInfo", message);
        }
        UBTLogUtil.logDevTrace("o_ssl_pinning_error", hashMap);
        CertificateException certificateException2 = new CertificateException(sb.toString());
        AppMethodBeat.o(80648);
        throw certificateException2;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
