package ru.yoomoney.sdk.yoopinning;

import android.annotation.SuppressLint;
import com.adjust.sdk.Constants;
import dp.C8592a;
import java.security.MessageDigest;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import javax.security.cert.CertificateException;
import kotlin.Metadata;
import kotlin.collections.C9637l;
import kotlin.collections.C9643s;
import kotlin.jvm.internal.C9653c;
import kotlin.jvm.internal.C9665o;
import kotlin.jvm.internal.DefaultConstructorMarker;
import okhttp3.internal.tls.OkHostnameVerifier;
import tj.C11049b;
import tj.C11050c;
import tj.C11051d;

@Metadata(d1 = {"\u0000(\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0010\b\u0001\u0018\u0000 \u001a2\u00020\u0001:\u0001\u001aB\u000f\u0012\u0006\u0010\u0003\u001a\u00020\u0002¢\u0006\u0004\b\u0004\u0010\u0005J'\u0010\f\u001a\u00020\u000b2\f\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00070\u00062\b\u0010\n\u001a\u0004\u0018\u00010\tH\u0002¢\u0006\u0004\b\f\u0010\rJ\u001d\u0010\u000e\u001a\u00020\u000b2\f\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006H\u0002¢\u0006\u0004\b\u000e\u0010\u000fJ\u001d\u0010\u0010\u001a\u00020\u000b2\f\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006H\u0002¢\u0006\u0004\b\u0010\u0010\u000fJ\u0015\u0010\u0011\u001a\u0004\u0018\u00010\t*\u00020\u0007H\u0002¢\u0006\u0004\b\u0011\u0010\u0012J+\u0010\u0014\u001a\u00020\u000b2\u0010\u0010\b\u001a\f\u0012\u0006\u0012\u0004\u0018\u00010\u0007\u0018\u00010\u00062\b\u0010\u0013\u001a\u0004\u0018\u00010\tH\u0016¢\u0006\u0004\b\u0014\u0010\rJ+\u0010\u0015\u001a\u00020\u000b2\f\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00070\u00062\u0006\u0010\u0013\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\t¢\u0006\u0004\b\u0015\u0010\u0016J+\u0010\u0015\u001a\u00020\u000b2\u0010\u0010\b\u001a\f\u0012\u0006\u0012\u0004\u0018\u00010\u0007\u0018\u00010\u00062\b\u0010\u0013\u001a\u0004\u0018\u00010\tH\u0016¢\u0006\u0004\b\u0015\u0010\rJ\u0015\u0010\u0017\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006H\u0016¢\u0006\u0004\b\u0017\u0010\u0018R\u0014\u0010\u0003\u001a\u00020\u00028\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u000e\u0010\u0019¨\u0006\u001b"}, d2 = {"Lru/yoomoney/sdk/yoopinning/YooTrustManager;", "Ljavax/net/ssl/X509TrustManager;", "Lru/yoomoney/sdk/yoopinning/CertRepository;", "certRepository", "<init>", "(Lru/yoomoney/sdk/yoopinning/CertRepository;)V", "", "Ljava/security/cert/X509Certificate;", "chain", "", "host", "LXm/A;", C11050c.f86201e, "([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "a", "([Ljava/security/cert/X509Certificate;)V", C11049b.f86195h, C11051d.f86204q, "(Ljava/security/cert/X509Certificate;)Ljava/lang/String;", "authType", "checkClientTrusted", "checkServerTrusted", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;Ljava/lang/String;)V", "getAcceptedIssuers", "()[Ljava/security/cert/X509Certificate;", "Lru/yoomoney/sdk/yoopinning/CertRepository;", "Companion", "yoopinning_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
@SuppressLint({"CustomX509TrustManager"})
/* loaded from: classes5.dex */
public final class YooTrustManager implements X509TrustManager {

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);

    /* renamed from: a, reason: collision with root package name and from kotlin metadata */
    private final CertRepository certRepository;

    @Metadata(d1 = {"\u0000 \n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0015\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\bH\u0000¢\u0006\u0002\b\tR\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000¨\u0006\n"}, d2 = {"Lru/yoomoney/sdk/yoopinning/YooTrustManager$Companion;", "", "()V", "SERVER_AUTH_OID", "", "getYooTrustManager", "Ljavax/net/ssl/X509TrustManager;", "certRepository", "Lru/yoomoney/sdk/yoopinning/CertRepository;", "getYooTrustManager$yoopinning_release", "yoopinning_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes5.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final X509TrustManager getYooTrustManager$yoopinning_release(CertRepository certRepository) {
            C9665o.h(certRepository, "certRepository");
            return new YooTrustManager(certRepository);
        }
    }

    public YooTrustManager(CertRepository certRepository) {
        C9665o.h(certRepository, "certRepository");
        this.certRepository = certRepository;
        certRepository.updateCertificates();
    }

    private final void a(X509Certificate[] chain) {
        List<String> blackList = this.certRepository.getCertificates().getValue().getBlackList();
        Iterator a10 = C9653c.a(chain);
        while (a10.hasNext()) {
            if (C9643s.d0(blackList, d((X509Certificate) a10.next()))) {
                throw new CertificateException("Certificate in blackList");
            }
        }
    }

    private final void b(X509Certificate[] chain) {
        Object obj;
        List<String> whiteList = this.certRepository.getCertificates().getValue().getWhiteList();
        Iterator it = C9637l.A0(chain).iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            } else {
                obj = it.next();
                if (C9643s.d0(whiteList, d((X509Certificate) obj))) {
                    break;
                }
            }
        }
        if (((X509Certificate) obj) == null) {
            throw new CertificateException("No one certificate in whiteList");
        }
    }

    private final void c(X509Certificate[] chain, String host) {
        a(chain);
        b(chain);
        X509Certificate x509Certificate = (X509Certificate) C9637l.S(chain);
        if (x509Certificate != null) {
            if (!x509Certificate.getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.1")) {
                throw new CertificateException("It isn't WEB OID");
            }
            if (host != null) {
                OkHostnameVerifier.INSTANCE.verify(host, x509Certificate);
            }
        }
        Iterator a10 = C9653c.a(chain);
        while (a10.hasNext()) {
            ((X509Certificate) a10.next()).checkValidity();
        }
    }

    private final String d(X509Certificate x509Certificate) {
        MessageDigest messageDigest = MessageDigest.getInstance(Constants.SHA256);
        C9665o.g(messageDigest, "getInstance(...)");
        messageDigest.update(x509Certificate.getEncoded());
        return C8592a.b(messageDigest.digest());
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType) {
        X509Certificate[] x509CertificateArr;
        List P10;
        if (chain == null || (P10 = C9637l.P(chain)) == null || (x509CertificateArr = (X509Certificate[]) P10.toArray(new X509Certificate[0])) == null) {
            x509CertificateArr = new X509Certificate[0];
        }
        c(x509CertificateArr, null);
    }

    public final void checkServerTrusted(X509Certificate[] chain, String authType, String host) {
        C9665o.h(chain, "chain");
        C9665o.h(authType, "authType");
        C9665o.h(host, "host");
        c(chain, host);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
