package com.sap.cloud4custex.security.CertPinning;

import com.sap.cloud4custex.logger.ExLOG;
import com.sap.cloud4custex.security.SecurityUtil;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class SSLPinning {
    private static final HashMap<String, List<byte[]>> VALID_PINS = createValidPinMap();
    public static boolean certPinningOnByDefault = false;
    public static boolean mdmDisableCertPinning = false;
    private HashSet<String> validatedDomains = new HashSet<>();

    private static byte[] convertToByteArray(String str) {
        int length = str.length();
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            bArr[i / 2] = hexToByte(str, i);
        }
        return bArr;
    }

    public static SSLSocketFactory createPinnedSslSocketFactory() throws Exception {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.sap.cloud4custex.security.CertPinning.SSLPinning.2
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                boolean validateSystemTrust = SecurityUtil.validateSystemTrust(x509CertificateArr, str);
                if (!SSLPinning.validatePIN(x509CertificateArr)) {
                    SSLPinning.rejectCertificate();
                }
                if (validateSystemTrust) {
                    return;
                }
                SSLPinning.rejectCertificate();
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        return sSLContext.getSocketFactory();
    }

    private static HashMap<String, List<byte[]>> createValidPinMap() {
        HashMap<String, List<byte[]>> hashMap = new HashMap<>(5);
        ArrayList arrayList = new ArrayList();
        arrayList.add(convertToByteArray("e6426f344330d0a8eb080bbb7976391d976fc824b5dc16c0d15246d5148ff75c"));
        arrayList.add(convertToByteArray("3d95cdde5440cbef2d04a9363b1e85ee32259f3af66339b0a9cdc99f27d7a02c"));
        arrayList.add(convertToByteArray("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
        arrayList.add(convertToByteArray("b92cd19c5aeae0997fb9ccbbb3c5676fca9a14a2fce2555bd1e2e8d2580ddd2a"));
        arrayList.add(convertToByteArray("e5e1d684e3796023ed4f3ec6f2b9d7715abf154281179f3a5a0f40d4cd01743e"));
        arrayList.add(convertToByteArray("cdb77ebf15b3173e08a79f7577053b0998b6b2d87549c12807a0c114421e2090"));
        arrayList.add(convertToByteArray("a1fa3284e2cae7a414655e52bf566a42d87da1fd3f85113eed630c2e9a6fbecc"));
        arrayList.add(convertToByteArray("8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26"));
        arrayList.add(convertToByteArray("59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79"));
        arrayList.add(convertToByteArray("9b108456bac84fb2c140051a4333e9178456038e3b4c4476e0a444a079ab5b42"));
        arrayList.add(convertToByteArray("59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79"));
        arrayList.add(convertToByteArray("8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26"));
        arrayList.add(convertToByteArray("f3700a0e62d32a48c51b014bc9e286ff811c252a9ba9f9b5d473f92339aeff7f"));
        arrayList.add(convertToByteArray("31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0"));
        arrayList.add(convertToByteArray("0587d6bd2819587ab90fb596480a5793bd9f7506a3eace73f5eab366017fe259"));
        arrayList.add(convertToByteArray("a7783310568a20eeeff28793377a217637fc9fd4e821b109e815fb6d8f610e0c"));
        arrayList.add(convertToByteArray("c8025f9fc65fdfc95b3ca8cc7867b9a587b5277973957917463fc813d0b625a9"));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(convertToByteArray("e6426f344330d0a8eb080bbb7976391d976fc824b5dc16c0d15246d5148ff75c"));
        arrayList2.add(convertToByteArray("3d95cdde5440cbef2d04a9363b1e85ee32259f3af66339b0a9cdc99f27d7a02c"));
        arrayList2.add(convertToByteArray("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
        arrayList2.add(convertToByteArray("fceb825654edf69284c08ef5697c49df283d4211797dce2bdd3aefc926d12549"));
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(convertToByteArray("e6426f344330d0a8eb080bbb7976391d976fc824b5dc16c0d15246d5148ff75c"));
        arrayList3.add(convertToByteArray("3d95cdde5440cbef2d04a9363b1e85ee32259f3af66339b0a9cdc99f27d7a02c"));
        arrayList3.add(convertToByteArray("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
        ArrayList arrayList4 = new ArrayList();
        arrayList4.add(convertToByteArray("e6426f344330d0a8eb080bbb7976391d976fc824b5dc16c0d15246d5148ff75c"));
        arrayList4.add(convertToByteArray("3d95cdde5440cbef2d04a9363b1e85ee32259f3af66339b0a9cdc99f27d7a02c"));
        arrayList4.add(convertToByteArray("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
        arrayList4.add(convertToByteArray("51d090d81cb3778c653c80655eac09e279e7644642f1d80335dadc37dd279004"));
        arrayList4.add(convertToByteArray("762830425e2842de3f976ce8a5e5932aca32c9d7c9a499a97601268292b0d103"));
        arrayList4.add(convertToByteArray("b20e9045b6e9a0b8b968aa76caba3e0f0c33c69fe82d6a726b1b197741505927"));
        arrayList4.add(convertToByteArray("8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26"));
        arrayList4.add(convertToByteArray("fcb81267cb038dfe4e437bde73f2bbd800d706b6c8160af2e43e82e6b153b2b5"));
        arrayList4.add(convertToByteArray("59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79"));
        arrayList4.add(convertToByteArray("1199cdc896282b72bd27eb77990eb45fcb8aa1edd533b3bf00a7b39b371822c7"));
        arrayList4.add(convertToByteArray("a814636663a69123492f4a7bd337a4ee8752233aacfe6b91e0993dc58c823fe1"));
        arrayList4.add(convertToByteArray("b94c198300cec5c057ad0727b70bbe91816992256439a7b32f4598119dda9c97"));
        arrayList4.add(convertToByteArray("f055618d2c9e00c0343133c60a0e0aedcec8d42729cb3c41707dc4858a941d05"));
        arrayList4.add(convertToByteArray("1a14bc65e6f186405a310707322a919f809f761427623e4d4eed931dbe5e0a2e"));
        ArrayList arrayList5 = new ArrayList();
        arrayList5.add(convertToByteArray("e6426f344330d0a8eb080bbb7976391d976fc824b5dc16c0d15246d5148ff75c"));
        arrayList5.add(convertToByteArray("3d95cdde5440cbef2d04a9363b1e85ee32259f3af66339b0a9cdc99f27d7a02c"));
        arrayList5.add(convertToByteArray("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
        arrayList5.add(convertToByteArray("b92cd19c5aeae0997fb9ccbbb3c5676fca9a14a2fce2555bd1e2e8d2580ddd2a"));
        arrayList5.add(convertToByteArray("e5e1d684e3796023ed4f3ec6f2b9d7715abf154281179f3a5a0f40d4cd01743e"));
        ArrayList arrayList6 = new ArrayList();
        arrayList6.add(convertToByteArray("e6426f344330d0a8eb080bbb7976391d976fc824b5dc16c0d15246d5148ff75c"));
        arrayList6.add(convertToByteArray("3d95cdde5440cbef2d04a9363b1e85ee32259f3af66339b0a9cdc99f27d7a02c"));
        arrayList6.add(convertToByteArray("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
        arrayList6.add(convertToByteArray("fceb825654edf69284c08ef5697c49df283d4211797dce2bdd3aefc926d12549"));
        arrayList6.add(convertToByteArray("65b7fab9296d4ae60695f8f5e9bcd1276af10e24a2c2c872012e72e23a00b658"));
        arrayList6.add(convertToByteArray("59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79"));
        arrayList6.add(convertToByteArray("8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26"));
        ArrayList arrayList7 = new ArrayList();
        arrayList7.add(convertToByteArray("e6426f344330d0a8eb080bbb7976391d976fc824b5dc16c0d15246d5148ff75c"));
        arrayList7.add(convertToByteArray("3d95cdde5440cbef2d04a9363b1e85ee32259f3af66339b0a9cdc99f27d7a02c"));
        arrayList7.add(convertToByteArray("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
        arrayList7.add(convertToByteArray("6904be1e915ecb25f7bebf4702f802eed399fb9e60ef4e776a6a41b69d020d5f"));
        arrayList7.add(convertToByteArray("59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79"));
        arrayList7.add(convertToByteArray("8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26"));
        arrayList7.add(convertToByteArray("82a510b32c900131d34defd37dc23a106de34eaa7e80d62912a4ac0209ac4f5b"));
        ArrayList arrayList8 = new ArrayList();
        arrayList8.add(convertToByteArray("e6426f344330d0a8eb080bbb7976391d976fc824b5dc16c0d15246d5148ff75c"));
        arrayList8.add(convertToByteArray("3d95cdde5440cbef2d04a9363b1e85ee32259f3af66339b0a9cdc99f27d7a02c"));
        arrayList8.add(convertToByteArray("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
        arrayList8.add(convertToByteArray("51d090d81cb3778c653c80655eac09e279e7644642f1d80335dadc37dd279004"));
        ArrayList arrayList9 = new ArrayList();
        arrayList9.add(convertToByteArray("e6426f344330d0a8eb080bbb7976391d976fc824b5dc16c0d15246d5148ff75c"));
        arrayList9.add(convertToByteArray("3d95cdde5440cbef2d04a9363b1e85ee32259f3af66339b0a9cdc99f27d7a02c"));
        arrayList9.add(convertToByteArray("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
        arrayList9.add(convertToByteArray("6904be1e915ecb25f7bebf4702f802eed399fb9e60ef4e776a6a41b69d020d5f"));
        arrayList9.add(convertToByteArray("d5eb0a51e755cb56849e14b3d89471c9f49bc0eb6b43895ec42ca9a670d85e68"));
        arrayList9.add(convertToByteArray("e5c7039d740c6f68609a4b613ee24d13bd51d1db65ef0eca8fbbeb2a1d8da7fa"));
        arrayList9.add(convertToByteArray("59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79"));
        arrayList9.add(convertToByteArray("8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26"));
        arrayList9.add(convertToByteArray("adda7214c68cade98cc5a99e4d0f702089ec7a4f339bc7c621293f6fd1720d1d"));
        ArrayList arrayList10 = new ArrayList();
        arrayList10.add(getLocalHostCertificatePin());
        hashMap.put("crm.ondemand.com", arrayList);
        hashMap.put("c4c.cloud.sap", arrayList5);
        hashMap.put("dev.sapbydesign.com", arrayList2);
        hashMap.put("dev.c4c.cloud.sap", arrayList6);
        hashMap.put("vlab.sapbydesign.com", arrayList3);
        hashMap.put("vlab.c4c.cloud.sap", arrayList7);
        hashMap.put("vlabc4c.ondemand.com", arrayList9);
        hashMap.put("c4c.saphybriscloud.cn", arrayList4);
        hashMap.put("c4c.sapcloud.cn", arrayList8);
        hashMap.put("localhost", arrayList10);
        return hashMap;
    }

    private static byte[] getLocalHostCertificatePin() {
        try {
            return MessageDigest.getInstance("SHA256").digest(SecurityUtil.getCertificatePinForLocalhost());
        } catch (NoSuchAlgorithmException e) {
            ExLOG.e("SSLPinning:getLocalHostCertification", e.getMessage());
            return null;
        }
    }

    private static byte hexToByte(String str, int i) {
        return (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
    }

    public static boolean isCertPinningOnByDefault() {
        return certPinningOnByDefault;
    }

    public static boolean isMdmDisableCertPinning() {
        return mdmDisableCertPinning;
    }

    public static boolean pinForHost(String str) {
        Iterator<String> it = VALID_PINS.keySet().iterator();
        while (it.hasNext()) {
            if (str.endsWith(it.next())) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void rejectCertificate() throws CertificateException {
        ExLOG.e("SSLPinning:rejectCertificate", "A request to a server has been blocked because the certificate couldn't be validated");
        throw new CertificateException("Unable to verify authenticity of the server");
    }

    public static void setCertPinningOnByDefault(boolean z) {
        certPinningOnByDefault = z;
    }

    public static void setMdmDisableCertPinning(boolean z) {
        mdmDisableCertPinning = z;
    }

    public static boolean validatePIN(X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                byte[] digest = MessageDigest.getInstance("SHA256").digest(x509Certificate.getPublicKey().getEncoded());
                Iterator<List<byte[]>> it = VALID_PINS.values().iterator();
                while (it.hasNext()) {
                    Iterator<byte[]> it2 = it.next().iterator();
                    while (it2.hasNext()) {
                        if (Arrays.equals(it2.next(), digest)) {
                            return true;
                        }
                    }
                }
            } catch (NoSuchAlgorithmException e) {
                ExLOG.e("SSLPinning:validatePIN", e.getMessage());
            }
        }
        return false;
    }

    public synchronized void checkCertPinningSetting(String str, final SSLPinningSettingHandler sSLPinningSettingHandler) {
        CertPinningSettingChecker.getInstance().checkSetting(str, new CertPinningSettingCheckerHandler() { // from class: com.sap.cloud4custex.security.CertPinning.SSLPinning.1
            @Override // com.sap.cloud4custex.security.CertPinning.CertPinningSettingCheckerHandler
            public void onSettingRetrieved(String str2, Boolean bool) {
                if ((bool != null && !bool.booleanValue()) || (bool == null && !SSLPinning.certPinningOnByDefault)) {
                    SSLPinning.this.validatedDomains.add(str2);
                } else if (bool == null && SSLPinning.certPinningOnByDefault) {
                    bool = true;
                }
                SSLPinningSettingHandler sSLPinningSettingHandler2 = sSLPinningSettingHandler;
                if (sSLPinningSettingHandler2 != null) {
                    sSLPinningSettingHandler2.onCertPinningSettingRetrieved(str2, bool);
                }
            }
        });
    }

    public boolean needCertPinning(String str) {
        if (mdmDisableCertPinning || this.validatedDomains.contains(str)) {
            return false;
        }
        boolean pinForHost = pinForHost(str);
        if (!pinForHost) {
            this.validatedDomains.add(str);
        }
        return pinForHost;
    }
}
