package com.sophos.cloud.core.rest;

import android.annotation.TargetApi;
import com.sophos.cloud.exceptions.CertificatePinningException;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;

@TargetApi(24)
/* loaded from: classes2.dex */
public final class l extends X509ExtendedTrustManager {

    /* renamed from: f, reason: collision with root package name */
    private static l f20000f;

    /* renamed from: b, reason: collision with root package name */
    private final O2.d f20002b;

    /* renamed from: a, reason: collision with root package name */
    private int f20001a = 0;

    /* renamed from: d, reason: collision with root package name */
    private boolean f20004d = true;

    /* renamed from: e, reason: collision with root package name */
    private boolean f20005e = true;

    /* renamed from: c, reason: collision with root package name */
    private final X509ExtendedTrustManager f20003c = c();

    private l(O2.d dVar) {
        this.f20002b = dVar;
    }

    private void a(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (this.f20005e) {
            String m6 = h.m(x509CertificateArr[0].getEncoded());
            List<String> sSLCertHash = this.f20002b.getSSLCertHash();
            if (sSLCertHash.isEmpty() || sSLCertHash.contains(m6)) {
                return;
            }
            if (this.f20001a == 0) {
                this.f20002b.onCertPinningError();
            }
            int i6 = this.f20001a;
            if (i6 == 3) {
                this.f20001a = 0;
            } else {
                this.f20001a = i6 + 1;
            }
            a4.c.X("TMEX", "Certificate hash does not match! Hash : " + m6 + " pinned hashes: " + sSLCertHash.toString());
            throw new CertificatePinningException("Certificate hash does not match!");
        }
    }

    public static l b(O2.d dVar) {
        if (f20000f == null) {
            f20000f = new l(dVar);
        }
        return f20000f;
    }

    private X509ExtendedTrustManager c() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509ExtendedTrustManager) {
                    return (X509ExtendedTrustManager) trustManager;
                }
            }
            return null;
        } catch (KeyStoreException e6) {
            a4.c.l("TMEX", e6);
            return null;
        } catch (NoSuchAlgorithmException e7) {
            a4.c.l("TMEX", e7);
            return null;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        a4.c.y("TMEX", "checkClientTrusted");
        if (this.f20004d) {
            this.f20003c.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        a4.c.y("TMEX", "checkClientTrusted");
        if (this.f20004d) {
            this.f20003c.checkClientTrusted(x509CertificateArr, str, socket);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        a4.c.y("TMEX", "checkClientTrusted");
        if (this.f20004d) {
            this.f20003c.checkClientTrusted(x509CertificateArr, str, sSLEngine);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        a4.c.y("TMEX", "checkServerTrusted");
        if (this.f20004d) {
            this.f20003c.checkServerTrusted(x509CertificateArr, str);
        } else {
            a4.c.y("TMEX", "we trust this server");
        }
        a(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        a4.c.y("TMEX", "checkServerTrusted");
        if (this.f20004d) {
            this.f20003c.checkServerTrusted(x509CertificateArr, str, socket);
        } else {
            a4.c.y("TMEX", "we trust this server");
        }
        a(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        a4.c.y("TMEX", "checkServerTrusted");
        if (this.f20004d) {
            this.f20003c.checkServerTrusted(x509CertificateArr, str, sSLEngine);
        } else {
            a4.c.y("TMEX", "we trust this server");
        }
        a(x509CertificateArr);
    }

    public void d(boolean z6) {
        this.f20004d = z6;
    }

    public void e(boolean z6) {
        this.f20005e = z6;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        a4.c.y("TMEX", "getAcceptedIssuers");
        if (this.f20004d) {
            return this.f20003c.getAcceptedIssuers();
        }
        return null;
    }
}
