package com.pg.client.connection.ssl;

import com.pg.client.connection.ConnectionManager;
import com.pg.client.connection.PGConnector;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class SetupTrustManager implements X509TrustManager {
    private static final int DNS_NAME = 2;
    private static final int IP_ADDRESS = 7;
    private static final Map<String, CertificateAttributes> certificateAttributes = new Hashtable();

    public static Map<String, CertificateAttributes> getCertificateattributes() {
        return certificateAttributes;
    }

    private boolean validateChain(X509Certificate[] x509CertificateArr) {
        boolean z = false;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                x509Certificate.checkValidity();
                X509Certificate[] acceptedIssuers = getAcceptedIssuers();
                int length = acceptedIssuers.length;
                int i = 0;
                while (true) {
                    if (i < length) {
                        try {
                            x509Certificate.verify(acceptedIssuers[i].getPublicKey());
                            z = true;
                            break;
                        } catch (Exception e) {
                            i++;
                        }
                    }
                }
            } catch (Exception e2) {
                PGConnector.appendToDelegateLog("Exception in SetUpTrustManager ", e2);
                return false;
            }
        }
        return z;
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("authentication a client is not supported.");
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509Certificate x509Certificate = x509CertificateArr[0];
        CertificateAttributes certificateAttributes2 = null;
        try {
            certificateAttributes2 = extractCertificateAttributes(x509Certificate);
            certificateAttributes2.setValid(validateChain(x509CertificateArr));
            certificateAttributes.put(SSLUtil.getString(x509Certificate), certificateAttributes2);
        } catch (CertificateException e) {
            ConnectionManager.isSSLValid = false;
            certificateAttributes2.setValid(false);
            throw e;
        }
    }

    protected CertificateAttributes extractCertificateAttributes(X509Certificate x509Certificate) throws CertificateParsingException {
        CertificateAttributes certificateAttributes2 = new CertificateAttributes();
        String cn = new X500PrincipalHelper(x509Certificate.getSubjectX500Principal()).getCN();
        String cn2 = new X500PrincipalHelper(x509Certificate.getIssuerX500Principal()).getCN();
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        if (subjectAlternativeNames != null) {
            for (List<?> list : subjectAlternativeNames) {
                int intValue = ((Integer) list.get(0)).intValue();
                if (intValue == 2) {
                    hashSet.add((String) list.get(1));
                } else if (intValue == 7) {
                    hashSet2.add((String) list.get(1));
                }
            }
        }
        certificateAttributes2.setCaCommonName(cn2);
        certificateAttributes2.setServerAlternateIA5DNSName(hashSet);
        certificateAttributes2.setServerAlternateIA5IPAddress(hashSet2);
        certificateAttributes2.setServerCertificate(x509Certificate);
        certificateAttributes2.setServerCommonName(cn);
        return certificateAttributes2;
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        return getSetupCAs();
    }

    public X509Certificate[] getSetupCAs() {
        return new X509Certificate[]{CertificateConstants.getDevCAPublicCertificate(), CertificateConstants.getRootCAPublicCertificate(), CertificateConstants.getProductionCAPublicCertificate(), CertificateConstants.getNewDevCAPublicCertificate(), CertificateConstants.getNewProductionCAPublicCertificate(), CertificateConstants.getPremProdCertificate(), CertificateConstants.getPremLocalCertificate(), CertificateConstants.getPremRootCertificate()};
    }
}
