package com.tunnelbear.android.api;

import android.content.Context;
import android.text.TextUtils;
import com.tunnelbear.android.bj;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import okhttp3.internal.tls.CertificateChainCleaner;

/* compiled from: APIGatewayTrustManager.java */
/* loaded from: classes.dex */
public final class a implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    private static final char[] f1104a = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    /* renamed from: b, reason: collision with root package name */
    private X509TrustManager f1105b;
    private CertificateChainCleaner c = CertificateChainCleaner.get(this);
    private Context d;
    private String e;
    private HashMap<String, String> f;

    public a(X509TrustManager x509TrustManager, Context context) {
        this.f = new HashMap<>();
        this.f1105b = x509TrustManager;
        this.d = context;
        this.f = bj.a(context).S();
    }

    private static String a(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(f1104a[(bArr[i] & 240) >> 4]);
            stringBuffer.append(f1104a[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }

    public final void a(String str) {
        this.e = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.f1105b.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            List<Certificate> clean = this.c.clean(Arrays.asList(x509CertificateArr), this.e);
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            MessageDigest messageDigest2 = MessageDigest.getInstance("SHA-256");
            if (this.f == null || this.f.size() == 0) {
                this.f = bj.a(this.d).S();
            }
            if (clean != null && clean.size() > 0) {
                Collections.reverse(clean);
                Iterator<Certificate> it = clean.iterator();
                while (it.hasNext()) {
                    byte[] encoded = ((X509Certificate) it.next()).getEncoded();
                    messageDigest.update(encoded);
                    byte[] digest = messageDigest.digest();
                    messageDigest.reset();
                    String a2 = a(digest);
                    if (!TextUtils.isEmpty(a2) && this.f != null && this.f.containsKey(a2.toUpperCase())) {
                        messageDigest2.update(encoded);
                        byte[] digest2 = messageDigest2.digest();
                        messageDigest2.reset();
                        if (this.f.get(a2.toUpperCase()).equals(a(digest2).toUpperCase())) {
                            this.f1105b.checkServerTrusted(x509CertificateArr, str);
                            return;
                        }
                    }
                }
            }
        } catch (IOException e) {
        } catch (NoSuchAlgorithmException e2) {
        } catch (CertificateEncodingException e3) {
        }
        throw new CertificateException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        return this.f1105b.getAcceptedIssuers();
    }
}
