package com.bshg.homeconnect.app.services.o;

import com.bshg.homeconnect.app.h.ak;
import com.bshg.homeconnect.app.h.cw;
import com.bshg.homeconnect.app.h.y;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: PinnedCertTrustManager.java */
/* loaded from: classes2.dex */
public class a {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f11744a = LoggerFactory.getLogger((Class<?>) a.class);

    /* renamed from: b, reason: collision with root package name */
    private static final String f11745b = "entrust_l1k";

    public static TrustManager[] a(String str) {
        final X509Certificate x509Certificate;
        try {
            x509Certificate = y.a(str);
        } catch (Exception e) {
            f11744a.error("Could not create HCA-Rest-Certificate from assets for validation: {}", e.getMessage());
            x509Certificate = null;
        }
        return new TrustManager[]{new X509TrustManager() { // from class: com.bshg.homeconnect.app.services.o.a.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                if (x509CertificateArr == null) {
                    throw new IllegalArgumentException("Rest-Certificate X509Certificate array is null.");
                }
                if (x509CertificateArr.length <= 0) {
                    throw new IllegalArgumentException("Rest-Certificate: X509Certificate is empty.");
                }
                try {
                    if (!(x509Certificate != null ? Arrays.asList(x509CertificateArr).contains(x509Certificate) : false)) {
                        throw new CertificateException("Certificate invalid!");
                    }
                    String[] b2 = a.b(x509CertificateArr[0]);
                    String b3 = com.bshg.homeconnect.app.c.a().l().b().b();
                    if (b2 != null) {
                        String str3 = b2[0];
                        String b4 = cw.b(b3);
                        if (b4 != null && !b4.equals(str3)) {
                            throw new CertificateException("Certificate does not matches the server certificate");
                        }
                    }
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(null, null);
                    if (x509CertificateArr[1] == null) {
                        throw new CertificateException("Certificate could not be read!");
                    }
                    keyStore.setCertificateEntry(a.f11745b, x509Certificate);
                    new PKIXParameters(keyStore).setRevocationEnabled(true);
                    Security.setProperty("ocsp.enable", "true");
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                    trustManagerFactory.init(keyStore);
                    for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                        ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str2);
                    }
                    x509CertificateArr[1].checkValidity(Calendar.getInstance().getTime());
                    System.out.println("Certificate is active for current date");
                } catch (Exception e2) {
                    throw new CertificateException(e2);
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String[] b(X509Certificate x509Certificate) throws CertificateParsingException {
        List a2 = ak.a(new String[0]);
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            for (List<?> list : subjectAlternativeNames) {
                if (((Integer) list.get(0)).intValue() == 2) {
                    a2.add((String) list.get(1));
                }
            }
        }
        if (a2.isEmpty()) {
            return null;
        }
        String[] strArr = new String[a2.size()];
        a2.toArray(strArr);
        return strArr;
    }
}
