package com.top.lib.mpl.co.truster.zyh;

import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import androidx.annotation.NonNull;
import androidx.annotation.RequiresApi;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
@RequiresApi(api = 17)
/* loaded from: classes2.dex */
public final class zyh implements X509TrustManager {
    private final com.top.lib.mpl.co.truster.config.rzb lcm;
    private final X509TrustManagerExtensions rzb;
    private final String zyh;

    public zyh(@NonNull String str, @NonNull com.top.lib.mpl.co.truster.config.rzb rzbVar, @NonNull X509TrustManager x509TrustManager) {
        this.zyh = str;
        this.lcm = rzbVar;
        if (Build.VERSION.SDK_INT < 17) {
            this.rzb = null;
        } else {
            this.rzb = new X509TrustManagerExtensions(x509TrustManager);
        }
    }

    private static boolean zyh(List<X509Certificate> list, Set<com.top.lib.mpl.co.truster.config.nuc> set) {
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            if (set.contains(new com.top.lib.mpl.co.truster.config.nuc(it.next()))) {
                return true;
            }
        }
        return false;
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("Client certificates not supported!");
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        List<X509Certificate> list;
        boolean z3;
        boolean z4;
        List<X509Certificate> asList = Arrays.asList(x509CertificateArr);
        boolean z5 = !nuc.lcm.nuc(this.zyh, x509CertificateArr[0]);
        try {
            list = this.rzb.checkServerTrusted(x509CertificateArr, str, this.zyh);
            z3 = z5;
        } catch (CertificateException e4) {
            if (Build.VERSION.SDK_INT < 24 || !e4.getMessage().startsWith("Pin verification failed")) {
                list = asList;
                z3 = true;
            } else {
                z3 = z5;
                list = asList;
                z4 = true;
            }
        }
        z4 = false;
        if (Build.VERSION.SDK_INT < 24 && !z3) {
            if (!(this.lcm.ywj() != null && this.lcm.ywj().compareTo(new Date()) < 0)) {
                z4 = !zyh(list, this.lcm.lcm());
            }
        }
        boolean z6 = z4;
        if (z3 || z6) {
            rzb rzbVar = rzb.FAILED;
            if (z3) {
                rzbVar = rzb.FAILED_CERTIFICATE_CHAIN_NOT_TRUSTED;
            }
            zku.zyh().rzb(this.zyh, 0, asList, list, this.lcm, rzbVar);
        }
        if (z3) {
            StringBuilder sb = new StringBuilder("Certificate validation failed for ");
            sb.append(this.zyh);
            throw new CertificateException(sb.toString());
        }
        if (z6 && this.lcm.rzb()) {
            StringBuilder sb2 = new StringBuilder("Pin verification failed\n  Configured pins: ");
            Iterator<com.top.lib.mpl.co.truster.config.nuc> it = this.lcm.lcm().iterator();
            while (it.hasNext()) {
                sb2.append(it.next());
                sb2.append(" ");
            }
            sb2.append("\n  Peer certificate chain: ");
            for (X509Certificate x509Certificate : list) {
                sb2.append("\n    ");
                sb2.append(new com.top.lib.mpl.co.truster.config.nuc(x509Certificate));
                sb2.append(" - ");
                sb2.append(x509Certificate.getSubjectDN());
            }
            throw new CertificateException(sb2.toString());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
