package util.ma;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.spongycastle.pqc.jcajce.spec.McElieceCCA2ParameterSpec;
import org.spongycastle.util.encoders.Base64;

/* loaded from: classes3.dex */
final class c implements X509TrustManager {
    private static final String a = c.class.getName();
    private KeyStore d;

    /* JADX INFO: Access modifiers changed from: package-private */
    public c() throws KeyStoreException {
        Boolean bool = com.gemalto.mfs.mwsdk.mobilegateway.a.a;
        Throwable e2 = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            this.d = keyStore;
            keyStore.load(null, null);
        } catch (IOException e3) {
            e2 = e3;
        } catch (NoSuchAlgorithmException e4) {
            e2 = e4;
        } catch (CertificateException e5) {
            e2 = e5;
        }
        if (e2 == null) {
            return;
        }
        Boolean bool2 = com.gemalto.mfs.mwsdk.mobilegateway.a.a;
        throw new KeyStoreException("KeyStore initialization failed");
    }

    private boolean b(X509Certificate[] x509CertificateArr, byte[] bArr, String str) throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
        boolean containsAlias = this.d.containsAlias(str);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            x509Certificate.checkValidity();
            byte[] digest = MessageDigest.getInstance(McElieceCCA2ParameterSpec.DEFAULT_MD).digest(x509Certificate.getPublicKey().getEncoded());
            boolean equals = Arrays.equals(bArr, digest);
            if (com.gemalto.mfs.mwsdk.mobilegateway.a.a.booleanValue()) {
                util.mj.e.a(digest, "");
                util.mj.e.a(bArr, "");
            }
            if (equals) {
                if (containsAlias) {
                    return true;
                }
                this.d.setCertificateEntry(str, x509Certificate);
                return true;
            }
        }
        if (containsAlias) {
            throw new CertificateException("Inconsistent behavior during the session.");
        }
        return false;
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            throw new CertificateException("checkServerTrusted: X509Certificate array is null or empty");
        }
        if (com.gemalto.mfs.mwsdk.mobilegateway.a.a.booleanValue()) {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                Base64.encode(x509Certificate.getEncoded());
            }
        }
        Object obj = null;
        try {
            boolean b = b(x509CertificateArr, util.mj.b.c(a.c), "gemalto.ca.root");
            if (!b) {
                b = b(x509CertificateArr, util.mj.b.c(a.a), "gemalto.ca.business");
            }
            if (b) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(this.d);
                ((X509TrustManager) trustManagerFactory.getTrustManagers()[0]).checkServerTrusted(x509CertificateArr, str);
                Boolean bool = com.gemalto.mfs.mwsdk.mobilegateway.a.a;
            } else if (!com.gemalto.mfs.mwsdk.mobilegateway.a.a.booleanValue()) {
                throw new CertificateException("Certificate pinning has failed");
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            obj = e2;
        }
        if (obj == null) {
            return;
        }
        Boolean bool2 = com.gemalto.mfs.mwsdk.mobilegateway.a.a;
        throw new CertificateException("SSL validation failed");
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
