package com.chase.sig.android.b;

import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class a implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    private Map<String, List<byte[]>> f733a;
    private final Set<X509Certificate> b = Collections.synchronizedSet(new HashSet());

    public a(Map<String, String[]> map) {
        if (map.size() <= 0) {
            throw new CertificateException("Pin List May Not Be Empty");
        }
        this.f733a = a(map);
    }

    private static Map<String, List<byte[]>> a(Map<String, String[]> map) {
        HashMap hashMap = new HashMap();
        LinkedList linkedList = new LinkedList();
        for (Map.Entry<String, String[]> entry : map.entrySet()) {
            for (String str : entry.getValue()) {
                if (str == null || str.length() < 2) {
                    throw new IllegalArgumentException("Pin is Null or contains a non-hex string");
                }
                int length = str.length();
                byte[] bArr = new byte[length / 2];
                for (int i = 0; i < length; i += 2) {
                    bArr[i / 2] = (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
                }
                linkedList.add(bArr);
            }
            hashMap.put(entry.getKey(), linkedList);
        }
        return hashMap;
    }

    private boolean a(X509Certificate x509Certificate) {
        try {
            byte[] digest = MessageDigest.getInstance("SHA256").digest(x509Certificate.getPublicKey().getEncoded());
            String[] split = x509Certificate.getSubjectDN().getName().split(String.format("(?<!\\\\)%1$s", ","));
            StringBuilder sb = new StringBuilder();
            for (int length = split.length - 1; length >= 0; length--) {
                if (split[length].contains("\\,")) {
                    sb.append(split[length].replaceAll("\\\\", ""));
                } else {
                    sb.append(split[length]);
                }
                if (length != 0) {
                    sb.append(",");
                }
            }
            List<byte[]> list = this.f733a.get(sb.toString());
            if (list == null) {
                return false;
            }
            int size = list.size();
            for (int i = 0; i < size; i++) {
                if (Arrays.equals(list.get(i), digest)) {
                    this.b.add(x509Certificate);
                    return true;
                }
            }
            return false;
        } catch (NoSuchAlgorithmException e) {
            throw new CertificateException(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        throw new CertificateException("We don't handle this");
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        X509Certificate x509Certificate;
        X509Certificate x509Certificate2;
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        List asList = Arrays.asList(x509CertificateArr);
        int length = x509CertificateArr.length - 1;
        Iterator it = asList.iterator();
        while (true) {
            if (!it.hasNext()) {
                x509Certificate = null;
                break;
            }
            x509Certificate = (X509Certificate) it.next();
            Iterator it2 = asList.iterator();
            while (true) {
                if (it2.hasNext()) {
                    x509Certificate2 = (X509Certificate) it2.next();
                    if (x509Certificate2.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                        break;
                    }
                } else {
                    x509Certificate2 = null;
                    break;
                }
            }
            if (x509Certificate2 == null || x509Certificate2.equals(x509Certificate)) {
                break;
            }
        }
        x509CertificateArr2[length] = x509Certificate;
        while (true) {
            X509Certificate x509Certificate3 = x509Certificate;
            Iterator it3 = asList.iterator();
            while (true) {
                if (!it3.hasNext()) {
                    x509Certificate = null;
                    break;
                }
                x509Certificate = (X509Certificate) it3.next();
                if (x509Certificate.getIssuerDN().equals(x509Certificate3.getSubjectDN()) && !x509Certificate.equals(x509Certificate3)) {
                    break;
                }
            }
            if (x509Certificate == null || length <= 0) {
                break;
            }
            int i = length - 1;
            x509CertificateArr2[i] = x509Certificate;
            length = i;
        }
        for (X509Certificate x509Certificate4 : x509CertificateArr2) {
            if (this.b.contains(x509Certificate4)) {
                return;
            }
        }
        if (x509CertificateArr2.length <= 0) {
            throw new IllegalArgumentException("X509Certificate is empty");
        }
        if (str == null || !(str.equalsIgnoreCase("RSA") || str.equalsIgnoreCase("ECDHE_RSA"))) {
            throw new CertificateException("AuthType is not RSA");
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr2, str);
            }
            boolean z = false;
            for (X509Certificate x509Certificate5 : x509CertificateArr2) {
                x509Certificate5.checkValidity();
                if (a(x509Certificate5)) {
                    z = true;
                }
            }
            if (!z) {
                throw new CertificateException("No Trusted Certificate Found in Certificate Chain");
            }
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
