package org.sufficientlysecure.keychain.network;

import android.content.res.AssetManager;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import timber.log.Timber;

/* loaded from: classes.dex */
public class TlsCertificatePinning {
    private static Map<String, byte[]> sCertificatePins = new HashMap();
    private final URL url;

    public TlsCertificatePinning(URL url) {
        this.url = url;
    }

    public static void addPinnedCertificate(String str, AssetManager assetManager, String str2) {
        try {
            InputStream open = assetManager.open(str2);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            for (int read = open.read(); read != -1; read = open.read()) {
                byteArrayOutputStream.write(read);
            }
            open.close();
            sCertificatePins.put(str, byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            Timber.w(e);
        }
    }

    private KeyStore createSingleCertificateKeyStore(Certificate certificate) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("ca", certificate);
        return keyStore;
    }

    private X509TrustManager createTrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
            return (X509TrustManager) trustManagers[0];
        }
        throw new IllegalStateException("Unexpected default trust managers: " + Arrays.toString(trustManagers));
    }

    public boolean isPinAvailable() {
        return sCertificatePins.containsKey(this.url.getHost());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void pinCertificate(OkHttpClient.Builder builder) {
        Timber.d("Pinning certificate for " + this.url, new Object[0]);
        try {
            X509TrustManager createTrustManager = createTrustManager(createSingleCertificateKeyStore(CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(sCertificatePins.get(this.url.getHost())))));
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{createTrustManager}, null);
            builder.sslSocketFactory(sSLContext.getSocketFactory(), createTrustManager);
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new IllegalStateException(e);
        }
    }
}
