package com.payu.android.front.sdk.payment_library_api_client.internal.rest.client.ssl;

import android.util.Log;
import androidx.annotation.NonNull;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* loaded from: classes3.dex */
public class SslConfiguration {
    private static final String TAG = "SslConfiguration";
    private final List<String> mAcceptedHosts;
    private final List<SslCertificate> mAllowedCertificates;
    private final X509TrustManager mAndroidTrustManager;
    private final KeyStore mClientKeyStore;
    private final String mClientKeyStorePassword;

    /* loaded from: classes3.dex */
    public static class Builder {
        private List<String> mAcceptedHosts = new ArrayList();
        private List<SslCertificate> mAllowedCertificates = new ArrayList();
        private final X509TrustManager mAndroidTrustManager;
        private KeyStore mClientKeyStore;
        private String mClientKeyStorePassword;

        public Builder(X509TrustManager x509TrustManager) {
            this.mAndroidTrustManager = x509TrustManager;
        }

        public Builder addAcceptedHost(@NonNull String str) {
            this.mAcceptedHosts.add(str);
            return this;
        }

        public SslConfiguration build() {
            return new SslConfiguration(this.mAndroidTrustManager, this.mAllowedCertificates, this.mAcceptedHosts, this.mClientKeyStore, this.mClientKeyStorePassword);
        }

        public Builder withAllowedCertificates(@NonNull List<SslCertificate> list) {
            this.mAllowedCertificates = list;
            return this;
        }

        public Builder withClientCertificate(KeyStore keyStore, String str) {
            this.mClientKeyStore = keyStore;
            this.mClientKeyStorePassword = str;
            return this;
        }

        public Builder withoutPinning() {
            this.mAllowedCertificates.clear();
            this.mAcceptedHosts.clear();
            return this;
        }
    }

    public SslConfiguration(X509TrustManager x509TrustManager, List<SslCertificate> list, List<String> list2, KeyStore keyStore, String str) {
        this.mAndroidTrustManager = x509TrustManager;
        this.mAllowedCertificates = list;
        this.mAcceptedHosts = list2;
        this.mClientKeyStore = keyStore;
        this.mClientKeyStorePassword = str;
    }

    private AndroidAndProvidedCertificateListVerifier createAndroidTrustManager() {
        return new AndroidAndProvidedCertificateListVerifier(this.mAndroidTrustManager, this.mAllowedCertificates);
    }

    private KeyManagerFactory createKeyManagerFactory(KeyStore keyStore, String str) {
        if (keyStore != null) {
            return null;
        }
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
            keyManagerFactory.init(keyStore, getPasswordCharsOrNull(str));
            return keyManagerFactory;
        } catch (KeyStoreException e) {
            Log.w(TAG, "KeyStoreException", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            Log.w(TAG, "Algorithm not found", e2);
            return null;
        } catch (UnrecoverableKeyException e3) {
            Log.w(TAG, "UnrecoverableKeyException", e3);
            return null;
        }
    }

    private char[] getPasswordCharsOrNull(String str) {
        if (str != null) {
            return str.toCharArray();
        }
        return null;
    }

    public X509HostnameVerifier getHostnameVerifier() {
        return new HostnameListStrictVerifier((String[]) this.mAcceptedHosts.toArray(new String[0]));
    }

    public SSLSocketFactory getSslSocketFactory() {
        return new SSLSocketFactoryProvider(isPinningEnabled() ? createAndroidTrustManager() : new LiberalHttpsVerifier(), createKeyManagerFactory(this.mClientKeyStore, this.mClientKeyStorePassword)).getSSLFactory();
    }

    public X509TrustManager getTrustManager() {
        return this.mAndroidTrustManager;
    }

    public boolean isPinningEnabled() {
        return !this.mAllowedCertificates.isEmpty();
    }
}
