package com.guardsquare.dexguard.runtime.net;

import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes4.dex */
public class SSLPinner {
    private final HostnameVerifier hostnameVerifier;
    private final SSLSocketFactory sslSocketFactory;

    /* loaded from: classes4.dex */
    private static class CertificatePinningHostnameVerifier implements HostnameVerifier {
        private static final HostnameVerifier STRICT_HOSTNAME_VERIFIER = org.apache.http.conn.ssl.SSLSocketFactory.STRICT_HOSTNAME_VERIFIER;
        private final X509TrustManager trustManager;

        CertificatePinningHostnameVerifier(X509TrustManager x509TrustManager) {
            this.trustManager = x509TrustManager;
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            if (!STRICT_HOSTNAME_VERIFIER.verify(str, sSLSession)) {
                return false;
            }
            try {
                this.trustManager.checkServerTrusted(PinningUtil.cleanCertificateChain((X509Certificate[]) sSLSession.getPeerCertificates()), TrustManagerFactory.getDefaultAlgorithm());
                return true;
            } catch (CertificateException | SSLException unused) {
                return false;
            }
        }
    }

    public SSLPinner(PublicKeyTrustManager publicKeyTrustManager) {
        this(publicKeyTrustManager, true);
    }

    public SSLPinner(KeyStore keyStore) {
        this(PinningUtil.loadTrustedStore(keyStore), true);
    }

    private SSLPinner(X509TrustManager x509TrustManager, boolean z) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            if (!ReflectionUtil.initSSLContextViaReflection(sSLContext, x509TrustManager)) {
                sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
            }
            this.sslSocketFactory = sSLContext.getSocketFactory();
            this.hostnameVerifier = new CertificatePinningHostnameVerifier(x509TrustManager);
        } catch (KeyManagementException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    public boolean pinHttpsURLConnection(HttpsURLConnection httpsURLConnection) {
        if (!ReflectionUtil.setFieldViaReflection(httpsURLConnection, "hostnameVerifier", this.hostnameVerifier)) {
            httpsURLConnection.setHostnameVerifier(this.hostnameVerifier);
        }
        if (!ReflectionUtil.setFieldViaReflection(httpsURLConnection, "sslSocketFactory", this.sslSocketFactory)) {
            httpsURLConnection.setSSLSocketFactory(this.sslSocketFactory);
        }
        return httpsURLConnection.getHostnameVerifier() == this.hostnameVerifier && httpsURLConnection.getSSLSocketFactory() == this.sslSocketFactory;
    }
}
