package com.alliancedata.accountcenter.network;

import ads.okhttp3.e;
import ads.okhttp3.u;
import android.util.Base64;
import com.alliancedata.accountcenter.configuration.model.ConfigMapper;
import com.alliancedata.accountcenter.utility.Constants;
import com.alliancedata.accountcenter.utility.FunctionConfigurationConstants;
import java.lang.ref.WeakReference;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;

/* loaded from: classes.dex */
public class CertificatePinningValidation implements HostnameVerifier {
    public static boolean forcePinFailure;
    private final String TAG = CertificatePinningValidation.class.getSimpleName();
    protected ConfigMapper configMapper;
    private WeakReference<Boolean> forcePinFailureWeakReference;
    private u.b okHttp;
    private String pin;

    public CertificatePinningValidation(ConfigMapper configMapper, u.b bVar) {
        this.configMapper = configMapper;
        this.okHttp = bVar;
    }

    private X509Certificate[] getServerCertificates(SSLSession sSLSession) {
        Certificate[] certificateArr;
        try {
            certificateArr = sSLSession.getPeerCertificates();
        } catch (SSLPeerUnverifiedException e10) {
            e10.printStackTrace();
            certificateArr = null;
        }
        if (certificateArr == null || certificateArr.length <= 0) {
            return null;
        }
        return (X509Certificate[]) Arrays.copyOf(certificateArr, certificateArr.length, X509Certificate[].class);
    }

    public boolean canBeForced(String str) {
        return (str == null || str.isEmpty() || !this.configMapper.get(FunctionConfigurationConstants.NATIVE_OAUTH_BASE_URL).toString().contains(str)) ? false : true;
    }

    public String getBase64EncodedPin(Certificate certificate, String str) {
        MessageDigest messageDigest;
        WeakReference<Boolean> weakReference = new WeakReference<>(Boolean.valueOf(forcePinFailure));
        this.forcePinFailureWeakReference = weakReference;
        if (weakReference.get().booleanValue() && canBeForced(str)) {
            return Constants.FAILURE_PIN;
        }
        try {
            messageDigest = MessageDigest.getInstance(Constants.SHA1_ALGORITHM);
        } catch (NoSuchAlgorithmException e10) {
            e10.printStackTrace();
            messageDigest = null;
        }
        byte[] encoded = certificate.getPublicKey().getEncoded();
        messageDigest.update(encoded, 0, encoded.length);
        return Base64.encodeToString(messageDigest.digest(), 2);
    }

    public boolean isCertificatePinningEnabled(ConfigMapper configMapper, String str) {
        return configMapper.containsKey(FunctionConfigurationConstants.CERTIFICATE_PINNING_KILLED) && !configMapper.get(FunctionConfigurationConstants.CERTIFICATE_PINNING_KILLED).toBoolean() && configMapper.containsKey(str.replace(".", ""));
    }

    public boolean validatePinsFromCertificates(String str, SSLSession sSLSession) {
        String replace = str.replace(".", "");
        X509Certificate[] serverCertificates = getServerCertificates(sSLSession);
        if (serverCertificates != null) {
            for (X509Certificate x509Certificate : serverCertificates) {
                this.pin = getBase64EncodedPin(x509Certificate, str);
                if (this.configMapper.get(replace).toString().contains(this.pin)) {
                    this.okHttp.b(new e.a().a(str, Constants.PIN_MUST_STARTS_WITH_SHA1 + this.configMapper.get(replace).toString()).b());
                    return true;
                }
            }
        }
        return false;
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        if (isCertificatePinningEnabled(this.configMapper, str)) {
            return validatePinsFromCertificates(str, sSLSession);
        }
        return true;
    }
}
