package org.cryptomator.data.cloud.webdav.network;

import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;
import okhttp3.CertificatePinner;
import org.cryptomator.data.util.X509CertificateHelper;
import org.cryptomator.domain.exception.FatalBackendException;
import org.cryptomator.domain.exception.NotTrustableCertificateException;
import org.cryptomator.util.Optional;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class PinningTrustManager implements X509TrustManager {
    private final String expectedPin;

    public PinningTrustManager(String str) {
        try {
            this.expectedPin = CertificatePinner.pin(X509CertificateHelper.convertFromPem(str));
        } catch (CertificateException e) {
            throw new FatalBackendException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isPinnedCertificate(X509Certificate x509Certificate) {
        return this.expectedPin.equals(CertificatePinner.pin(x509Certificate));
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (!isPinnedCertificate(x509CertificateArr[0])) {
            throw new NotTrustableCertificateException(X509CertificateHelper.convertToPem(x509CertificateArr[0]));
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (!isPinnedCertificate(x509CertificateArr[0])) {
            throw new NotTrustableCertificateException(X509CertificateHelper.convertToPem(x509CertificateArr[0]));
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public HostnameVerifier hostnameVerifier() {
        return new HostnameVerifier() { // from class: org.cryptomator.data.cloud.webdav.network.PinningTrustManager.1
            private Optional<X509Certificate> peerX509Cert(SSLSession sSLSession) {
                try {
                    Certificate[] peerCertificates = sSLSession.getPeerCertificates();
                    if (peerCertificates != null && peerCertificates.length > 0 && (peerCertificates[0] instanceof X509Certificate)) {
                        return Optional.of((X509Certificate) peerCertificates[0]);
                    }
                } catch (SSLPeerUnverifiedException unused) {
                }
                return Optional.empty();
            }

            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                Optional<X509Certificate> peerX509Cert = peerX509Cert(sSLSession);
                if (peerX509Cert.isPresent()) {
                    return PinningTrustManager.this.isPinnedCertificate(peerX509Cert.get());
                }
                return false;
            }
        };
    }
}
