package io.netty.handler.ssl.util;

import io.netty.buffer.a1;
import io.netty.buffer.r;
import io.netty.util.concurrent.p;
import io.netty.util.internal.b0;
import io.netty.util.internal.s0;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.regex.Pattern;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public final class b extends SimpleTrustManagerFactory {
    private static final Pattern FINGERPRINT_PATTERN = Pattern.compile("^[0-9a-fA-F:]+$");
    private static final Pattern FINGERPRINT_STRIP_PATTERN = Pattern.compile(":");
    private final byte[][] fingerprints;
    private final p<MessageDigest> tlmd;
    private final TrustManager tm;

    /* loaded from: classes2.dex */
    public class a implements X509TrustManager {
        public a() {
        }

        private void checkTrusted(String str, X509Certificate[] x509CertificateArr) throws CertificateException {
            boolean z9 = false;
            X509Certificate x509Certificate = x509CertificateArr[0];
            byte[] fingerprint = fingerprint(x509Certificate);
            byte[][] bArr = b.this.fingerprints;
            int length = bArr.length;
            int i10 = 0;
            while (true) {
                if (i10 >= length) {
                    break;
                }
                if (Arrays.equals(fingerprint, bArr[i10])) {
                    z9 = true;
                    break;
                }
                i10++;
            }
            if (z9) {
                return;
            }
            throw new CertificateException(str + " certificate with unknown fingerprint: " + x509Certificate.getSubjectDN());
        }

        private byte[] fingerprint(X509Certificate x509Certificate) throws CertificateEncodingException {
            MessageDigest messageDigest = (MessageDigest) b.this.tlmd.get();
            messageDigest.reset();
            return messageDigest.digest(x509Certificate.getEncoded());
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            checkTrusted("client", x509CertificateArr);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            checkTrusted("server", x509CertificateArr);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return io.netty.util.internal.h.EMPTY_X509_CERTIFICATES;
        }
    }

    /* renamed from: io.netty.handler.ssl.util.b$b, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    public class C0110b extends p<MessageDigest> {
        final /* synthetic */ String val$algorithm;

        public C0110b(String str) {
            this.val$algorithm = str;
        }

        @Override // io.netty.util.concurrent.p
        public MessageDigest initialValue() {
            try {
                return MessageDigest.getInstance(this.val$algorithm);
            } catch (NoSuchAlgorithmException e10) {
                throw new IllegalArgumentException(String.format("Unsupported hash algorithm: %s", this.val$algorithm), e10);
            }
        }
    }

    @Deprecated
    public b(Iterable<String> iterable) {
        this("SHA1", toFingerprintArray(iterable));
    }

    public b(String str, byte[][] bArr) {
        this.tm = new a();
        b0.checkNotNull(str, "algorithm");
        b0.checkNotNull(bArr, "fingerprints");
        if (bArr.length == 0) {
            throw new IllegalArgumentException("No fingerprints provided");
        }
        try {
            int digestLength = MessageDigest.getInstance(str).getDigestLength();
            ArrayList arrayList = new ArrayList(bArr.length);
            for (byte[] bArr2 : bArr) {
                if (bArr2 == null) {
                    break;
                }
                if (bArr2.length != digestLength) {
                    throw new IllegalArgumentException(String.format("malformed fingerprint (length is %d but expected %d): %s", Integer.valueOf(bArr2.length), Integer.valueOf(digestLength), r.hexDump(a1.wrappedBuffer(bArr2))));
                }
                arrayList.add(bArr2.clone());
            }
            this.tlmd = new C0110b(str);
            this.fingerprints = (byte[][]) arrayList.toArray(new byte[0]);
        } catch (NoSuchAlgorithmException e10) {
            throw new IllegalArgumentException(String.format("Unsupported hash algorithm: %s", str), e10);
        }
    }

    @Deprecated
    public b(String... strArr) {
        this("SHA1", toFingerprintArray(Arrays.asList(strArr)));
    }

    @Deprecated
    public b(byte[]... bArr) {
        this("SHA1", bArr);
    }

    public static c builder(String str) {
        return new c(str);
    }

    public static byte[][] toFingerprintArray(Iterable<String> iterable) {
        String next;
        b0.checkNotNull(iterable, "fingerprints");
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = iterable.iterator();
        while (it.hasNext() && (next = it.next()) != null) {
            if (!FINGERPRINT_PATTERN.matcher(next).matches()) {
                throw new IllegalArgumentException("malformed fingerprint: " + next);
            }
            arrayList.add(s0.decodeHexDump(FINGERPRINT_STRIP_PATTERN.matcher(next).replaceAll("")));
        }
        return (byte[][]) arrayList.toArray(new byte[0]);
    }

    @Override // io.netty.handler.ssl.util.SimpleTrustManagerFactory
    public TrustManager[] engineGetTrustManagers() {
        return new TrustManager[]{this.tm};
    }

    @Override // io.netty.handler.ssl.util.SimpleTrustManagerFactory
    public void engineInit(KeyStore keyStore) throws Exception {
    }

    @Override // io.netty.handler.ssl.util.SimpleTrustManagerFactory
    public void engineInit(ManagerFactoryParameters managerFactoryParameters) throws Exception {
    }
}
