package com.accloud.utils;

import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class SecurityUtils {
    private static final String AUTH_TYPE = "RSA";

    private static X509TrustManager getX509TrustManager() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    public static void validatePinning(HttpsURLConnection httpsURLConnection) throws SSLException, GeneralSecurityException {
        X509TrustManagerExtensions x509TrustManagerExtensions = new X509TrustManagerExtensions(getX509TrustManager());
        Certificate[] serverCertificates = httpsURLConnection.getServerCertificates();
        List<X509Certificate> checkServerTrusted = x509TrustManagerExtensions.checkServerTrusted((X509Certificate[]) Arrays.copyOf(serverCertificates, serverCertificates.length, X509Certificate[].class), AUTH_TYPE, httpsURLConnection.getURL().getHost());
        if (checkServerTrusted.size() == 0) {
            throw new SSLPeerUnverifiedException("Ordered X509Certificates chain not found");
        }
        if (Build.VERSION.SDK_INT >= 21) {
            Iterator<X509Certificate> it = checkServerTrusted.iterator();
            while (it.hasNext()) {
                if (x509TrustManagerExtensions.isUserAddedCertificate(it.next())) {
                    throw new SSLPeerUnverifiedException("User added X509Certificate found in chain");
                }
            }
        }
    }
}
