package com.masv.superbeam.core.tls;

import com.masv.superbeam.core.utils.Pair;
import com.masv.superbeam.org.apache.commons.codec.digest.MessageDigestAlgorithms;
import java.security.KeyManagementException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;

/* loaded from: classes.dex */
public class TlsUtils {
    private TlsUtils() {
    }

    public static OkHttpClient.Builder buildClientWithPinnedPublicKey(byte[] bArr) throws NoSuchAlgorithmException, KeyManagementException {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        if (bArr == null) {
            return builder;
        }
        Pair<X509TrustManager, SSLSocketFactory> buildTrustManagementForCertificateHash = buildTrustManagementForCertificateHash(bArr);
        builder.sslSocketFactory(buildTrustManagementForCertificateHash.getSecond(), buildTrustManagementForCertificateHash.getFirst()).hostnameVerifier(new HostnameVerifier() { // from class: com.masv.superbeam.core.tls.TlsUtils.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
        return builder;
    }

    private static Pair<X509TrustManager, SSLSocketFactory> buildTrustManagementForCertificateHash(final byte[] bArr) throws NoSuchAlgorithmException, KeyManagementException {
        X509TrustManager x509TrustManager = new X509TrustManager() { // from class: com.masv.superbeam.core.tls.TlsUtils.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    if (TlsUtils.matchCertMd5Hash(x509Certificate, bArr)) {
                        return;
                    }
                }
                throw new CertificateException("Public key hash does not match");
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(null, new TrustManager[]{x509TrustManager}, new SecureRandom());
        return new Pair<>(x509TrustManager, sSLContext.getSocketFactory());
    }

    public static boolean matchCertMd5Hash(Certificate certificate, byte[] bArr) throws CertificateEncodingException, NoSuchAlgorithmException {
        return Arrays.equals(md5(certificate), bArr);
    }

    public static byte[] md5(Certificate certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        return MessageDigest.getInstance(MessageDigestAlgorithms.MD5).digest(certificate.getEncoded());
    }
}
