package me.figo.internal;

import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: input_file:BOOT-INF/lib/sdk-3.1.4.jar:me/figo/internal/FigoTrustManager.class */
public class FigoTrustManager implements X509TrustManager {
    private static final List<String> VALID_FINGERPRINTS = new ArrayList(Arrays.asList("CDF3D326278991B9CDAE4B106C9681B7EBB33810C472376A4D9C84B7B3DCD68D", "79B2A29300853B0692B1B5F2247948583AA5220FC5CDE9499AC8451EDBE0DA50"));

    public static List<String> getTrustedFingerprints() {
        return VALID_FINGERPRINTS;
    }

    public static void addTrustedFingerprint(String str) {
        VALID_FINGERPRINTS.add(str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr.length == 0) {
            throw new CertificateException("No certificate found");
        }
        String thumbPrint = getThumbPrint(x509CertificateArr[0]);
        if (!VALID_FINGERPRINTS.contains(thumbPrint) && !getFingerprintsFromEnv().contains(thumbPrint)) {
            throw new CertificateException("Fingerprint does not match certificate");
        }
    }

    private static String getThumbPrint(X509Certificate x509Certificate) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256);
            messageDigest.update(x509Certificate.getEncoded());
            return new BigInteger(1, messageDigest.digest()).toString(16).toUpperCase();
        } catch (NoSuchAlgorithmException e) {
            return "";
        } catch (CertificateEncodingException e2) {
            return "";
        }
    }

    private static List<String> getFingerprintsFromEnv() {
        String str = System.getenv("FIGO_API_FINGERPRINTS");
        return str != null ? Arrays.asList(str.split(":")) : new ArrayList();
    }
}
