package org.eclipse.smarthome.binding.mqtt.internal.ssl;

import java.net.Socket;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
import org.eclipse.jdt.annotation.NonNullByDefault;

@NonNullByDefault
/* loaded from: input_file:org/eclipse/smarthome/binding/mqtt/internal/ssl/PinTrustManager.class */
public class PinTrustManager extends X509ExtendedTrustManager {
    List<Pin> pins = new ArrayList();
    protected PinnedCallback callback;
    private static /* synthetic */ int[] $SWITCH_TABLE$org$eclipse$smarthome$binding$mqtt$internal$ssl$PinType;

    public void addPinning(Pin pin) {
        this.pins.add(pin);
    }

    public void setCallback(PinnedCallback pinnedCallback) {
        this.callback = pinnedCallback;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new UnsupportedOperationException();
    }

    protected byte[] getEncoded(PinType pinType, X509Certificate x509Certificate) throws CertificateEncodingException {
        switch ($SWITCH_TABLE$org$eclipse$smarthome$binding$mqtt$internal$ssl$PinType()[pinType.ordinal()]) {
            case 1:
                return x509Certificate.getPublicKey().getEncoded();
            case 2:
                return x509Certificate.getEncoded();
            default:
                throw new CertificateEncodingException("Type unknown");
        }
    }

    PinMessageDigest getMessageDigestForSigAlg(String str) throws CertificateException {
        Matcher matcher = Pattern.compile("(\\D*)(\\d+)").matcher(str);
        matcher.find();
        try {
            return new PinMessageDigest(String.valueOf(matcher.group(1)) + "-" + matcher.group(2));
        } catch (NoSuchAlgorithmException e) {
            throw new CertificateException(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null) {
            return;
        }
        PinMessageDigest messageDigestForSigAlg = getMessageDigestForSigAlg(x509CertificateArr[0].getSigAlgName());
        PinnedCallback pinnedCallback = this.callback;
        for (Pin pin : this.pins) {
            byte[] encoded = getEncoded(pin.getType(), x509CertificateArr[0]);
            if (pin.isLearning()) {
                pin.setCheckMode(messageDigestForSigAlg, messageDigestForSigAlg.digest(encoded));
                if (pinnedCallback != null) {
                    pinnedCallback.pinnedLearnedHash(pin);
                }
            } else {
                PinMessageDigest pinMessageDigest = pin.hashDigest;
                if (pinMessageDigest == null) {
                    throw new CertificateException("No hashDigest given!");
                }
                byte[] digest = pinMessageDigest.digest(encoded);
                if (!pin.isEqual(digest)) {
                    if (pinnedCallback != null) {
                        pinnedCallback.pinnedConnectionDenied(pin);
                    }
                    throw new CertificateException(String.valueOf(pin.getType().name()) + " pinning denied access. Destination pin is " + pinMessageDigest.toHexString(digest) + "' but expected: " + pin.toString());
                }
            }
        }
        if (pinnedCallback != null) {
            pinnedCallback.pinnedConnectionAccepted();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        checkServerTrusted(x509CertificateArr, str);
    }

    static /* synthetic */ int[] $SWITCH_TABLE$org$eclipse$smarthome$binding$mqtt$internal$ssl$PinType() {
        int[] iArr = $SWITCH_TABLE$org$eclipse$smarthome$binding$mqtt$internal$ssl$PinType;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[PinType.valuesCustom().length];
        try {
            iArr2[PinType.CERTIFICATE_TYPE.ordinal()] = 2;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[PinType.PUBLIC_KEY_TYPE.ordinal()] = 1;
        } catch (NoSuchFieldError unused2) {
        }
        $SWITCH_TABLE$org$eclipse$smarthome$binding$mqtt$internal$ssl$PinType = iArr2;
        return iArr2;
    }
}
