package com.sevenprinciples.mdm.android.client.security.pinning;

import android.util.Log;
import com.microsoft.identity.common.java.AuthenticationConstants;
import com.nimbusds.jose.util.X509CertUtils;
import com.sevenprinciples.mdm.android.client.base.tools.Base64;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;

/* loaded from: classes2.dex */
public class PinningHelper {
    public static HttpsURLConnection getPinnedHttpsURLConnection(URL url, String str) throws KeyStoreException, CertificateException, IOException {
        try {
            if (!url.getProtocol().equals(AuthenticationConstants.HTTPS_PROTOCOL_STRING)) {
                throw new IllegalArgumentException("Attempt to construct pinned non-https connection!");
            }
            TrustManager[] trustManagerArr = {new CustomTrustManager(getTrustStore(str))};
            Log.d("7P-PIN", "creating SSL context");
            SSLContext.getInstance("TLS").init(null, trustManagerArr, null);
            Log.d("7P-PIN", "creating connection with context");
            return (HttpsURLConnection) url.openConnection();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    private static KeyStore getTrustStore(String str) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance("BKS");
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(parseCertificate(str));
        try {
            Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", generateCertificate);
            return keyStore;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static byte[] parseCertificate(String str) throws IOException {
        return Base64.decode(str.replace("-----BEGIN CERTIFICATE-----\n", "").replace(X509CertUtils.PEM_END_MARKER, "").getBytes());
    }
}
