package com.amazon.mShop.web;

import android.annotation.TargetApi;
import android.content.res.Resources;
import android.net.http.SslCertificate;
import android.net.http.X509TrustManagerExtensions;
import android.util.Log;
import com.amazon.identity.auth.device.appid.APIKeyDecoder;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Field;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes5.dex */
public class SslCertificateValidator {
    private static final String TAG = SslCertificateValidator.class.getSimpleName();

    public static X509Certificate getX509Certificate(Resources resources, int i) throws CertificateException, IOException {
        Preconditions.checkArgument(resources != null, "resources cannot be null");
        CertificateFactory certificateFactory = CertificateFactory.getInstance(APIKeyDecoder.CERTIFICATE_TYPE);
        InputStream openRawResource = resources.openRawResource(i);
        try {
            return (X509Certificate) certificateFactory.generateCertificate(openRawResource);
        } finally {
            openRawResource.close();
        }
    }

    private static X509Certificate getX509Certificate(SslCertificate sslCertificate) throws NoSuchFieldException, IllegalAccessException {
        Field declaredField = sslCertificate.getClass().getDeclaredField("mX509Certificate");
        declaredField.setAccessible(true);
        return (X509Certificate) declaredField.get(sslCertificate);
    }

    private static X509TrustManager getX509TrustManager() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers == null || trustManagers.length <= 0 || !(trustManagers[0] instanceof X509TrustManager)) {
            throw new IllegalStateException("No X509 Trust Managers");
        }
        return (X509TrustManager) trustManagers[0];
    }

    @TargetApi(17)
    public boolean isValidCertificate(String str, SslCertificate sslCertificate, X509Certificate x509Certificate) {
        try {
            Preconditions.checkArgument(str != null, "expectedHostname cannot be null");
            Preconditions.checkArgument(sslCertificate != null, "certificateToValidate cannot be null");
            Preconditions.checkArgument(x509Certificate != null, "issuerCertificate cannot be null");
            List<X509Certificate> checkServerTrusted = new X509TrustManagerExtensions(getX509TrustManager()).checkServerTrusted(new X509Certificate[]{getX509Certificate(sslCertificate), x509Certificate}, "RSA", str);
            if (checkServerTrusted != null) {
                if (checkServerTrusted.contains(x509Certificate)) {
                    return true;
                }
            }
            return false;
        } catch (IllegalAccessException | IllegalStateException | NoSuchFieldException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            Log.e(TAG, "Error attempting to validate certificate", e);
            return false;
        }
    }
}
