package com.alibaba.rsocket.transport.netty;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:BOOT-INF/lib/alibaba-rsocket-core-1.1.6.jar:com/alibaba/rsocket/transport/netty/FingerPrintX509TrustManager.class */
public class FingerPrintX509TrustManager implements X509TrustManager {
    private List<String> fingerPrintsSha256 = new ArrayList();

    public FingerPrintX509TrustManager(List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            this.fingerPrintsSha256.add(it.next().toUpperCase());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr.length != 1) {
            throw new CertificateException("Expected exactly one certificate in the chain.");
        }
        x509CertificateArr[0].checkValidity();
        String fingerprint = getFingerprint("SHA-256", x509CertificateArr[0]);
        if (!this.fingerPrintsSha256.contains(fingerprint.toUpperCase())) {
            throw new CertificateException("Invalid fingerprint: " + fingerprint);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public static String getFingerprint(String str, Certificate certificate) {
        try {
            byte[] digest = MessageDigest.getInstance(str).digest(certificate.getEncoded());
            StringBuilder sb = new StringBuilder(digest.length * 2);
            for (byte b : digest) {
                byte2hex(b, sb);
            }
            return sb.toString();
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            return "";
        }
    }

    private static void byte2hex(byte b, StringBuilder sb) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        sb.append(cArr[(b & 240) >> 4]).append(cArr[b & 15]);
    }
}
