package com.axis.acc.https;

import com.axis.acc.sitesync.rest.autogen.model.Certificate;
import com.axis.lib.log.AxisLog;
import com.axis.lib.remoteaccess.turn.tls.CertificateValidator;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes10.dex */
public class AccTrustManager implements X509TrustManager {
    private final Set<String> trustedCerts;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes10.dex */
    public static final class AccTrustManagerSingleton {
        static AccTrustManager INSTANCE = new AccTrustManager();

        private AccTrustManagerSingleton() {
        }
    }

    private AccTrustManager() {
        this.trustedCerts = new HashSet();
    }

    public static AccTrustManager getInstance() {
        return AccTrustManagerSingleton.INSTANCE;
    }

    public void addTrustedCertificate(Certificate certificate) {
        this.trustedCerts.add(certificate.getPublicKey());
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (x509Certificate == null) {
            throw new CertificateException("No certificate received.");
        }
        try {
            if (!this.trustedCerts.contains(CertificateValidator.getFingerprint(x509Certificate)) || !x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                throw new CertificateException("Server and device fingerprints don't match!");
            }
            AxisLog.d("Trust established");
        } catch (NoSuchAlgorithmException e) {
            throw new CertificateException("Error with server certificate algorithm: " + e.getMessage());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
