package okhttp3;

import g1.f;
import g1.n;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import kotlin.collections.h;
import kotlin.g0;
import kotlin.jvm.internal.TypeIntrinsics;
import kotlin.jvm.internal.o;
import kotlin.text.k;
import okhttp3.internal.HostnamesKt;
import okhttp3.internal.tls.CertificateChainCleaner;
import okio.ByteString;
import x2.l;
import x2.m;

/* loaded from: classes3.dex */
public final class CertificatePinner {

    @l
    public static final Companion Companion = new Companion(null);

    @f
    @l
    public static final CertificatePinner DEFAULT = new Builder().build();

    @m
    private final CertificateChainCleaner certificateChainCleaner;

    @l
    private final Set<Pin> pins;

    /* loaded from: classes3.dex */
    public static final class Builder {

        @l
        private final List<Pin> pins = new ArrayList();

        @l
        public final Builder add(@l String pattern, @l String... pins) {
            o.checkNotNullParameter(pattern, "pattern");
            o.checkNotNullParameter(pins, "pins");
            int length = pins.length;
            int i3 = 0;
            while (i3 < length) {
                String str = pins[i3];
                i3++;
                getPins().add(new Pin(pattern, str));
            }
            return this;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @l
        public final CertificatePinner build() {
            return new CertificatePinner(h.toSet(this.pins), null, 2, 0 == true ? 1 : 0);
        }

        @l
        public final List<Pin> getPins() {
            return this.pins;
        }
    }

    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(kotlin.jvm.internal.h hVar) {
            this();
        }

        @n
        @l
        public final String pin(@l Certificate certificate) {
            o.checkNotNullParameter(certificate, "certificate");
            if (certificate instanceof X509Certificate) {
                return o.stringPlus("sha256/", sha256Hash((X509Certificate) certificate).base64());
            }
            throw new IllegalArgumentException("Certificate pinning requires X509 certificates");
        }

        @n
        @l
        public final ByteString sha1Hash(@l X509Certificate x509Certificate) {
            o.checkNotNullParameter(x509Certificate, "<this>");
            ByteString.Companion companion = ByteString.Companion;
            byte[] encoded = x509Certificate.getPublicKey().getEncoded();
            o.checkNotNullExpressionValue(encoded, "publicKey.encoded");
            return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha1();
        }

        @n
        @l
        public final ByteString sha256Hash(@l X509Certificate x509Certificate) {
            o.checkNotNullParameter(x509Certificate, "<this>");
            ByteString.Companion companion = ByteString.Companion;
            byte[] encoded = x509Certificate.getPublicKey().getEncoded();
            o.checkNotNullExpressionValue(encoded, "publicKey.encoded");
            return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha256();
        }
    }

    /* loaded from: classes3.dex */
    public static final class Pin {

        @l
        private final ByteString hash;

        @l
        private final String hashAlgorithm;

        @l
        private final String pattern;

        public Pin(@l String pattern, @l String pin) {
            o.checkNotNullParameter(pattern, "pattern");
            o.checkNotNullParameter(pin, "pin");
            if ((!k.startsWith$default(pattern, "*.", false, 2, (Object) null) || k.indexOf$default((CharSequence) pattern, "*", 1, false, 4, (Object) null) != -1) && ((!k.startsWith$default(pattern, "**.", false, 2, (Object) null) || k.indexOf$default((CharSequence) pattern, "*", 2, false, 4, (Object) null) != -1) && k.indexOf$default((CharSequence) pattern, "*", 0, false, 6, (Object) null) != -1)) {
                throw new IllegalArgumentException(o.stringPlus("Unexpected pattern: ", pattern).toString());
            }
            String canonicalHost = HostnamesKt.toCanonicalHost(pattern);
            if (canonicalHost == null) {
                throw new IllegalArgumentException(o.stringPlus("Invalid pattern: ", pattern));
            }
            this.pattern = canonicalHost;
            if (k.startsWith$default(pin, "sha1/", false, 2, (Object) null)) {
                this.hashAlgorithm = "sha1";
                ByteString.Companion companion = ByteString.Companion;
                String substring = pin.substring(5);
                o.checkNotNullExpressionValue(substring, "this as java.lang.String).substring(startIndex)");
                ByteString decodeBase64 = companion.decodeBase64(substring);
                if (decodeBase64 == null) {
                    throw new IllegalArgumentException(o.stringPlus("Invalid pin hash: ", pin));
                }
                this.hash = decodeBase64;
                return;
            }
            if (!k.startsWith$default(pin, "sha256/", false, 2, (Object) null)) {
                throw new IllegalArgumentException(o.stringPlus("pins must start with 'sha256/' or 'sha1/': ", pin));
            }
            this.hashAlgorithm = "sha256";
            ByteString.Companion companion2 = ByteString.Companion;
            String substring2 = pin.substring(7);
            o.checkNotNullExpressionValue(substring2, "this as java.lang.String).substring(startIndex)");
            ByteString decodeBase642 = companion2.decodeBase64(substring2);
            if (decodeBase642 == null) {
                throw new IllegalArgumentException(o.stringPlus("Invalid pin hash: ", pin));
            }
            this.hash = decodeBase642;
        }

        public boolean equals(@m Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof Pin)) {
                return false;
            }
            Pin pin = (Pin) obj;
            return o.areEqual(this.pattern, pin.pattern) && o.areEqual(this.hashAlgorithm, pin.hashAlgorithm) && o.areEqual(this.hash, pin.hash);
        }

        @l
        public final ByteString getHash() {
            return this.hash;
        }

        @l
        public final String getHashAlgorithm() {
            return this.hashAlgorithm;
        }

        @l
        public final String getPattern() {
            return this.pattern;
        }

        public int hashCode() {
            return (((this.pattern.hashCode() * 31) + this.hashAlgorithm.hashCode()) * 31) + this.hash.hashCode();
        }

        public final boolean matchesCertificate(@l X509Certificate certificate) {
            o.checkNotNullParameter(certificate, "certificate");
            String str = this.hashAlgorithm;
            if (o.areEqual(str, "sha256")) {
                return o.areEqual(this.hash, CertificatePinner.Companion.sha256Hash(certificate));
            }
            if (o.areEqual(str, "sha1")) {
                return o.areEqual(this.hash, CertificatePinner.Companion.sha1Hash(certificate));
            }
            return false;
        }

        public final boolean matchesHostname(@l String hostname) {
            o.checkNotNullParameter(hostname, "hostname");
            if (k.startsWith$default(this.pattern, "**.", false, 2, (Object) null)) {
                int length = this.pattern.length() - 3;
                int length2 = hostname.length() - length;
                if (!k.regionMatches$default(hostname, hostname.length() - length, this.pattern, 3, length, false, 16, (Object) null)) {
                    return false;
                }
                if (length2 != 0 && hostname.charAt(length2 - 1) != '.') {
                    return false;
                }
            } else {
                if (!k.startsWith$default(this.pattern, "*.", false, 2, (Object) null)) {
                    return o.areEqual(hostname, this.pattern);
                }
                int length3 = this.pattern.length() - 1;
                int length4 = hostname.length() - length3;
                if (!k.regionMatches$default(hostname, hostname.length() - length3, this.pattern, 1, length3, false, 16, (Object) null) || k.lastIndexOf$default((CharSequence) hostname, '.', length4 - 1, false, 4, (Object) null) != -1) {
                    return false;
                }
            }
            return true;
        }

        @l
        public String toString() {
            return this.hashAlgorithm + '/' + this.hash.base64();
        }
    }

    public CertificatePinner(@l Set<Pin> pins, @m CertificateChainCleaner certificateChainCleaner) {
        o.checkNotNullParameter(pins, "pins");
        this.pins = pins;
        this.certificateChainCleaner = certificateChainCleaner;
    }

    public /* synthetic */ CertificatePinner(Set set, CertificateChainCleaner certificateChainCleaner, int i3, kotlin.jvm.internal.h hVar) {
        this(set, (i3 & 2) != 0 ? null : certificateChainCleaner);
    }

    @n
    @l
    public static final String pin(@l Certificate certificate) {
        return Companion.pin(certificate);
    }

    @n
    @l
    public static final ByteString sha1Hash(@l X509Certificate x509Certificate) {
        return Companion.sha1Hash(x509Certificate);
    }

    @n
    @l
    public static final ByteString sha256Hash(@l X509Certificate x509Certificate) {
        return Companion.sha256Hash(x509Certificate);
    }

    public final void check(@l final String hostname, @l final List<? extends Certificate> peerCertificates) throws SSLPeerUnverifiedException {
        o.checkNotNullParameter(hostname, "hostname");
        o.checkNotNullParameter(peerCertificates, "peerCertificates");
        check$okhttp(hostname, new h1.a<List<? extends X509Certificate>>() { // from class: okhttp3.CertificatePinner$check$1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            /* JADX WARN: Multi-variable type inference failed */
            {
                super(0);
            }

            @Override // h1.a
            @l
            public final List<? extends X509Certificate> invoke() {
                CertificateChainCleaner certificateChainCleaner$okhttp = CertificatePinner.this.getCertificateChainCleaner$okhttp();
                List<Certificate> clean = certificateChainCleaner$okhttp == null ? null : certificateChainCleaner$okhttp.clean(peerCertificates, hostname);
                if (clean == null) {
                    clean = peerCertificates;
                }
                ArrayList arrayList = new ArrayList(h.collectionSizeOrDefault(clean, 10));
                Iterator<T> it = clean.iterator();
                while (it.hasNext()) {
                    arrayList.add((X509Certificate) ((Certificate) it.next()));
                }
                return arrayList;
            }
        });
    }

    @kotlin.h(message = "replaced with {@link #check(String, List)}.", replaceWith = @g0(expression = "check(hostname, peerCertificates.toList())", imports = {}))
    public final void check(@l String hostname, @l Certificate... peerCertificates) throws SSLPeerUnverifiedException {
        o.checkNotNullParameter(hostname, "hostname");
        o.checkNotNullParameter(peerCertificates, "peerCertificates");
        check(hostname, kotlin.collections.f.toList(peerCertificates));
    }

    public final void check$okhttp(@l String hostname, @l h1.a<? extends List<? extends X509Certificate>> cleanedPeerCertificatesFn) {
        o.checkNotNullParameter(hostname, "hostname");
        o.checkNotNullParameter(cleanedPeerCertificatesFn, "cleanedPeerCertificatesFn");
        List<Pin> findMatchingPins = findMatchingPins(hostname);
        if (findMatchingPins.isEmpty()) {
            return;
        }
        List<? extends X509Certificate> invoke = cleanedPeerCertificatesFn.invoke();
        for (X509Certificate x509Certificate : invoke) {
            ByteString byteString = null;
            ByteString byteString2 = null;
            for (Pin pin : findMatchingPins) {
                String hashAlgorithm = pin.getHashAlgorithm();
                if (o.areEqual(hashAlgorithm, "sha256")) {
                    if (byteString == null) {
                        byteString = Companion.sha256Hash(x509Certificate);
                    }
                    if (o.areEqual(pin.getHash(), byteString)) {
                        return;
                    }
                } else {
                    if (!o.areEqual(hashAlgorithm, "sha1")) {
                        throw new AssertionError(o.stringPlus("unsupported hashAlgorithm: ", pin.getHashAlgorithm()));
                    }
                    if (byteString2 == null) {
                        byteString2 = Companion.sha1Hash(x509Certificate);
                    }
                    if (o.areEqual(pin.getHash(), byteString2)) {
                        return;
                    }
                }
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Certificate pinning failure!");
        sb.append("\n  Peer certificate chain:");
        for (X509Certificate x509Certificate2 : invoke) {
            sb.append("\n    ");
            sb.append(Companion.pin(x509Certificate2));
            sb.append(": ");
            sb.append(x509Certificate2.getSubjectDN().getName());
        }
        sb.append("\n  Pinned certificates for ");
        sb.append(hostname);
        sb.append(":");
        for (Pin pin2 : findMatchingPins) {
            sb.append("\n    ");
            sb.append(pin2);
        }
        String sb2 = sb.toString();
        o.checkNotNullExpressionValue(sb2, "StringBuilder().apply(builderAction).toString()");
        throw new SSLPeerUnverifiedException(sb2);
    }

    public boolean equals(@m Object obj) {
        if (obj instanceof CertificatePinner) {
            CertificatePinner certificatePinner = (CertificatePinner) obj;
            if (o.areEqual(certificatePinner.pins, this.pins) && o.areEqual(certificatePinner.certificateChainCleaner, this.certificateChainCleaner)) {
                return true;
            }
        }
        return false;
    }

    @l
    public final List<Pin> findMatchingPins(@l String hostname) {
        o.checkNotNullParameter(hostname, "hostname");
        Set<Pin> set = this.pins;
        List<Pin> emptyList = h.emptyList();
        for (Object obj : set) {
            if (((Pin) obj).matchesHostname(hostname)) {
                if (emptyList.isEmpty()) {
                    emptyList = new ArrayList<>();
                }
                TypeIntrinsics.asMutableList(emptyList).add(obj);
            }
        }
        return emptyList;
    }

    @m
    public final CertificateChainCleaner getCertificateChainCleaner$okhttp() {
        return this.certificateChainCleaner;
    }

    @l
    public final Set<Pin> getPins() {
        return this.pins;
    }

    public int hashCode() {
        int hashCode = (1517 + this.pins.hashCode()) * 41;
        CertificateChainCleaner certificateChainCleaner = this.certificateChainCleaner;
        return hashCode + (certificateChainCleaner != null ? certificateChainCleaner.hashCode() : 0);
    }

    @l
    public final CertificatePinner withCertificateChainCleaner$okhttp(@l CertificateChainCleaner certificateChainCleaner) {
        o.checkNotNullParameter(certificateChainCleaner, "certificateChainCleaner");
        return o.areEqual(this.certificateChainCleaner, certificateChainCleaner) ? this : new CertificatePinner(this.pins, certificateChainCleaner);
    }
}
