package okhttp3;

import com.taobao.analysis.v3.Constants;
import com.taobao.android.dinamicx.template.utils.DXTemplateNamePathUtil;
import com.taobao.weex.el.parse.Operators;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import kotlin.collections.CollectionsKt__CollectionsKt;
import kotlin.collections.CollectionsKt__IterablesKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.jvm.JvmField;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.TypeIntrinsics;
import kotlin.text.StringsKt__StringsJVMKt;
import kotlin.text.StringsKt__StringsKt;
import okhttp3.internal.HostnamesKt;
import okhttp3.internal.tls.CertificateChainCleaner;
import okio.ByteString;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: classes7.dex */
public final class CertificatePinner {

    /* renamed from: a, reason: collision with root package name */
    public static final Companion f72034a = new Companion(null);

    /* renamed from: a, reason: collision with other field name */
    @JvmField
    @NotNull
    public static final CertificatePinner f38545a = new Builder().b();

    /* renamed from: a, reason: collision with other field name */
    @NotNull
    public final Set<Pin> f38546a;

    /* renamed from: a, reason: collision with other field name */
    @Nullable
    public final CertificateChainCleaner f38547a;

    /* loaded from: classes7.dex */
    public static final class Builder {

        /* renamed from: a, reason: collision with root package name */
        @NotNull
        public final List<Pin> f72035a = new ArrayList();

        @NotNull
        public final Builder a(@NotNull String pattern, @NotNull String... pins) {
            Intrinsics.checkNotNullParameter(pattern, "pattern");
            Intrinsics.checkNotNullParameter(pins, "pins");
            for (String str : pins) {
                this.f72035a.add(new Pin(pattern, str));
            }
            return this;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @NotNull
        public final CertificatePinner b() {
            return new CertificatePinner(CollectionsKt___CollectionsKt.toSet(this.f72035a), null, 2, 0 == true ? 1 : 0);
        }
    }

    /* loaded from: classes7.dex */
    public static final class Companion {
        public Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        @JvmStatic
        @NotNull
        public final String a(@NotNull Certificate certificate) {
            Intrinsics.checkNotNullParameter(certificate, "certificate");
            if (!(certificate instanceof X509Certificate)) {
                throw new IllegalArgumentException("Certificate pinning requires X509 certificates".toString());
            }
            return "sha256/" + c((X509Certificate) certificate).base64();
        }

        @JvmStatic
        @NotNull
        public final ByteString b(@NotNull X509Certificate sha1Hash) {
            Intrinsics.checkNotNullParameter(sha1Hash, "$this$sha1Hash");
            ByteString.Companion companion = ByteString.INSTANCE;
            PublicKey publicKey = sha1Hash.getPublicKey();
            Intrinsics.checkNotNullExpressionValue(publicKey, "publicKey");
            byte[] encoded = publicKey.getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded, "publicKey.encoded");
            return ByteString.Companion.h(companion, encoded, 0, 0, 3, null).sha1();
        }

        @JvmStatic
        @NotNull
        public final ByteString c(@NotNull X509Certificate sha256Hash) {
            Intrinsics.checkNotNullParameter(sha256Hash, "$this$sha256Hash");
            ByteString.Companion companion = ByteString.INSTANCE;
            PublicKey publicKey = sha256Hash.getPublicKey();
            Intrinsics.checkNotNullExpressionValue(publicKey, "publicKey");
            byte[] encoded = publicKey.getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded, "publicKey.encoded");
            return ByteString.Companion.h(companion, encoded, 0, 0, 3, null).sha256();
        }
    }

    /* loaded from: classes7.dex */
    public static final class Pin {

        /* renamed from: a, reason: collision with root package name */
        @NotNull
        public final String f72036a;

        /* renamed from: a, reason: collision with other field name */
        @NotNull
        public final ByteString f38548a;

        @NotNull
        public final String b;

        public Pin(@NotNull String pattern, @NotNull String pin) {
            Intrinsics.checkNotNullParameter(pattern, "pattern");
            Intrinsics.checkNotNullParameter(pin, "pin");
            if (!((StringsKt__StringsJVMKt.startsWith$default(pattern, "*.", false, 2, null) && StringsKt__StringsKt.indexOf$default((CharSequence) pattern, "*", 1, false, 4, (Object) null) == -1) || (StringsKt__StringsJVMKt.startsWith$default(pattern, "**.", false, 2, null) && StringsKt__StringsKt.indexOf$default((CharSequence) pattern, "*", 2, false, 4, (Object) null) == -1) || StringsKt__StringsKt.indexOf$default((CharSequence) pattern, "*", 0, false, 6, (Object) null) == -1)) {
                throw new IllegalArgumentException(("Unexpected pattern: " + pattern).toString());
            }
            String e2 = HostnamesKt.e(pattern);
            if (e2 == null) {
                throw new IllegalArgumentException("Invalid pattern: " + pattern);
            }
            this.f72036a = e2;
            if (StringsKt__StringsJVMKt.startsWith$default(pin, "sha1/", false, 2, null)) {
                this.b = "sha1";
                ByteString.Companion companion = ByteString.INSTANCE;
                String substring = pin.substring(5);
                Intrinsics.checkNotNullExpressionValue(substring, "(this as java.lang.String).substring(startIndex)");
                ByteString a2 = companion.a(substring);
                if (a2 != null) {
                    this.f38548a = a2;
                    return;
                }
                throw new IllegalArgumentException("Invalid pin hash: " + pin);
            }
            if (!StringsKt__StringsJVMKt.startsWith$default(pin, "sha256/", false, 2, null)) {
                throw new IllegalArgumentException("pins must start with 'sha256/' or 'sha1/': " + pin);
            }
            this.b = "sha256";
            ByteString.Companion companion2 = ByteString.INSTANCE;
            String substring2 = pin.substring(7);
            Intrinsics.checkNotNullExpressionValue(substring2, "(this as java.lang.String).substring(startIndex)");
            ByteString a3 = companion2.a(substring2);
            if (a3 != null) {
                this.f38548a = a3;
                return;
            }
            throw new IllegalArgumentException("Invalid pin hash: " + pin);
        }

        @NotNull
        public final ByteString a() {
            return this.f38548a;
        }

        @NotNull
        public final String b() {
            return this.b;
        }

        public final boolean c(@NotNull String hostname) {
            boolean regionMatches;
            boolean regionMatches2;
            Intrinsics.checkNotNullParameter(hostname, "hostname");
            if (StringsKt__StringsJVMKt.startsWith$default(this.f72036a, "**.", false, 2, null)) {
                int length = this.f72036a.length() - 3;
                int length2 = hostname.length() - length;
                regionMatches2 = StringsKt__StringsJVMKt.regionMatches(hostname, hostname.length() - length, this.f72036a, 3, length, (r12 & 16) != 0 ? false : false);
                if (!regionMatches2) {
                    return false;
                }
                if (length2 != 0 && hostname.charAt(length2 - 1) != '.') {
                    return false;
                }
            } else {
                if (!StringsKt__StringsJVMKt.startsWith$default(this.f72036a, "*.", false, 2, null)) {
                    return Intrinsics.areEqual(hostname, this.f72036a);
                }
                int length3 = this.f72036a.length() - 1;
                int length4 = hostname.length() - length3;
                regionMatches = StringsKt__StringsJVMKt.regionMatches(hostname, hostname.length() - length3, this.f72036a, 1, length3, (r12 & 16) != 0 ? false : false);
                if (!regionMatches || StringsKt__StringsKt.lastIndexOf$default((CharSequence) hostname, Operators.DOT, length4 - 1, false, 4, (Object) null) != -1) {
                    return false;
                }
            }
            return true;
        }

        public boolean equals(@Nullable Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof Pin)) {
                return false;
            }
            Pin pin = (Pin) obj;
            return ((Intrinsics.areEqual(this.f72036a, pin.f72036a) ^ true) || (Intrinsics.areEqual(this.b, pin.b) ^ true) || (Intrinsics.areEqual(this.f38548a, pin.f38548a) ^ true)) ? false : true;
        }

        public int hashCode() {
            return (((this.f72036a.hashCode() * 31) + this.b.hashCode()) * 31) + this.f38548a.hashCode();
        }

        @NotNull
        public String toString() {
            return this.b + DXTemplateNamePathUtil.DIR + this.f38548a.base64();
        }
    }

    public CertificatePinner(@NotNull Set<Pin> pins, @Nullable CertificateChainCleaner certificateChainCleaner) {
        Intrinsics.checkNotNullParameter(pins, "pins");
        this.f38546a = pins;
        this.f38547a = certificateChainCleaner;
    }

    public /* synthetic */ CertificatePinner(Set set, CertificateChainCleaner certificateChainCleaner, int i2, DefaultConstructorMarker defaultConstructorMarker) {
        this(set, (i2 & 2) != 0 ? null : certificateChainCleaner);
    }

    public final void a(@NotNull final String hostname, @NotNull final List<? extends Certificate> peerCertificates) throws SSLPeerUnverifiedException {
        Intrinsics.checkNotNullParameter(hostname, "hostname");
        Intrinsics.checkNotNullParameter(peerCertificates, "peerCertificates");
        b(hostname, new Function0<List<? extends X509Certificate>>() { // from class: okhttp3.CertificatePinner$check$1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            @NotNull
            public final List<? extends X509Certificate> invoke() {
                List<Certificate> list;
                CertificateChainCleaner d = CertificatePinner.this.d();
                if (d == null || (list = d.a(peerCertificates, hostname)) == null) {
                    list = peerCertificates;
                }
                ArrayList arrayList = new ArrayList(CollectionsKt__IterablesKt.collectionSizeOrDefault(list, 10));
                for (Certificate certificate : list) {
                    Objects.requireNonNull(certificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
                    arrayList.add((X509Certificate) certificate);
                }
                return arrayList;
            }
        });
    }

    public final void b(@NotNull String hostname, @NotNull Function0<? extends List<? extends X509Certificate>> cleanedPeerCertificatesFn) {
        Intrinsics.checkNotNullParameter(hostname, "hostname");
        Intrinsics.checkNotNullParameter(cleanedPeerCertificatesFn, "cleanedPeerCertificatesFn");
        List<Pin> c = c(hostname);
        if (c.isEmpty()) {
            return;
        }
        List<? extends X509Certificate> invoke = cleanedPeerCertificatesFn.invoke();
        for (X509Certificate x509Certificate : invoke) {
            ByteString byteString = null;
            ByteString byteString2 = null;
            for (Pin pin : c) {
                String b = pin.b();
                int hashCode = b.hashCode();
                if (hashCode != -903629273) {
                    if (hashCode == 3528965 && b.equals("sha1")) {
                        if (byteString2 == null) {
                            byteString2 = f72034a.b(x509Certificate);
                        }
                        if (Intrinsics.areEqual(pin.a(), byteString2)) {
                            return;
                        }
                    }
                    throw new AssertionError("unsupported hashAlgorithm: " + pin.b());
                }
                if (!b.equals("sha256")) {
                    throw new AssertionError("unsupported hashAlgorithm: " + pin.b());
                }
                if (byteString == null) {
                    byteString = f72034a.c(x509Certificate);
                }
                if (Intrinsics.areEqual(pin.a(), byteString)) {
                    return;
                }
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Certificate pinning failure!");
        sb.append("\n  Peer certificate chain:");
        for (X509Certificate x509Certificate2 : invoke) {
            sb.append("\n    ");
            sb.append(f72034a.a(x509Certificate2));
            sb.append(": ");
            Principal subjectDN = x509Certificate2.getSubjectDN();
            Intrinsics.checkNotNullExpressionValue(subjectDN, "element.subjectDN");
            sb.append(subjectDN.getName());
        }
        sb.append("\n  Pinned certificates for ");
        sb.append(hostname);
        sb.append(Constants.Symbol.COLON);
        for (Pin pin2 : c) {
            sb.append("\n    ");
            sb.append(pin2);
        }
        String sb2 = sb.toString();
        Intrinsics.checkNotNullExpressionValue(sb2, "StringBuilder().apply(builderAction).toString()");
        throw new SSLPeerUnverifiedException(sb2);
    }

    @NotNull
    public final List<Pin> c(@NotNull String hostname) {
        Intrinsics.checkNotNullParameter(hostname, "hostname");
        Set<Pin> set = this.f38546a;
        List<Pin> emptyList = CollectionsKt__CollectionsKt.emptyList();
        for (Object obj : set) {
            if (((Pin) obj).c(hostname)) {
                if (emptyList.isEmpty()) {
                    emptyList = new ArrayList<>();
                }
                Objects.requireNonNull(emptyList, "null cannot be cast to non-null type kotlin.collections.MutableList<T>");
                TypeIntrinsics.asMutableList(emptyList).add(obj);
            }
        }
        return emptyList;
    }

    @Nullable
    public final CertificateChainCleaner d() {
        return this.f38547a;
    }

    @NotNull
    public final CertificatePinner e(@NotNull CertificateChainCleaner certificateChainCleaner) {
        Intrinsics.checkNotNullParameter(certificateChainCleaner, "certificateChainCleaner");
        return Intrinsics.areEqual(this.f38547a, certificateChainCleaner) ? this : new CertificatePinner(this.f38546a, certificateChainCleaner);
    }

    public boolean equals(@Nullable Object obj) {
        if (obj instanceof CertificatePinner) {
            CertificatePinner certificatePinner = (CertificatePinner) obj;
            if (Intrinsics.areEqual(certificatePinner.f38546a, this.f38546a) && Intrinsics.areEqual(certificatePinner.f38547a, this.f38547a)) {
                return true;
            }
        }
        return false;
    }

    public int hashCode() {
        int hashCode = (1517 + this.f38546a.hashCode()) * 41;
        CertificateChainCleaner certificateChainCleaner = this.f38547a;
        return hashCode + (certificateChainCleaner != null ? certificateChainCleaner.hashCode() : 0);
    }
}
