package okhttp3;

import com.huawei.openalliance.ad.constant.p;
import com.tencent.smtt.sdk.ProxyConfig;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import kotlin.text.StringsKt__StringsKt;
import okio.ByteString;
import p483.InterfaceC6288;
import p483.p486.C6188;
import p483.p486.C6210;
import p483.p486.C6212;
import p483.p486.C6213;
import p483.p488.C6230;
import p483.p489.p490.InterfaceC6258;
import p483.p489.p491.C6270;
import p483.p489.p491.C6272;
import p483.p489.p491.C6281;
import p551.p553.C6644;
import p551.p553.p555.AbstractC6646;

/* compiled from: CertificatePinner.kt */
@InterfaceC6288
/* loaded from: classes4.dex */
public final class CertificatePinner {
    public static final Companion Companion = new Companion(null);
    public static final CertificatePinner DEFAULT = new Builder().build();
    private final AbstractC6646 certificateChainCleaner;
    private final Set<Pin> pins;

    /* compiled from: CertificatePinner.kt */
    @InterfaceC6288
    /* loaded from: classes4.dex */
    public static final class Builder {
        private final List<Pin> pins = new ArrayList();

        public final Builder add(String str, String... strArr) {
            C6270.m21667(str, "pattern");
            C6270.m21667(strArr, "pins");
            int length = strArr.length;
            int i = 0;
            while (i < length) {
                String str2 = strArr[i];
                i++;
                getPins().add(new Pin(str, str2));
            }
            return this;
        }

        /* JADX WARN: Multi-variable type inference failed */
        public final CertificatePinner build() {
            return new CertificatePinner(C6213.m21596(this.pins), null, 2, 0 == true ? 1 : 0);
        }

        public final List<Pin> getPins() {
            return this.pins;
        }
    }

    /* compiled from: CertificatePinner.kt */
    @InterfaceC6288
    /* loaded from: classes4.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(C6281 c6281) {
            this();
        }

        public final String pin(Certificate certificate) {
            C6270.m21667(certificate, "certificate");
            if (certificate instanceof X509Certificate) {
                return C6270.m21662("sha256/", sha256Hash((X509Certificate) certificate).base64());
            }
            throw new IllegalArgumentException("Certificate pinning requires X509 certificates".toString());
        }

        public final ByteString sha1Hash(X509Certificate x509Certificate) {
            C6270.m21667(x509Certificate, "<this>");
            ByteString.Companion companion = ByteString.Companion;
            byte[] encoded = x509Certificate.getPublicKey().getEncoded();
            C6270.m21663(encoded, "publicKey.encoded");
            return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha1();
        }

        public final ByteString sha256Hash(X509Certificate x509Certificate) {
            C6270.m21667(x509Certificate, "<this>");
            ByteString.Companion companion = ByteString.Companion;
            byte[] encoded = x509Certificate.getPublicKey().getEncoded();
            C6270.m21663(encoded, "publicKey.encoded");
            return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha256();
        }
    }

    /* compiled from: CertificatePinner.kt */
    @InterfaceC6288
    /* loaded from: classes4.dex */
    public static final class Pin {
        private final ByteString hash;
        private final String hashAlgorithm;
        private final String pattern;

        public Pin(String str, String str2) {
            C6270.m21667(str, "pattern");
            C6270.m21667(str2, "pin");
            if (!((C6230.m21628(str, "*.", false, 2, null) && StringsKt__StringsKt.m6993(str, ProxyConfig.MATCH_ALL_SCHEMES, 1, false, 4, null) == -1) || (C6230.m21628(str, "**.", false, 2, null) && StringsKt__StringsKt.m6993(str, ProxyConfig.MATCH_ALL_SCHEMES, 2, false, 4, null) == -1) || StringsKt__StringsKt.m6993(str, ProxyConfig.MATCH_ALL_SCHEMES, 0, false, 6, null) == -1)) {
                throw new IllegalArgumentException(C6270.m21662("Unexpected pattern: ", str).toString());
            }
            String m22411 = C6644.m22411(str);
            if (m22411 == null) {
                throw new IllegalArgumentException(C6270.m21662("Invalid pattern: ", str));
            }
            this.pattern = m22411;
            if (C6230.m21628(str2, "sha1/", false, 2, null)) {
                this.hashAlgorithm = "sha1";
                ByteString.Companion companion = ByteString.Companion;
                String substring = str2.substring(5);
                C6270.m21663(substring, "this as java.lang.String).substring(startIndex)");
                ByteString decodeBase64 = companion.decodeBase64(substring);
                if (decodeBase64 == null) {
                    throw new IllegalArgumentException(C6270.m21662("Invalid pin hash: ", str2));
                }
                this.hash = decodeBase64;
                return;
            }
            if (!C6230.m21628(str2, "sha256/", false, 2, null)) {
                throw new IllegalArgumentException(C6270.m21662("pins must start with 'sha256/' or 'sha1/': ", str2));
            }
            this.hashAlgorithm = "sha256";
            ByteString.Companion companion2 = ByteString.Companion;
            String substring2 = str2.substring(7);
            C6270.m21663(substring2, "this as java.lang.String).substring(startIndex)");
            ByteString decodeBase642 = companion2.decodeBase64(substring2);
            if (decodeBase642 == null) {
                throw new IllegalArgumentException(C6270.m21662("Invalid pin hash: ", str2));
            }
            this.hash = decodeBase642;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof Pin)) {
                return false;
            }
            Pin pin = (Pin) obj;
            return C6270.m21668(this.pattern, pin.pattern) && C6270.m21668(this.hashAlgorithm, pin.hashAlgorithm) && C6270.m21668(this.hash, pin.hash);
        }

        public final ByteString getHash() {
            return this.hash;
        }

        public final String getHashAlgorithm() {
            return this.hashAlgorithm;
        }

        public final String getPattern() {
            return this.pattern;
        }

        public int hashCode() {
            return (((this.pattern.hashCode() * 31) + this.hashAlgorithm.hashCode()) * 31) + this.hash.hashCode();
        }

        public final boolean matchesCertificate(X509Certificate x509Certificate) {
            C6270.m21667(x509Certificate, "certificate");
            String str = this.hashAlgorithm;
            if (C6270.m21668(str, "sha256")) {
                return C6270.m21668(this.hash, CertificatePinner.Companion.sha256Hash(x509Certificate));
            }
            if (C6270.m21668(str, "sha1")) {
                return C6270.m21668(this.hash, CertificatePinner.Companion.sha1Hash(x509Certificate));
            }
            return false;
        }

        public final boolean matchesHostname(String str) {
            C6270.m21667(str, "hostname");
            if (C6230.m21628(this.pattern, "**.", false, 2, null)) {
                int length = this.pattern.length() - 3;
                int length2 = str.length() - length;
                if (!C6230.m21620(str, str.length() - length, this.pattern, 3, length, false, 16, null)) {
                    return false;
                }
                if (length2 != 0 && str.charAt(length2 - 1) != '.') {
                    return false;
                }
            } else {
                if (!C6230.m21628(this.pattern, "*.", false, 2, null)) {
                    return C6270.m21668(str, this.pattern);
                }
                int length3 = this.pattern.length() - 1;
                int length4 = str.length() - length3;
                if (!C6230.m21620(str, str.length() - length3, this.pattern, 1, length3, false, 16, null) || StringsKt__StringsKt.m6975(str, '.', length4 - 1, false, 4, null) != -1) {
                    return false;
                }
            }
            return true;
        }

        public String toString() {
            return this.hashAlgorithm + '/' + this.hash.base64();
        }
    }

    public CertificatePinner(Set<Pin> set, AbstractC6646 abstractC6646) {
        C6270.m21667(set, "pins");
        this.pins = set;
        this.certificateChainCleaner = abstractC6646;
    }

    public /* synthetic */ CertificatePinner(Set set, AbstractC6646 abstractC6646, int i, C6281 c6281) {
        this(set, (i & 2) != 0 ? null : abstractC6646);
    }

    public static final String pin(Certificate certificate) {
        return Companion.pin(certificate);
    }

    public static final ByteString sha1Hash(X509Certificate x509Certificate) {
        return Companion.sha1Hash(x509Certificate);
    }

    public static final ByteString sha256Hash(X509Certificate x509Certificate) {
        return Companion.sha256Hash(x509Certificate);
    }

    public final void check(final String str, final List<? extends Certificate> list) throws SSLPeerUnverifiedException {
        C6270.m21667(str, "hostname");
        C6270.m21667(list, "peerCertificates");
        check$okhttp(str, new InterfaceC6258<List<? extends X509Certificate>>() { // from class: okhttp3.CertificatePinner$check$1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            /* JADX WARN: Multi-variable type inference failed */
            {
                super(0);
            }

            @Override // p483.p489.p490.InterfaceC6258
            public final List<? extends X509Certificate> invoke() {
                AbstractC6646 certificateChainCleaner$okhttp = CertificatePinner.this.getCertificateChainCleaner$okhttp();
                List<Certificate> mo22413 = certificateChainCleaner$okhttp == null ? null : certificateChainCleaner$okhttp.mo22413(list, str);
                if (mo22413 == null) {
                    mo22413 = list;
                }
                ArrayList arrayList = new ArrayList(C6210.m21571(mo22413, 10));
                Iterator<T> it = mo22413.iterator();
                while (it.hasNext()) {
                    arrayList.add((X509Certificate) ((Certificate) it.next()));
                }
                return arrayList;
            }
        });
    }

    public final void check(String str, Certificate... certificateArr) throws SSLPeerUnverifiedException {
        C6270.m21667(str, "hostname");
        C6270.m21667(certificateArr, "peerCertificates");
        check(str, C6188.m21519(certificateArr));
    }

    public final void check$okhttp(String str, InterfaceC6258<? extends List<? extends X509Certificate>> interfaceC6258) {
        C6270.m21667(str, "hostname");
        C6270.m21667(interfaceC6258, "cleanedPeerCertificatesFn");
        List<Pin> findMatchingPins = findMatchingPins(str);
        if (findMatchingPins.isEmpty()) {
            return;
        }
        List<? extends X509Certificate> invoke = interfaceC6258.invoke();
        for (X509Certificate x509Certificate : invoke) {
            ByteString byteString = null;
            ByteString byteString2 = null;
            for (Pin pin : findMatchingPins) {
                String hashAlgorithm = pin.getHashAlgorithm();
                if (C6270.m21668(hashAlgorithm, "sha256")) {
                    if (byteString == null) {
                        byteString = Companion.sha256Hash(x509Certificate);
                    }
                    if (C6270.m21668(pin.getHash(), byteString)) {
                        return;
                    }
                } else {
                    if (!C6270.m21668(hashAlgorithm, "sha1")) {
                        throw new AssertionError(C6270.m21662("unsupported hashAlgorithm: ", pin.getHashAlgorithm()));
                    }
                    if (byteString2 == null) {
                        byteString2 = Companion.sha1Hash(x509Certificate);
                    }
                    if (C6270.m21668(pin.getHash(), byteString2)) {
                        return;
                    }
                }
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Certificate pinning failure!");
        sb.append("\n  Peer certificate chain:");
        for (X509Certificate x509Certificate2 : invoke) {
            sb.append("\n    ");
            sb.append(Companion.pin(x509Certificate2));
            sb.append(": ");
            sb.append(x509Certificate2.getSubjectDN().getName());
        }
        sb.append("\n  Pinned certificates for ");
        sb.append(str);
        sb.append(p.bA);
        for (Pin pin2 : findMatchingPins) {
            sb.append("\n    ");
            sb.append(pin2);
        }
        String sb2 = sb.toString();
        C6270.m21663(sb2, "StringBuilder().apply(builderAction).toString()");
        throw new SSLPeerUnverifiedException(sb2);
    }

    public boolean equals(Object obj) {
        if (obj instanceof CertificatePinner) {
            CertificatePinner certificatePinner = (CertificatePinner) obj;
            if (C6270.m21668(certificatePinner.pins, this.pins) && C6270.m21668(certificatePinner.certificateChainCleaner, this.certificateChainCleaner)) {
                return true;
            }
        }
        return false;
    }

    public final List<Pin> findMatchingPins(String str) {
        C6270.m21667(str, "hostname");
        Set<Pin> set = this.pins;
        List<Pin> m21582 = C6212.m21582();
        for (Object obj : set) {
            if (((Pin) obj).matchesHostname(str)) {
                if (m21582.isEmpty()) {
                    m21582 = new ArrayList<>();
                }
                C6272.m21681(m21582).add(obj);
            }
        }
        return m21582;
    }

    public final AbstractC6646 getCertificateChainCleaner$okhttp() {
        return this.certificateChainCleaner;
    }

    public final Set<Pin> getPins() {
        return this.pins;
    }

    public int hashCode() {
        int hashCode = (1517 + this.pins.hashCode()) * 41;
        AbstractC6646 abstractC6646 = this.certificateChainCleaner;
        return hashCode + (abstractC6646 != null ? abstractC6646.hashCode() : 0);
    }

    public final CertificatePinner withCertificateChainCleaner$okhttp(AbstractC6646 abstractC6646) {
        C6270.m21667(abstractC6646, "certificateChainCleaner");
        return C6270.m21668(this.certificateChainCleaner, abstractC6646) ? this : new CertificatePinner(this.pins, abstractC6646);
    }
}
