package okhttp3;

import android.support.v4.media.a;
import com.anjiu.common.utils.UtilsFilename;
import com.tencent.smtt.sdk.ProxyConfig;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import kotlin.collections.EmptyList;
import kotlin.collections.i;
import kotlin.collections.u;
import kotlin.jvm.internal.n;
import kotlin.jvm.internal.q;
import kotlin.text.k;
import kotlin.text.m;
import okhttp3.internal.HostnamesKt;
import okhttp3.internal.tls.CertificateChainCleaner;
import okio.ByteString;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: CertificatePinner.kt */
/* loaded from: classes4.dex */
public final class CertificatePinner {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    public static final CertificatePinner DEFAULT = new Builder().build();

    @Nullable
    private final CertificateChainCleaner certificateChainCleaner;

    @NotNull
    private final Set<Pin> pins;

    /* compiled from: CertificatePinner.kt */
    /* loaded from: classes4.dex */
    public static final class Builder {

        @NotNull
        private final List<Pin> pins = new ArrayList();

        @NotNull
        public final Builder add(@NotNull String pattern, @NotNull String... pins) {
            q.f(pattern, "pattern");
            q.f(pins, "pins");
            int length = pins.length;
            int i10 = 0;
            while (i10 < length) {
                String str = pins[i10];
                i10++;
                getPins().add(new Pin(pattern, str));
            }
            return this;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @NotNull
        public final CertificatePinner build() {
            return new CertificatePinner(u.F(this.pins), null, 2, 0 == true ? 1 : 0);
        }

        @NotNull
        public final List<Pin> getPins() {
            return this.pins;
        }
    }

    /* compiled from: CertificatePinner.kt */
    /* loaded from: classes4.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(n nVar) {
            this();
        }

        @NotNull
        public final String pin(@NotNull Certificate certificate) {
            q.f(certificate, "certificate");
            if (certificate instanceof X509Certificate) {
                return q.k(sha256Hash((X509Certificate) certificate).base64(), "sha256/");
            }
            throw new IllegalArgumentException("Certificate pinning requires X509 certificates".toString());
        }

        @NotNull
        public final ByteString sha1Hash(@NotNull X509Certificate x509Certificate) {
            q.f(x509Certificate, "<this>");
            ByteString.a aVar = ByteString.Companion;
            byte[] encoded = x509Certificate.getPublicKey().getEncoded();
            q.e(encoded, "publicKey.encoded");
            return ByteString.a.d(aVar, encoded).sha1();
        }

        @NotNull
        public final ByteString sha256Hash(@NotNull X509Certificate x509Certificate) {
            q.f(x509Certificate, "<this>");
            ByteString.a aVar = ByteString.Companion;
            byte[] encoded = x509Certificate.getPublicKey().getEncoded();
            q.e(encoded, "publicKey.encoded");
            return ByteString.a.d(aVar, encoded).sha256();
        }
    }

    /* compiled from: CertificatePinner.kt */
    /* loaded from: classes4.dex */
    public static final class Pin {

        @NotNull
        private final ByteString hash;

        @NotNull
        private final String hashAlgorithm;

        @NotNull
        private final String pattern;

        public Pin(@NotNull String pattern, @NotNull String pin) {
            q.f(pattern, "pattern");
            q.f(pin, "pin");
            boolean z10 = true;
            if ((!k.m(pattern, "*.", false) || m.t(pattern, ProxyConfig.MATCH_ALL_SCHEMES, 1, false, 4) != -1) && ((!k.m(pattern, "**.", false) || m.t(pattern, ProxyConfig.MATCH_ALL_SCHEMES, 2, false, 4) != -1) && m.t(pattern, ProxyConfig.MATCH_ALL_SCHEMES, 0, false, 6) != -1)) {
                z10 = false;
            }
            if (!z10) {
                throw new IllegalArgumentException(q.k(pattern, "Unexpected pattern: ").toString());
            }
            String canonicalHost = HostnamesKt.toCanonicalHost(pattern);
            if (canonicalHost == null) {
                throw new IllegalArgumentException(q.k(pattern, "Invalid pattern: "));
            }
            this.pattern = canonicalHost;
            if (k.m(pin, "sha1/", false)) {
                this.hashAlgorithm = "sha1";
                ByteString.a aVar = ByteString.Companion;
                String substring = pin.substring(5);
                q.e(substring, "this as java.lang.String).substring(startIndex)");
                aVar.getClass();
                ByteString a10 = ByteString.a.a(substring);
                if (a10 == null) {
                    throw new IllegalArgumentException(q.k(pin, "Invalid pin hash: "));
                }
                this.hash = a10;
                return;
            }
            if (!k.m(pin, "sha256/", false)) {
                throw new IllegalArgumentException(q.k(pin, "pins must start with 'sha256/' or 'sha1/': "));
            }
            this.hashAlgorithm = "sha256";
            ByteString.a aVar2 = ByteString.Companion;
            String substring2 = pin.substring(7);
            q.e(substring2, "this as java.lang.String).substring(startIndex)");
            aVar2.getClass();
            ByteString a11 = ByteString.a.a(substring2);
            if (a11 == null) {
                throw new IllegalArgumentException(q.k(pin, "Invalid pin hash: "));
            }
            this.hash = a11;
        }

        public boolean equals(@Nullable Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof Pin)) {
                return false;
            }
            Pin pin = (Pin) obj;
            return q.a(this.pattern, pin.pattern) && q.a(this.hashAlgorithm, pin.hashAlgorithm) && q.a(this.hash, pin.hash);
        }

        @NotNull
        public final ByteString getHash() {
            return this.hash;
        }

        @NotNull
        public final String getHashAlgorithm() {
            return this.hashAlgorithm;
        }

        @NotNull
        public final String getPattern() {
            return this.pattern;
        }

        public int hashCode() {
            return this.hash.hashCode() + a.b(this.hashAlgorithm, this.pattern.hashCode() * 31, 31);
        }

        public final boolean matchesCertificate(@NotNull X509Certificate certificate) {
            q.f(certificate, "certificate");
            String str = this.hashAlgorithm;
            if (q.a(str, "sha256")) {
                return q.a(this.hash, CertificatePinner.Companion.sha256Hash(certificate));
            }
            if (q.a(str, "sha1")) {
                return q.a(this.hash, CertificatePinner.Companion.sha1Hash(certificate));
            }
            return false;
        }

        public final boolean matchesHostname(@NotNull String hostname) {
            q.f(hostname, "hostname");
            if (k.m(this.pattern, "**.", false)) {
                int length = this.pattern.length() - 3;
                int length2 = hostname.length() - length;
                if (!k.h(hostname, this.pattern, hostname.length() - length, 3, length, false)) {
                    return false;
                }
                if (length2 != 0 && hostname.charAt(length2 - 1) != '.') {
                    return false;
                }
            } else {
                if (!k.m(this.pattern, "*.", false)) {
                    return q.a(hostname, this.pattern);
                }
                int length3 = this.pattern.length() - 1;
                int length4 = hostname.length() - length3;
                if (!k.h(hostname, this.pattern, hostname.length() - length3, 1, length3, false) || m.v(hostname, UtilsFilename.EXTENSION_SEPARATOR, length4 - 1, 4) != -1) {
                    return false;
                }
            }
            return true;
        }

        @NotNull
        public String toString() {
            return this.hashAlgorithm + '/' + this.hash.base64();
        }
    }

    public CertificatePinner(@NotNull Set<Pin> pins, @Nullable CertificateChainCleaner certificateChainCleaner) {
        q.f(pins, "pins");
        this.pins = pins;
        this.certificateChainCleaner = certificateChainCleaner;
    }

    public /* synthetic */ CertificatePinner(Set set, CertificateChainCleaner certificateChainCleaner, int i10, n nVar) {
        this(set, (i10 & 2) != 0 ? null : certificateChainCleaner);
    }

    @NotNull
    public static final String pin(@NotNull Certificate certificate) {
        return Companion.pin(certificate);
    }

    @NotNull
    public static final ByteString sha1Hash(@NotNull X509Certificate x509Certificate) {
        return Companion.sha1Hash(x509Certificate);
    }

    @NotNull
    public static final ByteString sha256Hash(@NotNull X509Certificate x509Certificate) {
        return Companion.sha256Hash(x509Certificate);
    }

    public final void check(@NotNull final String hostname, @NotNull final List<? extends Certificate> peerCertificates) throws SSLPeerUnverifiedException {
        q.f(hostname, "hostname");
        q.f(peerCertificates, "peerCertificates");
        check$okhttp(hostname, new ad.a<List<? extends X509Certificate>>() { // from class: okhttp3.CertificatePinner$check$1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            /* JADX WARN: Multi-variable type inference failed */
            {
                super(0);
            }

            @Override // ad.a
            @NotNull
            public final List<? extends X509Certificate> invoke() {
                CertificateChainCleaner certificateChainCleaner$okhttp = CertificatePinner.this.getCertificateChainCleaner$okhttp();
                List<Certificate> clean = certificateChainCleaner$okhttp == null ? null : certificateChainCleaner$okhttp.clean(peerCertificates, hostname);
                if (clean == null) {
                    clean = peerCertificates;
                }
                ArrayList arrayList = new ArrayList(kotlin.collections.q.h(clean));
                Iterator<T> it = clean.iterator();
                while (it.hasNext()) {
                    arrayList.add((X509Certificate) ((Certificate) it.next()));
                }
                return arrayList;
            }
        });
    }

    public final void check(@NotNull String hostname, @NotNull Certificate... peerCertificates) throws SSLPeerUnverifiedException {
        q.f(hostname, "hostname");
        q.f(peerCertificates, "peerCertificates");
        check(hostname, i.F(peerCertificates));
    }

    public final void check$okhttp(@NotNull String hostname, @NotNull ad.a<? extends List<? extends X509Certificate>> cleanedPeerCertificatesFn) {
        q.f(hostname, "hostname");
        q.f(cleanedPeerCertificatesFn, "cleanedPeerCertificatesFn");
        List<Pin> findMatchingPins = findMatchingPins(hostname);
        if (findMatchingPins.isEmpty()) {
            return;
        }
        List<? extends X509Certificate> invoke = cleanedPeerCertificatesFn.invoke();
        for (X509Certificate x509Certificate : invoke) {
            ByteString byteString = null;
            ByteString byteString2 = null;
            for (Pin pin : findMatchingPins) {
                String hashAlgorithm = pin.getHashAlgorithm();
                if (q.a(hashAlgorithm, "sha256")) {
                    if (byteString == null) {
                        byteString = Companion.sha256Hash(x509Certificate);
                    }
                    if (q.a(pin.getHash(), byteString)) {
                        return;
                    }
                } else {
                    if (!q.a(hashAlgorithm, "sha1")) {
                        throw new AssertionError(q.k(pin.getHashAlgorithm(), "unsupported hashAlgorithm: "));
                    }
                    if (byteString2 == null) {
                        byteString2 = Companion.sha1Hash(x509Certificate);
                    }
                    if (q.a(pin.getHash(), byteString2)) {
                        return;
                    }
                }
            }
        }
        StringBuilder sb2 = new StringBuilder("Certificate pinning failure!\n  Peer certificate chain:");
        for (X509Certificate x509Certificate2 : invoke) {
            sb2.append("\n    ");
            sb2.append(Companion.pin(x509Certificate2));
            sb2.append(": ");
            sb2.append(x509Certificate2.getSubjectDN().getName());
        }
        sb2.append("\n  Pinned certificates for ");
        sb2.append(hostname);
        sb2.append(":");
        for (Pin pin2 : findMatchingPins) {
            sb2.append("\n    ");
            sb2.append(pin2);
        }
        String sb3 = sb2.toString();
        q.e(sb3, "StringBuilder().apply(builderAction).toString()");
        throw new SSLPeerUnverifiedException(sb3);
    }

    public boolean equals(@Nullable Object obj) {
        if (obj instanceof CertificatePinner) {
            CertificatePinner certificatePinner = (CertificatePinner) obj;
            if (q.a(certificatePinner.pins, this.pins) && q.a(certificatePinner.certificateChainCleaner, this.certificateChainCleaner)) {
                return true;
            }
        }
        return false;
    }

    @NotNull
    public final List<Pin> findMatchingPins(@NotNull String hostname) {
        q.f(hostname, "hostname");
        Set<Pin> set = this.pins;
        List list = EmptyList.INSTANCE;
        for (Object obj : set) {
            if (((Pin) obj).matchesHostname(hostname)) {
                if (list.isEmpty()) {
                    list = new ArrayList();
                }
                kotlin.jvm.internal.u.a(list).add(obj);
            }
        }
        return list;
    }

    @Nullable
    public final CertificateChainCleaner getCertificateChainCleaner$okhttp() {
        return this.certificateChainCleaner;
    }

    @NotNull
    public final Set<Pin> getPins() {
        return this.pins;
    }

    public int hashCode() {
        int hashCode = (this.pins.hashCode() + 1517) * 41;
        CertificateChainCleaner certificateChainCleaner = this.certificateChainCleaner;
        return hashCode + (certificateChainCleaner != null ? certificateChainCleaner.hashCode() : 0);
    }

    @NotNull
    public final CertificatePinner withCertificateChainCleaner$okhttp(@NotNull CertificateChainCleaner certificateChainCleaner) {
        q.f(certificateChainCleaner, "certificateChainCleaner");
        return q.a(this.certificateChainCleaner, certificateChainCleaner) ? this : new CertificatePinner(this.pins, certificateChainCleaner);
    }
}
