package q.g.a.a.b.network.ssl;

import com.growingio.android.sdk.monitor.marshaller.json.ExceptionInterfaceBinding;
import com.huawei.hms.aaid.constant.AaidIdConstant;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.f.internal.q;
import okhttp3.a.tls.d;
import org.matrix.android.sdk.api.auth.data.HomeServerConnectionConfig;
import org.matrix.android.sdk.internal.network.ssl.UnrecognizedCertificateException;
import u.a.b;

/* compiled from: CertUtil.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000^\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0019\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0010\f\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0003\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\bÀ\u0002\u0018\u00002\u00020\u0001:\u0001 B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0018\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\b\b\u0002\u0010\u000b\u001a\u00020\fJ\u0018\u0010\r\u001a\u00020\n2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\bH\u0002J\u000e\u0010\u0011\u001a\u00020\n2\u0006\u0010\u000e\u001a\u00020\u000fJ\u000e\u0010\u0012\u001a\u00020\n2\u0006\u0010\u000e\u001a\u00020\u000fJ\u0012\u0010\u0013\u001a\u0004\u0018\u00010\u00142\b\u0010\u0015\u001a\u0004\u0018\u00010\u0016J\u0014\u0010\u0017\u001a\b\u0012\u0004\u0012\u00020\u00190\u00182\u0006\u0010\u001a\u001a\u00020\u001bJ\u000e\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u001a\u001a\u00020\u001bJ\u000e\u0010\u001e\u001a\u00020\u001f2\u0006\u0010\u001a\u001a\u00020\u001bR\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006!"}, d2 = {"Lorg/matrix/android/sdk/internal/network/ssl/CertUtil;", "", "()V", "USE_DEFAULT_HOSTNAME_VERIFIER", "", "hexArray", "", "fingerprintToHexString", "", "fingerprint", "", "sep", "", "generateFingerprint", "cert", "Ljava/security/cert/X509Certificate;", ExceptionInterfaceBinding.TYPE_PARAMETER, "generateSha1Fingerprint", "generateSha256Fingerprint", "getCertificateException", "Lorg/matrix/android/sdk/internal/network/ssl/UnrecognizedCertificateException;", "root", "", "newConnectionSpecs", "", "Lokhttp3/ConnectionSpec;", "hsConfig", "Lorg/matrix/android/sdk/api/auth/data/HomeServerConnectionConfig;", "newHostnameVerifier", "Ljavax/net/ssl/HostnameVerifier;", "newPinnedSSLSocketFactory", "Lorg/matrix/android/sdk/internal/network/ssl/CertUtil$PinnedSSLSocketFactory;", "PinnedSSLSocketFactory", "matrix-sdk-android_release"}, k = 1, mv = {1, 4, 0})
/* renamed from: q.g.a.a.b.h.d.a, reason: from Kotlin metadata */
/* loaded from: classes3.dex */
public final class CertUtil {

    /* renamed from: a, reason: collision with root package name */
    public static final char[] f37628a;

    /* renamed from: b, reason: collision with root package name */
    public static final CertUtil f37629b = new CertUtil();

    /* compiled from: CertUtil.kt */
    /* renamed from: q.g.a.a.b.h.d.a$a */
    /* loaded from: classes3.dex */
    public static final class a {

        /* renamed from: a, reason: collision with root package name */
        public final SSLSocketFactory f37630a;

        /* renamed from: b, reason: collision with root package name */
        public final X509TrustManager f37631b;

        public a(SSLSocketFactory sSLSocketFactory, X509TrustManager x509TrustManager) {
            q.c(sSLSocketFactory, "sslSocketFactory");
            q.c(x509TrustManager, "x509TrustManager");
            this.f37630a = sSLSocketFactory;
            this.f37631b = x509TrustManager;
        }

        public final SSLSocketFactory a() {
            return this.f37630a;
        }

        public final X509TrustManager b() {
            return this.f37631b;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof a)) {
                return false;
            }
            a aVar = (a) obj;
            return q.a(this.f37630a, aVar.f37630a) && q.a(this.f37631b, aVar.f37631b);
        }

        public int hashCode() {
            SSLSocketFactory sSLSocketFactory = this.f37630a;
            int hashCode = (sSLSocketFactory != null ? sSLSocketFactory.hashCode() : 0) * 31;
            X509TrustManager x509TrustManager = this.f37631b;
            return hashCode + (x509TrustManager != null ? x509TrustManager.hashCode() : 0);
        }

        public String toString() {
            return "PinnedSSLSocketFactory(sslSocketFactory=" + this.f37630a + ", x509TrustManager=" + this.f37631b + ")";
        }
    }

    static {
        char[] charArray = "0123456789ABCDEF".toCharArray();
        q.b(charArray, "(this as java.lang.String).toCharArray()");
        f37628a = charArray;
    }

    public static /* synthetic */ String a(CertUtil certUtil, byte[] bArr, char c2, int i2, Object obj) {
        if ((i2 & 2) != 0) {
            c2 = ' ';
        }
        return certUtil.a(bArr, c2);
    }

    public final String a(byte[] bArr, char c2) {
        q.c(bArr, "fingerprint");
        char[] cArr = new char[bArr.length * 3];
        int length = bArr.length;
        for (int i2 = 0; i2 < length; i2++) {
            int i3 = bArr[i2] & 255;
            char[] cArr2 = f37628a;
            cArr[i2 * 3] = cArr2[i3 >>> 4];
            cArr[(i2 * 3) + 1] = cArr2[i3 & 15];
            cArr[(i2 * 3) + 2] = c2;
        }
        return new String(cArr, 0, cArr.length - 1);
    }

    /* JADX WARN: Code restructure failed: missing block: B:23:0x0096, code lost:
    
        if (kotlin.text.x.c(r5, "http://", false, 2, null) != false) goto L24;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.util.List<okhttp3.ConnectionSpec> a(org.matrix.android.sdk.api.auth.data.HomeServerConnectionConfig r10) {
        /*
            r9 = this;
            java.lang.String r0 = "hsConfig"
            kotlin.f.internal.q.c(r10, r0)
            o.m$a r0 = new o.m$a
            o.m r1 = okhttp3.ConnectionSpec.f32734d
            r0.<init>(r1)
            java.util.List r1 = r10.j()
            java.lang.String r2 = "null cannot be cast to non-null type kotlin.Array<T>"
            r3 = 0
            if (r1 == 0) goto L3b
            boolean r4 = r1.isEmpty()
            r4 = r4 ^ 1
            if (r4 == 0) goto L3b
            r4 = r1
            r5 = 0
            r6 = r4
            okhttp3.TlsVersion[] r7 = new okhttp3.TlsVersion[r3]
            java.lang.Object[] r7 = r6.toArray(r7)
            if (r7 == 0) goto L35
            okhttp3.TlsVersion[] r7 = (okhttp3.TlsVersion[]) r7
            int r4 = r7.length
            java.lang.Object[] r4 = java.util.Arrays.copyOf(r7, r4)
            okhttp3.TlsVersion[] r4 = (okhttp3.TlsVersion[]) r4
            r0.a(r4)
            goto L3b
        L35:
            java.lang.NullPointerException r3 = new java.lang.NullPointerException
            r3.<init>(r2)
            throw r3
        L3b:
            java.util.List r4 = r10.i()
            if (r4 == 0) goto L67
            boolean r5 = r4.isEmpty()
            r5 = r5 ^ 1
            if (r5 == 0) goto L67
            r5 = r4
            r6 = 0
            r7 = r5
            o.j[] r8 = new okhttp3.CipherSuite[r3]
            java.lang.Object[] r8 = r7.toArray(r8)
            if (r8 == 0) goto L61
            o.j[] r8 = (okhttp3.CipherSuite[]) r8
            int r2 = r8.length
            java.lang.Object[] r2 = java.util.Arrays.copyOf(r8, r2)
            o.j[] r2 = (okhttp3.CipherSuite[]) r2
            r0.a(r2)
            goto L67
        L61:
            java.lang.NullPointerException r3 = new java.lang.NullPointerException
            r3.<init>(r2)
            throw r3
        L67:
            boolean r2 = r10.getShouldAcceptTlsExtensions()
            r0.a(r2)
            java.util.ArrayList r2 = new java.util.ArrayList
            r2.<init>()
            o.m r5 = r0.a()
            r2.add(r5)
            boolean r5 = r10.getAllowHttpExtension()
            if (r5 != 0) goto L98
            android.net.Uri r5 = r10.getHomeServerUri()
            java.lang.String r5 = r5.toString()
            java.lang.String r6 = "hsConfig.homeServerUri.toString()"
            kotlin.f.internal.q.b(r5, r6)
            r6 = 2
            r7 = 0
            java.lang.String r8 = "http://"
            boolean r3 = kotlin.text.x.c(r5, r8, r3, r6, r7)
            if (r3 == 0) goto L9d
        L98:
            o.m r3 = okhttp3.ConnectionSpec.f32736f
            r2.add(r3)
        L9d:
            return r2
        */
        throw new UnsupportedOperationException("Method not decompiled: q.g.a.a.b.network.ssl.CertUtil.a(org.matrix.android.sdk.api.auth.data.HomeServerConnectionConfig):java.util.List");
    }

    public final UnrecognizedCertificateException a(Throwable th) {
        Throwable th2 = th;
        for (int i2 = 0; th2 != null && i2 < 10; i2++) {
            if (th2 instanceof UnrecognizedCertificateException) {
                return (UnrecognizedCertificateException) th2;
            }
            th2 = th2.getCause();
        }
        return null;
    }

    public final byte[] a(X509Certificate x509Certificate) throws CertificateException {
        q.c(x509Certificate, "cert");
        return a(x509Certificate, "SHA-1");
    }

    public final byte[] a(X509Certificate x509Certificate, String str) throws CertificateException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            q.b(messageDigest, "MessageDigest.getInstance(type)");
            byte[] digest = messageDigest.digest(x509Certificate.getEncoded());
            q.b(digest, "md.digest(cert.encoded)");
            return digest;
        } catch (Exception e2) {
            throw new CertificateException(e2);
        }
    }

    public final HostnameVerifier b(HomeServerConnectionConfig homeServerConnectionConfig) {
        q.c(homeServerConnectionConfig, "hsConfig");
        return new b(d.f32669a, homeServerConnectionConfig.b());
    }

    public final byte[] b(X509Certificate x509Certificate) throws CertificateException {
        q.c(x509Certificate, "cert");
        return a(x509Certificate, AaidIdConstant.SIGNATURE_SHA256);
    }

    public final a c(HomeServerConnectionConfig homeServerConnectionConfig) {
        SSLSocketFactory socketFactory;
        q.c(homeServerConnectionConfig, "hsConfig");
        X509TrustManager x509TrustManager = null;
        try {
            if (!homeServerConnectionConfig.getShouldPin()) {
                TrustManagerFactory trustManagerFactory = null;
                try {
                    trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
                } catch (Exception e2) {
                    b.a(e2, "## newPinnedSSLSocketFactory() : TrustManagerFactory.getInstance failed", new Object[0]);
                }
                if (trustManagerFactory == null) {
                    try {
                        trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    } catch (Exception e3) {
                        b.a(e3, "## newPinnedSSLSocketFactory() : TrustManagerFactory.getInstance of default failed", new Object[0]);
                    }
                }
                q.a(trustManagerFactory);
                trustManagerFactory.init((KeyStore) null);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                q.b(trustManagers, "trustManagers");
                int length = trustManagers.length;
                int i2 = 0;
                while (true) {
                    if (i2 >= length) {
                        break;
                    }
                    if (trustManagers[i2] instanceof X509TrustManager) {
                        TrustManager trustManager = trustManagers[i2];
                        if (trustManager == null) {
                            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                        }
                        x509TrustManager = (X509TrustManager) trustManager;
                    } else {
                        i2++;
                    }
                }
            }
            TrustManager[] trustManagerArr = {f.f37639a.a(homeServerConnectionConfig.b(), x509TrustManager)};
            if (!homeServerConnectionConfig.getForceUsageTlsVersions() || homeServerConnectionConfig.j() == null) {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, trustManagerArr, new SecureRandom());
                q.b(sSLContext, "sslContext");
                socketFactory = sSLContext.getSocketFactory();
                q.b(socketFactory, "sslContext.socketFactory");
            } else {
                socketFactory = new g(trustManagerArr, homeServerConnectionConfig.j());
            }
            q.a(x509TrustManager);
            return new a(socketFactory, x509TrustManager);
        } catch (Exception e4) {
            throw new RuntimeException(e4);
        }
    }
}
