package com.norton.staplerclassifiers.networkdetections.sslmitm;

import android.content.Context;
import android.util.Base64;
import com.norton.staplerclassifiers.BaseTask;
import com.norton.staplerclassifiers.CaptiveMode;
import com.norton.staplerclassifiers.config.IConfigurationProvider;
import com.norton.staplerclassifiers.networkdetections.captive.CaptiveNetworkChecker;
import com.norton.staplerclassifiers.networkdetections.captive.ICaptiveNetworkChecker;
import com.symantec.mobilesecurity.o.a8b;
import com.symantec.mobilesecurity.o.a9b;
import com.symantec.mobilesecurity.o.acb;
import com.symantec.mobilesecurity.o.c6l;
import com.symantec.mobilesecurity.o.coi;
import com.symantec.mobilesecurity.o.f69;
import com.symantec.mobilesecurity.o.g9a;
import com.symantec.mobilesecurity.o.o4f;
import com.symantec.mobilesecurity.o.oc5;
import com.symantec.mobilesecurity.o.pxn;
import com.symantec.mobilesecurity.o.vbm;
import com.symantec.mobilesecurity.o.vdf;
import defpackage.a;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import kotlin.Metadata;
import kotlin.collections.o;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.serialization.json.JsonElement;
import org.jetbrains.annotations.NotNull;

@Metadata(d1 = {"\u0000^\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0005\b\u0000\u0018\u0000 %2\u00020\u0001:\u0001%B?\b\u0007\u0012\u0006\u0010\u001e\u001a\u00020\u001d\u0012\u0006\u0010 \u001a\u00020\u001f\u0012\u0006\u0010\"\u001a\u00020!\u0012\b\b\u0002\u0010\n\u001a\u00020\t\u0012\b\b\u0002\u0010\r\u001a\u00020\f\u0012\b\b\u0002\u0010\u0010\u001a\u00020\u000f¢\u0006\u0004\b#\u0010$J\b\u0010\u0003\u001a\u00020\u0002H\u0002J\u0016\u0010\u0007\u001a\u00020\u00022\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004H\u0002J\b\u0010\b\u001a\u00020\u0002H\u0016R\u0014\u0010\n\u001a\u00020\t8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\n\u0010\u000bR\u0014\u0010\r\u001a\u00020\f8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\r\u0010\u000eR\u0014\u0010\u0010\u001a\u00020\u000f8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0010\u0010\u0011R\u0019\u0010\u0013\u001a\u0004\u0018\u00010\u00128\u0006¢\u0006\f\n\u0004\b\u0013\u0010\u0014\u001a\u0004\b\u0015\u0010\u0016R\u0014\u0010\u0018\u001a\u00020\u00178\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0018\u0010\u0019R\u0014\u0010\u001b\u001a\u00020\u001a8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u001b\u0010\u001c¨\u0006&"}, d2 = {"Lcom/norton/staplerclassifiers/networkdetections/sslmitm/SSLMITMTask;", "Lcom/norton/staplerclassifiers/BaseTask;", "Lcom/symantec/mobilesecurity/o/pxn;", "checkForSslMitm", "", "Ljava/security/cert/X509Certificate;", "certChain", "addTelemetryPayload", "scan", "Lcom/norton/staplerclassifiers/networkdetections/captive/ICaptiveNetworkChecker;", "captiveNetworkChecker", "Lcom/norton/staplerclassifiers/networkdetections/captive/ICaptiveNetworkChecker;", "Lcom/symantec/mobilesecurity/o/vdf$a;", "okHttpClientBuilder", "Lcom/symantec/mobilesecurity/o/vdf$a;", "Lcom/norton/staplerclassifiers/networkdetections/sslmitm/ICertChainCapturingTrustManager;", "certChainCapturingTrustManager", "Lcom/norton/staplerclassifiers/networkdetections/sslmitm/ICertChainCapturingTrustManager;", "Lcom/norton/staplerclassifiers/networkdetections/sslmitm/SSLMITMConfiguration;", "configuration", "Lcom/norton/staplerclassifiers/networkdetections/sslmitm/SSLMITMConfiguration;", "getConfiguration", "()Lcom/norton/staplerclassifiers/networkdetections/sslmitm/SSLMITMConfiguration;", "La;", "spySSLSocketFactory", "La;", "Ljavax/net/ssl/SSLContext;", "sslContext", "Ljavax/net/ssl/SSLContext;", "Landroid/content/Context;", "context", "Lcom/norton/staplerclassifiers/config/IConfigurationProvider;", "configurationProvider", "", "configurationKey", "<init>", "(Landroid/content/Context;Lcom/norton/staplerclassifiers/config/IConfigurationProvider;Ljava/lang/String;Lcom/norton/staplerclassifiers/networkdetections/captive/ICaptiveNetworkChecker;Lcom/symantec/mobilesecurity/o/vdf$a;Lcom/norton/staplerclassifiers/networkdetections/sslmitm/ICertChainCapturingTrustManager;)V", "Companion", "com.norton.staplerclassifiers.network-detections"}, k = 1, mv = {1, 9, 0})
@c6l
/* loaded from: classes6.dex */
public final class SSLMITMTask extends BaseTask {

    @NotNull
    private static final String TAG = "SSLMITMTask";

    @NotNull
    private final ICaptiveNetworkChecker captiveNetworkChecker;

    @NotNull
    private final ICertChainCapturingTrustManager certChainCapturingTrustManager;

    @o4f
    private final SSLMITMConfiguration configuration;

    @NotNull
    private final vdf.a okHttpClientBuilder;

    @NotNull
    private final a spySSLSocketFactory;

    @NotNull
    private final SSLContext sslContext;

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    @acb
    public SSLMITMTask(@NotNull Context context, @NotNull IConfigurationProvider configurationProvider, @NotNull String configurationKey) {
        this(context, configurationProvider, configurationKey, null, null, null, 56, null);
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(configurationProvider, "configurationProvider");
        Intrinsics.checkNotNullParameter(configurationKey, "configurationKey");
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    @acb
    public SSLMITMTask(@NotNull Context context, @NotNull IConfigurationProvider configurationProvider, @NotNull String configurationKey, @NotNull ICaptiveNetworkChecker captiveNetworkChecker) {
        this(context, configurationProvider, configurationKey, captiveNetworkChecker, null, null, 48, null);
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(configurationProvider, "configurationProvider");
        Intrinsics.checkNotNullParameter(configurationKey, "configurationKey");
        Intrinsics.checkNotNullParameter(captiveNetworkChecker, "captiveNetworkChecker");
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    @acb
    public SSLMITMTask(@NotNull Context context, @NotNull IConfigurationProvider configurationProvider, @NotNull String configurationKey, @NotNull ICaptiveNetworkChecker captiveNetworkChecker, @NotNull vdf.a okHttpClientBuilder) {
        this(context, configurationProvider, configurationKey, captiveNetworkChecker, okHttpClientBuilder, null, 32, null);
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(configurationProvider, "configurationProvider");
        Intrinsics.checkNotNullParameter(configurationKey, "configurationKey");
        Intrinsics.checkNotNullParameter(captiveNetworkChecker, "captiveNetworkChecker");
        Intrinsics.checkNotNullParameter(okHttpClientBuilder, "okHttpClientBuilder");
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    @acb
    public SSLMITMTask(@NotNull Context context, @NotNull IConfigurationProvider configurationProvider, @NotNull String configurationKey, @NotNull ICaptiveNetworkChecker captiveNetworkChecker, @NotNull vdf.a okHttpClientBuilder, @NotNull ICertChainCapturingTrustManager certChainCapturingTrustManager) {
        super(context, configurationProvider, configurationKey);
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(configurationProvider, "configurationProvider");
        Intrinsics.checkNotNullParameter(configurationKey, "configurationKey");
        Intrinsics.checkNotNullParameter(captiveNetworkChecker, "captiveNetworkChecker");
        Intrinsics.checkNotNullParameter(okHttpClientBuilder, "okHttpClientBuilder");
        Intrinsics.checkNotNullParameter(certChainCapturingTrustManager, "certChainCapturingTrustManager");
        this.captiveNetworkChecker = captiveNetworkChecker;
        this.okHttpClientBuilder = okHttpClientBuilder;
        this.certChainCapturingTrustManager = certChainCapturingTrustManager;
        super.setTaskName(SSLMITMClassifier.NAME);
        super.setVersion(0);
        this.configuration = (SSLMITMConfiguration) configurationProvider.getConfiguration(configurationKey, SSLMITMConfiguration.INSTANCE.serializer());
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        Intrinsics.checkNotNullExpressionValue(sSLContext, "getInstance(...)");
        this.sslContext = sSLContext;
        sSLContext.init(null, new ICertChainCapturingTrustManager[]{certChainCapturingTrustManager}, null);
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        Intrinsics.g(socketFactory);
        a aVar = new a(socketFactory);
        this.spySSLSocketFactory = aVar;
        okHttpClientBuilder.k0(aVar, certChainCapturingTrustManager);
    }

    public /* synthetic */ SSLMITMTask(Context context, IConfigurationProvider iConfigurationProvider, String str, ICaptiveNetworkChecker iCaptiveNetworkChecker, vdf.a aVar, ICertChainCapturingTrustManager iCertChainCapturingTrustManager, int i, oc5 oc5Var) {
        this(context, iConfigurationProvider, str, (i & 8) != 0 ? new CaptiveNetworkChecker(null, 1, null) : iCaptiveNetworkChecker, (i & 16) != 0 ? new vdf.a() : aVar, (i & 32) != 0 ? new CertChainCapturingTrustManager() : iCertChainCapturingTrustManager);
    }

    private final void addTelemetryPayload(List<? extends X509Certificate> list) {
        String str;
        int y;
        SSLSocket a = this.spySSLSocketFactory.a();
        if (a != null) {
            SSLSocket a2 = this.spySSLSocketFactory.a();
            Intrinsics.g(a2);
            vbm.j(TAG, "SSL Socket Session ID: " + a2.getSession().getPeerHost());
            str = a.getInetAddress().getHostAddress();
            Intrinsics.g(str);
            vbm.j(TAG, "Connected to " + a.getSession().getPeerHost() + " at IP: " + ((Object) str));
        } else {
            str = "";
        }
        y = o.y(list, 10);
        ArrayList arrayList = new ArrayList(y);
        Iterator<T> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(Base64.encodeToString(((X509Certificate) it.next()).getEncoded(), 0));
        }
        JsonElement g = a9b.b(null, new f69<a8b, pxn>() { // from class: com.norton.staplerclassifiers.networkdetections.sslmitm.SSLMITMTask$addTelemetryPayload$jsonPayload$1
            @Override // com.symantec.mobilesecurity.o.f69
            /* renamed from: invoke */
            public /* bridge */ /* synthetic */ pxn invoke2(a8b a8bVar) {
                invoke2(a8bVar);
                return pxn.a;
            }

            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            public final void invoke2(@NotNull a8b Json) {
                Intrinsics.checkNotNullParameter(Json, "$this$Json");
            }
        }, 1, null).g(SSLMITMTelemetryPayload.INSTANCE.serializer(), new SSLMITMTelemetryPayload(str, arrayList));
        BaseTask.DetectionTelemetryPayload telemetryPayload = this.resultInfo.getTelemetryPayload();
        if (telemetryPayload == null) {
            return;
        }
        telemetryPayload.setDetectionSpecificTelemetry(g);
    }

    private final void checkForSslMitm() {
        String I;
        g9a.Companion companion = g9a.INSTANCE;
        SSLMITMConfiguration sSLMITMConfiguration = this.configuration;
        Intrinsics.g(sSLMITMConfiguration);
        g9a f = companion.f(sSLMITMConfiguration.getUrl());
        if (f == null) {
            this.resultInfo.failStatus(1, "Invalid MITM configuration URL");
            return;
        }
        try {
            this.okHttpClientBuilder.c().c(new coi.a().t(f).b()).execute();
            if (this.certChainCapturingTrustManager.getCertChain() == null) {
                this.resultInfo.failStatus(8, "Missing cert chain");
                return;
            }
            List<X509Certificate> certChain = this.certChainCapturingTrustManager.getCertChain();
            Intrinsics.g(certChain);
            Iterator<X509Certificate> it = certChain.iterator();
            while (it.hasNext()) {
                String encodeToString = Base64.encodeToString(it.next().getPublicKey().getEncoded(), 0);
                Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(...)");
                I = kotlin.text.o.I(encodeToString, "\n", "", false, 4, null);
                if (this.configuration.getWhitelistedPublicKeys().contains(I)) {
                    this.resultInfo.successStatus(BaseTask.StateType.SAFE, "MITM attack not detected");
                    return;
                }
            }
            addTelemetryPayload(certChain);
            vbm.j(TAG, "Nothing detected.");
            this.resultInfo.successStatus(BaseTask.StateType.UNSAFE, "MITM attack detected");
        } catch (IOException e) {
            vbm.f(TAG, "exception", e);
            if (!(e.getCause() instanceof GeneralSecurityException)) {
                this.resultInfo.failStatus(8, "Network error");
                return;
            }
            this.resultInfo.successStatus(BaseTask.StateType.UNSAFE, "MITM attack detected");
            List<X509Certificate> certChain2 = this.certChainCapturingTrustManager.getCertChain();
            if (certChain2 != null) {
                addTelemetryPayload(certChain2);
            }
        }
    }

    @o4f
    public final SSLMITMConfiguration getConfiguration() {
        return this.configuration;
    }

    @Override // com.norton.staplerclassifiers.BaseTask
    public void scan() {
        SSLMITMConfiguration sSLMITMConfiguration = this.configuration;
        if (sSLMITMConfiguration == null) {
            this.resultInfo.failStatus(6, "No config available");
            return;
        }
        CaptiveMode captiveMode = this.captiveNetworkChecker.getCaptiveMode(sSLMITMConfiguration.getCaptiveUrl());
        this.resultInfo.setTelemetryPayload(new BaseTask.DetectionTelemetryPayload(captiveMode, null));
        if (captiveMode == CaptiveMode.HAS_CAPTIVE) {
            this.resultInfo.successStatus(BaseTask.StateType.UNCERTAIN, "captive portal detected");
        } else {
            checkForSslMitm();
        }
    }
}
