package okhttp3;

import defpackage.bt;
import defpackage.g3;
import defpackage.ke;
import defpackage.oa;
import defpackage.tb0;
import defpackage.ub0;
import defpackage.vf0;
import defpackage.wa;
import defpackage.wl;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import okhttp3.internal.HostnamesKt;
import okhttp3.internal.tls.CertificateChainCleaner;
import okio.ByteString;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: CertificatePinner.kt */
/* loaded from: classes.dex */
public final class CertificatePinner {
    public static final Companion Companion = new Companion(null);

    @NotNull
    public static final CertificatePinner DEFAULT = new Builder().build();

    @Nullable
    private final CertificateChainCleaner certificateChainCleaner;
    private final Set<Pin> pins;

    /* compiled from: CertificatePinner.kt */
    /* loaded from: classes.dex */
    public static final class Builder {
        private final List<Pin> pins = new ArrayList();

        @NotNull
        public final Builder add(@NotNull String str, @NotNull String... strArr) {
            bt.f(str, "pattern");
            bt.f(strArr, "pins");
            for (String str2 : strArr) {
                this.pins.add(CertificatePinner.Companion.newPin$okhttp(str, str2));
            }
            return this;
        }

        @NotNull
        public final CertificatePinner build() {
            return new CertificatePinner(wa.H(this.pins), null);
        }
    }

    /* compiled from: CertificatePinner.kt */
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(ke keVar) {
            this();
        }

        @NotNull
        public final Pin newPin$okhttp(@NotNull String str, @NotNull String str2) {
            bt.f(str, "pattern");
            bt.f(str2, "pin");
            if (!((tb0.u(str, "*.", false, 2, null) && ub0.K(str, "*", 1, false, 4, null) == -1) || (tb0.u(str, "**.", false, 2, null) && ub0.K(str, "*", 2, false, 4, null) == -1) || ub0.K(str, "*", 0, false, 6, null) == -1)) {
                throw new IllegalArgumentException(("Unexpected pattern: " + str).toString());
            }
            String canonicalHost = HostnamesKt.toCanonicalHost(str);
            if (canonicalHost == null) {
                throw new IllegalArgumentException("Invalid pattern: " + str);
            }
            if (tb0.u(str2, "sha1/", false, 2, null)) {
                ByteString.Companion companion = ByteString.Companion;
                String substring = str2.substring(5);
                bt.b(substring, "(this as java.lang.String).substring(startIndex)");
                ByteString decodeBase64 = companion.decodeBase64(substring);
                if (decodeBase64 == null) {
                    bt.l();
                }
                return new Pin(canonicalHost, "sha1/", decodeBase64);
            }
            if (!tb0.u(str2, "sha256/", false, 2, null)) {
                throw new IllegalArgumentException("pins must start with 'sha256/' or 'sha1/': " + str2);
            }
            ByteString.Companion companion2 = ByteString.Companion;
            String substring2 = str2.substring(7);
            bt.b(substring2, "(this as java.lang.String).substring(startIndex)");
            ByteString decodeBase642 = companion2.decodeBase64(substring2);
            if (decodeBase642 == null) {
                bt.l();
            }
            return new Pin(canonicalHost, "sha256/", decodeBase642);
        }

        @NotNull
        public final String pin(@NotNull Certificate certificate) {
            bt.f(certificate, "certificate");
            if (!(certificate instanceof X509Certificate)) {
                throw new IllegalArgumentException("Certificate pinning requires X509 certificates".toString());
            }
            return "sha256/" + toSha256ByteString$okhttp((X509Certificate) certificate).base64();
        }

        @NotNull
        public final ByteString toSha1ByteString$okhttp(@NotNull X509Certificate x509Certificate) {
            bt.f(x509Certificate, "$this$toSha1ByteString");
            ByteString.Companion companion = ByteString.Companion;
            PublicKey publicKey = x509Certificate.getPublicKey();
            bt.b(publicKey, "publicKey");
            byte[] encoded = publicKey.getEncoded();
            bt.b(encoded, "publicKey.encoded");
            return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha1();
        }

        @NotNull
        public final ByteString toSha256ByteString$okhttp(@NotNull X509Certificate x509Certificate) {
            bt.f(x509Certificate, "$this$toSha256ByteString");
            ByteString.Companion companion = ByteString.Companion;
            PublicKey publicKey = x509Certificate.getPublicKey();
            bt.b(publicKey, "publicKey");
            byte[] encoded = publicKey.getEncoded();
            bt.b(encoded, "publicKey.encoded");
            return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha256();
        }
    }

    /* compiled from: CertificatePinner.kt */
    /* loaded from: classes.dex */
    public static final class Pin {

        @NotNull
        private final ByteString hash;

        @NotNull
        private final String hashAlgorithm;
        private final String pattern;

        public Pin(@NotNull String str, @NotNull String str2, @NotNull ByteString byteString) {
            bt.f(str, "pattern");
            bt.f(str2, "hashAlgorithm");
            bt.f(byteString, "hash");
            this.pattern = str;
            this.hashAlgorithm = str2;
            this.hash = byteString;
        }

        private final String component1() {
            return this.pattern;
        }

        public static /* synthetic */ Pin copy$default(Pin pin, String str, String str2, ByteString byteString, int i, Object obj) {
            if ((i & 1) != 0) {
                str = pin.pattern;
            }
            if ((i & 2) != 0) {
                str2 = pin.hashAlgorithm;
            }
            if ((i & 4) != 0) {
                byteString = pin.hash;
            }
            return pin.copy(str, str2, byteString);
        }

        @NotNull
        public final String component2() {
            return this.hashAlgorithm;
        }

        @NotNull
        public final ByteString component3() {
            return this.hash;
        }

        @NotNull
        public final Pin copy(@NotNull String str, @NotNull String str2, @NotNull ByteString byteString) {
            bt.f(str, "pattern");
            bt.f(str2, "hashAlgorithm");
            bt.f(byteString, "hash");
            return new Pin(str, str2, byteString);
        }

        public boolean equals(@Nullable Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof Pin)) {
                return false;
            }
            Pin pin = (Pin) obj;
            return bt.a(this.pattern, pin.pattern) && bt.a(this.hashAlgorithm, pin.hashAlgorithm) && bt.a(this.hash, pin.hash);
        }

        @NotNull
        public final ByteString getHash() {
            return this.hash;
        }

        @NotNull
        public final String getHashAlgorithm() {
            return this.hashAlgorithm;
        }

        public int hashCode() {
            String str = this.pattern;
            int hashCode = (str != null ? str.hashCode() : 0) * 31;
            String str2 = this.hashAlgorithm;
            int hashCode2 = (hashCode + (str2 != null ? str2.hashCode() : 0)) * 31;
            ByteString byteString = this.hash;
            return hashCode2 + (byteString != null ? byteString.hashCode() : 0);
        }

        public final boolean matches(@NotNull String str) {
            bt.f(str, "hostname");
            if (tb0.u(this.pattern, "**.", false, 2, null)) {
                int length = this.pattern.length() - 3;
                int length2 = str.length() - length;
                if (!tb0.l(str, str.length() - length, this.pattern, 3, length, false, 16, null)) {
                    return false;
                }
                if (length2 != 0 && str.charAt(length2 - 1) != '.') {
                    return false;
                }
            } else {
                if (!tb0.u(this.pattern, "*.", false, 2, null)) {
                    return bt.a(str, this.pattern);
                }
                int length3 = this.pattern.length() - 1;
                int length4 = str.length() - length3;
                if (!tb0.l(str, str.length() - length3, this.pattern, 1, length3, false, 16, null) || ub0.O(str, '.', length4 - 1, false, 4, null) != -1) {
                    return false;
                }
            }
            return true;
        }

        @NotNull
        public String toString() {
            return this.hashAlgorithm + this.hash.base64();
        }
    }

    public CertificatePinner(@NotNull Set<Pin> set, @Nullable CertificateChainCleaner certificateChainCleaner) {
        bt.f(set, "pins");
        this.pins = set;
        this.certificateChainCleaner = certificateChainCleaner;
    }

    @NotNull
    public static final String pin(@NotNull Certificate certificate) {
        return Companion.pin(certificate);
    }

    public final void check(@NotNull String str, @NotNull List<? extends Certificate> list) {
        bt.f(str, "hostname");
        bt.f(list, "peerCertificates");
        check$okhttp(str, new CertificatePinner$check$1(this, list, str));
    }

    public final void check(@NotNull String str, @NotNull Certificate... certificateArr) {
        bt.f(str, "hostname");
        bt.f(certificateArr, "peerCertificates");
        check(str, g3.s(certificateArr));
    }

    public final void check$okhttp(@NotNull String str, @NotNull wl<? extends List<? extends X509Certificate>> wlVar) {
        bt.f(str, "hostname");
        bt.f(wlVar, "cleanedPeerCertificatesFn");
        List<Pin> findMatchingPins$okhttp = findMatchingPins$okhttp(str);
        if (findMatchingPins$okhttp.isEmpty()) {
            return;
        }
        List<? extends X509Certificate> invoke = wlVar.invoke();
        for (X509Certificate x509Certificate : invoke) {
            ByteString byteString = null;
            ByteString byteString2 = null;
            for (Pin pin : findMatchingPins$okhttp) {
                String hashAlgorithm = pin.getHashAlgorithm();
                int hashCode = hashAlgorithm.hashCode();
                if (hashCode != 109397962) {
                    if (hashCode == 2052263656 && hashAlgorithm.equals("sha256/")) {
                        if (byteString2 == null) {
                            byteString2 = Companion.toSha256ByteString$okhttp(x509Certificate);
                        }
                        if (bt.a(pin.getHash(), byteString2)) {
                            return;
                        }
                    }
                    throw new AssertionError("unsupported hashAlgorithm: " + pin.getHashAlgorithm());
                }
                if (!hashAlgorithm.equals("sha1/")) {
                    throw new AssertionError("unsupported hashAlgorithm: " + pin.getHashAlgorithm());
                }
                if (byteString == null) {
                    byteString = Companion.toSha1ByteString$okhttp(x509Certificate);
                }
                if (bt.a(pin.getHash(), byteString)) {
                    return;
                }
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Certificate pinning failure!");
        sb.append("\n  Peer certificate chain:");
        for (X509Certificate x509Certificate2 : invoke) {
            sb.append("\n    ");
            sb.append(Companion.pin(x509Certificate2));
            sb.append(": ");
            Principal subjectDN = x509Certificate2.getSubjectDN();
            bt.b(subjectDN, "element.subjectDN");
            sb.append(subjectDN.getName());
        }
        sb.append("\n  Pinned certificates for ");
        sb.append(str);
        sb.append(":");
        for (Pin pin2 : findMatchingPins$okhttp) {
            sb.append("\n    ");
            sb.append(pin2);
        }
        String sb2 = sb.toString();
        bt.b(sb2, "StringBuilder().apply(builderAction).toString()");
        throw new SSLPeerUnverifiedException(sb2);
    }

    public boolean equals(@Nullable Object obj) {
        if (obj instanceof CertificatePinner) {
            CertificatePinner certificatePinner = (CertificatePinner) obj;
            if (bt.a(certificatePinner.pins, this.pins) && bt.a(certificatePinner.certificateChainCleaner, this.certificateChainCleaner)) {
                return true;
            }
        }
        return false;
    }

    @NotNull
    public final List<Pin> findMatchingPins$okhttp(@NotNull String str) {
        bt.f(str, "hostname");
        List<Pin> h = oa.h();
        for (Pin pin : this.pins) {
            if (pin.matches(str)) {
                if (h.isEmpty()) {
                    h = new ArrayList<>();
                }
                vf0.a(h).add(pin);
            }
        }
        return h;
    }

    @Nullable
    public final CertificateChainCleaner getCertificateChainCleaner$okhttp() {
        return this.certificateChainCleaner;
    }

    public int hashCode() {
        int hashCode = (1517 + this.pins.hashCode()) * 41;
        CertificateChainCleaner certificateChainCleaner = this.certificateChainCleaner;
        return hashCode + (certificateChainCleaner != null ? certificateChainCleaner.hashCode() : 0);
    }

    @NotNull
    public final CertificatePinner withCertificateChainCleaner$okhttp(@Nullable CertificateChainCleaner certificateChainCleaner) {
        return bt.a(this.certificateChainCleaner, certificateChainCleaner) ? this : new CertificatePinner(this.pins, certificateChainCleaner);
    }
}
