package com.webank.mbank.okhttp3;

import com.webank.mbank.okhttp3.internal.Util;
import com.webank.mbank.okhttp3.internal.tls.CertificateChainCleaner;
import com.webank.mbank.okio.ByteString;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;

/* loaded from: classes2.dex */
public final class CertificatePinner {
    public static final CertificatePinner a = new Builder().build();
    private final Set<Pin> b;
    private final CertificateChainCleaner c;

    /* loaded from: classes2.dex */
    public static final class Builder {
        private final List<Pin> a = new ArrayList();

        public Builder add(String str, String... strArr) {
            if (str == null) {
                throw new NullPointerException("pattern == null");
            }
            for (String str2 : strArr) {
                this.a.add(new Pin(str, str2));
            }
            return this;
        }

        public CertificatePinner build() {
            return new CertificatePinner(new LinkedHashSet(this.a), null);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static final class Pin {
        final String a;
        final String b;
        final String c;
        final ByteString d;

        /* JADX WARN: Removed duplicated region for block: B:12:0x0083  */
        /* JADX WARN: Removed duplicated region for block: B:15:0x009a A[RETURN] */
        /* JADX WARN: Removed duplicated region for block: B:16:0x0070  */
        /* JADX WARN: Removed duplicated region for block: B:8:0x005b  */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        Pin(java.lang.String r3, java.lang.String r4) {
            /*
                r2 = this;
                r2.<init>()
                r2.a = r3
                java.lang.String r0 = "*."
                boolean r0 = r3.startsWith(r0)
                if (r0 == 0) goto L31
                java.lang.StringBuilder r0 = new java.lang.StringBuilder
                r0.<init>()
                java.lang.String r1 = "http://"
                r0.append(r1)
                java.lang.String r1 = "*."
            L19:
                int r1 = r1.length()
                java.lang.String r3 = r3.substring(r1)
            L21:
                r0.append(r3)
                java.lang.String r3 = r0.toString()
                com.webank.mbank.okhttp3.HttpUrl r3 = com.webank.mbank.okhttp3.HttpUrl.get(r3)
                java.lang.String r3 = r3.host()
                goto L51
            L31:
                java.lang.String r0 = "**."
                boolean r0 = r3.startsWith(r0)
                if (r0 == 0) goto L46
                java.lang.StringBuilder r0 = new java.lang.StringBuilder
                r0.<init>()
                java.lang.String r1 = "http://"
                r0.append(r1)
                java.lang.String r1 = "**."
                goto L19
            L46:
                java.lang.StringBuilder r0 = new java.lang.StringBuilder
                r0.<init>()
                java.lang.String r1 = "http://"
                r0.append(r1)
                goto L21
            L51:
                r2.b = r3
                java.lang.String r3 = "sha1/"
                boolean r3 = r4.startsWith(r3)
                if (r3 == 0) goto L70
                java.lang.String r3 = "sha1/"
                r2.c = r3
                java.lang.String r3 = "sha1/"
            L61:
                int r3 = r3.length()
                java.lang.String r3 = r4.substring(r3)
                com.webank.mbank.okio.ByteString r3 = com.webank.mbank.okio.ByteString.decodeBase64(r3)
                r2.d = r3
                goto L7f
            L70:
                java.lang.String r3 = "sha256/"
                boolean r3 = r4.startsWith(r3)
                if (r3 == 0) goto L9b
                java.lang.String r3 = "sha256/"
                r2.c = r3
                java.lang.String r3 = "sha256/"
                goto L61
            L7f:
                com.webank.mbank.okio.ByteString r2 = r2.d
                if (r2 != 0) goto L9a
                java.lang.IllegalArgumentException r2 = new java.lang.IllegalArgumentException
                java.lang.StringBuilder r3 = new java.lang.StringBuilder
                r3.<init>()
                java.lang.String r0 = "pins must be base64: "
                r3.append(r0)
                r3.append(r4)
                java.lang.String r3 = r3.toString()
                r2.<init>(r3)
                throw r2
            L9a:
                return
            L9b:
                java.lang.IllegalArgumentException r2 = new java.lang.IllegalArgumentException
                java.lang.StringBuilder r3 = new java.lang.StringBuilder
                r3.<init>()
                java.lang.String r0 = "pins must start with 'sha256/' or 'sha1/': "
                r3.append(r0)
                r3.append(r4)
                java.lang.String r3 = r3.toString()
                r2.<init>(r3)
                throw r2
            */
            throw new UnsupportedOperationException("Method not decompiled: com.webank.mbank.okhttp3.CertificatePinner.Pin.<init>(java.lang.String, java.lang.String):void");
        }

        boolean a(String str) {
            if (this.a.startsWith("**.")) {
                return str.endsWith("." + this.b);
            }
            if (!this.a.startsWith("*.")) {
                return str.equals(this.b);
            }
            int indexOf = str.indexOf(46);
            return (str.length() - indexOf) - 1 == this.b.length() && str.regionMatches(false, indexOf + 1, this.b, 0, this.b.length());
        }

        public boolean equals(Object obj) {
            if (!(obj instanceof Pin)) {
                return false;
            }
            Pin pin = (Pin) obj;
            return this.a.equals(pin.a) && this.c.equals(pin.c) && this.d.equals(pin.d);
        }

        public int hashCode() {
            return (31 * (((527 + this.a.hashCode()) * 31) + this.c.hashCode())) + this.d.hashCode();
        }

        public String toString() {
            return this.c + this.d.base64();
        }
    }

    CertificatePinner(Set<Pin> set, CertificateChainCleaner certificateChainCleaner) {
        this.b = set;
        this.c = certificateChainCleaner;
    }

    static ByteString a(X509Certificate x509Certificate) {
        return ByteString.of(x509Certificate.getPublicKey().getEncoded()).sha1();
    }

    static ByteString b(X509Certificate x509Certificate) {
        return ByteString.of(x509Certificate.getPublicKey().getEncoded()).sha256();
    }

    public static String pin(Certificate certificate) {
        if (!(certificate instanceof X509Certificate)) {
            throw new IllegalArgumentException("Certificate pinning requires X509 certificates");
        }
        return "sha256/" + b((X509Certificate) certificate).base64();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificatePinner a(CertificateChainCleaner certificateChainCleaner) {
        return Util.equal(this.c, certificateChainCleaner) ? this : new CertificatePinner(this.b, certificateChainCleaner);
    }

    List<Pin> a(String str) {
        List<Pin> emptyList = Collections.emptyList();
        for (Pin pin : this.b) {
            if (pin.a(str)) {
                if (emptyList.isEmpty()) {
                    emptyList = new ArrayList<>();
                }
                emptyList.add(pin);
            }
        }
        return emptyList;
    }

    public void check(String str, List<Certificate> list) throws SSLPeerUnverifiedException {
        check(str, list, true);
    }

    public void check(String str, List<Certificate> list, boolean z) throws SSLPeerUnverifiedException {
        List<Pin> a2 = a(str);
        if (a2.isEmpty()) {
            return;
        }
        if (this.c != null && z) {
            list = this.c.clean(list, str);
        }
        int size = list.size();
        for (int i = 0; i < size; i++) {
            X509Certificate x509Certificate = (X509Certificate) list.get(i);
            int size2 = a2.size();
            ByteString byteString = null;
            ByteString byteString2 = null;
            for (int i2 = 0; i2 < size2; i2++) {
                Pin pin = a2.get(i2);
                if (pin.c.equals("sha256/")) {
                    if (byteString == null) {
                        byteString = b(x509Certificate);
                    }
                    if (pin.d.equals(byteString)) {
                        return;
                    }
                } else {
                    if (!pin.c.equals("sha1/")) {
                        throw new AssertionError("unsupported hashAlgorithm: " + pin.c);
                    }
                    if (byteString2 == null) {
                        byteString2 = a(x509Certificate);
                    }
                    if (pin.d.equals(byteString2)) {
                        return;
                    }
                }
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Certificate pinning failure!");
        sb.append("\n  Peer certificate chain:");
        int size3 = list.size();
        for (int i3 = 0; i3 < size3; i3++) {
            X509Certificate x509Certificate2 = (X509Certificate) list.get(i3);
            sb.append("\n    ");
            sb.append(pin(x509Certificate2));
            sb.append(": ");
            sb.append(x509Certificate2.getSubjectDN().getName());
        }
        sb.append("\n  Pinned certificates for ");
        sb.append(str);
        sb.append(":");
        int size4 = a2.size();
        for (int i4 = 0; i4 < size4; i4++) {
            Pin pin2 = a2.get(i4);
            sb.append("\n    ");
            sb.append(pin2);
        }
        throw new SSLPeerUnverifiedException(sb.toString());
    }

    public void check(String str, Certificate... certificateArr) throws SSLPeerUnverifiedException {
        check(str, Arrays.asList(certificateArr));
    }

    public void checkPin(String str, Certificate... certificateArr) throws SSLPeerUnverifiedException {
        check(str, Arrays.asList(certificateArr), false);
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof CertificatePinner)) {
            return false;
        }
        CertificatePinner certificatePinner = (CertificatePinner) obj;
        return Util.equal(this.c, certificatePinner.c) && this.b.equals(certificatePinner.b);
    }

    public int hashCode() {
        return (31 * (this.c != null ? this.c.hashCode() : 0)) + this.b.hashCode();
    }
}
