package okhttp3;

import j.a0.d.g;
import j.a0.d.k;
import j.a0.d.x;
import j.e0.n;
import j.e0.o;
import j.q;
import j.v.h;
import j.v.m;
import j.v.u;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import okhttp3.HttpUrl;
import okhttp3.internal.tls.CertificateChainCleaner;
import okio.ByteString;

/* compiled from: CertificatePinner.kt */
/* loaded from: classes2.dex */
public final class CertificatePinner {
    public static final Companion Companion = new Companion(null);
    public static final CertificatePinner DEFAULT = new Builder().build();
    public static final String WILDCARD = "*.";
    private final CertificateChainCleaner certificateChainCleaner;
    private final Set<Pin> pins;

    /* compiled from: CertificatePinner.kt */
    /* loaded from: classes2.dex */
    public static final class Builder {
        private final List<Pin> pins = new ArrayList();

        public final Builder add(String str, String... strArr) {
            k.b(str, "pattern");
            k.b(strArr, "pins");
            for (String str2 : strArr) {
                this.pins.add(CertificatePinner.Companion.newPin$okhttp(str, str2));
            }
            return this;
        }

        public final CertificatePinner build() {
            Set e;
            e = u.e((Iterable) this.pins);
            return new CertificatePinner(e, null);
        }
    }

    /* compiled from: CertificatePinner.kt */
    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(g gVar) {
            this();
        }

        public final Pin newPin$okhttp(String str, String str2) {
            boolean b;
            String host;
            boolean b2;
            boolean b3;
            k.b(str, "pattern");
            k.b(str2, "pin");
            b = n.b(str, CertificatePinner.WILDCARD, false, 2, null);
            if (b) {
                HttpUrl.Companion companion = HttpUrl.Companion;
                StringBuilder sb = new StringBuilder();
                sb.append("http://");
                String substring = str.substring(2);
                k.a((Object) substring, "(this as java.lang.String).substring(startIndex)");
                sb.append(substring);
                host = companion.get(sb.toString()).host();
            } else {
                host = HttpUrl.Companion.get("http://" + str).host();
            }
            b2 = n.b(str2, "sha1/", false, 2, null);
            if (b2) {
                ByteString.Companion companion2 = ByteString.Companion;
                String substring2 = str2.substring(5);
                k.a((Object) substring2, "(this as java.lang.String).substring(startIndex)");
                ByteString decodeBase64 = companion2.decodeBase64(substring2);
                if (decodeBase64 != null) {
                    return new Pin(str, host, "sha1/", decodeBase64);
                }
                k.a();
                throw null;
            }
            b3 = n.b(str2, "sha256/", false, 2, null);
            if (!b3) {
                throw new IllegalArgumentException("pins must start with 'sha256/' or 'sha1/': " + str2);
            }
            ByteString.Companion companion3 = ByteString.Companion;
            String substring3 = str2.substring(7);
            k.a((Object) substring3, "(this as java.lang.String).substring(startIndex)");
            ByteString decodeBase642 = companion3.decodeBase64(substring3);
            if (decodeBase642 != null) {
                return new Pin(str, host, "sha256/", decodeBase642);
            }
            k.a();
            throw null;
        }

        public final String pin(Certificate certificate) {
            k.b(certificate, "certificate");
            if (!(certificate instanceof X509Certificate)) {
                throw new IllegalArgumentException("Certificate pinning requires X509 certificates".toString());
            }
            return "sha256/" + toSha256ByteString$okhttp((X509Certificate) certificate).base64();
        }

        public final ByteString toSha1ByteString$okhttp(X509Certificate x509Certificate) {
            k.b(x509Certificate, "$this$toSha1ByteString");
            ByteString.Companion companion = ByteString.Companion;
            PublicKey publicKey = x509Certificate.getPublicKey();
            k.a((Object) publicKey, "publicKey");
            byte[] encoded = publicKey.getEncoded();
            k.a((Object) encoded, "publicKey.encoded");
            return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha1();
        }

        public final ByteString toSha256ByteString$okhttp(X509Certificate x509Certificate) {
            k.b(x509Certificate, "$this$toSha256ByteString");
            ByteString.Companion companion = ByteString.Companion;
            PublicKey publicKey = x509Certificate.getPublicKey();
            k.a((Object) publicKey, "publicKey");
            byte[] encoded = publicKey.getEncoded();
            k.a((Object) encoded, "publicKey.encoded");
            return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha256();
        }
    }

    /* compiled from: CertificatePinner.kt */
    /* loaded from: classes2.dex */
    public static final class Pin {
        private final String canonicalHostname;
        private final ByteString hash;
        private final String hashAlgorithm;
        private final String pattern;

        public Pin(String str, String str2, String str3, ByteString byteString) {
            k.b(str, "pattern");
            k.b(str2, "canonicalHostname");
            k.b(str3, "hashAlgorithm");
            k.b(byteString, "hash");
            this.pattern = str;
            this.canonicalHostname = str2;
            this.hashAlgorithm = str3;
            this.hash = byteString;
        }

        private final String component2() {
            return this.canonicalHostname;
        }

        public static /* synthetic */ Pin copy$default(Pin pin, String str, String str2, String str3, ByteString byteString, int i2, Object obj) {
            if ((i2 & 1) != 0) {
                str = pin.pattern;
            }
            if ((i2 & 2) != 0) {
                str2 = pin.canonicalHostname;
            }
            if ((i2 & 4) != 0) {
                str3 = pin.hashAlgorithm;
            }
            if ((i2 & 8) != 0) {
                byteString = pin.hash;
            }
            return pin.copy(str, str2, str3, byteString);
        }

        public final String component1() {
            return this.pattern;
        }

        public final String component3() {
            return this.hashAlgorithm;
        }

        public final ByteString component4() {
            return this.hash;
        }

        public final Pin copy(String str, String str2, String str3, ByteString byteString) {
            k.b(str, "pattern");
            k.b(str2, "canonicalHostname");
            k.b(str3, "hashAlgorithm");
            k.b(byteString, "hash");
            return new Pin(str, str2, str3, byteString);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof Pin)) {
                return false;
            }
            Pin pin = (Pin) obj;
            return k.a((Object) this.pattern, (Object) pin.pattern) && k.a((Object) this.canonicalHostname, (Object) pin.canonicalHostname) && k.a((Object) this.hashAlgorithm, (Object) pin.hashAlgorithm) && k.a(this.hash, pin.hash);
        }

        public final ByteString getHash() {
            return this.hash;
        }

        public final String getHashAlgorithm() {
            return this.hashAlgorithm;
        }

        public final String getPattern() {
            return this.pattern;
        }

        public int hashCode() {
            String str = this.pattern;
            int hashCode = (str != null ? str.hashCode() : 0) * 31;
            String str2 = this.canonicalHostname;
            int hashCode2 = (hashCode + (str2 != null ? str2.hashCode() : 0)) * 31;
            String str3 = this.hashAlgorithm;
            int hashCode3 = (hashCode2 + (str3 != null ? str3.hashCode() : 0)) * 31;
            ByteString byteString = this.hash;
            return hashCode3 + (byteString != null ? byteString.hashCode() : 0);
        }

        public final boolean matches(String str) {
            boolean b;
            int a;
            boolean a2;
            k.b(str, "hostname");
            b = n.b(this.pattern, CertificatePinner.WILDCARD, false, 2, null);
            if (!b) {
                return k.a((Object) str, (Object) this.canonicalHostname);
            }
            a = o.a((CharSequence) str, '.', 0, false, 6, (Object) null);
            if ((str.length() - a) - 1 != this.canonicalHostname.length()) {
                return false;
            }
            a2 = n.a(str, this.canonicalHostname, a + 1, false, 4, (Object) null);
            return a2;
        }

        public String toString() {
            return this.hashAlgorithm + this.hash.base64();
        }
    }

    public CertificatePinner(Set<Pin> set, CertificateChainCleaner certificateChainCleaner) {
        k.b(set, "pins");
        this.pins = set;
        this.certificateChainCleaner = certificateChainCleaner;
    }

    public static final String pin(Certificate certificate) {
        return Companion.pin(certificate);
    }

    public final void check(String str, List<? extends Certificate> list) throws SSLPeerUnverifiedException {
        k.b(str, "hostname");
        k.b(list, "peerCertificates");
        List<Pin> findMatchingPins$okhttp = findMatchingPins$okhttp(str);
        if (findMatchingPins$okhttp.isEmpty()) {
            return;
        }
        CertificateChainCleaner certificateChainCleaner = this.certificateChainCleaner;
        if (certificateChainCleaner != null) {
            list = certificateChainCleaner.clean(list, str);
        }
        for (Certificate certificate : list) {
            if (certificate == null) {
                throw new q("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            X509Certificate x509Certificate = (X509Certificate) certificate;
            ByteString byteString = null;
            ByteString byteString2 = null;
            for (Pin pin : findMatchingPins$okhttp) {
                String hashAlgorithm = pin.getHashAlgorithm();
                int hashCode = hashAlgorithm.hashCode();
                if (hashCode != 109397962) {
                    if (hashCode == 2052263656 && hashAlgorithm.equals("sha256/")) {
                        if (byteString2 == null) {
                            byteString2 = Companion.toSha256ByteString$okhttp(x509Certificate);
                        }
                        if (k.a(pin.getHash(), byteString2)) {
                            return;
                        }
                    }
                    throw new AssertionError("unsupported hashAlgorithm: " + pin.getHashAlgorithm());
                }
                if (!hashAlgorithm.equals("sha1/")) {
                    throw new AssertionError("unsupported hashAlgorithm: " + pin.getHashAlgorithm());
                }
                if (byteString == null) {
                    byteString = Companion.toSha1ByteString$okhttp(x509Certificate);
                }
                if (k.a(pin.getHash(), byteString)) {
                    return;
                }
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Certificate pinning failure!");
        sb.append("\n  Peer certificate chain:");
        int size = list.size();
        for (int i2 = 0; i2 < size; i2++) {
            Certificate certificate2 = list.get(i2);
            if (certificate2 == null) {
                throw new q("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            X509Certificate x509Certificate2 = (X509Certificate) certificate2;
            sb.append("\n    ");
            sb.append(Companion.pin(x509Certificate2));
            sb.append(": ");
            Principal subjectDN = x509Certificate2.getSubjectDN();
            k.a((Object) subjectDN, "x509Certificate.subjectDN");
            sb.append(subjectDN.getName());
        }
        sb.append("\n  Pinned certificates for ");
        sb.append(str);
        sb.append(":");
        for (Pin pin2 : findMatchingPins$okhttp) {
            sb.append("\n    ");
            sb.append(pin2);
        }
        String sb2 = sb.toString();
        k.a((Object) sb2, "StringBuilder().apply(builderAction).toString()");
        throw new SSLPeerUnverifiedException(sb2);
    }

    public final void check(String str, Certificate... certificateArr) throws SSLPeerUnverifiedException {
        List<? extends Certificate> f;
        k.b(str, "hostname");
        k.b(certificateArr, "peerCertificates");
        f = h.f(certificateArr);
        check(str, f);
    }

    public boolean equals(Object obj) {
        if (obj instanceof CertificatePinner) {
            CertificatePinner certificatePinner = (CertificatePinner) obj;
            if (k.a(certificatePinner.pins, this.pins) && k.a(certificatePinner.certificateChainCleaner, this.certificateChainCleaner)) {
                return true;
            }
        }
        return false;
    }

    public final List<Pin> findMatchingPins$okhttp(String str) {
        List<Pin> a;
        k.b(str, "hostname");
        a = m.a();
        for (Pin pin : this.pins) {
            if (pin.matches(str)) {
                if (a.isEmpty()) {
                    a = new ArrayList<>();
                }
                if (a == null) {
                    throw new q("null cannot be cast to non-null type kotlin.collections.MutableList<okhttp3.CertificatePinner.Pin>");
                }
                x.a(a).add(pin);
            }
        }
        return a;
    }

    public int hashCode() {
        int hashCode = (1517 + this.pins.hashCode()) * 41;
        CertificateChainCleaner certificateChainCleaner = this.certificateChainCleaner;
        return hashCode + (certificateChainCleaner != null ? certificateChainCleaner.hashCode() : 0);
    }

    public final CertificatePinner withCertificateChainCleaner$okhttp(CertificateChainCleaner certificateChainCleaner) {
        return k.a(this.certificateChainCleaner, certificateChainCleaner) ? this : new CertificatePinner(this.pins, certificateChainCleaner);
    }
}
