package okhttp3;

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import kotlin.collections.a0;
import kotlin.collections.h0;
import kotlin.collections.r0;
import kotlin.jvm.internal.l0;
import kotlin.jvm.internal.r1;
import kotlin.jvm.internal.u1;
import kotlin.jvm.internal.w;
import kotlin.text.q0;
import okhttp3.internal.HostnamesKt;
import okhttp3.internal.tls.CertificateChainCleaner;
import okio.ByteString;
import ri.l;
import ri.m;
import tf.f;
import tf.n;
import va.u;
import ze.d1;

@r1({"SMAP\nCertificatePinner.kt\nKotlin\n*S Kotlin\n*F\n+ 1 CertificatePinner.kt\nokhttp3/CertificatePinner\n+ 2 Util.kt\nokhttp3/internal/Util\n*L\n1#1,370:1\n625#2,8:371\n*S KotlinDebug\n*F\n+ 1 CertificatePinner.kt\nokhttp3/CertificatePinner\n*L\n216#1:371,8\n*E\n"})
/* loaded from: classes6.dex */
public final class CertificatePinner {

    @l
    public static final Companion Companion = new Companion(null);

    @l
    @f
    public static final CertificatePinner DEFAULT = new Builder().build();

    @m
    private final CertificateChainCleaner certificateChainCleaner;

    @l
    private final Set<Pin> pins;

    /* loaded from: classes6.dex */
    public static final class Builder {

        @l
        private final List<Pin> pins = new ArrayList();

        @l
        public final Builder add(@l String pattern, @l String... pins) {
            l0.p(pattern, "pattern");
            l0.p(pins, "pins");
            for (String str : pins) {
                this.pins.add(new Pin(pattern, str));
            }
            return this;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @l
        public final CertificatePinner build() {
            return new CertificatePinner(r0.d6(this.pins), null, 2, 0 == true ? 1 : 0);
        }

        @l
        public final List<Pin> getPins() {
            return this.pins;
        }
    }

    @r1({"SMAP\nCertificatePinner.kt\nKotlin\n*S Kotlin\n*F\n+ 1 CertificatePinner.kt\nokhttp3/CertificatePinner$Companion\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,370:1\n1#2:371\n*E\n"})
    /* loaded from: classes6.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(w wVar) {
            this();
        }

        @l
        @n
        public final String pin(@l Certificate certificate) {
            l0.p(certificate, "certificate");
            if (!(certificate instanceof X509Certificate)) {
                throw new IllegalArgumentException("Certificate pinning requires X509 certificates");
            }
            return "sha256/" + sha256Hash((X509Certificate) certificate).base64();
        }

        @l
        @n
        public final ByteString sha1Hash(@l X509Certificate x509Certificate) {
            l0.p(x509Certificate, "<this>");
            ByteString.Companion companion = ByteString.Companion;
            byte[] encoded = x509Certificate.getPublicKey().getEncoded();
            l0.o(encoded, "publicKey.encoded");
            return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha1();
        }

        @l
        @n
        public final ByteString sha256Hash(@l X509Certificate x509Certificate) {
            l0.p(x509Certificate, "<this>");
            ByteString.Companion companion = ByteString.Companion;
            byte[] encoded = x509Certificate.getPublicKey().getEncoded();
            l0.o(encoded, "publicKey.encoded");
            return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha256();
        }
    }

    /* loaded from: classes6.dex */
    public static final class Pin {

        @l
        private final ByteString hash;

        @l
        private final String hashAlgorithm;

        @l
        private final String pattern;

        public Pin(@l String pattern, @l String pin) {
            l0.p(pattern, "pattern");
            l0.p(pin, "pin");
            if ((!kotlin.text.l0.B2(pattern, "*.", false, 2, null) || q0.B3(pattern, "*", 1, false, 4, null) != -1) && ((!kotlin.text.l0.B2(pattern, "**.", false, 2, null) || q0.B3(pattern, "*", 2, false, 4, null) != -1) && q0.B3(pattern, "*", 0, false, 6, null) != -1)) {
                throw new IllegalArgumentException(("Unexpected pattern: " + pattern).toString());
            }
            String canonicalHost = HostnamesKt.toCanonicalHost(pattern);
            if (canonicalHost == null) {
                throw new IllegalArgumentException("Invalid pattern: " + pattern);
            }
            this.pattern = canonicalHost;
            if (kotlin.text.l0.B2(pin, "sha1/", false, 2, null)) {
                this.hashAlgorithm = "sha1";
                ByteString.Companion companion = ByteString.Companion;
                String substring = pin.substring(5);
                l0.o(substring, "this as java.lang.String).substring(startIndex)");
                ByteString decodeBase64 = companion.decodeBase64(substring);
                if (decodeBase64 != null) {
                    this.hash = decodeBase64;
                    return;
                }
                throw new IllegalArgumentException("Invalid pin hash: " + pin);
            }
            if (!kotlin.text.l0.B2(pin, "sha256/", false, 2, null)) {
                throw new IllegalArgumentException("pins must start with 'sha256/' or 'sha1/': " + pin);
            }
            this.hashAlgorithm = "sha256";
            ByteString.Companion companion2 = ByteString.Companion;
            String substring2 = pin.substring(7);
            l0.o(substring2, "this as java.lang.String).substring(startIndex)");
            ByteString decodeBase642 = companion2.decodeBase64(substring2);
            if (decodeBase642 != null) {
                this.hash = decodeBase642;
                return;
            }
            throw new IllegalArgumentException("Invalid pin hash: " + pin);
        }

        public boolean equals(@m Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof Pin)) {
                return false;
            }
            Pin pin = (Pin) obj;
            return l0.g(this.pattern, pin.pattern) && l0.g(this.hashAlgorithm, pin.hashAlgorithm) && l0.g(this.hash, pin.hash);
        }

        @l
        public final ByteString getHash() {
            return this.hash;
        }

        @l
        public final String getHashAlgorithm() {
            return this.hashAlgorithm;
        }

        @l
        public final String getPattern() {
            return this.pattern;
        }

        public int hashCode() {
            return (((this.pattern.hashCode() * 31) + this.hashAlgorithm.hashCode()) * 31) + this.hash.hashCode();
        }

        public final boolean matchesCertificate(@l X509Certificate certificate) {
            l0.p(certificate, "certificate");
            String str = this.hashAlgorithm;
            if (l0.g(str, "sha256")) {
                return l0.g(this.hash, CertificatePinner.Companion.sha256Hash(certificate));
            }
            if (l0.g(str, "sha1")) {
                return l0.g(this.hash, CertificatePinner.Companion.sha1Hash(certificate));
            }
            return false;
        }

        public final boolean matchesHostname(@l String hostname) {
            l0.p(hostname, "hostname");
            if (kotlin.text.l0.B2(this.pattern, "**.", false, 2, null)) {
                int length = this.pattern.length() - 3;
                int length2 = hostname.length() - length;
                if (!kotlin.text.l0.m2(hostname, hostname.length() - length, this.pattern, 3, length, false, 16, null)) {
                    return false;
                }
                if (length2 != 0 && hostname.charAt(length2 - 1) != '.') {
                    return false;
                }
            } else {
                if (!kotlin.text.l0.B2(this.pattern, "*.", false, 2, null)) {
                    return l0.g(hostname, this.pattern);
                }
                int length3 = this.pattern.length() - 1;
                int length4 = hostname.length() - length3;
                if (!kotlin.text.l0.m2(hostname, hostname.length() - length3, this.pattern, 1, length3, false, 16, null) || q0.P3(hostname, '.', length4 - 1, false, 4, null) != -1) {
                    return false;
                }
            }
            return true;
        }

        @l
        public String toString() {
            return this.hashAlgorithm + '/' + this.hash.base64();
        }
    }

    public CertificatePinner(@l Set<Pin> pins, @m CertificateChainCleaner certificateChainCleaner) {
        l0.p(pins, "pins");
        this.pins = pins;
        this.certificateChainCleaner = certificateChainCleaner;
    }

    public /* synthetic */ CertificatePinner(Set set, CertificateChainCleaner certificateChainCleaner, int i10, w wVar) {
        this(set, (i10 & 2) != 0 ? null : certificateChainCleaner);
    }

    @l
    @n
    public static final String pin(@l Certificate certificate) {
        return Companion.pin(certificate);
    }

    @l
    @n
    public static final ByteString sha1Hash(@l X509Certificate x509Certificate) {
        return Companion.sha1Hash(x509Certificate);
    }

    @l
    @n
    public static final ByteString sha256Hash(@l X509Certificate x509Certificate) {
        return Companion.sha256Hash(x509Certificate);
    }

    public final void check(@l String hostname, @l List<? extends Certificate> peerCertificates) throws SSLPeerUnverifiedException {
        l0.p(hostname, "hostname");
        l0.p(peerCertificates, "peerCertificates");
        check$okhttp(hostname, new CertificatePinner$check$1(this, peerCertificates, hostname));
    }

    @ze.l(message = "replaced with {@link #check(String, List)}.", replaceWith = @d1(expression = "check(hostname, peerCertificates.toList())", imports = {}))
    public final void check(@l String hostname, @l Certificate... peerCertificates) throws SSLPeerUnverifiedException {
        l0.p(hostname, "hostname");
        l0.p(peerCertificates, "peerCertificates");
        check(hostname, a0.Ty(peerCertificates));
    }

    public final void check$okhttp(@l String hostname, @l uf.a<? extends List<? extends X509Certificate>> cleanedPeerCertificatesFn) {
        l0.p(hostname, "hostname");
        l0.p(cleanedPeerCertificatesFn, "cleanedPeerCertificatesFn");
        List<Pin> findMatchingPins = findMatchingPins(hostname);
        if (findMatchingPins.isEmpty()) {
            return;
        }
        List<? extends X509Certificate> invoke = cleanedPeerCertificatesFn.invoke();
        for (X509Certificate x509Certificate : invoke) {
            ByteString byteString = null;
            ByteString byteString2 = null;
            for (Pin pin : findMatchingPins) {
                String hashAlgorithm = pin.getHashAlgorithm();
                if (l0.g(hashAlgorithm, "sha256")) {
                    if (byteString == null) {
                        byteString = Companion.sha256Hash(x509Certificate);
                    }
                    if (l0.g(pin.getHash(), byteString)) {
                        return;
                    }
                } else {
                    if (!l0.g(hashAlgorithm, "sha1")) {
                        throw new AssertionError("unsupported hashAlgorithm: " + pin.getHashAlgorithm());
                    }
                    if (byteString2 == null) {
                        byteString2 = Companion.sha1Hash(x509Certificate);
                    }
                    if (l0.g(pin.getHash(), byteString2)) {
                        return;
                    }
                }
            }
        }
        StringBuilder sb2 = new StringBuilder();
        sb2.append("Certificate pinning failure!");
        sb2.append("\n  Peer certificate chain:");
        for (X509Certificate x509Certificate2 : invoke) {
            sb2.append("\n    ");
            sb2.append(Companion.pin(x509Certificate2));
            sb2.append(": ");
            sb2.append(x509Certificate2.getSubjectDN().getName());
        }
        sb2.append("\n  Pinned certificates for ");
        sb2.append(hostname);
        sb2.append(u.f74994c);
        for (Pin pin2 : findMatchingPins) {
            sb2.append("\n    ");
            sb2.append(pin2);
        }
        String sb3 = sb2.toString();
        l0.o(sb3, "StringBuilder().apply(builderAction).toString()");
        throw new SSLPeerUnverifiedException(sb3);
    }

    public boolean equals(@m Object obj) {
        if (obj instanceof CertificatePinner) {
            CertificatePinner certificatePinner = (CertificatePinner) obj;
            if (l0.g(certificatePinner.pins, this.pins) && l0.g(certificatePinner.certificateChainCleaner, this.certificateChainCleaner)) {
                return true;
            }
        }
        return false;
    }

    @l
    public final List<Pin> findMatchingPins(@l String hostname) {
        l0.p(hostname, "hostname");
        Set<Pin> set = this.pins;
        List<Pin> H = h0.H();
        for (Object obj : set) {
            if (((Pin) obj).matchesHostname(hostname)) {
                if (H.isEmpty()) {
                    H = new ArrayList<>();
                }
                l0.n(H, "null cannot be cast to non-null type kotlin.collections.MutableList<T of okhttp3.internal.Util.filterList>");
                u1.g(H).add(obj);
            }
        }
        return H;
    }

    @m
    public final CertificateChainCleaner getCertificateChainCleaner$okhttp() {
        return this.certificateChainCleaner;
    }

    @l
    public final Set<Pin> getPins() {
        return this.pins;
    }

    public int hashCode() {
        int hashCode = (1517 + this.pins.hashCode()) * 41;
        CertificateChainCleaner certificateChainCleaner = this.certificateChainCleaner;
        return hashCode + (certificateChainCleaner != null ? certificateChainCleaner.hashCode() : 0);
    }

    @l
    public final CertificatePinner withCertificateChainCleaner$okhttp(@l CertificateChainCleaner certificateChainCleaner) {
        l0.p(certificateChainCleaner, "certificateChainCleaner");
        return l0.g(this.certificateChainCleaner, certificateChainCleaner) ? this : new CertificatePinner(this.pins, certificateChainCleaner);
    }
}
