package com.appmattus.certificatetransparency.internal.verifier;

import com.appmattus.certificatetransparency.BasicAndroidCTLogger;
import com.appmattus.certificatetransparency.SctVerificationResult;
import com.appmattus.certificatetransparency.VerificationResult;
import com.appmattus.certificatetransparency.chaincleaner.CertificateChainCleaner;
import com.appmattus.certificatetransparency.internal.utils.Base64;
import com.appmattus.certificatetransparency.internal.utils.CertificateExtKt;
import com.appmattus.certificatetransparency.internal.utils.X509CertificateExtKt;
import com.appmattus.certificatetransparency.internal.verifier.model.Host;
import com.appmattus.certificatetransparency.internal.verifier.model.SignedCertificateTimestamp;
import com.appmattus.certificatetransparency.loglist.LogListResult;
import com.appmattus.certificatetransparency.loglist.LogServer;
import java.io.IOException;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.CollectionsKt;
import kotlin.collections.EmptyList;
import kotlin.collections.MapsKt;
import kotlin.coroutines.EmptyCoroutineContext;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.coroutines.BuildersKt;
import okhttp3.Handshake;
import okhttp3.Interceptor;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.internal.connection.RealConnection;
import okhttp3.internal.http.RealInterceptorChain;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@Metadata(d1 = {"\u0000\u000e\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\b\u0000\u0018\u00002\u00020\u00012\u00020\u0002¨\u0006\u0003"}, d2 = {"Lcom/appmattus/certificatetransparency/internal/verifier/CertificateTransparencyInterceptor;", "Lokhttp3/Interceptor;", "Lcom/appmattus/certificatetransparency/internal/verifier/CertificateTransparencyBase;", "certificatetransparency"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes4.dex */
public final class CertificateTransparencyInterceptor extends CertificateTransparencyBase implements Interceptor {
    public final boolean g;

    @Nullable
    public final BasicAndroidCTLogger h;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public CertificateTransparencyInterceptor(@NotNull Set includeHosts, @NotNull Set excludeHosts, boolean z, @Nullable BasicAndroidCTLogger basicAndroidCTLogger) {
        super(includeHosts, excludeHosts, null, null, null, null, null, null);
        Intrinsics.g(includeHosts, "includeHosts");
        Intrinsics.g(excludeHosts, "excludeHosts");
        this.g = z;
        this.h = basicAndroidCTLogger;
    }

    @Override // okhttp3.Interceptor
    @NotNull
    public final Response a(@NotNull RealInterceptorChain realInterceptorChain) {
        List<Certificate> certificates;
        VerificationResult result;
        LogListResult logListZipFailedLoadingWithException;
        SctVerificationResult sctVerificationResult;
        Request request = realInterceptorChain.f26191e;
        String host = request.a.d;
        RealConnection a = realInterceptorChain.a();
        if (a == null) {
            throw new IllegalStateException("No connection found. Verify interceptor is added using addNetworkInterceptor");
        }
        Handshake handshake = a.f26179e;
        if (handshake == null || (certificates = handshake.a()) == null) {
            certificates = EmptyList.a;
        }
        Socket socket = a.d;
        Intrinsics.d(socket);
        if (socket instanceof SSLSocket) {
            Intrinsics.g(host, "host");
            Intrinsics.g(certificates, "certificates");
            Set<Host> set = this.f1346b;
            if (!(set instanceof Collection) || !set.isEmpty()) {
                Iterator<T> it = set.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (((Host) it.next()).a(host)) {
                        Set<Host> set2 = this.a;
                        if (!(set2 instanceof Collection) || !set2.isEmpty()) {
                            Iterator<T> it2 = set2.iterator();
                            while (it2.hasNext()) {
                                if (((Host) it2.next()).a(host)) {
                                }
                            }
                        }
                        result = new VerificationResult.Success.DisabledForHost(host);
                    }
                }
            }
            if (certificates.isEmpty()) {
                result = VerificationResult.Failure.NoCertificates.f1282b;
            } else {
                CertificateChainCleaner certificateChainCleaner = (CertificateChainCleaner) this.d.getValue();
                ArrayList arrayList = new ArrayList();
                for (Object obj : certificates) {
                    if (obj instanceof X509Certificate) {
                        arrayList.add(obj);
                    }
                }
                List<X509Certificate> clean = certificateChainCleaner.clean(arrayList, host);
                if (clean.isEmpty()) {
                    result = VerificationResult.Failure.NoCertificates.f1282b;
                } else {
                    try {
                        logListZipFailedLoadingWithException = (LogListResult) BuildersKt.d(EmptyCoroutineContext.a, new CertificateTransparencyBase$hasValidSignedCertificateTimestamp$result$1(this, null));
                    } catch (Exception e2) {
                        logListZipFailedLoadingWithException = new LogListResult.Invalid.LogListZipFailedLoadingWithException(e2);
                    }
                    if (logListZipFailedLoadingWithException instanceof LogListResult.Valid) {
                        List<LogServer> a5 = ((LogListResult.Valid) logListZipFailedLoadingWithException).a();
                        int f = MapsKt.f(CollectionsKt.u(a5, 10));
                        int i = 16;
                        if (f < 16) {
                            f = 16;
                        }
                        LinkedHashMap linkedHashMap = new LinkedHashMap(f);
                        for (LogServer logServer : a5) {
                            Base64 base64 = Base64.a;
                            byte[] bArr = logServer.f1373e;
                            base64.getClass();
                            linkedHashMap.put(Base64.b(bArr), new LogSignatureVerifier(logServer));
                        }
                        X509Certificate x509Certificate = clean.get(0);
                        if (CertificateExtKt.a(x509Certificate)) {
                            try {
                                List<SignedCertificateTimestamp> a6 = X509CertificateExtKt.a(x509Certificate);
                                int f4 = MapsKt.f(CollectionsKt.u(a6, 10));
                                if (f4 >= 16) {
                                    i = f4;
                                }
                                LinkedHashMap linkedHashMap2 = new LinkedHashMap(i);
                                for (Object obj2 : a6) {
                                    Base64 base642 = Base64.a;
                                    byte[] bArr2 = ((SignedCertificateTimestamp) obj2).f1356b.a;
                                    base642.getClass();
                                    linkedHashMap2.put(Base64.b(bArr2), obj2);
                                }
                                LinkedHashMap linkedHashMap3 = new LinkedHashMap(MapsKt.f(linkedHashMap2.size()));
                                for (Object obj3 : linkedHashMap2.entrySet()) {
                                    Object key = ((Map.Entry) obj3).getKey();
                                    Map.Entry entry = (Map.Entry) obj3;
                                    String str = (String) entry.getKey();
                                    SignedCertificateTimestamp signedCertificateTimestamp = (SignedCertificateTimestamp) entry.getValue();
                                    LogSignatureVerifier logSignatureVerifier = (LogSignatureVerifier) linkedHashMap.get(str);
                                    if (logSignatureVerifier == null || (sctVerificationResult = logSignatureVerifier.f(signedCertificateTimestamp, clean)) == null) {
                                        sctVerificationResult = SctVerificationResult.Invalid.NoTrustedLogServerFound.a;
                                    }
                                    linkedHashMap3.put(key, sctVerificationResult);
                                }
                                result = this.f.a(x509Certificate, linkedHashMap3);
                                if ((result instanceof VerificationResult.Success) && ((logListZipFailedLoadingWithException instanceof LogListResult.Valid.StaleNetworkUsingCachedData) || (logListZipFailedLoadingWithException instanceof LogListResult.Valid.StaleNetworkUsingNetworkData))) {
                                    result = new VerificationResult.Success.StaleNetwork((VerificationResult.Success) result, (LogListResult.Valid) logListZipFailedLoadingWithException);
                                }
                            } catch (IOException e4) {
                                result = new VerificationResult.Failure.UnknownIoException(e4);
                            }
                        } else {
                            result = VerificationResult.Failure.NoScts.f1283b;
                        }
                    } else if (logListZipFailedLoadingWithException instanceof LogListResult.DisableChecks) {
                        result = new VerificationResult.Success.DisabledStaleLogList((LogListResult.DisableChecks) logListZipFailedLoadingWithException);
                    } else if (logListZipFailedLoadingWithException instanceof LogListResult.Invalid) {
                        result = new VerificationResult.Failure.LogServersFailed((LogListResult.Invalid) logListZipFailedLoadingWithException);
                    } else {
                        if (logListZipFailedLoadingWithException != null) {
                            throw new NoWhenBranchMatchedException();
                        }
                        result = new VerificationResult.Failure.LogServersFailed(LogListResult.Invalid.NoLogServers.a);
                    }
                }
            }
        } else {
            result = new VerificationResult.Success.InsecureConnection(host);
        }
        BasicAndroidCTLogger basicAndroidCTLogger = this.h;
        if (basicAndroidCTLogger != null) {
            basicAndroidCTLogger.getClass();
            Intrinsics.g(host, "host");
            Intrinsics.g(result, "result");
        }
        if ((result instanceof VerificationResult.Failure) && this.g) {
            throw new SSLPeerUnverifiedException("Certificate transparency failed");
        }
        return realInterceptorChain.c(request);
    }
}
