package com.appmattus.certificatetransparency.internal.verifier;

import A.a;
import I.g;
import L.b;
import N.e;
import N.i;
import O3.d;
import P.f;
import R2.AbstractC0338i;
import R2.AbstractC0345p;
import com.appmattus.certificatetransparency.chaincleaner.CertificateChainCleanerFactory;
import com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyTrustManagerExtended;
import e3.InterfaceC0683a;
import java.lang.reflect.Method;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.j;
import kotlin.jvm.internal.s;
import y.InterfaceC1705a;
import y.InterfaceC1706b;
import y.n;
import z.InterfaceC1727b;

/* loaded from: classes.dex */
public final class CertificateTransparencyTrustManagerExtended extends X509ExtendedTrustManager implements X509TrustManager {
    private final Method checkServerTrustedMethodApi17;
    private final Method checkServerTrustedMethodApi36;
    private final e ctBase;
    private final X509TrustManager delegate;
    private final InterfaceC0683a failOnError;
    private final Method isSameTrustConfigurationMethod;
    private final InterfaceC1705a logger;

    public CertificateTransparencyTrustManagerExtended(X509TrustManager delegate, Set<Object> includeHosts, Set<Object> excludeHosts, CertificateChainCleanerFactory certificateChainCleanerFactory, f fVar, a aVar, InterfaceC1706b interfaceC1706b, InterfaceC1727b interfaceC1727b, InterfaceC0683a failOnError, InterfaceC1705a interfaceC1705a) {
        Method method;
        Method method2;
        s.e(delegate, "delegate");
        s.e(includeHosts, "includeHosts");
        s.e(excludeHosts, "excludeHosts");
        s.e(failOnError, "failOnError");
        this.delegate = delegate;
        this.failOnError = failOnError;
        this.logger = interfaceC1705a;
        this.ctBase = new e(includeHosts, excludeHosts, certificateChainCleanerFactory, delegate, fVar, aVar, interfaceC1706b, interfaceC1727b);
        Method method3 = null;
        try {
            method = delegate.getClass().getDeclaredMethod("checkServerTrusted", X509Certificate[].class, String.class, String.class);
        } catch (NoSuchMethodException unused) {
            method = null;
        }
        this.checkServerTrustedMethodApi17 = method;
        try {
            method2 = this.delegate.getClass().getDeclaredMethod("checkServerTrusted", X509Certificate[].class, byte[].class, byte[].class, String.class, String.class);
        } catch (NoSuchMethodException unused2) {
            method2 = null;
        }
        this.checkServerTrustedMethodApi36 = method2;
        try {
            method3 = this.delegate.getClass().getDeclaredMethod("isSameTrustConfiguration", String.class, String.class);
        } catch (NoSuchMethodException unused3) {
        }
        this.isSameTrustConfigurationMethod = method3;
    }

    public /* synthetic */ CertificateTransparencyTrustManagerExtended(X509TrustManager x509TrustManager, Set set, Set set2, CertificateChainCleanerFactory certificateChainCleanerFactory, f fVar, a aVar, InterfaceC1706b interfaceC1706b, InterfaceC1727b interfaceC1727b, InterfaceC0683a interfaceC0683a, InterfaceC1705a interfaceC1705a, int i6, j jVar) {
        this(x509TrustManager, set, set2, certificateChainCleanerFactory, fVar, aVar, interfaceC1706b, interfaceC1727b, (i6 & 256) != 0 ? new InterfaceC0683a() { // from class: N.o
            @Override // e3.InterfaceC0683a
            public final Object invoke() {
                boolean _init_$lambda$0;
                _init_$lambda$0 = CertificateTransparencyTrustManagerExtended._init_$lambda$0();
                return Boolean.valueOf(_init_$lambda$0);
            }
        } : interfaceC0683a, (i6 & 512) != 0 ? null : interfaceC1705a);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final boolean _init_$lambda$0() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final String checkServerTrusted$lambda$2(L.a query) {
        Object obj;
        List b6;
        L.a aVar;
        List b7;
        L.a aVar2;
        s.e(query, "$this$query");
        Iterator it = query.b().iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            if (s.a(((L.a) AbstractC0345p.I(((L.a) AbstractC0345p.I(((L.a) obj).b())).b())).a(), "2.5.4.3")) {
                break;
            }
        }
        L.a aVar3 = (L.a) obj;
        if (aVar3 == null || (b6 = aVar3.b()) == null || (aVar = (L.a) AbstractC0345p.I(b6)) == null || (b7 = aVar.b()) == null || (aVar2 = (L.a) b7.get(1)) == null) {
            return null;
        }
        return aVar2.c();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType) {
        s.e(chain, "chain");
        s.e(authType, "authType");
        this.delegate.checkClientTrusted(chain, authType);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) {
        s.e(chain, "chain");
        s.e(authType, "authType");
        s.e(socket, "socket");
        if (i.a(this.delegate)) {
            N.j.a(this.delegate).checkClientTrusted(chain, authType, socket);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {
        s.e(chain, "chain");
        s.e(authType, "authType");
        s.e(engine, "engine");
        if (i.a(this.delegate)) {
            N.j.a(this.delegate).checkClientTrusted(chain, authType, engine);
        }
    }

    public final List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, String host) {
        s.e(chain, "chain");
        s.e(authType, "authType");
        s.e(host, "host");
        Method method = this.checkServerTrustedMethodApi17;
        s.b(method);
        Object invoke = method.invoke(this.delegate, chain, authType, host);
        s.c(invoke, "null cannot be cast to non-null type kotlin.collections.List<java.security.cert.X509Certificate>");
        List<X509Certificate> list = (List) invoke;
        n verifyCertificateTransparency = verifyCertificateTransparency(host, AbstractC0345p.g0(list));
        InterfaceC1705a interfaceC1705a = this.logger;
        if (interfaceC1705a != null) {
            interfaceC1705a.log(host, verifyCertificateTransparency);
        }
        if ((verifyCertificateTransparency instanceof n.b) && ((Boolean) this.failOnError.invoke()).booleanValue()) {
            throw new CertificateException("Certificate transparency failed");
        }
        return list;
    }

    public final List<X509Certificate> checkServerTrusted(X509Certificate[] chain, byte[] bArr, byte[] bArr2, String authType, String host) {
        s.e(chain, "chain");
        s.e(authType, "authType");
        s.e(host, "host");
        Method method = this.checkServerTrustedMethodApi36;
        s.b(method);
        Object invoke = method.invoke(this.delegate, chain, bArr, bArr2, authType, host);
        s.c(invoke, "null cannot be cast to non-null type kotlin.collections.List<java.security.cert.X509Certificate>");
        List<X509Certificate> list = (List) invoke;
        n verifyCertificateTransparency = verifyCertificateTransparency(host, AbstractC0345p.g0(list));
        InterfaceC1705a interfaceC1705a = this.logger;
        if (interfaceC1705a != null) {
            interfaceC1705a.log(host, verifyCertificateTransparency);
        }
        if ((verifyCertificateTransparency instanceof n.b) && ((Boolean) this.failOnError.invoke()).booleanValue()) {
            throw new CertificateException("Certificate transparency failed");
        }
        return list;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType) {
        s.e(chain, "chain");
        s.e(authType, "authType");
        this.delegate.checkServerTrusted(chain, authType);
        byte[] encoded = ((X509Certificate) AbstractC0338i.C(chain)).getSubjectX500Principal().getEncoded();
        s.d(encoded, "getEncoded(...)");
        String str = (String) b.a(g.f(encoded, null, 1, null), new Function1() { // from class: N.p
            @Override // kotlin.jvm.functions.Function1
            public final Object invoke(Object obj) {
                String checkServerTrusted$lambda$2;
                checkServerTrusted$lambda$2 = CertificateTransparencyTrustManagerExtended.checkServerTrusted$lambda$2((L.a) obj);
                return checkServerTrusted$lambda$2;
            }
        });
        if (str == null) {
            throw new CertificateException("No commonName found in certificate subjectDN");
        }
        n verifyCertificateTransparency = verifyCertificateTransparency(str, AbstractC0338i.P(chain));
        InterfaceC1705a interfaceC1705a = this.logger;
        if (interfaceC1705a != null) {
            interfaceC1705a.log(str, verifyCertificateTransparency);
        }
        if ((verifyCertificateTransparency instanceof n.b) && ((Boolean) this.failOnError.invoke()).booleanValue()) {
            throw new CertificateException("Certificate transparency failed");
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) {
        s.e(chain, "chain");
        s.e(authType, "authType");
        s.e(socket, "socket");
        if (i.a(this.delegate)) {
            N.j.a(this.delegate).checkServerTrusted(chain, authType, socket);
        }
        String I5 = d.I(socket);
        n verifyCertificateTransparency = verifyCertificateTransparency(I5, AbstractC0338i.P(chain));
        InterfaceC1705a interfaceC1705a = this.logger;
        if (interfaceC1705a != null) {
            interfaceC1705a.log(I5, verifyCertificateTransparency);
        }
        if ((verifyCertificateTransparency instanceof n.b) && ((Boolean) this.failOnError.invoke()).booleanValue()) {
            throw new CertificateException("Certificate transparency failed");
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {
        s.e(chain, "chain");
        s.e(authType, "authType");
        s.e(engine, "engine");
        if (i.a(this.delegate)) {
            N.j.a(this.delegate).checkServerTrusted(chain, authType, engine);
        }
        String peerHost = engine.getPeerHost();
        s.b(peerHost);
        n verifyCertificateTransparency = verifyCertificateTransparency(peerHost, AbstractC0338i.P(chain));
        InterfaceC1705a interfaceC1705a = this.logger;
        if (interfaceC1705a != null) {
            interfaceC1705a.log(peerHost, verifyCertificateTransparency);
        }
        if ((verifyCertificateTransparency instanceof n.b) && ((Boolean) this.failOnError.invoke()).booleanValue()) {
            throw new CertificateException("Certificate transparency failed");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] acceptedIssuers = this.delegate.getAcceptedIssuers();
        s.d(acceptedIssuers, "getAcceptedIssuers(...)");
        return acceptedIssuers;
    }

    public final boolean isSameTrustConfiguration(String str, String str2) {
        Method method = this.isSameTrustConfigurationMethod;
        s.b(method);
        Object invoke = method.invoke(this.delegate, str, str2);
        s.c(invoke, "null cannot be cast to non-null type kotlin.Boolean");
        return ((Boolean) invoke).booleanValue();
    }

    public n verifyCertificateTransparency(String host, List<? extends Certificate> certificates) {
        s.e(host, "host");
        s.e(certificates, "certificates");
        return this.ctBase.g(host, certificates);
    }
}
