package com.appmattus.certificatetransparency.internal.verifier;

import com.appmattus.certificatetransparency.CTLogger;
import com.appmattus.certificatetransparency.CTPolicy;
import com.appmattus.certificatetransparency.VerificationResult;
import com.appmattus.certificatetransparency.cache.DiskCache;
import com.appmattus.certificatetransparency.chaincleaner.CertificateChainCleanerFactory;
import com.appmattus.certificatetransparency.datasource.DataSource;
import com.appmattus.certificatetransparency.internal.utils.asn1.ASN1Kt;
import com.appmattus.certificatetransparency.internal.utils.asn1.ASN1Logger;
import com.appmattus.certificatetransparency.internal.utils.asn1.query.ASN1QueryKt;
import com.appmattus.certificatetransparency.internal.verifier.model.Host;
import com.appmattus.certificatetransparency.loglist.LogListResult;
import com.appmattus.certificatetransparency.loglist.LogListService;
import java.lang.reflect.Method;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import k7.l;
import k7.m;
import kotlin.collections.u;
import kotlin.jvm.internal.l0;
import kotlin.jvm.internal.w;
import okhttp3.internal.Util;

/* loaded from: classes3.dex */
public final class CertificateTransparencyTrustManagerExtended extends X509ExtendedTrustManager implements CertificateTransparencyTrustManager {

    @m
    private final Method checkServerTrustedMethod;

    @l
    private final CertificateTransparencyBase ctBase;

    @l
    private final X509TrustManager delegate;
    private final boolean failOnError;

    @m
    private final Method isSameTrustConfigurationMethod;

    @m
    private final CTLogger logger;

    public CertificateTransparencyTrustManagerExtended(@l X509TrustManager delegate, @l Set<Host> includeHosts, @l Set<Host> excludeHosts, @m CertificateChainCleanerFactory certificateChainCleanerFactory, @m LogListService logListService, @m DataSource<LogListResult> dataSource, @m CTPolicy cTPolicy, @m DiskCache diskCache, boolean z7, @m CTLogger cTLogger) {
        Method method;
        l0.p(delegate, "delegate");
        l0.p(includeHosts, "includeHosts");
        l0.p(excludeHosts, "excludeHosts");
        this.delegate = delegate;
        this.failOnError = z7;
        this.logger = cTLogger;
        this.ctBase = new CertificateTransparencyBase(includeHosts, excludeHosts, certificateChainCleanerFactory, delegate, logListService, dataSource, cTPolicy, diskCache);
        Method method2 = null;
        try {
            method = delegate.getClass().getDeclaredMethod("checkServerTrusted", X509Certificate[].class, String.class, String.class);
        } catch (NoSuchMethodException unused) {
            method = null;
        }
        this.checkServerTrustedMethod = method;
        try {
            method2 = this.delegate.getClass().getDeclaredMethod("isSameTrustConfiguration", String.class, String.class);
        } catch (NoSuchMethodException unused2) {
        }
        this.isSameTrustConfigurationMethod = method2;
    }

    public /* synthetic */ CertificateTransparencyTrustManagerExtended(X509TrustManager x509TrustManager, Set set, Set set2, CertificateChainCleanerFactory certificateChainCleanerFactory, LogListService logListService, DataSource dataSource, CTPolicy cTPolicy, DiskCache diskCache, boolean z7, CTLogger cTLogger, int i8, w wVar) {
        this(x509TrustManager, set, set2, certificateChainCleanerFactory, logListService, dataSource, cTPolicy, diskCache, (i8 & 256) != 0 ? true : z7, (i8 & 512) != 0 ? null : cTLogger);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(@l X509Certificate[] chain, @l String authType) {
        l0.p(chain, "chain");
        l0.p(authType, "authType");
        this.delegate.checkClientTrusted(chain, authType);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(@l X509Certificate[] chain, @l String authType, @l Socket socket) {
        l0.p(chain, "chain");
        l0.p(authType, "authType");
        l0.p(socket, "socket");
        X509TrustManager x509TrustManager = this.delegate;
        if (x509TrustManager instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) x509TrustManager).checkClientTrusted(chain, authType, socket);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(@l X509Certificate[] chain, @l String authType, @l SSLEngine engine) {
        l0.p(chain, "chain");
        l0.p(authType, "authType");
        l0.p(engine, "engine");
        X509TrustManager x509TrustManager = this.delegate;
        if (x509TrustManager instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) x509TrustManager).checkClientTrusted(chain, authType, engine);
        }
    }

    @l
    public final List<X509Certificate> checkServerTrusted(@l X509Certificate[] chain, @l String authType, @l String host) {
        l0.p(chain, "chain");
        l0.p(authType, "authType");
        l0.p(host, "host");
        Method method = this.checkServerTrustedMethod;
        l0.m(method);
        Object invoke = method.invoke(this.delegate, chain, authType, host);
        l0.n(invoke, "null cannot be cast to non-null type kotlin.collections.List<java.security.cert.X509Certificate>");
        List<X509Certificate> list = (List) invoke;
        VerificationResult verifyCertificateTransparency = verifyCertificateTransparency(host, u.V5(list));
        CTLogger cTLogger = this.logger;
        if (cTLogger != null) {
            cTLogger.log(host, verifyCertificateTransparency);
        }
        if ((verifyCertificateTransparency instanceof VerificationResult.Failure) && this.failOnError) {
            throw new CertificateException("Certificate transparency failed");
        }
        return list;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(@l X509Certificate[] chain, @l String authType) {
        l0.p(chain, "chain");
        l0.p(authType, "authType");
        this.delegate.checkServerTrusted(chain, authType);
        byte[] encoded = ((X509Certificate) kotlin.collections.l.Rb(chain)).getSubjectX500Principal().getEncoded();
        l0.o(encoded, "getEncoded(...)");
        String str = (String) ASN1QueryKt.query(ASN1Kt.toAsn1$default(encoded, (ASN1Logger) null, 1, (Object) null), CertificateTransparencyTrustManagerExtended$checkServerTrusted$commonName$1.INSTANCE);
        if (str == null) {
            throw new CertificateException("No commonName found in certificate subjectDN");
        }
        VerificationResult verifyCertificateTransparency = verifyCertificateTransparency(str, kotlin.collections.l.Ky(chain));
        CTLogger cTLogger = this.logger;
        if (cTLogger != null) {
            cTLogger.log(str, verifyCertificateTransparency);
        }
        if ((verifyCertificateTransparency instanceof VerificationResult.Failure) && this.failOnError) {
            throw new CertificateException("Certificate transparency failed");
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(@l X509Certificate[] chain, @l String authType, @l Socket socket) {
        l0.p(chain, "chain");
        l0.p(authType, "authType");
        l0.p(socket, "socket");
        X509TrustManager x509TrustManager = this.delegate;
        if (x509TrustManager instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) x509TrustManager).checkServerTrusted(chain, authType, socket);
        }
        String peerName = Util.peerName(socket);
        VerificationResult verifyCertificateTransparency = verifyCertificateTransparency(peerName, kotlin.collections.l.Ky(chain));
        CTLogger cTLogger = this.logger;
        if (cTLogger != null) {
            cTLogger.log(peerName, verifyCertificateTransparency);
        }
        if ((verifyCertificateTransparency instanceof VerificationResult.Failure) && this.failOnError) {
            throw new CertificateException("Certificate transparency failed");
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(@l X509Certificate[] chain, @l String authType, @l SSLEngine engine) {
        l0.p(chain, "chain");
        l0.p(authType, "authType");
        l0.p(engine, "engine");
        X509TrustManager x509TrustManager = this.delegate;
        if (x509TrustManager instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) x509TrustManager).checkServerTrusted(chain, authType, engine);
        }
        String peerHost = engine.getPeerHost();
        l0.m(peerHost);
        VerificationResult verifyCertificateTransparency = verifyCertificateTransparency(peerHost, kotlin.collections.l.Ky(chain));
        CTLogger cTLogger = this.logger;
        if (cTLogger != null) {
            cTLogger.log(peerHost, verifyCertificateTransparency);
        }
        if ((verifyCertificateTransparency instanceof VerificationResult.Failure) && this.failOnError) {
            throw new CertificateException("Certificate transparency failed");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    @l
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] acceptedIssuers = this.delegate.getAcceptedIssuers();
        l0.o(acceptedIssuers, "getAcceptedIssuers(...)");
        return acceptedIssuers;
    }

    public final boolean isSameTrustConfiguration(@m String str, @m String str2) {
        Method method = this.isSameTrustConfigurationMethod;
        l0.m(method);
        Object invoke = method.invoke(this.delegate, str, str2);
        l0.n(invoke, "null cannot be cast to non-null type kotlin.Boolean");
        return ((Boolean) invoke).booleanValue();
    }

    @Override // com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyTrustManager
    @l
    public VerificationResult verifyCertificateTransparency(@l String host, @l List<? extends Certificate> certificates) {
        l0.p(host, "host");
        l0.p(certificates, "certificates");
        return this.ctBase.verifyCertificateTransparency(host, certificates);
    }
}
