package okhttp3;

import Z2.d;
import Z2.g;
import Z2.o;
import androidx.activity.result.a;
import i.C0482g;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import kotlin.jvm.internal.i;
import kotlin.jvm.internal.z;
import okhttp3.internal.HostnamesKt;
import okhttp3.internal.tls.CertificateChainCleaner;
import okio.g;
import org.spongycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import p3.f;
import p3.m;
import q.h;

/* loaded from: classes.dex */
public final class CertificatePinner {
    public static final Companion Companion = new Companion(null);
    public static final CertificatePinner DEFAULT = new Builder().build();
    private final CertificateChainCleaner certificateChainCleaner;
    private final Set<Pin> pins;

    /* loaded from: classes.dex */
    public static final class Builder {
        private final List<Pin> pins = new ArrayList();

        public final Builder add(String pattern, String... pins) {
            i.e(pattern, "pattern");
            i.e(pins, "pins");
            for (String str : pins) {
                this.pins.add(new Pin(pattern, str));
            }
            return this;
        }

        /* JADX WARN: Multi-variable type inference failed */
        public final CertificatePinner build() {
            return new CertificatePinner(g.t(this.pins), null, 2, 0 == true ? 1 : 0);
        }

        public final List<Pin> getPins() {
            return this.pins;
        }
    }

    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(kotlin.jvm.internal.g gVar) {
            this();
        }

        public final String pin(Certificate certificate) {
            i.e(certificate, "certificate");
            if (!(certificate instanceof X509Certificate)) {
                throw new IllegalArgumentException("Certificate pinning requires X509 certificates".toString());
            }
            StringBuilder a4 = a.a("sha256/");
            a4.append(sha256Hash((X509Certificate) certificate).a());
            return a4.toString();
        }

        public final okio.g sha1Hash(X509Certificate sha1Hash) {
            i.e(sha1Hash, "$this$sha1Hash");
            g.a aVar = okio.g.f10671e;
            PublicKey publicKey = sha1Hash.getPublicKey();
            i.d(publicKey, "publicKey");
            byte[] encoded = publicKey.getEncoded();
            i.d(encoded, "publicKey.encoded");
            return g.a.d(aVar, encoded, 0, 0, 3).n();
        }

        public final okio.g sha256Hash(X509Certificate sha256Hash) {
            i.e(sha256Hash, "$this$sha256Hash");
            g.a aVar = okio.g.f10671e;
            PublicKey publicKey = sha256Hash.getPublicKey();
            i.d(publicKey, "publicKey");
            byte[] encoded = publicKey.getEncoded();
            i.d(encoded, "publicKey.encoded");
            return g.a.d(aVar, encoded, 0, 0, 3).b(McElieceCCA2KeyGenParameterSpec.SHA256);
        }
    }

    /* loaded from: classes.dex */
    public static final class Pin {
        private final okio.g hash;
        private final String hashAlgorithm;
        private final String pattern;

        public Pin(String pattern, String pin) {
            okio.g a4;
            i.e(pattern, "pattern");
            i.e(pin, "pin");
            if (!((f.K(pattern, "*.", false, 2, null) && f.w(pattern, "*", 1, false, 4, null) == -1) || (f.K(pattern, "**.", false, 2, null) && f.w(pattern, "*", 2, false, 4, null) == -1) || f.w(pattern, "*", 0, false, 6, null) == -1)) {
                throw new IllegalArgumentException(C0482g.a("Unexpected pattern: ", pattern).toString());
            }
            String canonicalHost = HostnamesKt.toCanonicalHost(pattern);
            if (canonicalHost == null) {
                throw new IllegalArgumentException(C0482g.a("Invalid pattern: ", pattern));
            }
            this.pattern = canonicalHost;
            if (f.K(pin, "sha1/", false, 2, null)) {
                this.hashAlgorithm = "sha1";
                g.a aVar = okio.g.f10671e;
                String substring = pin.substring(5);
                i.d(substring, "(this as java.lang.String).substring(startIndex)");
                a4 = aVar.a(substring);
                if (a4 == null) {
                    throw new IllegalArgumentException(C0482g.a("Invalid pin hash: ", pin));
                }
            } else {
                if (!f.K(pin, "sha256/", false, 2, null)) {
                    throw new IllegalArgumentException(C0482g.a("pins must start with 'sha256/' or 'sha1/': ", pin));
                }
                this.hashAlgorithm = "sha256";
                g.a aVar2 = okio.g.f10671e;
                String substring2 = pin.substring(7);
                i.d(substring2, "(this as java.lang.String).substring(startIndex)");
                a4 = aVar2.a(substring2);
                if (a4 == null) {
                    throw new IllegalArgumentException(C0482g.a("Invalid pin hash: ", pin));
                }
            }
            this.hash = a4;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof Pin)) {
                return false;
            }
            Pin pin = (Pin) obj;
            return ((i.a(this.pattern, pin.pattern) ^ true) || (i.a(this.hashAlgorithm, pin.hashAlgorithm) ^ true) || (i.a(this.hash, pin.hash) ^ true)) ? false : true;
        }

        public final okio.g getHash() {
            return this.hash;
        }

        public final String getHashAlgorithm() {
            return this.hashAlgorithm;
        }

        public final String getPattern() {
            return this.pattern;
        }

        public int hashCode() {
            return this.hash.hashCode() + ((this.hashAlgorithm.hashCode() + (this.pattern.hashCode() * 31)) * 31);
        }

        public final boolean matchesCertificate(X509Certificate certificate) {
            okio.g gVar;
            okio.g sha256Hash;
            i.e(certificate, "certificate");
            String str = this.hashAlgorithm;
            int hashCode = str.hashCode();
            if (hashCode == -903629273) {
                if (str.equals("sha256")) {
                    gVar = this.hash;
                    sha256Hash = CertificatePinner.Companion.sha256Hash(certificate);
                    return i.a(gVar, sha256Hash);
                }
                return false;
            }
            if (hashCode == 3528965 && str.equals("sha1")) {
                gVar = this.hash;
                sha256Hash = CertificatePinner.Companion.sha1Hash(certificate);
                return i.a(gVar, sha256Hash);
            }
            return false;
        }

        public final boolean matchesHostname(String hostname) {
            boolean a4;
            boolean a5;
            i.e(hostname, "hostname");
            if (f.K(this.pattern, "**.", false, 2, null)) {
                int length = this.pattern.length() - 3;
                int length2 = hostname.length() - length;
                a5 = m.a(hostname, hostname.length() - length, this.pattern, 3, length, (r12 & 16) != 0 ? false : false);
                if (!a5) {
                    return false;
                }
                if (length2 != 0 && hostname.charAt(length2 - 1) != '.') {
                    return false;
                }
            } else {
                if (!f.K(this.pattern, "*.", false, 2, null)) {
                    return i.a(hostname, this.pattern);
                }
                int length3 = this.pattern.length() - 1;
                int length4 = hostname.length() - length3;
                a4 = m.a(hostname, hostname.length() - length3, this.pattern, 1, length3, (r12 & 16) != 0 ? false : false);
                if (!a4 || f.y(hostname, '.', length4 - 1, false, 4, null) != -1) {
                    return false;
                }
            }
            return true;
        }

        public String toString() {
            return this.hashAlgorithm + '/' + this.hash.a();
        }
    }

    public CertificatePinner(Set<Pin> pins, CertificateChainCleaner certificateChainCleaner) {
        i.e(pins, "pins");
        this.pins = pins;
        this.certificateChainCleaner = certificateChainCleaner;
    }

    public /* synthetic */ CertificatePinner(Set set, CertificateChainCleaner certificateChainCleaner, int i4, kotlin.jvm.internal.g gVar) {
        this(set, (i4 & 2) != 0 ? null : certificateChainCleaner);
    }

    public static final String pin(Certificate certificate) {
        return Companion.pin(certificate);
    }

    public static final okio.g sha1Hash(X509Certificate x509Certificate) {
        return Companion.sha1Hash(x509Certificate);
    }

    public static final okio.g sha256Hash(X509Certificate x509Certificate) {
        return Companion.sha256Hash(x509Certificate);
    }

    public final void check(String hostname, List<? extends Certificate> peerCertificates) {
        i.e(hostname, "hostname");
        i.e(peerCertificates, "peerCertificates");
        check$okhttp(hostname, new CertificatePinner$check$1(this, peerCertificates, hostname));
    }

    public final void check(String hostname, Certificate... peerCertificates) {
        i.e(hostname, "hostname");
        i.e(peerCertificates, "peerCertificates");
        check(hostname, d.g(peerCertificates));
    }

    public final void check$okhttp(String hostname, i3.a<? extends List<? extends X509Certificate>> cleanedPeerCertificatesFn) {
        i.e(hostname, "hostname");
        i.e(cleanedPeerCertificatesFn, "cleanedPeerCertificatesFn");
        List<Pin> findMatchingPins = findMatchingPins(hostname);
        if (findMatchingPins.isEmpty()) {
            return;
        }
        List<? extends X509Certificate> invoke = cleanedPeerCertificatesFn.invoke();
        for (X509Certificate x509Certificate : invoke) {
            okio.g gVar = null;
            okio.g gVar2 = null;
            for (Pin pin : findMatchingPins) {
                String hashAlgorithm = pin.getHashAlgorithm();
                int hashCode = hashAlgorithm.hashCode();
                if (hashCode != -903629273) {
                    if (hashCode == 3528965 && hashAlgorithm.equals("sha1")) {
                        if (gVar2 == null) {
                            gVar2 = Companion.sha1Hash(x509Certificate);
                        }
                        if (i.a(pin.getHash(), gVar2)) {
                            return;
                        }
                    }
                    StringBuilder a4 = a.a("unsupported hashAlgorithm: ");
                    a4.append(pin.getHashAlgorithm());
                    throw new AssertionError(a4.toString());
                }
                if (!hashAlgorithm.equals("sha256")) {
                    StringBuilder a42 = a.a("unsupported hashAlgorithm: ");
                    a42.append(pin.getHashAlgorithm());
                    throw new AssertionError(a42.toString());
                }
                if (gVar == null) {
                    gVar = Companion.sha256Hash(x509Certificate);
                }
                if (i.a(pin.getHash(), gVar)) {
                    return;
                }
            }
        }
        StringBuilder a5 = h.a("Certificate pinning failure!", "\n  Peer certificate chain:");
        for (X509Certificate x509Certificate2 : invoke) {
            a5.append("\n    ");
            a5.append(Companion.pin(x509Certificate2));
            a5.append(": ");
            Principal subjectDN = x509Certificate2.getSubjectDN();
            i.d(subjectDN, "element.subjectDN");
            a5.append(subjectDN.getName());
        }
        a5.append("\n  Pinned certificates for ");
        a5.append(hostname);
        a5.append(":");
        for (Pin pin2 : findMatchingPins) {
            a5.append("\n    ");
            a5.append(pin2);
        }
        String sb = a5.toString();
        i.d(sb, "StringBuilder().apply(builderAction).toString()");
        throw new SSLPeerUnverifiedException(sb);
    }

    public boolean equals(Object obj) {
        if (obj instanceof CertificatePinner) {
            CertificatePinner certificatePinner = (CertificatePinner) obj;
            if (i.a(certificatePinner.pins, this.pins) && i.a(certificatePinner.certificateChainCleaner, this.certificateChainCleaner)) {
                return true;
            }
        }
        return false;
    }

    public final List<Pin> findMatchingPins(String hostname) {
        i.e(hostname, "hostname");
        Set<Pin> set = this.pins;
        List list = o.f2369a;
        for (Object obj : set) {
            if (((Pin) obj).matchesHostname(hostname)) {
                if (list.isEmpty()) {
                    list = new ArrayList();
                }
                z.a(list).add(obj);
            }
        }
        return list;
    }

    public final CertificateChainCleaner getCertificateChainCleaner$okhttp() {
        return this.certificateChainCleaner;
    }

    public final Set<Pin> getPins() {
        return this.pins;
    }

    public int hashCode() {
        int hashCode = (this.pins.hashCode() + 1517) * 41;
        CertificateChainCleaner certificateChainCleaner = this.certificateChainCleaner;
        return hashCode + (certificateChainCleaner != null ? certificateChainCleaner.hashCode() : 0);
    }

    public final CertificatePinner withCertificateChainCleaner$okhttp(CertificateChainCleaner certificateChainCleaner) {
        i.e(certificateChainCleaner, "certificateChainCleaner");
        return i.a(this.certificateChainCleaner, certificateChainCleaner) ? this : new CertificatePinner(this.pins, certificateChainCleaner);
    }
}
