package okhttp3;

import com.fw;
import com.fy0;
import com.kta;
import com.mo1;
import com.r94;
import com.uk1;
import com.uw9;
import com.vq5;
import com.za3;
import com.zw9;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import kotlin.jvm.internal.DefaultConstructorMarker;
import okhttp3.internal.HostnamesKt;
import okhttp3.internal.tls.CertificateChainCleaner;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: classes3.dex */
public final class CertificatePinner {
    public static final Companion Companion = new Companion(null);
    public static final CertificatePinner DEFAULT = new Builder().build();
    private final CertificateChainCleaner certificateChainCleaner;
    private final Set<Pin> pins;

    /* loaded from: classes3.dex */
    public static final class Builder {
        private final List<Pin> pins = new ArrayList();

        public final Builder add(String str, String... strArr) {
            vq5.f(str, "pattern");
            vq5.f(strArr, "pins");
            int length = strArr.length;
            int i = 0;
            while (i < length) {
                String str2 = strArr[i];
                i++;
                getPins().add(new Pin(str, str2));
            }
            return this;
        }

        /* JADX WARN: Multi-variable type inference failed */
        public final CertificatePinner build() {
            return new CertificatePinner(uk1.C0(this.pins), null, 2, 0 == true ? 1 : 0);
        }

        public final List<Pin> getPins() {
            return this.pins;
        }
    }

    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final String pin(Certificate certificate) {
            vq5.f(certificate, "certificate");
            if (certificate instanceof X509Certificate) {
                return vq5.k(sha256Hash((X509Certificate) certificate).b(), "sha256/");
            }
            throw new IllegalArgumentException("Certificate pinning requires X509 certificates".toString());
        }

        public final fy0 sha1Hash(X509Certificate x509Certificate) {
            vq5.f(x509Certificate, "<this>");
            fy0 fy0Var = fy0.d;
            byte[] encoded = x509Certificate.getPublicKey().getEncoded();
            vq5.e(encoded, "publicKey.encoded");
            return fy0.a.d(encoded).c(MessageDigestAlgorithms.SHA_1);
        }

        public final fy0 sha256Hash(X509Certificate x509Certificate) {
            vq5.f(x509Certificate, "<this>");
            fy0 fy0Var = fy0.d;
            byte[] encoded = x509Certificate.getPublicKey().getEncoded();
            vq5.e(encoded, "publicKey.encoded");
            return fy0.a.d(encoded).c(MessageDigestAlgorithms.SHA_256);
        }
    }

    /* loaded from: classes3.dex */
    public static final class Pin {
        private final fy0 hash;
        private final String hashAlgorithm;
        private final String pattern;

        public Pin(String str, String str2) {
            vq5.f(str, "pattern");
            vq5.f(str2, "pin");
            boolean z = true;
            if ((!uw9.y(str, "*.", false) || zw9.G(str, "*", 1, false, 4) != -1) && ((!uw9.y(str, "**.", false) || zw9.G(str, "*", 2, false, 4) != -1) && zw9.G(str, "*", 0, false, 6) != -1)) {
                z = false;
            }
            if (!z) {
                throw new IllegalArgumentException(vq5.k(str, "Unexpected pattern: ").toString());
            }
            String canonicalHost = HostnamesKt.toCanonicalHost(str);
            if (canonicalHost == null) {
                throw new IllegalArgumentException(vq5.k(str, "Invalid pattern: "));
            }
            this.pattern = canonicalHost;
            if (uw9.y(str2, "sha1/", false)) {
                this.hashAlgorithm = "sha1";
                fy0 fy0Var = fy0.d;
                String substring = str2.substring(5);
                vq5.e(substring, "this as java.lang.String).substring(startIndex)");
                fy0 a = fy0.a.a(substring);
                if (a == null) {
                    throw new IllegalArgumentException(vq5.k(str2, "Invalid pin hash: "));
                }
                this.hash = a;
                return;
            }
            if (!uw9.y(str2, "sha256/", false)) {
                throw new IllegalArgumentException(vq5.k(str2, "pins must start with 'sha256/' or 'sha1/': "));
            }
            this.hashAlgorithm = "sha256";
            fy0 fy0Var2 = fy0.d;
            String substring2 = str2.substring(7);
            vq5.e(substring2, "this as java.lang.String).substring(startIndex)");
            fy0 a2 = fy0.a.a(substring2);
            if (a2 == null) {
                throw new IllegalArgumentException(vq5.k(str2, "Invalid pin hash: "));
            }
            this.hash = a2;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof Pin)) {
                return false;
            }
            Pin pin = (Pin) obj;
            return vq5.b(this.pattern, pin.pattern) && vq5.b(this.hashAlgorithm, pin.hashAlgorithm) && vq5.b(this.hash, pin.hash);
        }

        public final fy0 getHash() {
            return this.hash;
        }

        public final String getHashAlgorithm() {
            return this.hashAlgorithm;
        }

        public final String getPattern() {
            return this.pattern;
        }

        public int hashCode() {
            return this.hash.hashCode() + mo1.a(this.hashAlgorithm, this.pattern.hashCode() * 31, 31);
        }

        public final boolean matchesCertificate(X509Certificate x509Certificate) {
            vq5.f(x509Certificate, "certificate");
            String str = this.hashAlgorithm;
            if (vq5.b(str, "sha256")) {
                return vq5.b(this.hash, CertificatePinner.Companion.sha256Hash(x509Certificate));
            }
            if (vq5.b(str, "sha1")) {
                return vq5.b(this.hash, CertificatePinner.Companion.sha1Hash(x509Certificate));
            }
            return false;
        }

        public final boolean matchesHostname(String str) {
            vq5.f(str, "hostname");
            if (uw9.y(this.pattern, "**.", false)) {
                int length = this.pattern.length() - 3;
                int length2 = str.length() - length;
                if (!uw9.t(str.length() - length, 3, length, str, this.pattern, false)) {
                    return false;
                }
                if (length2 != 0 && str.charAt(length2 - 1) != '.') {
                    return false;
                }
            } else {
                if (!uw9.y(this.pattern, "*.", false)) {
                    return vq5.b(str, this.pattern);
                }
                int length3 = this.pattern.length() - 1;
                int length4 = str.length() - length3;
                if (!uw9.t(str.length() - length3, 1, length3, str, this.pattern, false) || zw9.I(str, '.', length4 - 1, 4) != -1) {
                    return false;
                }
            }
            return true;
        }

        public String toString() {
            return this.hashAlgorithm + '/' + this.hash.b();
        }
    }

    public CertificatePinner(Set<Pin> set, CertificateChainCleaner certificateChainCleaner) {
        vq5.f(set, "pins");
        this.pins = set;
        this.certificateChainCleaner = certificateChainCleaner;
    }

    public /* synthetic */ CertificatePinner(Set set, CertificateChainCleaner certificateChainCleaner, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(set, (i & 2) != 0 ? null : certificateChainCleaner);
    }

    public static final String pin(Certificate certificate) {
        return Companion.pin(certificate);
    }

    public static final fy0 sha1Hash(X509Certificate x509Certificate) {
        return Companion.sha1Hash(x509Certificate);
    }

    public static final fy0 sha256Hash(X509Certificate x509Certificate) {
        return Companion.sha256Hash(x509Certificate);
    }

    public final void check(String str, List<? extends Certificate> list) throws SSLPeerUnverifiedException {
        vq5.f(str, "hostname");
        vq5.f(list, "peerCertificates");
        check$okhttp(str, new CertificatePinner$check$1(this, list, str));
    }

    public final void check(String str, Certificate... certificateArr) throws SSLPeerUnverifiedException {
        vq5.f(str, "hostname");
        vq5.f(certificateArr, "peerCertificates");
        check(str, fw.V0(certificateArr));
    }

    public final void check$okhttp(String str, r94<? extends List<? extends X509Certificate>> r94Var) {
        vq5.f(str, "hostname");
        vq5.f(r94Var, "cleanedPeerCertificatesFn");
        List<Pin> findMatchingPins = findMatchingPins(str);
        if (findMatchingPins.isEmpty()) {
            return;
        }
        List<? extends X509Certificate> invoke = r94Var.invoke();
        for (X509Certificate x509Certificate : invoke) {
            fy0 fy0Var = null;
            fy0 fy0Var2 = null;
            for (Pin pin : findMatchingPins) {
                String hashAlgorithm = pin.getHashAlgorithm();
                if (vq5.b(hashAlgorithm, "sha256")) {
                    if (fy0Var == null) {
                        fy0Var = Companion.sha256Hash(x509Certificate);
                    }
                    if (vq5.b(pin.getHash(), fy0Var)) {
                        return;
                    }
                } else {
                    if (!vq5.b(hashAlgorithm, "sha1")) {
                        throw new AssertionError(vq5.k(pin.getHashAlgorithm(), "unsupported hashAlgorithm: "));
                    }
                    if (fy0Var2 == null) {
                        fy0Var2 = Companion.sha1Hash(x509Certificate);
                    }
                    if (vq5.b(pin.getHash(), fy0Var2)) {
                        return;
                    }
                }
            }
        }
        StringBuilder sb = new StringBuilder("Certificate pinning failure!\n  Peer certificate chain:");
        for (X509Certificate x509Certificate2 : invoke) {
            sb.append("\n    ");
            sb.append(Companion.pin(x509Certificate2));
            sb.append(": ");
            sb.append(x509Certificate2.getSubjectDN().getName());
        }
        sb.append("\n  Pinned certificates for ");
        sb.append(str);
        sb.append(":");
        for (Pin pin2 : findMatchingPins) {
            sb.append("\n    ");
            sb.append(pin2);
        }
        String sb2 = sb.toString();
        vq5.e(sb2, "StringBuilder().apply(builderAction).toString()");
        throw new SSLPeerUnverifiedException(sb2);
    }

    public boolean equals(Object obj) {
        if (obj instanceof CertificatePinner) {
            CertificatePinner certificatePinner = (CertificatePinner) obj;
            if (vq5.b(certificatePinner.pins, this.pins) && vq5.b(certificatePinner.certificateChainCleaner, this.certificateChainCleaner)) {
                return true;
            }
        }
        return false;
    }

    public final List<Pin> findMatchingPins(String str) {
        vq5.f(str, "hostname");
        Set<Pin> set = this.pins;
        List list = za3.a;
        for (Object obj : set) {
            if (((Pin) obj).matchesHostname(str)) {
                if (list.isEmpty()) {
                    list = new ArrayList();
                }
                kta.b(list).add(obj);
            }
        }
        return list;
    }

    public final CertificateChainCleaner getCertificateChainCleaner$okhttp() {
        return this.certificateChainCleaner;
    }

    public final Set<Pin> getPins() {
        return this.pins;
    }

    public int hashCode() {
        int hashCode = (this.pins.hashCode() + 1517) * 41;
        CertificateChainCleaner certificateChainCleaner = this.certificateChainCleaner;
        return hashCode + (certificateChainCleaner != null ? certificateChainCleaner.hashCode() : 0);
    }

    public final CertificatePinner withCertificateChainCleaner$okhttp(CertificateChainCleaner certificateChainCleaner) {
        vq5.f(certificateChainCleaner, "certificateChainCleaner");
        return vq5.b(this.certificateChainCleaner, certificateChainCleaner) ? this : new CertificatePinner(this.pins, certificateChainCleaner);
    }
}
