package okhttp3;

import c.a.C0028d;
import c.a.i;
import c.a.u;
import c.e.a.a;
import c.e.b.g;
import c.e.b.h;
import c.e.b.s;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import okhttp3.internal.HostnamesKt;
import okhttp3.internal.tls.CertificateChainCleaner;
import okio.ByteString;
import org.slf4j.Marker;

/* loaded from: input_file:okhttp3/CertificatePinner.class */
public final class CertificatePinner {
    private final Set<Pin> pins;
    private final CertificateChainCleaner certificateChainCleaner;
    public static final Companion Companion = new Companion(null);
    public static final CertificatePinner DEFAULT = new Builder().build();

    /* loaded from: input_file:okhttp3/CertificatePinner$Builder.class */
    public static final class Builder {
        private final List<Pin> pins = new ArrayList();

        public final List<Pin> getPins() {
            return this.pins;
        }

        public final Builder add(String str, String... strArr) {
            h.b(str, HttpUrl.FRAGMENT_ENCODE_SET);
            h.b(strArr, HttpUrl.FRAGMENT_ENCODE_SET);
            Builder builder = this;
            for (String str2 : strArr) {
                builder.pins.add(new Pin(str, str2));
            }
            return this;
        }

        public final CertificatePinner build() {
            return new CertificatePinner(i.a((Iterable) this.pins), null, 2, null);
        }
    }

    /* loaded from: input_file:okhttp3/CertificatePinner$Companion.class */
    public static final class Companion {
        public final ByteString sha1Hash(X509Certificate x509Certificate) {
            h.b(x509Certificate, HttpUrl.FRAGMENT_ENCODE_SET);
            ByteString.Companion companion = ByteString.Companion;
            PublicKey publicKey = x509Certificate.getPublicKey();
            h.a((Object) publicKey, HttpUrl.FRAGMENT_ENCODE_SET);
            byte[] encoded = publicKey.getEncoded();
            h.a((Object) encoded, HttpUrl.FRAGMENT_ENCODE_SET);
            return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha1();
        }

        public final ByteString sha256Hash(X509Certificate x509Certificate) {
            h.b(x509Certificate, HttpUrl.FRAGMENT_ENCODE_SET);
            ByteString.Companion companion = ByteString.Companion;
            PublicKey publicKey = x509Certificate.getPublicKey();
            h.a((Object) publicKey, HttpUrl.FRAGMENT_ENCODE_SET);
            byte[] encoded = publicKey.getEncoded();
            h.a((Object) encoded, HttpUrl.FRAGMENT_ENCODE_SET);
            return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha256();
        }

        public final String pin(Certificate certificate) {
            h.b(certificate, HttpUrl.FRAGMENT_ENCODE_SET);
            if (certificate instanceof X509Certificate) {
                return "sha256/" + sha256Hash((X509Certificate) certificate).base64();
            }
            throw new IllegalArgumentException("Certificate pinning requires X509 certificates".toString());
        }

        private Companion() {
        }

        public /* synthetic */ Companion(g gVar) {
            this();
        }
    }

    /* loaded from: input_file:okhttp3/CertificatePinner$Pin.class */
    public static final class Pin {
        private final String pattern;
        private final String hashAlgorithm;
        private final ByteString hash;

        public final String getPattern() {
            return this.pattern;
        }

        public final String getHashAlgorithm() {
            return this.hashAlgorithm;
        }

        public final ByteString getHash() {
            return this.hash;
        }

        public final boolean matchesHostname(String str) {
            boolean a2;
            boolean a3;
            h.b(str, HttpUrl.FRAGMENT_ENCODE_SET);
            if (c.i.g.a(this.pattern, "**.", false)) {
                int length = this.pattern.length() - 3;
                int length2 = str.length() - length;
                a3 = c.i.g.a(str, str.length() - length, this.pattern, 3, length, false);
                if (a3) {
                    return length2 == 0 || str.charAt(length2 - 1) == '.';
                }
                return false;
            }
            if (!c.i.g.a(this.pattern, "*.", false)) {
                return h.a((Object) str, (Object) this.pattern);
            }
            int length3 = this.pattern.length() - 1;
            int length4 = str.length() - length3;
            a2 = c.i.g.a(str, str.length() - length3, this.pattern, 1, length3, false);
            return a2 && c.i.g.b(str, '.', length4 - 1, 4) == -1;
        }

        public final boolean matchesCertificate(X509Certificate x509Certificate) {
            h.b(x509Certificate, HttpUrl.FRAGMENT_ENCODE_SET);
            String str = this.hashAlgorithm;
            switch (str.hashCode()) {
                case -903629273:
                    if (str.equals("sha256")) {
                        return h.a(this.hash, CertificatePinner.Companion.sha256Hash(x509Certificate));
                    }
                    return false;
                case 3528965:
                    if (str.equals("sha1")) {
                        return h.a(this.hash, CertificatePinner.Companion.sha1Hash(x509Certificate));
                    }
                    return false;
                default:
                    return false;
            }
        }

        public final String toString() {
            return this.hashAlgorithm + '/' + this.hash.base64();
        }

        public final boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            return (!(obj instanceof Pin) || (h.a((Object) this.pattern, (Object) ((Pin) obj).pattern) ^ true) || (h.a((Object) this.hashAlgorithm, (Object) ((Pin) obj).hashAlgorithm) ^ true) || (h.a(this.hash, ((Pin) obj).hash) ^ true)) ? false : true;
        }

        public final int hashCode() {
            return (((this.pattern.hashCode() * 31) + this.hashAlgorithm.hashCode()) * 31) + this.hash.hashCode();
        }

        public Pin(String str, String str2) {
            h.b(str, HttpUrl.FRAGMENT_ENCODE_SET);
            h.b(str2, HttpUrl.FRAGMENT_ENCODE_SET);
            if (!((c.i.g.a(str, "*.", false) && c.i.g.a((CharSequence) str, Marker.ANY_MARKER, 1, 4) == -1) || (c.i.g.a(str, "**.", false) && c.i.g.a((CharSequence) str, Marker.ANY_MARKER, 2, 4) == -1) || c.i.g.a((CharSequence) str, Marker.ANY_MARKER, 0, 6) == -1)) {
                throw new IllegalArgumentException("Unexpected pattern: ".concat(String.valueOf(str)).toString());
            }
            String canonicalHost = HostnamesKt.toCanonicalHost(str);
            if (canonicalHost == null) {
                throw new IllegalArgumentException("Invalid pattern: ".concat(String.valueOf(str)));
            }
            this.pattern = canonicalHost;
            if (c.i.g.a(str2, "sha1/", false)) {
                this.hashAlgorithm = "sha1";
                ByteString.Companion companion = ByteString.Companion;
                String substring = str2.substring(5);
                h.a((Object) substring, HttpUrl.FRAGMENT_ENCODE_SET);
                ByteString decodeBase64 = companion.decodeBase64(substring);
                if (decodeBase64 == null) {
                    throw new IllegalArgumentException("Invalid pin hash: ".concat(String.valueOf(str2)));
                }
                this.hash = decodeBase64;
                return;
            }
            if (!c.i.g.a(str2, "sha256/", false)) {
                throw new IllegalArgumentException("pins must start with 'sha256/' or 'sha1/': ".concat(String.valueOf(str2)));
            }
            this.hashAlgorithm = "sha256";
            ByteString.Companion companion2 = ByteString.Companion;
            String substring2 = str2.substring(7);
            h.a((Object) substring2, HttpUrl.FRAGMENT_ENCODE_SET);
            ByteString decodeBase642 = companion2.decodeBase64(substring2);
            if (decodeBase642 == null) {
                throw new IllegalArgumentException("Invalid pin hash: ".concat(String.valueOf(str2)));
            }
            this.hash = decodeBase642;
        }
    }

    public final void check(String str, List<? extends Certificate> list) {
        h.b(str, HttpUrl.FRAGMENT_ENCODE_SET);
        h.b(list, HttpUrl.FRAGMENT_ENCODE_SET);
        check$okhttp(str, new CertificatePinner$check$1(this, list, str));
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:12:0x0072. Please report as an issue. */
    public final void check$okhttp(String str, a<? extends List<? extends X509Certificate>> aVar) {
        h.b(str, HttpUrl.FRAGMENT_ENCODE_SET);
        h.b(aVar, HttpUrl.FRAGMENT_ENCODE_SET);
        List<Pin> findMatchingPins = findMatchingPins(str);
        if (findMatchingPins.isEmpty()) {
            return;
        }
        List<? extends X509Certificate> invoke = aVar.invoke();
        for (X509Certificate x509Certificate : invoke) {
            ByteString byteString = null;
            ByteString byteString2 = null;
            for (Pin pin : findMatchingPins) {
                String hashAlgorithm = pin.getHashAlgorithm();
                switch (hashAlgorithm.hashCode()) {
                    case -903629273:
                        if (!hashAlgorithm.equals("sha256")) {
                            throw new AssertionError("unsupported hashAlgorithm: " + pin.getHashAlgorithm());
                        }
                        if (byteString2 == null) {
                            byteString2 = Companion.sha256Hash(x509Certificate);
                        }
                        if (h.a(pin.getHash(), byteString2)) {
                            return;
                        }
                    case 3528965:
                        if (!hashAlgorithm.equals("sha1")) {
                            throw new AssertionError("unsupported hashAlgorithm: " + pin.getHashAlgorithm());
                        }
                        if (byteString == null) {
                            byteString = Companion.sha1Hash(x509Certificate);
                        }
                        if (h.a(pin.getHash(), byteString)) {
                            return;
                        }
                    default:
                        throw new AssertionError("unsupported hashAlgorithm: " + pin.getHashAlgorithm());
                }
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Certificate pinning failure!");
        sb.append("\n  Peer certificate chain:");
        for (X509Certificate x509Certificate2 : invoke) {
            sb.append("\n    ");
            sb.append(Companion.pin(x509Certificate2));
            sb.append(": ");
            Principal subjectDN = x509Certificate2.getSubjectDN();
            h.a((Object) subjectDN, HttpUrl.FRAGMENT_ENCODE_SET);
            sb.append(subjectDN.getName());
        }
        sb.append("\n  Pinned certificates for ");
        sb.append(str);
        sb.append(":");
        for (Pin pin2 : findMatchingPins) {
            sb.append("\n    ");
            sb.append(pin2);
        }
        String sb2 = sb.toString();
        h.a((Object) sb2, HttpUrl.FRAGMENT_ENCODE_SET);
        throw new SSLPeerUnverifiedException(sb2);
    }

    public final void check(String str, Certificate... certificateArr) {
        h.b(str, HttpUrl.FRAGMENT_ENCODE_SET);
        h.b(certificateArr, HttpUrl.FRAGMENT_ENCODE_SET);
        check(str, C0028d.b(certificateArr));
    }

    public final List<Pin> findMatchingPins(String str) {
        h.b(str, HttpUrl.FRAGMENT_ENCODE_SET);
        Set<Pin> set = this.pins;
        List list = u.f1355a;
        for (Object obj : set) {
            if (((Pin) obj).matchesHostname(str)) {
                if (list.isEmpty()) {
                    list = new ArrayList();
                }
                List list2 = list;
                if (list2 == null) {
                    throw new NullPointerException("null cannot be cast to non-null type kotlin.collections.MutableList<T>");
                }
                s.a(list2).add(obj);
            }
        }
        return list;
    }

    public final CertificatePinner withCertificateChainCleaner$okhttp(CertificateChainCleaner certificateChainCleaner) {
        h.b(certificateChainCleaner, HttpUrl.FRAGMENT_ENCODE_SET);
        return h.a(this.certificateChainCleaner, certificateChainCleaner) ? this : new CertificatePinner(this.pins, certificateChainCleaner);
    }

    public final boolean equals(Object obj) {
        return (obj instanceof CertificatePinner) && h.a(((CertificatePinner) obj).pins, this.pins) && h.a(((CertificatePinner) obj).certificateChainCleaner, this.certificateChainCleaner);
    }

    public final int hashCode() {
        int hashCode = (1517 + this.pins.hashCode()) * 41;
        CertificateChainCleaner certificateChainCleaner = this.certificateChainCleaner;
        return hashCode + (certificateChainCleaner != null ? certificateChainCleaner.hashCode() : 0);
    }

    public final Set<Pin> getPins() {
        return this.pins;
    }

    public final CertificateChainCleaner getCertificateChainCleaner$okhttp() {
        return this.certificateChainCleaner;
    }

    public CertificatePinner(Set<Pin> set, CertificateChainCleaner certificateChainCleaner) {
        h.b(set, HttpUrl.FRAGMENT_ENCODE_SET);
        this.pins = set;
        this.certificateChainCleaner = certificateChainCleaner;
    }

    public /* synthetic */ CertificatePinner(Set set, CertificateChainCleaner certificateChainCleaner, int i, g gVar) {
        this(set, (i & 2) != 0 ? null : certificateChainCleaner);
    }

    public static final ByteString sha1Hash(X509Certificate x509Certificate) {
        return Companion.sha1Hash(x509Certificate);
    }

    public static final ByteString sha256Hash(X509Certificate x509Certificate) {
        return Companion.sha256Hash(x509Certificate);
    }

    public static final String pin(Certificate certificate) {
        return Companion.pin(certificate);
    }
}
