package com.unascribed.sup;

import com.unascribed.sup.C$lib$$okio_ByteString;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: CertificatePinner.kt */
/* renamed from: com.unascribed.sup.$lib$$okhttp3_CertificatePinner, reason: invalid class name */
/* loaded from: input_file:unsup/unsup:com/unascribed/sup/$lib$$okhttp3_CertificatePinner.class */
public final class C$lib$$okhttp3_CertificatePinner {

    @NotNull
    private final Set<Pin> pins;

    @Nullable
    private final C$lib$$okhttp3_internal_tls_CertificateChainCleaner certificateChainCleaner;
    public static final Companion Companion = new Companion(null);

    @NotNull
    public static final C$lib$$okhttp3_CertificatePinner DEFAULT = new Builder().build();

    /* compiled from: CertificatePinner.kt */
    /* renamed from: com.unascribed.sup.$lib$$okhttp3_CertificatePinner$Builder */
    /* loaded from: input_file:unsup/unsup:com/unascribed/sup/$lib$$okhttp3_CertificatePinner$Builder.class */
    public static final class Builder {

        @NotNull
        private final List<Pin> pins = new ArrayList();

        @NotNull
        public final C$lib$$okhttp3_CertificatePinner build() {
            return new C$lib$$okhttp3_CertificatePinner(C$lib$$kotlin_collections_CollectionsKt.toSet(this.pins), null, 2, null);
        }
    }

    /* compiled from: CertificatePinner.kt */
    /* renamed from: com.unascribed.sup.$lib$$okhttp3_CertificatePinner$Companion */
    /* loaded from: input_file:unsup/unsup:com/unascribed/sup/$lib$$okhttp3_CertificatePinner$Companion.class */
    public static final class Companion {
        @NotNull
        public final C$lib$$okio_ByteString sha1Hash(@NotNull X509Certificate x509Certificate) {
            C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullParameter(x509Certificate, "$this$sha1Hash");
            C$lib$$okio_ByteString.Companion companion = C$lib$$okio_ByteString.Companion;
            PublicKey publicKey = x509Certificate.getPublicKey();
            C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullExpressionValue(publicKey, "publicKey");
            byte[] encoded = publicKey.getEncoded();
            C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullExpressionValue(encoded, "publicKey.encoded");
            return C$lib$$okio_ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha1();
        }

        @NotNull
        public final C$lib$$okio_ByteString sha256Hash(@NotNull X509Certificate x509Certificate) {
            C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullParameter(x509Certificate, "$this$sha256Hash");
            C$lib$$okio_ByteString.Companion companion = C$lib$$okio_ByteString.Companion;
            PublicKey publicKey = x509Certificate.getPublicKey();
            C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullExpressionValue(publicKey, "publicKey");
            byte[] encoded = publicKey.getEncoded();
            C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullExpressionValue(encoded, "publicKey.encoded");
            return C$lib$$okio_ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha256();
        }

        @NotNull
        public final String pin(@NotNull Certificate certificate) {
            C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullParameter(certificate, "certificate");
            if (certificate instanceof X509Certificate) {
                return "sha256/" + sha256Hash((X509Certificate) certificate).base64();
            }
            throw new IllegalArgumentException("Certificate pinning requires X509 certificates".toString());
        }

        private Companion() {
        }

        public /* synthetic */ Companion(C$lib$$kotlin_jvm_internal_DefaultConstructorMarker c$lib$$kotlin_jvm_internal_DefaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: CertificatePinner.kt */
    /* renamed from: com.unascribed.sup.$lib$$okhttp3_CertificatePinner$Pin */
    /* loaded from: input_file:unsup/unsup:com/unascribed/sup/$lib$$okhttp3_CertificatePinner$Pin.class */
    public static final class Pin {

        @NotNull
        private final String pattern;

        @NotNull
        private final String hashAlgorithm;

        @NotNull
        private final C$lib$$okio_ByteString hash;

        @NotNull
        public final String getHashAlgorithm() {
            return this.hashAlgorithm;
        }

        @NotNull
        public final C$lib$$okio_ByteString getHash() {
            return this.hash;
        }

        public final boolean matchesHostname(@NotNull String str) {
            C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullParameter(str, "hostname");
            if (C$lib$$kotlin_text_StringsKt.startsWith$default(this.pattern, "**.", false, 2, (Object) null)) {
                int length = this.pattern.length() - 3;
                int length2 = str.length() - length;
                return C$lib$$kotlin_text_StringsKt.regionMatches$default(str, str.length() - length, this.pattern, 3, length, false, 16, null) && (length2 == 0 || str.charAt(length2 - 1) == '.');
            }
            if (!C$lib$$kotlin_text_StringsKt.startsWith$default(this.pattern, "*.", false, 2, (Object) null)) {
                return C$lib$$kotlin_jvm_internal_Intrinsics.areEqual(str, this.pattern);
            }
            int length3 = this.pattern.length() - 1;
            return C$lib$$kotlin_text_StringsKt.regionMatches$default(str, str.length() - length3, this.pattern, 1, length3, false, 16, null) && C$lib$$kotlin_text_StringsKt.lastIndexOf$default((CharSequence) str, '.', (str.length() - length3) - 1, false, 4, (Object) null) == -1;
        }

        @NotNull
        public String toString() {
            return this.hashAlgorithm + '/' + this.hash.base64();
        }

        public boolean equals(@Nullable Object obj) {
            if (this == obj) {
                return true;
            }
            return (!(obj instanceof Pin) || (C$lib$$kotlin_jvm_internal_Intrinsics.areEqual(this.pattern, ((Pin) obj).pattern) ^ true) || (C$lib$$kotlin_jvm_internal_Intrinsics.areEqual(this.hashAlgorithm, ((Pin) obj).hashAlgorithm) ^ true) || (C$lib$$kotlin_jvm_internal_Intrinsics.areEqual(this.hash, ((Pin) obj).hash) ^ true)) ? false : true;
        }

        public int hashCode() {
            return (31 * ((31 * this.pattern.hashCode()) + this.hashAlgorithm.hashCode())) + this.hash.hashCode();
        }
    }

    public final void check(@NotNull String str, @NotNull List<? extends Certificate> list) throws SSLPeerUnverifiedException {
        C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullParameter(str, "hostname");
        C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullParameter(list, "peerCertificates");
        check$okhttp(str, new C$lib$$okhttp3_CertificatePinner$check$1(this, list, str));
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:12:0x007c. Please report as an issue. */
    public final void check$okhttp(@NotNull String str, @NotNull C$lib$$kotlin_jvm_functions_Function0<? extends List<? extends X509Certificate>> c$lib$$kotlin_jvm_functions_Function0) {
        C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullParameter(str, "hostname");
        C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullParameter(c$lib$$kotlin_jvm_functions_Function0, "cleanedPeerCertificatesFn");
        List<Pin> findMatchingPins = findMatchingPins(str);
        if (findMatchingPins.isEmpty()) {
            return;
        }
        List<? extends X509Certificate> invoke = c$lib$$kotlin_jvm_functions_Function0.invoke();
        for (X509Certificate x509Certificate : invoke) {
            C$lib$$okio_ByteString c$lib$$okio_ByteString = (C$lib$$okio_ByteString) null;
            C$lib$$okio_ByteString c$lib$$okio_ByteString2 = (C$lib$$okio_ByteString) null;
            for (Pin pin : findMatchingPins) {
                String hashAlgorithm = pin.getHashAlgorithm();
                switch (hashAlgorithm.hashCode()) {
                    case -903629273:
                        if (!hashAlgorithm.equals("sha256")) {
                            throw new AssertionError("unsupported hashAlgorithm: " + pin.getHashAlgorithm());
                        }
                        if (c$lib$$okio_ByteString2 == null) {
                            c$lib$$okio_ByteString2 = Companion.sha256Hash(x509Certificate);
                        }
                        if (C$lib$$kotlin_jvm_internal_Intrinsics.areEqual(pin.getHash(), c$lib$$okio_ByteString2)) {
                            return;
                        }
                    case 3528965:
                        if (!hashAlgorithm.equals("sha1")) {
                            throw new AssertionError("unsupported hashAlgorithm: " + pin.getHashAlgorithm());
                        }
                        if (c$lib$$okio_ByteString == null) {
                            c$lib$$okio_ByteString = Companion.sha1Hash(x509Certificate);
                        }
                        if (C$lib$$kotlin_jvm_internal_Intrinsics.areEqual(pin.getHash(), c$lib$$okio_ByteString)) {
                            return;
                        }
                    default:
                        throw new AssertionError("unsupported hashAlgorithm: " + pin.getHashAlgorithm());
                }
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Certificate pinning failure!");
        sb.append("\n  Peer certificate chain:");
        for (X509Certificate x509Certificate2 : invoke) {
            sb.append("\n    ");
            sb.append(Companion.pin(x509Certificate2));
            sb.append(": ");
            Principal subjectDN = x509Certificate2.getSubjectDN();
            C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullExpressionValue(subjectDN, "element.subjectDN");
            sb.append(subjectDN.getName());
        }
        sb.append("\n  Pinned certificates for ");
        sb.append(str);
        sb.append(":");
        for (Pin pin2 : findMatchingPins) {
            sb.append("\n    ");
            sb.append(pin2);
        }
        String sb2 = sb.toString();
        C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullExpressionValue(sb2, "StringBuilder().apply(builderAction).toString()");
        throw new SSLPeerUnverifiedException(sb2);
    }

    @NotNull
    public final List<Pin> findMatchingPins(@NotNull String str) {
        C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullParameter(str, "hostname");
        Set<Pin> set = this.pins;
        List<Pin> emptyList = C$lib$$kotlin_collections_CollectionsKt.emptyList();
        for (Object obj : set) {
            if (((Pin) obj).matchesHostname(str)) {
                if (emptyList.isEmpty()) {
                    emptyList = new ArrayList();
                }
                List<Pin> list = emptyList;
                if (list == null) {
                    throw new NullPointerException("null cannot be cast to non-null type kotlin.collections.MutableList<T>");
                }
                C$lib$$kotlin_jvm_internal_TypeIntrinsics.asMutableList(list).add(obj);
            }
        }
        return emptyList;
    }

    @NotNull
    public final C$lib$$okhttp3_CertificatePinner withCertificateChainCleaner$okhttp(@NotNull C$lib$$okhttp3_internal_tls_CertificateChainCleaner c$lib$$okhttp3_internal_tls_CertificateChainCleaner) {
        C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullParameter(c$lib$$okhttp3_internal_tls_CertificateChainCleaner, "certificateChainCleaner");
        return C$lib$$kotlin_jvm_internal_Intrinsics.areEqual(this.certificateChainCleaner, c$lib$$okhttp3_internal_tls_CertificateChainCleaner) ? this : new C$lib$$okhttp3_CertificatePinner(this.pins, c$lib$$okhttp3_internal_tls_CertificateChainCleaner);
    }

    public boolean equals(@Nullable Object obj) {
        return (obj instanceof C$lib$$okhttp3_CertificatePinner) && C$lib$$kotlin_jvm_internal_Intrinsics.areEqual(((C$lib$$okhttp3_CertificatePinner) obj).pins, this.pins) && C$lib$$kotlin_jvm_internal_Intrinsics.areEqual(((C$lib$$okhttp3_CertificatePinner) obj).certificateChainCleaner, this.certificateChainCleaner);
    }

    public int hashCode() {
        int hashCode = 41 * ((41 * 37) + this.pins.hashCode());
        C$lib$$okhttp3_internal_tls_CertificateChainCleaner c$lib$$okhttp3_internal_tls_CertificateChainCleaner = this.certificateChainCleaner;
        return hashCode + (c$lib$$okhttp3_internal_tls_CertificateChainCleaner != null ? c$lib$$okhttp3_internal_tls_CertificateChainCleaner.hashCode() : 0);
    }

    @Nullable
    public final C$lib$$okhttp3_internal_tls_CertificateChainCleaner getCertificateChainCleaner$okhttp() {
        return this.certificateChainCleaner;
    }

    public C$lib$$okhttp3_CertificatePinner(@NotNull Set<Pin> set, @Nullable C$lib$$okhttp3_internal_tls_CertificateChainCleaner c$lib$$okhttp3_internal_tls_CertificateChainCleaner) {
        C$lib$$kotlin_jvm_internal_Intrinsics.checkNotNullParameter(set, "pins");
        this.pins = set;
        this.certificateChainCleaner = c$lib$$okhttp3_internal_tls_CertificateChainCleaner;
    }

    public /* synthetic */ C$lib$$okhttp3_CertificatePinner(Set set, C$lib$$okhttp3_internal_tls_CertificateChainCleaner c$lib$$okhttp3_internal_tls_CertificateChainCleaner, int i, C$lib$$kotlin_jvm_internal_DefaultConstructorMarker c$lib$$kotlin_jvm_internal_DefaultConstructorMarker) {
        this(set, (i & 2) != 0 ? (C$lib$$okhttp3_internal_tls_CertificateChainCleaner) null : c$lib$$okhttp3_internal_tls_CertificateChainCleaner);
    }
}
