package com.appmattus.certificatetransparency.internal.verifier;

import android.util.Base64;
import com.appmattus.certificatetransparency.CTLogger;
import com.appmattus.certificatetransparency.SctVerificationResult;
import com.appmattus.certificatetransparency.VerificationResult;
import com.appmattus.certificatetransparency.cache.DiskCache;
import com.appmattus.certificatetransparency.chaincleaner.CertificateChainCleaner;
import com.appmattus.certificatetransparency.internal.loglist.LogListJsonFailedLoadingWithException;
import com.appmattus.certificatetransparency.internal.loglist.NoLogServers;
import com.appmattus.certificatetransparency.internal.verifier.model.Host;
import com.appmattus.certificatetransparency.internal.verifier.model.SignedCertificateTimestamp;
import com.appmattus.certificatetransparency.loglist.LogListResult;
import com.appmattus.certificatetransparency.loglist.LogListService;
import com.appmattus.certificatetransparency.loglist.LogServer;
import droidninja.filepicker.utils.Utils;
import io.ktor.client.HttpClientKt;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import javax.net.ssl.X509TrustManager;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.collections.CollectionsKt__IteratorsJVMKt;
import kotlin.collections.MapsKt__MapsJVMKt;
import kotlin.coroutines.EmptyCoroutineContext;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.coroutines.BuildersKt;
import ru.domesticroots.bouncycastle.asn1.ASN1Encodable;
import ru.domesticroots.bouncycastle.asn1.ASN1ObjectIdentifier;
import ru.domesticroots.bouncycastle.asn1.ASN1Primitive;
import ru.domesticroots.bouncycastle.asn1.x500.AttributeTypeAndValue;
import ru.domesticroots.bouncycastle.asn1.x500.RDN;
import ru.domesticroots.bouncycastle.asn1.x500.X500Name;
import ru.domesticroots.bouncycastle.asn1.x500.X500NameBuilder;
import ru.domesticroots.bouncycastle.asn1.x500.style.AbstractX500NameStyle;
import ru.domesticroots.bouncycastle.asn1.x500.style.BCStyle;
import ru.domesticroots.bouncycastle.asn1.x500.style.IETFUtils;
import ru.domesticroots.bouncycastle.asn1.x500.style.X500NameTokenizer;
import ru.domesticroots.webview.DownloadCertsAndCheckTask;

/* compiled from: CertificateTransparencyTrustManager.kt */
/* loaded from: classes.dex */
public final class CertificateTransparencyTrustManager extends CertificateTransparencyBase implements X509TrustManager {
    public final X509TrustManager delegate;
    public final boolean failOnError;
    public final CTLogger logger;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public CertificateTransparencyTrustManager(X509TrustManager delegate, Set set, Set set2, LogListService logListService, DiskCache diskCache, boolean z, CTLogger cTLogger) {
        super(set, set2, delegate, logListService, diskCache);
        Intrinsics.checkNotNullParameter(delegate, "delegate");
        this.delegate = delegate;
        this.failOnError = z;
        this.logger = cTLogger;
        try {
            delegate.getClass().getDeclaredMethod("checkServerTrusted", X509Certificate[].class, String.class, String.class);
        } catch (NoSuchMethodException unused) {
        }
        try {
            this.delegate.getClass().getDeclaredMethod("isSameTrustConfiguration", String.class, String.class);
        } catch (NoSuchMethodException unused2) {
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] chain, String authType) {
        Intrinsics.checkNotNullParameter(chain, "chain");
        Intrinsics.checkNotNullParameter(authType, "authType");
        this.delegate.checkClientTrusted(chain, authType);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] chain, String authType) {
        boolean z;
        boolean z2;
        LogListResult logListJsonFailedLoadingWithException;
        VerificationResult logServersFailed;
        Object runBlocking;
        boolean z3;
        Intrinsics.checkNotNullParameter(chain, "chain");
        Intrinsics.checkNotNullParameter(authType, "authType");
        this.delegate.checkServerTrusted(chain, authType);
        String name = ((X509Certificate) ArraysKt___ArraysKt.first(chain)).getSubjectX500Principal().getName();
        BCStyle bCStyle = X500Name.defaultStyle;
        bCStyle.getClass();
        X500NameTokenizer x500NameTokenizer = new X500NameTokenizer(name, ',');
        X500NameBuilder x500NameBuilder = new X500NameBuilder(bCStyle);
        while (true) {
            if (!x500NameTokenizer.hasMoreTokens()) {
                int size = x500NameBuilder.rdns.size();
                RDN[] rdnArr = new RDN[size];
                for (int i = 0; i != size; i++) {
                    rdnArr[i] = (RDN) x500NameBuilder.rdns.elementAt(i);
                }
                X500Name x500Name = new X500Name(X500Name.defaultStyle, (RDN[]) new X500Name(x500NameBuilder.template, rdnArr).rdns.clone());
                x500Name.style = bCStyle;
                ASN1ObjectIdentifier aSN1ObjectIdentifier = BCStyle.CN;
                int length = x500Name.rdns.length;
                RDN[] rdnArr2 = new RDN[length];
                int i2 = 0;
                int i3 = 0;
                while (true) {
                    RDN[] rdnArr3 = x500Name.rdns;
                    z = true;
                    if (i2 == rdnArr3.length) {
                        break;
                    }
                    RDN rdn = rdnArr3[i2];
                    int length2 = rdn.values.elements.length;
                    int i4 = 0;
                    while (true) {
                        if (i4 >= length2) {
                            z = false;
                            break;
                        } else if (AttributeTypeAndValue.getInstance(rdn.values.elements[i4]).f551type.equals((ASN1Primitive) aSN1ObjectIdentifier)) {
                            break;
                        } else {
                            i4++;
                        }
                    }
                    if (z) {
                        rdnArr2[i3] = rdn;
                        i3++;
                    }
                    i2++;
                }
                if (i3 < length) {
                    RDN[] rdnArr4 = new RDN[i3];
                    System.arraycopy(rdnArr2, 0, rdnArr4, 0, i3);
                    rdnArr2 = rdnArr4;
                }
                String host = rdnArr2[0].getFirst().value.toString();
                List list = ArraysKt___ArraysKt.toList(chain);
                Intrinsics.checkNotNullParameter(host, "host");
                Set<Host> set = this.excludeHosts;
                if (!(set instanceof Collection) || !set.isEmpty()) {
                    Iterator<T> it = set.iterator();
                    while (it.hasNext()) {
                        ((Host) it.next()).getClass();
                        if (Intrinsics.areEqual(host, (Object) null)) {
                            z2 = true;
                            break;
                        }
                    }
                }
                z2 = false;
                if (z2) {
                    Set<Host> set2 = this.includeHosts;
                    if (!(set2 instanceof Collection) || !set2.isEmpty()) {
                        Iterator<T> it2 = set2.iterator();
                        while (it2.hasNext()) {
                            ((Host) it2.next()).getClass();
                            if (Intrinsics.areEqual(host, (Object) null)) {
                                z3 = true;
                                break;
                            }
                        }
                    }
                    z3 = false;
                    if (!z3) {
                        z = false;
                    }
                }
                if (!z) {
                    logServersFailed = new VerificationResult.Success.DisabledForHost(host);
                } else if (list.isEmpty()) {
                    logServersFailed = VerificationResult.Failure.NoCertificates.INSTANCE;
                } else {
                    CertificateChainCleaner certificateChainCleaner = (CertificateChainCleaner) this.cleaner$delegate.getValue();
                    ArrayList arrayList = new ArrayList();
                    for (Object obj : list) {
                        if (obj instanceof X509Certificate) {
                            arrayList.add(obj);
                        }
                    }
                    List<X509Certificate> clean = certificateChainCleaner.clean(arrayList, host);
                    if (clean.isEmpty()) {
                        logServersFailed = VerificationResult.Failure.NoCertificates.INSTANCE;
                    } else {
                        try {
                            runBlocking = BuildersKt.runBlocking(EmptyCoroutineContext.INSTANCE, new CertificateTransparencyBase$hasValidSignedCertificateTimestamp$result$1(this, null));
                            logListJsonFailedLoadingWithException = (LogListResult) runBlocking;
                        } catch (Exception e) {
                            logListJsonFailedLoadingWithException = new LogListJsonFailedLoadingWithException(e);
                        }
                        if (logListJsonFailedLoadingWithException instanceof LogListResult.Valid) {
                            List<LogServer> list2 = ((LogListResult.Valid) logListJsonFailedLoadingWithException).servers;
                            int mapCapacity = MapsKt__MapsJVMKt.mapCapacity(CollectionsKt__IteratorsJVMKt.collectionSizeOrDefault(list2, 10));
                            int i5 = 16;
                            if (mapCapacity < 16) {
                                mapCapacity = 16;
                            }
                            LinkedHashMap linkedHashMap = new LinkedHashMap(mapCapacity);
                            for (LogServer logServer : list2) {
                                String encodeToString = Base64.encodeToString(logServer.id, 0);
                                Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(data, android.util.Base64.DEFAULT)");
                                linkedHashMap.put(encodeToString, new LogSignatureVerifier(logServer));
                            }
                            X509Certificate x509Certificate = clean.get(0);
                            if (Utils.hasEmbeddedSct(x509Certificate)) {
                                try {
                                    List signedCertificateTimestamps = HttpClientKt.signedCertificateTimestamps(x509Certificate);
                                    int mapCapacity2 = MapsKt__MapsJVMKt.mapCapacity(CollectionsKt__IteratorsJVMKt.collectionSizeOrDefault(signedCertificateTimestamps, 10));
                                    if (mapCapacity2 >= 16) {
                                        i5 = mapCapacity2;
                                    }
                                    LinkedHashMap linkedHashMap2 = new LinkedHashMap(i5);
                                    for (Object obj2 : signedCertificateTimestamps) {
                                        String encodeToString2 = Base64.encodeToString(((SignedCertificateTimestamp) obj2).id.keyId, 0);
                                        Intrinsics.checkNotNullExpressionValue(encodeToString2, "encodeToString(data, android.util.Base64.DEFAULT)");
                                        linkedHashMap2.put(encodeToString2, obj2);
                                    }
                                    LinkedHashMap linkedHashMap3 = new LinkedHashMap(MapsKt__MapsJVMKt.mapCapacity(linkedHashMap2.size()));
                                    for (Object obj3 : linkedHashMap2.entrySet()) {
                                        Object key = ((Map.Entry) obj3).getKey();
                                        Map.Entry entry = (Map.Entry) obj3;
                                        String str = (String) entry.getKey();
                                        SignedCertificateTimestamp signedCertificateTimestamp = (SignedCertificateTimestamp) entry.getValue();
                                        LogSignatureVerifier logSignatureVerifier = (LogSignatureVerifier) linkedHashMap.get(str);
                                        SctVerificationResult verifySignature = logSignatureVerifier == null ? null : logSignatureVerifier.verifySignature(signedCertificateTimestamp, clean);
                                        if (verifySignature == null) {
                                            verifySignature = SctVerificationResult.Invalid.NoTrustedLogServerFound.INSTANCE;
                                        }
                                        linkedHashMap3.put(key, verifySignature);
                                    }
                                    logServersFailed = this.policy.policyVerificationResult(x509Certificate, linkedHashMap3);
                                } catch (IOException e2) {
                                    logServersFailed = new VerificationResult.Failure.UnknownIoException(e2);
                                }
                            } else {
                                logServersFailed = VerificationResult.Failure.NoScts.INSTANCE;
                            }
                        } else if (logListJsonFailedLoadingWithException instanceof LogListResult.Invalid) {
                            logServersFailed = new VerificationResult.Failure.LogServersFailed((LogListResult.Invalid) logListJsonFailedLoadingWithException);
                        } else {
                            if (logListJsonFailedLoadingWithException != null) {
                                throw new NoWhenBranchMatchedException();
                            }
                            logServersFailed = new VerificationResult.Failure.LogServersFailed(NoLogServers.INSTANCE);
                        }
                    }
                }
                CTLogger cTLogger = this.logger;
                if (cTLogger != null) {
                    ((DownloadCertsAndCheckTask.CTLoggerImpl) cTLogger).logger.d(host + " " + logServersFailed);
                }
                if ((logServersFailed instanceof VerificationResult.Failure) && this.failOnError) {
                    throw new CertificateException(Intrinsics.stringPlus(logServersFailed, "Certificate transparency failed. "));
                }
                return;
            }
            String nextToken = x500NameTokenizer.nextToken();
            if (nextToken.indexOf(43) > 0) {
                X500NameTokenizer x500NameTokenizer2 = new X500NameTokenizer(nextToken, '+');
                X500NameTokenizer x500NameTokenizer3 = new X500NameTokenizer(x500NameTokenizer2.nextToken(), '=');
                String nextToken2 = x500NameTokenizer3.nextToken();
                if (!x500NameTokenizer3.hasMoreTokens()) {
                    throw new IllegalArgumentException("badly formatted directory string");
                }
                String nextToken3 = x500NameTokenizer3.nextToken();
                ASN1ObjectIdentifier attrNameToOID = bCStyle.attrNameToOID(nextToken2.trim());
                if (x500NameTokenizer2.hasMoreTokens()) {
                    Vector vector = new Vector();
                    Vector vector2 = new Vector();
                    vector.addElement(attrNameToOID);
                    vector2.addElement(IETFUtils.unescape(nextToken3));
                    while (x500NameTokenizer2.hasMoreTokens()) {
                        X500NameTokenizer x500NameTokenizer4 = new X500NameTokenizer(x500NameTokenizer2.nextToken(), '=');
                        String nextToken4 = x500NameTokenizer4.nextToken();
                        if (!x500NameTokenizer4.hasMoreTokens()) {
                            throw new IllegalArgumentException("badly formatted directory string");
                        }
                        String nextToken5 = x500NameTokenizer4.nextToken();
                        vector.addElement(bCStyle.attrNameToOID(nextToken4.trim()));
                        vector2.addElement(IETFUtils.unescape(nextToken5));
                    }
                    int size2 = vector.size();
                    ASN1ObjectIdentifier[] aSN1ObjectIdentifierArr = new ASN1ObjectIdentifier[size2];
                    for (int i6 = 0; i6 != size2; i6++) {
                        aSN1ObjectIdentifierArr[i6] = (ASN1ObjectIdentifier) vector.elementAt(i6);
                    }
                    int size3 = vector2.size();
                    String[] strArr = new String[size3];
                    for (int i7 = 0; i7 != size3; i7++) {
                        strArr[i7] = (String) vector2.elementAt(i7);
                    }
                    ASN1Encodable[] aSN1EncodableArr = new ASN1Encodable[size3];
                    for (int i8 = 0; i8 != size3; i8++) {
                        AbstractX500NameStyle abstractX500NameStyle = x500NameBuilder.template;
                        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = aSN1ObjectIdentifierArr[i8];
                        String str2 = strArr[i8];
                        abstractX500NameStyle.getClass();
                        aSN1EncodableArr[i8] = AbstractX500NameStyle.stringToValue(aSN1ObjectIdentifier2, str2);
                    }
                    AttributeTypeAndValue[] attributeTypeAndValueArr = new AttributeTypeAndValue[size2];
                    for (int i9 = 0; i9 != size2; i9++) {
                        attributeTypeAndValueArr[i9] = new AttributeTypeAndValue(aSN1ObjectIdentifierArr[i9], aSN1EncodableArr[i9]);
                    }
                    x500NameBuilder.rdns.addElement(new RDN(attributeTypeAndValueArr));
                } else {
                    String unescape = IETFUtils.unescape(nextToken3);
                    x500NameBuilder.template.getClass();
                    x500NameBuilder.rdns.addElement(new RDN(attrNameToOID, AbstractX500NameStyle.stringToValue(attrNameToOID, unescape)));
                }
            } else {
                X500NameTokenizer x500NameTokenizer5 = new X500NameTokenizer(nextToken, '=');
                String nextToken6 = x500NameTokenizer5.nextToken();
                if (!x500NameTokenizer5.hasMoreTokens()) {
                    throw new IllegalArgumentException("badly formatted directory string");
                }
                String nextToken7 = x500NameTokenizer5.nextToken();
                ASN1ObjectIdentifier attrNameToOID2 = bCStyle.attrNameToOID(nextToken6.trim());
                String unescape2 = IETFUtils.unescape(nextToken7);
                x500NameBuilder.template.getClass();
                x500NameBuilder.rdns.addElement(new RDN(attrNameToOID2, AbstractX500NameStyle.stringToValue(attrNameToOID2, unescape2)));
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] acceptedIssuers = this.delegate.getAcceptedIssuers();
        Intrinsics.checkNotNullExpressionValue(acceptedIssuers, "delegate.acceptedIssuers");
        return acceptedIssuers;
    }
}
