package com.appmattus.certificatetransparency.internal.verifier;

import com.appmattus.certificatetransparency.SctVerificationResult;
import com.appmattus.certificatetransparency.VerificationResult;
import com.appmattus.certificatetransparency.chaincleaner.CertificateChainCleaner;
import com.appmattus.certificatetransparency.internal.loglist.LogListJsonFailedLoadingWithException;
import com.appmattus.certificatetransparency.internal.loglist.NoLogServers;
import com.appmattus.certificatetransparency.internal.utils.Base64;
import com.appmattus.certificatetransparency.internal.utils.CertificateExtKt;
import com.appmattus.certificatetransparency.internal.utils.X509CertificateExtKt;
import com.appmattus.certificatetransparency.internal.verifier.model.Host;
import com.appmattus.certificatetransparency.internal.verifier.model.SignedCertificateTimestamp;
import com.appmattus.certificatetransparency.loglist.LogListResult;
import com.appmattus.certificatetransparency.loglist.LogListService;
import com.appmattus.certificatetransparency.loglist.LogServer;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.CollectionsKt;
import kotlin.collections.EmptyList;
import kotlin.collections.MapsKt;
import kotlin.coroutines.EmptyCoroutineContext;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.coroutines.BuildersKt;
import okhttp3.Connection;
import okhttp3.Handshake;
import okhttp3.Interceptor;
import okhttp3.Response;

/* compiled from: CertificateTransparencyInterceptor.kt */
@Metadata(d1 = {"\u0000\u000e\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\b\u0000\u0018\u00002\u00020\u00012\u00020\u0002¨\u0006\u0003"}, d2 = {"Lcom/appmattus/certificatetransparency/internal/verifier/CertificateTransparencyInterceptor;", "Lokhttp3/Interceptor;", "Lcom/appmattus/certificatetransparency/internal/verifier/CertificateTransparencyBase;", "certificatetransparency"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes.dex */
public final class CertificateTransparencyInterceptor extends CertificateTransparencyBase implements Interceptor {
    public final boolean g;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public CertificateTransparencyInterceptor(Set includeHosts, Set excludeHosts, LogListService logListService, boolean z) {
        super(includeHosts, excludeHosts, logListService);
        Intrinsics.f(includeHosts, "includeHosts");
        Intrinsics.f(excludeHosts, "excludeHosts");
        this.g = z;
    }

    @Override // okhttp3.Interceptor
    public final Response intercept(Interceptor.Chain chain) {
        List<Certificate> certificates;
        VerificationResult insecureConnection;
        boolean z;
        LogListResult logListJsonFailedLoadingWithException;
        VerificationResult logServersFailed;
        SctVerificationResult sctVerificationResult;
        Object d;
        boolean z2;
        Intrinsics.f(chain, "chain");
        String host = chain.request().url().host();
        Connection connection = chain.connection();
        if (connection == null) {
            throw new IllegalStateException("No connection found. Verify interceptor is added using addNetworkInterceptor");
        }
        Handshake handshake = connection.getHandshake();
        if (handshake == null || (certificates = handshake.peerCertificates()) == null) {
            certificates = EmptyList.b;
        }
        if (connection.socket() instanceof SSLSocket) {
            Intrinsics.f(host, "host");
            Intrinsics.f(certificates, "certificates");
            Set<Host> set = this.b;
            boolean z3 = true;
            if (!(set instanceof Collection) || !set.isEmpty()) {
                Iterator<T> it = set.iterator();
                while (it.hasNext()) {
                    if (((Host) it.next()).a(host)) {
                        z = true;
                        break;
                    }
                }
            }
            z = false;
            if (z) {
                Set<Host> set2 = this.a;
                if (!(set2 instanceof Collection) || !set2.isEmpty()) {
                    Iterator<T> it2 = set2.iterator();
                    while (it2.hasNext()) {
                        if (((Host) it2.next()).a(host)) {
                            z2 = true;
                            break;
                        }
                    }
                }
                z2 = false;
                if (!z2) {
                    z3 = false;
                }
            }
            if (!z3) {
                insecureConnection = new VerificationResult.Success.DisabledForHost(host);
            } else if (certificates.isEmpty()) {
                insecureConnection = VerificationResult.Failure.NoCertificates.b;
            } else {
                CertificateChainCleaner certificateChainCleaner = (CertificateChainCleaner) this.d.getValue();
                ArrayList arrayList = new ArrayList();
                for (Object obj : certificates) {
                    if (obj instanceof X509Certificate) {
                        arrayList.add(obj);
                    }
                }
                List<X509Certificate> clean = certificateChainCleaner.clean(arrayList, host);
                if (clean.isEmpty()) {
                    insecureConnection = VerificationResult.Failure.NoCertificates.b;
                } else {
                    try {
                        d = BuildersKt.d(EmptyCoroutineContext.b, new CertificateTransparencyBase$hasValidSignedCertificateTimestamp$result$1(this, null));
                        logListJsonFailedLoadingWithException = (LogListResult) d;
                    } catch (Exception e) {
                        logListJsonFailedLoadingWithException = new LogListJsonFailedLoadingWithException(e);
                    }
                    if (logListJsonFailedLoadingWithException instanceof LogListResult.Valid) {
                        List<LogServer> list = ((LogListResult.Valid) logListJsonFailedLoadingWithException).a;
                        int f = MapsKt.f(CollectionsKt.s(list, 10));
                        int i = 16;
                        if (f < 16) {
                            f = 16;
                        }
                        LinkedHashMap linkedHashMap = new LinkedHashMap(f);
                        for (LogServer logServer : list) {
                            Base64 base64 = Base64.a;
                            byte[] bArr = logServer.c;
                            base64.getClass();
                            linkedHashMap.put(org.bouncycastle.util.encoders.Base64.b(bArr), new LogSignatureVerifier(logServer));
                        }
                        X509Certificate x509Certificate = clean.get(0);
                        if (CertificateExtKt.a(x509Certificate)) {
                            try {
                                List<SignedCertificateTimestamp> a = X509CertificateExtKt.a(x509Certificate);
                                int f2 = MapsKt.f(CollectionsKt.s(a, 10));
                                if (f2 >= 16) {
                                    i = f2;
                                }
                                LinkedHashMap linkedHashMap2 = new LinkedHashMap(i);
                                for (Object obj2 : a) {
                                    Base64 base642 = Base64.a;
                                    byte[] bArr2 = ((SignedCertificateTimestamp) obj2).b.a;
                                    base642.getClass();
                                    linkedHashMap2.put(org.bouncycastle.util.encoders.Base64.b(bArr2), obj2);
                                }
                                LinkedHashMap linkedHashMap3 = new LinkedHashMap(MapsKt.f(linkedHashMap2.size()));
                                for (Object obj3 : linkedHashMap2.entrySet()) {
                                    Object key = ((Map.Entry) obj3).getKey();
                                    Map.Entry entry = (Map.Entry) obj3;
                                    String str = (String) entry.getKey();
                                    SignedCertificateTimestamp signedCertificateTimestamp = (SignedCertificateTimestamp) entry.getValue();
                                    LogSignatureVerifier logSignatureVerifier = (LogSignatureVerifier) linkedHashMap.get(str);
                                    if (logSignatureVerifier == null || (sctVerificationResult = logSignatureVerifier.g(signedCertificateTimestamp, clean)) == null) {
                                        sctVerificationResult = SctVerificationResult.Invalid.NoTrustedLogServerFound.a;
                                    }
                                    linkedHashMap3.put(key, sctVerificationResult);
                                }
                                logServersFailed = this.f.a(x509Certificate, linkedHashMap3);
                            } catch (IOException e2) {
                                insecureConnection = new VerificationResult.Failure.UnknownIoException(e2);
                            }
                        } else {
                            logServersFailed = VerificationResult.Failure.NoScts.b;
                        }
                    } else if (logListJsonFailedLoadingWithException instanceof LogListResult.Invalid) {
                        logServersFailed = new VerificationResult.Failure.LogServersFailed((LogListResult.Invalid) logListJsonFailedLoadingWithException);
                    } else {
                        if (logListJsonFailedLoadingWithException != null) {
                            throw new NoWhenBranchMatchedException();
                        }
                        logServersFailed = new VerificationResult.Failure.LogServersFailed(NoLogServers.a);
                    }
                    insecureConnection = logServersFailed;
                }
            }
        } else {
            insecureConnection = new VerificationResult.Success.InsecureConnection(host);
        }
        if ((insecureConnection instanceof VerificationResult.Failure) && this.g) {
            throw new SSLPeerUnverifiedException("Certificate transparency failed");
        }
        return chain.proceed(chain.request());
    }
}
