package me.proton.core.network.presentation.ui.webview;

import android.content.Context;
import android.net.Uri;
import android.net.http.SslCertificate;
import android.net.http.SslError;
import android.os.Build;
import android.util.Base64;
import android.webkit.SslErrorHandler;
import android.webkit.WebResourceRequest;
import android.webkit.WebView;
import android.webkit.WebViewClient;
import androidx.compose.material.ListItemKt;
import java.io.ByteArrayInputStream;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import kotlin.Result;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt__IterablesKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.internal.Intrinsics;
import me.proton.core.network.data.NetworkPrefsImpl;
import me.proton.core.network.data.PublicKeyPin;
import me.proton.core.network.data.client.ExtraHeaderProviderImpl;
import me.proton.core.network.data.di.Constants;
import me.proton.core.network.domain.NetworkPrefs;
import okio.Okio;

/* loaded from: classes.dex */
public abstract class ProtonWebViewClient extends WebViewClient {
    public final ExtraHeaderProviderImpl extraHeaderProvider;
    public boolean isFinished;
    public final NetworkPrefs networkPrefs;
    public boolean shouldOpenLinkInBrowser;

    public ProtonWebViewClient(NetworkPrefs networkPrefs, ExtraHeaderProviderImpl extraHeaderProvider) {
        Intrinsics.checkNotNullParameter(networkPrefs, "networkPrefs");
        Intrinsics.checkNotNullParameter(extraHeaderProvider, "extraHeaderProvider");
        this.networkPrefs = networkPrefs;
        this.extraHeaderProvider = extraHeaderProvider;
        this.shouldOpenLinkInBrowser = true;
    }

    public final boolean isAlternativeHost(Uri uri) {
        Intrinsics.checkNotNullParameter(uri, "<this>");
        String activeAltBaseUrl = ((NetworkPrefsImpl) this.networkPrefs).getActiveAltBaseUrl();
        Uri parse = activeAltBaseUrl != null ? Uri.parse(activeAltBaseUrl) : null;
        if (parse != null) {
            return Intrinsics.areEqual(uri.getHost(), parse.getHost());
        }
        return false;
    }

    @Override // android.webkit.WebViewClient
    public void onPageFinished(WebView webView, String str) {
        this.isFinished = true;
    }

    @Override // android.webkit.WebViewClient
    public final void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
        Object createFailure;
        Certificate certificate;
        X509Certificate x509Certificate;
        Object createFailure2;
        byte[] digest;
        Intrinsics.checkNotNullParameter(view, "view");
        Intrinsics.checkNotNullParameter(handler, "handler");
        Intrinsics.checkNotNullParameter(error, "error");
        String url = error.getUrl();
        Intrinsics.checkNotNullExpressionValue(url, "getUrl(...)");
        boolean z = false;
        if (isAlternativeHost(Uri.parse(url)) && error.getPrimaryError() == 3) {
            SslCertificate certificate2 = error.getCertificate();
            Intrinsics.checkNotNullExpressionValue(certificate2, "getCertificate(...)");
            if (29 <= Build.VERSION.SDK_INT) {
                x509Certificate = certificate2.getX509Certificate();
            } else {
                byte[] byteArray = SslCertificate.saveState(certificate2).getByteArray("x509-certificate");
                if (byteArray != null) {
                    try {
                        createFailure = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
                    } catch (Throwable th) {
                        createFailure = Okio.createFailure(th);
                    }
                    if (createFailure instanceof Result.Failure) {
                        createFailure = null;
                    }
                    certificate = (Certificate) createFailure;
                } else {
                    certificate = null;
                }
                x509Certificate = certificate instanceof X509Certificate ? (X509Certificate) certificate : null;
            }
            if (x509Certificate != null) {
                List<String> pinnedSPKIHashes = Constants.ALTERNATIVE_API_SPKI_PINS;
                Intrinsics.checkNotNullParameter(pinnedSPKIHashes, "pinnedSPKIHashes");
                ArrayList arrayList = new ArrayList(CollectionsKt__IterablesKt.collectionSizeOrDefault(pinnedSPKIHashes, 10));
                for (String sha256HashBase64 : pinnedSPKIHashes) {
                    Intrinsics.checkNotNullParameter(sha256HashBase64, "sha256HashBase64");
                    byte[] decode = Base64.decode(sha256HashBase64, 0);
                    if (decode.length != 32) {
                        throw new IllegalArgumentException("Invalid pin: length is not 32 bytes");
                    }
                    arrayList.add(new PublicKeyPin(decode));
                }
                try {
                    Certificate certificate3 = (Certificate) ArraysKt.first(new X509Certificate[]{x509Certificate});
                    Intrinsics.checkNotNullParameter(certificate3, "certificate");
                    MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                    messageDigest.reset();
                    digest = messageDigest.digest(certificate3.getPublicKey().getEncoded());
                    Intrinsics.checkNotNull(digest);
                } catch (Throwable th2) {
                    createFailure2 = Okio.createFailure(th2);
                }
                if (!arrayList.contains(new PublicKeyPin(digest))) {
                    throw new CertificateException("Pin verification failed");
                }
                createFailure2 = Unit.INSTANCE;
                z = !(createFailure2 instanceof Result.Failure);
            }
        }
        if (z) {
            handler.proceed();
        } else {
            handler.cancel();
        }
    }

    @Override // android.webkit.WebViewClient
    public boolean shouldOverrideUrlLoading(WebView view, WebResourceRequest request) {
        Intrinsics.checkNotNullParameter(view, "view");
        Intrinsics.checkNotNullParameter(request, "request");
        if (!this.shouldOpenLinkInBrowser) {
            return false;
        }
        String uri = request.getUrl().toString();
        Intrinsics.checkNotNullExpressionValue(uri, "toString(...)");
        if (!this.isFinished) {
            view.loadUrl(uri, MapsKt.toMap(this.extraHeaderProvider.headers));
            return true;
        }
        Context context = view.getContext();
        Intrinsics.checkNotNullExpressionValue(context, "getContext(...)");
        ListItemKt.openBrowserLink(context, uri);
        return true;
    }
}
