package ru.domesticroots.certificatetransparency.internal.verifier;

import android.util.Base64;
import ch.qos.logback.core.CoreConstants;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.coroutines.EmptyCoroutineContext;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.coroutines.BuildersKt;
import ru.domesticroots.bouncycastle.asn1.ASN1Encodable;
import ru.domesticroots.bouncycastle.asn1.ASN1Object;
import ru.domesticroots.bouncycastle.asn1.ASN1ObjectIdentifier;
import ru.domesticroots.bouncycastle.asn1.ASN1Set;
import ru.domesticroots.bouncycastle.asn1.x500.AttributeTypeAndValue;
import ru.domesticroots.bouncycastle.asn1.x500.RDN;
import ru.domesticroots.bouncycastle.asn1.x500.X500Name;
import ru.domesticroots.bouncycastle.asn1.x500.style.BCStyle;
import ru.domesticroots.bouncycastle.asn1.x500.style.IETFUtils;
import ru.domesticroots.bouncycastle.asn1.x500.style.X500NameTokenizer;
import ru.domesticroots.certificatetransparency.CTLogger;
import ru.domesticroots.certificatetransparency.SctVerificationResult;
import ru.domesticroots.certificatetransparency.VerificationResult;
import ru.domesticroots.certificatetransparency.cache.AndroidDiskCache;
import ru.domesticroots.certificatetransparency.chaincleaner.CertificateChainCleaner;
import ru.domesticroots.certificatetransparency.internal.loglist.LogListJsonFailedLoadingWithException;
import ru.domesticroots.certificatetransparency.internal.loglist.NoLogServers;
import ru.domesticroots.certificatetransparency.internal.utils.X509CertificateExtKt;
import ru.domesticroots.certificatetransparency.internal.verifier.model.Host;
import ru.domesticroots.certificatetransparency.internal.verifier.model.SignedCertificateTimestamp;
import ru.domesticroots.certificatetransparency.loglist.LogListDataSourceFactory$createLogListService$1;
import ru.domesticroots.certificatetransparency.loglist.LogListResult;
import ru.domesticroots.certificatetransparency.loglist.LogServer;

@Metadata(d1 = {"\u0000\u000e\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\b\u0000\u0018\u00002\u00020\u00012\u00020\u0002¨\u0006\u0003"}, d2 = {"Lru/domesticroots/certificatetransparency/internal/verifier/CertificateTransparencyTrustManager;", "Ljavax/net/ssl/X509TrustManager;", "Lru/domesticroots/certificatetransparency/internal/verifier/CertificateTransparencyBase;", "domesticroots-certificatetransparency_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes4.dex */
public final class CertificateTransparencyTrustManager extends CertificateTransparencyBase implements X509TrustManager {
    public final X509TrustManager f;
    public final boolean g;
    public final CTLogger h;

    public CertificateTransparencyTrustManager(X509TrustManager x509TrustManager, Set set, Set set2, LogListDataSourceFactory$createLogListService$1 logListDataSourceFactory$createLogListService$1, AndroidDiskCache androidDiskCache, boolean z, CTLogger cTLogger) {
        super(set, set2, x509TrustManager, logListDataSourceFactory$createLogListService$1, androidDiskCache);
        this.f = x509TrustManager;
        this.g = z;
        this.h = cTLogger;
        try {
            x509TrustManager.getClass().getDeclaredMethod("checkServerTrusted", X509Certificate[].class, String.class, String.class);
        } catch (NoSuchMethodException unused) {
        }
        try {
            this.f.getClass().getDeclaredMethod("isSameTrustConfiguration", String.class, String.class);
        } catch (NoSuchMethodException unused2) {
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] chain, String authType) {
        Intrinsics.i(chain, "chain");
        Intrinsics.i(authType, "authType");
        this.f.checkClientTrusted(chain, authType);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r15v5, types: [ru.domesticroots.bouncycastle.asn1.x500.X500NameBuilder, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r4v14, types: [ru.domesticroots.bouncycastle.asn1.x500.RDN, ru.domesticroots.bouncycastle.asn1.ASN1Object, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r5v20, types: [ru.domesticroots.bouncycastle.asn1.DERSet, ru.domesticroots.bouncycastle.asn1.ASN1Set] */
    /* JADX WARN: Type inference failed for: r7v12, types: [ru.domesticroots.bouncycastle.asn1.x500.AttributeTypeAndValue, ru.domesticroots.bouncycastle.asn1.ASN1Object] */
    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] chain, String authType) {
        VerificationResult disabledForHost;
        LogListResult logListJsonFailedLoadingWithException;
        Intrinsics.i(chain, "chain");
        Intrinsics.i(authType, "authType");
        this.f.checkServerTrusted(chain, authType);
        String name = ((X509Certificate) ArraysKt.E(chain)).getSubjectX500Principal().getName();
        BCStyle bCStyle = X500Name.g;
        bCStyle.getClass();
        X500NameTokenizer x500NameTokenizer = new X500NameTokenizer(name, CoreConstants.COMMA_CHAR);
        ?? obj = new Object();
        obj.b = new Vector();
        obj.a = bCStyle;
        while (true) {
            if (!x500NameTokenizer.a()) {
                Vector vector = obj.b;
                int size = vector.size();
                RDN[] rdnArr = new RDN[size];
                for (int i = 0; i != size; i++) {
                    rdnArr[i] = (RDN) vector.elementAt(i);
                }
                X500Name x500Name = new X500Name(bCStyle, (RDN[]) new X500Name(obj.a, rdnArr).e.clone());
                x500Name.d = bCStyle;
                ASN1ObjectIdentifier aSN1ObjectIdentifier = BCStyle.d;
                RDN[] rdnArr2 = x500Name.e;
                int length = rdnArr2.length;
                RDN[] rdnArr3 = new RDN[length];
                int i2 = 0;
                for (int i3 = 0; i3 != rdnArr2.length; i3++) {
                    RDN rdn = rdnArr2[i3];
                    ASN1Set aSN1Set = rdn.b;
                    int length2 = aSN1Set.b.length;
                    int i4 = 0;
                    while (true) {
                        if (i4 >= length2) {
                            break;
                        }
                        if (AttributeTypeAndValue.m(aSN1Set.b[i4]).b.r(aSN1ObjectIdentifier)) {
                            rdnArr3[i2] = rdn;
                            i2++;
                            break;
                        }
                        i4++;
                    }
                }
                if (i2 < length) {
                    RDN[] rdnArr4 = new RDN[i2];
                    System.arraycopy(rdnArr3, 0, rdnArr4, 0, i2);
                    rdnArr3 = rdnArr4;
                }
                String host = rdnArr3[0].m().c.toString();
                List j0 = ArraysKt.j0(chain);
                Intrinsics.i(host, "host");
                Set<Host> set = this.b;
                if (!(set instanceof Collection) || !set.isEmpty()) {
                    Iterator<T> it = set.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        ((Host) it.next()).getClass();
                        if (host.equals(null)) {
                            Set<Host> set2 = this.a;
                            if (!(set2 instanceof Collection) || !set2.isEmpty()) {
                                Iterator<T> it2 = set2.iterator();
                                while (it2.hasNext()) {
                                    ((Host) it2.next()).getClass();
                                    if (host.equals(null)) {
                                    }
                                }
                            }
                            disabledForHost = new VerificationResult.Success.DisabledForHost(host);
                        }
                    }
                }
                if (j0.isEmpty()) {
                    disabledForHost = VerificationResult.Failure.NoCertificates.a;
                } else {
                    CertificateChainCleaner certificateChainCleaner = (CertificateChainCleaner) this.c.getValue();
                    ArrayList arrayList = new ArrayList();
                    for (Object obj2 : j0) {
                        if (obj2 instanceof X509Certificate) {
                            arrayList.add(obj2);
                        }
                    }
                    List<X509Certificate> clean = certificateChainCleaner.clean(arrayList, host);
                    if (clean.isEmpty()) {
                        disabledForHost = VerificationResult.Failure.NoCertificates.a;
                    } else {
                        try {
                            logListJsonFailedLoadingWithException = (LogListResult) BuildersKt.d(EmptyCoroutineContext.b, new CertificateTransparencyBase$hasValidSignedCertificateTimestamp$result$1(this, null));
                        } catch (Exception e) {
                            logListJsonFailedLoadingWithException = new LogListJsonFailedLoadingWithException(e);
                        }
                        if (logListJsonFailedLoadingWithException instanceof LogListResult.Valid) {
                            ArrayList<LogServer> arrayList2 = ((LogListResult.Valid) logListJsonFailedLoadingWithException).a;
                            int f = MapsKt.f(CollectionsKt.u(arrayList2, 10));
                            int i5 = 16;
                            if (f < 16) {
                                f = 16;
                            }
                            LinkedHashMap linkedHashMap = new LinkedHashMap(f);
                            for (LogServer logServer : arrayList2) {
                                String encodeToString = Base64.encodeToString(logServer.c, 0);
                                Intrinsics.h(encodeToString, "encodeToString(data, android.util.Base64.DEFAULT)");
                                linkedHashMap.put(encodeToString, new LogSignatureVerifier(logServer));
                            }
                            X509Certificate x509Certificate = clean.get(0);
                            Intrinsics.i(x509Certificate, "<this>");
                            Set<String> nonCriticalExtensionOIDs = x509Certificate.getNonCriticalExtensionOIDs();
                            if (nonCriticalExtensionOIDs != null && nonCriticalExtensionOIDs.contains("1.3.6.1.4.1.11129.2.4.2")) {
                                try {
                                    List<SignedCertificateTimestamp> a = X509CertificateExtKt.a(x509Certificate);
                                    int f2 = MapsKt.f(CollectionsKt.u(a, 10));
                                    if (f2 >= 16) {
                                        i5 = f2;
                                    }
                                    LinkedHashMap linkedHashMap2 = new LinkedHashMap(i5);
                                    for (Object obj3 : a) {
                                        String encodeToString2 = Base64.encodeToString(((SignedCertificateTimestamp) obj3).b.a, 0);
                                        Intrinsics.h(encodeToString2, "encodeToString(data, android.util.Base64.DEFAULT)");
                                        linkedHashMap2.put(encodeToString2, obj3);
                                    }
                                    LinkedHashMap linkedHashMap3 = new LinkedHashMap(MapsKt.f(linkedHashMap2.size()));
                                    for (Object obj4 : linkedHashMap2.entrySet()) {
                                        Object key = ((Map.Entry) obj4).getKey();
                                        Map.Entry entry = (Map.Entry) obj4;
                                        String str = (String) entry.getKey();
                                        SignedCertificateTimestamp signedCertificateTimestamp = (SignedCertificateTimestamp) entry.getValue();
                                        LogSignatureVerifier logSignatureVerifier = (LogSignatureVerifier) linkedHashMap.get(str);
                                        SctVerificationResult g = logSignatureVerifier == null ? null : logSignatureVerifier.g(signedCertificateTimestamp, clean);
                                        if (g == null) {
                                            g = SctVerificationResult.Invalid.NoTrustedLogServerFound.a;
                                        }
                                        linkedHashMap3.put(key, g);
                                    }
                                    disabledForHost = this.e.a(x509Certificate, linkedHashMap3);
                                } catch (IOException e2) {
                                    disabledForHost = new VerificationResult.Failure.UnknownIoException(e2);
                                }
                            } else {
                                disabledForHost = VerificationResult.Failure.NoScts.a;
                            }
                        } else if (logListJsonFailedLoadingWithException instanceof LogListResult.Invalid) {
                            disabledForHost = new VerificationResult.Failure.LogServersFailed((LogListResult.Invalid) logListJsonFailedLoadingWithException);
                        } else {
                            if (logListJsonFailedLoadingWithException != null) {
                                throw new NoWhenBranchMatchedException();
                            }
                            disabledForHost = new VerificationResult.Failure.LogServersFailed(NoLogServers.a);
                        }
                    }
                }
                CTLogger cTLogger = this.h;
                if (cTLogger != null) {
                    cTLogger.a(host, disabledForHost);
                }
                if ((disabledForHost instanceof VerificationResult.Failure) && this.g) {
                    throw new CertificateException(Intrinsics.o(disabledForHost, "Certificate transparency failed. "));
                }
                return;
            }
            String b = x500NameTokenizer.b();
            if (b.indexOf(43) > 0) {
                X500NameTokenizer x500NameTokenizer2 = new X500NameTokenizer(b, '+');
                X500NameTokenizer x500NameTokenizer3 = new X500NameTokenizer(x500NameTokenizer2.b(), '=');
                String b2 = x500NameTokenizer3.b();
                if (!x500NameTokenizer3.a()) {
                    throw new IllegalArgumentException("badly formatted directory string");
                }
                String b3 = x500NameTokenizer3.b();
                ASN1ObjectIdentifier d = bCStyle.d(b2.trim());
                if (x500NameTokenizer2.a()) {
                    Vector vector2 = new Vector();
                    Vector vector3 = new Vector();
                    vector2.addElement(d);
                    vector3.addElement(IETFUtils.d(b3));
                    while (x500NameTokenizer2.a()) {
                        X500NameTokenizer x500NameTokenizer4 = new X500NameTokenizer(x500NameTokenizer2.b(), '=');
                        String b4 = x500NameTokenizer4.b();
                        if (!x500NameTokenizer4.a()) {
                            throw new IllegalArgumentException("badly formatted directory string");
                        }
                        String b5 = x500NameTokenizer4.b();
                        vector2.addElement(bCStyle.d(b4.trim()));
                        vector3.addElement(IETFUtils.d(b5));
                    }
                    int size2 = vector2.size();
                    ASN1ObjectIdentifier[] aSN1ObjectIdentifierArr = new ASN1ObjectIdentifier[size2];
                    for (int i6 = 0; i6 != size2; i6++) {
                        aSN1ObjectIdentifierArr[i6] = (ASN1ObjectIdentifier) vector2.elementAt(i6);
                    }
                    int size3 = vector3.size();
                    String[] strArr = new String[size3];
                    for (int i7 = 0; i7 != size3; i7++) {
                        strArr[i7] = (String) vector3.elementAt(i7);
                    }
                    ASN1Encodable[] aSN1EncodableArr = new ASN1Encodable[size3];
                    for (int i8 = 0; i8 != size3; i8++) {
                        aSN1EncodableArr[i8] = obj.a.c(aSN1ObjectIdentifierArr[i8], strArr[i8]);
                    }
                    AttributeTypeAndValue[] attributeTypeAndValueArr = new AttributeTypeAndValue[size2];
                    for (int i9 = 0; i9 != size2; i9++) {
                        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = aSN1ObjectIdentifierArr[i9];
                        ASN1Encodable aSN1Encodable = aSN1EncodableArr[i9];
                        ?? aSN1Object = new ASN1Object();
                        aSN1Object.b = aSN1ObjectIdentifier2;
                        aSN1Object.c = aSN1Encodable;
                        attributeTypeAndValueArr[i9] = aSN1Object;
                    }
                    Vector vector4 = obj.b;
                    ?? aSN1Object2 = new ASN1Object();
                    ?? aSN1Set2 = new ASN1Set(attributeTypeAndValueArr);
                    aSN1Set2.e = -1;
                    aSN1Object2.b = aSN1Set2;
                    vector4.addElement(aSN1Object2);
                } else {
                    obj.a(d, IETFUtils.d(b3));
                }
            } else {
                X500NameTokenizer x500NameTokenizer5 = new X500NameTokenizer(b, '=');
                String b6 = x500NameTokenizer5.b();
                if (!x500NameTokenizer5.a()) {
                    throw new IllegalArgumentException("badly formatted directory string");
                }
                obj.a(bCStyle.d(b6.trim()), IETFUtils.d(x500NameTokenizer5.b()));
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] acceptedIssuers = this.f.getAcceptedIssuers();
        Intrinsics.h(acceptedIssuers, "delegate.acceptedIssuers");
        return acceptedIssuers;
    }
}
