package org.matrix.android.sdk.internal.network.ssl;

import android.os.Build;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import kotlin.collections.EmptyList;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.TlsVersion;
import org.matrix.android.sdk.api.auth.data.HomeServerConnectionConfig;
import timber.log.Timber;

/* compiled from: CertUtil.kt */
/* loaded from: classes4.dex */
public final class CertUtil {
    public static final char[] hexArray;

    /* compiled from: CertUtil.kt */
    /* loaded from: classes4.dex */
    public static final class PinnedSSLSocketFactory {
        public final SSLSocketFactory sslSocketFactory;
        public final X509TrustManager x509TrustManager;

        public PinnedSSLSocketFactory(SSLSocketFactory sSLSocketFactory, X509TrustManager x509TrustManager) {
            this.sslSocketFactory = sSLSocketFactory;
            this.x509TrustManager = x509TrustManager;
        }

        public final boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof PinnedSSLSocketFactory)) {
                return false;
            }
            PinnedSSLSocketFactory pinnedSSLSocketFactory = (PinnedSSLSocketFactory) obj;
            return Intrinsics.areEqual(this.sslSocketFactory, pinnedSSLSocketFactory.sslSocketFactory) && Intrinsics.areEqual(this.x509TrustManager, pinnedSSLSocketFactory.x509TrustManager);
        }

        public final int hashCode() {
            return this.x509TrustManager.hashCode() + (this.sslSocketFactory.hashCode() * 31);
        }

        public final String toString() {
            return "PinnedSSLSocketFactory(sslSocketFactory=" + this.sslSocketFactory + ", x509TrustManager=" + this.x509TrustManager + ")";
        }
    }

    static {
        char[] charArray = "0123456789ABCDEF".toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "this as java.lang.String).toCharArray()");
        hexArray = charArray;
    }

    public static byte[] generateFingerprint(String str, X509Certificate x509Certificate) throws CertificateException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            Intrinsics.checkNotNullExpressionValue(messageDigest, "getInstance(type)");
            byte[] digest = messageDigest.digest(x509Certificate.getEncoded());
            Intrinsics.checkNotNullExpressionValue(digest, "md.digest(cert.encoded)");
            return digest;
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }

    public static UnrecognizedCertificateException getCertificateException(Throwable th) {
        for (int i = 0; th != null && i < 10; i++) {
            if (th instanceof UnrecognizedCertificateException) {
                return (UnrecognizedCertificateException) th;
            }
            th = th.getCause();
        }
        return null;
    }

    /* JADX WARN: Code restructure failed: missing block: B:18:0x0076, code lost:
    
        if (kotlin.text.StringsKt__StringsJVMKt.startsWith(r5, "http://", false) != false) goto L23;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.ArrayList newConnectionSpecs(org.matrix.android.sdk.api.auth.data.HomeServerConnectionConfig r5) {
        /*
            java.lang.String r0 = "hsConfig"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r5, r0)
            okhttp3.ConnectionSpec$Builder r0 = new okhttp3.ConnectionSpec$Builder
            okhttp3.ConnectionSpec r1 = okhttp3.ConnectionSpec.RESTRICTED_TLS
            r0.<init>(r1)
            r1 = 1
            r2 = 0
            java.util.List<okhttp3.TlsVersion> r3 = r5.tlsVersions
            if (r3 == 0) goto L1b
            boolean r4 = r3.isEmpty()
            if (r4 == 0) goto L19
            goto L1b
        L19:
            r4 = 0
            goto L1c
        L1b:
            r4 = 1
        L1c:
            if (r4 != 0) goto L30
            okhttp3.TlsVersion[] r4 = new okhttp3.TlsVersion[r2]
            java.lang.Object[] r3 = r3.toArray(r4)
            okhttp3.TlsVersion[] r3 = (okhttp3.TlsVersion[]) r3
            int r4 = r3.length
            java.lang.Object[] r3 = java.util.Arrays.copyOf(r3, r4)
            okhttp3.TlsVersion[] r3 = (okhttp3.TlsVersion[]) r3
            r0.tlsVersions(r3)
        L30:
            java.util.List<okhttp3.CipherSuite> r3 = r5.tlsCipherSuites
            if (r3 == 0) goto L3c
            boolean r4 = r3.isEmpty()
            if (r4 == 0) goto L3b
            goto L3c
        L3b:
            r1 = 0
        L3c:
            if (r1 != 0) goto L50
            okhttp3.CipherSuite[] r1 = new okhttp3.CipherSuite[r2]
            java.lang.Object[] r1 = r3.toArray(r1)
            okhttp3.CipherSuite[] r1 = (okhttp3.CipherSuite[]) r1
            int r3 = r1.length
            java.lang.Object[] r1 = java.util.Arrays.copyOf(r1, r3)
            okhttp3.CipherSuite[] r1 = (okhttp3.CipherSuite[]) r1
            r0.cipherSuites(r1)
        L50:
            boolean r1 = r5.shouldAcceptTlsExtensions
            r0.supportsTlsExtensions(r1)
            java.util.ArrayList r1 = new java.util.ArrayList
            r1.<init>()
            okhttp3.ConnectionSpec r0 = r0.build()
            r1.add(r0)
            boolean r0 = r5.allowHttpExtension
            if (r0 != 0) goto L78
            android.net.Uri r5 = r5.homeServerUriBase
            java.lang.String r5 = r5.toString()
            java.lang.String r0 = "hsConfig.homeServerUriBase.toString()"
            kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r5, r0)
            java.lang.String r0 = "http://"
            boolean r5 = kotlin.text.StringsKt__StringsJVMKt.startsWith(r5, r0, r2)
            if (r5 == 0) goto L7d
        L78:
            okhttp3.ConnectionSpec r5 = okhttp3.ConnectionSpec.CLEARTEXT
            r1.add(r5)
        L7d:
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.matrix.android.sdk.internal.network.ssl.CertUtil.newConnectionSpecs(org.matrix.android.sdk.api.auth.data.HomeServerConnectionConfig):java.util.ArrayList");
    }

    public static PinnedSSLSocketFactory newPinnedSSLSocketFactory(HomeServerConnectionConfig hsConfig) {
        TrustManagerFactory trustManagerFactory;
        X509TrustManager x509TrustManager;
        TrustManager pinnedTrustManager;
        SSLSocketFactory sslSocketFactory;
        Intrinsics.checkNotNullParameter(hsConfig, "hsConfig");
        try {
            if (!hsConfig.shouldPin) {
                try {
                    trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
                } catch (Exception e) {
                    Timber.Forest.e(e, "## newPinnedSSLSocketFactory() : TrustManagerFactory.getInstance failed", new Object[0]);
                    trustManagerFactory = null;
                }
                if (trustManagerFactory == null) {
                    try {
                        trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    } catch (Exception e2) {
                        Timber.Forest.e(e2, "## newPinnedSSLSocketFactory() : TrustManagerFactory.getInstance of default failed", new Object[0]);
                    }
                }
                Intrinsics.checkNotNull(trustManagerFactory);
                trustManagerFactory.init((KeyStore) null);
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    if (trustManager instanceof X509TrustManager) {
                        Intrinsics.checkNotNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                        x509TrustManager = (X509TrustManager) trustManager;
                        break;
                    }
                }
            }
            x509TrustManager = null;
            TrustManager[] trustManagerArr = new TrustManager[1];
            List list = hsConfig.allowedFingerprints;
            if (Build.VERSION.SDK_INT < 24 || !(x509TrustManager instanceof X509ExtendedTrustManager)) {
                if (list == null) {
                    list = EmptyList.INSTANCE;
                }
                pinnedTrustManager = new PinnedTrustManager(list, x509TrustManager);
            } else {
                if (list == null) {
                    list = EmptyList.INSTANCE;
                }
                pinnedTrustManager = new PinnedTrustManagerApi24(list, (X509ExtendedTrustManager) x509TrustManager);
            }
            trustManagerArr[0] = pinnedTrustManager;
            if (hsConfig.forceUsageTlsVersions) {
                List<TlsVersion> list2 = hsConfig.tlsVersions;
                if (!(list2 == null || list2.isEmpty())) {
                    sslSocketFactory = new TLSSocketFactory(trustManagerArr, list2);
                    Intrinsics.checkNotNullExpressionValue(sslSocketFactory, "sslSocketFactory");
                    Intrinsics.checkNotNull(x509TrustManager);
                    return new PinnedSSLSocketFactory(sslSocketFactory, x509TrustManager);
                }
            }
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            sslSocketFactory = sSLContext.getSocketFactory();
            Intrinsics.checkNotNullExpressionValue(sslSocketFactory, "sslSocketFactory");
            Intrinsics.checkNotNull(x509TrustManager);
            return new PinnedSSLSocketFactory(sslSocketFactory, x509TrustManager);
        } catch (Exception e3) {
            throw new RuntimeException(e3);
        }
    }
}
