package org.matrix.android.sdk.internal.network.ssl;

import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.TlsVersion;
import okhttp3.internal.tls.OkHostnameVerifier;
import org.matrix.android.sdk.api.auth.data.HomeServerConnectionConfig;
import timber.log.Timber;

/* compiled from: CertUtil.kt */
@Metadata(d1 = {"\u0000^\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0019\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0010\f\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0003\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\bÀ\u0002\u0018\u00002\u00020\u0001:\u0001 B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0018\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\b\b\u0002\u0010\u000b\u001a\u00020\fJ\u0018\u0010\r\u001a\u00020\n2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\bH\u0002J\u000e\u0010\u0011\u001a\u00020\n2\u0006\u0010\u000e\u001a\u00020\u000fJ\u000e\u0010\u0012\u001a\u00020\n2\u0006\u0010\u000e\u001a\u00020\u000fJ\u0012\u0010\u0013\u001a\u0004\u0018\u00010\u00142\b\u0010\u0015\u001a\u0004\u0018\u00010\u0016J\u0014\u0010\u0017\u001a\b\u0012\u0004\u0012\u00020\u00190\u00182\u0006\u0010\u001a\u001a\u00020\u001bJ\u000e\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u001a\u001a\u00020\u001bJ\u000e\u0010\u001e\u001a\u00020\u001f2\u0006\u0010\u001a\u001a\u00020\u001bR\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006!"}, d2 = {"Lorg/matrix/android/sdk/internal/network/ssl/CertUtil;", "", "()V", "USE_DEFAULT_HOSTNAME_VERIFIER", "", "hexArray", "", "fingerprintToHexString", "", "fingerprint", "", "sep", "", "generateFingerprint", "cert", "Ljava/security/cert/X509Certificate;", "type", "generateSha1Fingerprint", "generateSha256Fingerprint", "getCertificateException", "Lorg/matrix/android/sdk/internal/network/ssl/UnrecognizedCertificateException;", "root", "", "newConnectionSpecs", "", "Lokhttp3/ConnectionSpec;", "hsConfig", "Lorg/matrix/android/sdk/api/auth/data/HomeServerConnectionConfig;", "newHostnameVerifier", "Ljavax/net/ssl/HostnameVerifier;", "newPinnedSSLSocketFactory", "Lorg/matrix/android/sdk/internal/network/ssl/CertUtil$PinnedSSLSocketFactory;", "PinnedSSLSocketFactory", "matrix-sdk-android_release"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes4.dex */
public final class CertUtil {
    public static final CertUtil INSTANCE = new CertUtil();
    private static final boolean USE_DEFAULT_HOSTNAME_VERIFIER = true;
    private static final char[] hexArray;

    /* compiled from: CertUtil.kt */
    @Metadata(d1 = {"\u0000,\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\t\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u000e\n\u0000\b\u0080\b\u0018\u00002\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\t\u0010\u000b\u001a\u00020\u0003HÆ\u0003J\t\u0010\f\u001a\u00020\u0005HÆ\u0003J\u001d\u0010\r\u001a\u00020\u00002\b\b\u0002\u0010\u0002\u001a\u00020\u00032\b\b\u0002\u0010\u0004\u001a\u00020\u0005HÆ\u0001J\u0013\u0010\u000e\u001a\u00020\u000f2\b\u0010\u0010\u001a\u0004\u0018\u00010\u0001HÖ\u0003J\t\u0010\u0011\u001a\u00020\u0012HÖ\u0001J\t\u0010\u0013\u001a\u00020\u0014HÖ\u0001R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u0007\u0010\bR\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n\u0000\u001a\u0004\b\t\u0010\n¨\u0006\u0015"}, d2 = {"Lorg/matrix/android/sdk/internal/network/ssl/CertUtil$PinnedSSLSocketFactory;", "", "sslSocketFactory", "Ljavax/net/ssl/SSLSocketFactory;", "x509TrustManager", "Ljavax/net/ssl/X509TrustManager;", "(Ljavax/net/ssl/SSLSocketFactory;Ljavax/net/ssl/X509TrustManager;)V", "getSslSocketFactory", "()Ljavax/net/ssl/SSLSocketFactory;", "getX509TrustManager", "()Ljavax/net/ssl/X509TrustManager;", "component1", "component2", "copy", "equals", "", "other", "hashCode", "", "toString", "", "matrix-sdk-android_release"}, k = 1, mv = {1, 5, 1}, xi = 48)
    /* loaded from: classes4.dex */
    public static final /* data */ class PinnedSSLSocketFactory {
        private final SSLSocketFactory sslSocketFactory;
        private final X509TrustManager x509TrustManager;

        public PinnedSSLSocketFactory(SSLSocketFactory sslSocketFactory, X509TrustManager x509TrustManager) {
            Intrinsics.checkNotNullParameter(sslSocketFactory, "sslSocketFactory");
            Intrinsics.checkNotNullParameter(x509TrustManager, "x509TrustManager");
            this.sslSocketFactory = sslSocketFactory;
            this.x509TrustManager = x509TrustManager;
        }

        public static /* synthetic */ PinnedSSLSocketFactory copy$default(PinnedSSLSocketFactory pinnedSSLSocketFactory, SSLSocketFactory sSLSocketFactory, X509TrustManager x509TrustManager, int i, Object obj) {
            if ((i & 1) != 0) {
                sSLSocketFactory = pinnedSSLSocketFactory.sslSocketFactory;
            }
            if ((i & 2) != 0) {
                x509TrustManager = pinnedSSLSocketFactory.x509TrustManager;
            }
            return pinnedSSLSocketFactory.copy(sSLSocketFactory, x509TrustManager);
        }

        /* renamed from: component1, reason: from getter */
        public final SSLSocketFactory getSslSocketFactory() {
            return this.sslSocketFactory;
        }

        /* renamed from: component2, reason: from getter */
        public final X509TrustManager getX509TrustManager() {
            return this.x509TrustManager;
        }

        public final PinnedSSLSocketFactory copy(SSLSocketFactory sslSocketFactory, X509TrustManager x509TrustManager) {
            Intrinsics.checkNotNullParameter(sslSocketFactory, "sslSocketFactory");
            Intrinsics.checkNotNullParameter(x509TrustManager, "x509TrustManager");
            return new PinnedSSLSocketFactory(sslSocketFactory, x509TrustManager);
        }

        public boolean equals(Object other) {
            if (this == other) {
                return true;
            }
            if (!(other instanceof PinnedSSLSocketFactory)) {
                return false;
            }
            PinnedSSLSocketFactory pinnedSSLSocketFactory = (PinnedSSLSocketFactory) other;
            return Intrinsics.areEqual(this.sslSocketFactory, pinnedSSLSocketFactory.sslSocketFactory) && Intrinsics.areEqual(this.x509TrustManager, pinnedSSLSocketFactory.x509TrustManager);
        }

        public final SSLSocketFactory getSslSocketFactory() {
            return this.sslSocketFactory;
        }

        public final X509TrustManager getX509TrustManager() {
            return this.x509TrustManager;
        }

        public int hashCode() {
            return (this.sslSocketFactory.hashCode() * 31) + this.x509TrustManager.hashCode();
        }

        public String toString() {
            return "PinnedSSLSocketFactory(sslSocketFactory=" + this.sslSocketFactory + ", x509TrustManager=" + this.x509TrustManager + ")";
        }
    }

    static {
        char[] charArray = "0123456789ABCDEF".toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "(this as java.lang.String).toCharArray()");
        hexArray = charArray;
    }

    private CertUtil() {
    }

    public static /* synthetic */ String fingerprintToHexString$default(CertUtil certUtil, byte[] bArr, char c, int i, Object obj) {
        if ((i & 2) != 0) {
            c = ' ';
        }
        return certUtil.fingerprintToHexString(bArr, c);
    }

    private final byte[] generateFingerprint(X509Certificate cert, String type) throws CertificateException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(type);
            Intrinsics.checkNotNullExpressionValue(messageDigest, "getInstance(type)");
            byte[] digest = messageDigest.digest(cert.getEncoded());
            Intrinsics.checkNotNullExpressionValue(digest, "md.digest(cert.encoded)");
            return digest;
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: newHostnameVerifier$lambda-0, reason: not valid java name */
    public static final boolean m2618newHostnameVerifier$lambda0(HostnameVerifier defaultVerifier, List trustedFingerprints, String str, SSLSession sSLSession) {
        Intrinsics.checkNotNullParameter(defaultVerifier, "$defaultVerifier");
        Intrinsics.checkNotNullParameter(trustedFingerprints, "$trustedFingerprints");
        if (defaultVerifier.verify(str, sSLSession)) {
            return true;
        }
        if (trustedFingerprints.isEmpty()) {
            return false;
        }
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            Intrinsics.checkNotNullExpressionValue(peerCertificates, "session.peerCertificates");
            int length = peerCertificates.length;
            int i = 0;
            while (i < length) {
                Certificate certificate = peerCertificates[i];
                i++;
                Iterator it2 = trustedFingerprints.iterator();
                while (it2.hasNext()) {
                    Fingerprint fingerprint = (Fingerprint) it2.next();
                    if ((certificate instanceof X509Certificate) && fingerprint.matchesCert$matrix_sdk_android_release((X509Certificate) certificate)) {
                        return true;
                    }
                }
            }
        } catch (CertificateException | SSLPeerUnverifiedException unused) {
        }
        return false;
    }

    public final String fingerprintToHexString(byte[] fingerprint, char sep) {
        Intrinsics.checkNotNullParameter(fingerprint, "fingerprint");
        int length = fingerprint.length * 3;
        char[] cArr = new char[length];
        int length2 = fingerprint.length - 1;
        if (length2 >= 0) {
            int i = 0;
            while (true) {
                int i2 = i + 1;
                int i3 = fingerprint[i] & 255;
                int i4 = i * 3;
                char[] cArr2 = hexArray;
                cArr[i4] = cArr2[i3 >>> 4];
                cArr[i4 + 1] = cArr2[i3 & 15];
                cArr[i4 + 2] = sep;
                if (i2 > length2) {
                    break;
                }
                i = i2;
            }
        }
        return new String(cArr, 0, length - 1);
    }

    public final byte[] generateSha1Fingerprint(X509Certificate cert) throws CertificateException {
        Intrinsics.checkNotNullParameter(cert, "cert");
        return generateFingerprint(cert, "SHA-1");
    }

    public final byte[] generateSha256Fingerprint(X509Certificate cert) throws CertificateException {
        Intrinsics.checkNotNullParameter(cert, "cert");
        return generateFingerprint(cert, "SHA-256");
    }

    public final UnrecognizedCertificateException getCertificateException(Throwable root) {
        for (int i = 0; root != null && i < 10; i++) {
            if (root instanceof UnrecognizedCertificateException) {
                return (UnrecognizedCertificateException) root;
            }
            root = root.getCause();
        }
        return null;
    }

    /* JADX WARN: Code restructure failed: missing block: B:19:0x008e, code lost:
    
        if (kotlin.text.StringsKt.startsWith$default(r7, "http://", false, 2, (java.lang.Object) null) != false) goto L24;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.util.List<okhttp3.ConnectionSpec> newConnectionSpecs(org.matrix.android.sdk.api.auth.data.HomeServerConnectionConfig r7) {
        /*
            r6 = this;
            java.lang.String r0 = "hsConfig"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r7, r0)
            okhttp3.ConnectionSpec$Builder r0 = new okhttp3.ConnectionSpec$Builder
            okhttp3.ConnectionSpec r1 = okhttp3.ConnectionSpec.RESTRICTED_TLS
            r0.<init>(r1)
            java.util.List r1 = r7.getTlsVersions()
            java.util.Collection r1 = (java.util.Collection) r1
            r2 = 1
            r3 = 0
            if (r1 == 0) goto L1f
            boolean r4 = r1.isEmpty()
            if (r4 == 0) goto L1d
            goto L1f
        L1d:
            r4 = 0
            goto L20
        L1f:
            r4 = 1
        L20:
            java.lang.String r5 = "null cannot be cast to non-null type kotlin.Array<T>"
            if (r4 != 0) goto L39
            okhttp3.TlsVersion[] r4 = new okhttp3.TlsVersion[r3]
            java.lang.Object[] r1 = r1.toArray(r4)
            java.util.Objects.requireNonNull(r1, r5)
            okhttp3.TlsVersion[] r1 = (okhttp3.TlsVersion[]) r1
            int r4 = r1.length
            java.lang.Object[] r1 = java.util.Arrays.copyOf(r1, r4)
            okhttp3.TlsVersion[] r1 = (okhttp3.TlsVersion[]) r1
            r0.tlsVersions(r1)
        L39:
            java.util.List r1 = r7.getTlsCipherSuites()
            java.util.Collection r1 = (java.util.Collection) r1
            if (r1 == 0) goto L49
            boolean r4 = r1.isEmpty()
            if (r4 == 0) goto L48
            goto L49
        L48:
            r2 = 0
        L49:
            if (r2 != 0) goto L60
            okhttp3.CipherSuite[] r2 = new okhttp3.CipherSuite[r3]
            java.lang.Object[] r1 = r1.toArray(r2)
            java.util.Objects.requireNonNull(r1, r5)
            okhttp3.CipherSuite[] r1 = (okhttp3.CipherSuite[]) r1
            int r2 = r1.length
            java.lang.Object[] r1 = java.util.Arrays.copyOf(r1, r2)
            okhttp3.CipherSuite[] r1 = (okhttp3.CipherSuite[]) r1
            r0.cipherSuites(r1)
        L60:
            boolean r1 = r7.getShouldAcceptTlsExtensions()
            r0.supportsTlsExtensions(r1)
            java.util.ArrayList r1 = new java.util.ArrayList
            r1.<init>()
            okhttp3.ConnectionSpec r0 = r0.build()
            r1.add(r0)
            boolean r0 = r7.getAllowHttpExtension()
            if (r0 != 0) goto L90
            android.net.Uri r7 = r7.getHomeServerUriBase()
            java.lang.String r7 = r7.toString()
            java.lang.String r0 = "hsConfig.homeServerUriBase.toString()"
            kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r7, r0)
            r0 = 2
            r2 = 0
            java.lang.String r4 = "http://"
            boolean r7 = kotlin.text.StringsKt.startsWith$default(r7, r4, r3, r0, r2)
            if (r7 == 0) goto L95
        L90:
            okhttp3.ConnectionSpec r7 = okhttp3.ConnectionSpec.CLEARTEXT
            r1.add(r7)
        L95:
            java.util.List r1 = (java.util.List) r1
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.matrix.android.sdk.internal.network.ssl.CertUtil.newConnectionSpecs(org.matrix.android.sdk.api.auth.data.HomeServerConnectionConfig):java.util.List");
    }

    public final HostnameVerifier newHostnameVerifier(HomeServerConnectionConfig hsConfig) {
        Intrinsics.checkNotNullParameter(hsConfig, "hsConfig");
        final OkHostnameVerifier okHostnameVerifier = OkHostnameVerifier.INSTANCE;
        final List<Fingerprint> allowedFingerprints = hsConfig.getAllowedFingerprints();
        return new HostnameVerifier() { // from class: org.matrix.android.sdk.internal.network.ssl.CertUtil$$ExternalSyntheticLambda0
            @Override // javax.net.ssl.HostnameVerifier
            public final boolean verify(String str, SSLSession sSLSession) {
                boolean m2618newHostnameVerifier$lambda0;
                m2618newHostnameVerifier$lambda0 = CertUtil.m2618newHostnameVerifier$lambda0(okHostnameVerifier, allowedFingerprints, str, sSLSession);
                return m2618newHostnameVerifier$lambda0;
            }
        };
    }

    public final PinnedSSLSocketFactory newPinnedSSLSocketFactory(HomeServerConnectionConfig hsConfig) {
        TrustManagerFactory trustManagerFactory;
        X509TrustManager x509TrustManager;
        TLSSocketFactory sslSocketFactory;
        Intrinsics.checkNotNullParameter(hsConfig, "hsConfig");
        try {
            if (!hsConfig.getShouldPin()) {
                try {
                    trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
                } catch (Exception e) {
                    Timber.INSTANCE.e(e, "## newPinnedSSLSocketFactory() : TrustManagerFactory.getInstance failed", new Object[0]);
                    trustManagerFactory = null;
                }
                if (trustManagerFactory == null) {
                    try {
                        trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    } catch (Exception e2) {
                        Timber.INSTANCE.e(e2, "## newPinnedSSLSocketFactory() : TrustManagerFactory.getInstance of default failed", new Object[0]);
                    }
                }
                Intrinsics.checkNotNull(trustManagerFactory);
                trustManagerFactory.init((KeyStore) null);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                int length = trustManagers.length - 1;
                if (length >= 0) {
                    int i = 0;
                    while (true) {
                        int i2 = i + 1;
                        if (trustManagers[i] instanceof X509TrustManager) {
                            TrustManager trustManager = trustManagers[i];
                            if (trustManager == null) {
                                throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                            }
                            x509TrustManager = (X509TrustManager) trustManager;
                        } else {
                            if (i2 > length) {
                                break;
                            }
                            i = i2;
                        }
                    }
                }
            }
            x509TrustManager = null;
            TrustManager[] trustManagerArr = {PinnedTrustManagerProvider.INSTANCE.provide(hsConfig.getAllowedFingerprints(), x509TrustManager)};
            if (hsConfig.getForceUsageTlsVersions()) {
                List<TlsVersion> tlsVersions = hsConfig.getTlsVersions();
                if (!(tlsVersions == null || tlsVersions.isEmpty())) {
                    sslSocketFactory = new TLSSocketFactory(trustManagerArr, hsConfig.getTlsVersions());
                    Intrinsics.checkNotNullExpressionValue(sslSocketFactory, "sslSocketFactory");
                    Intrinsics.checkNotNull(x509TrustManager);
                    return new PinnedSSLSocketFactory(sslSocketFactory, x509TrustManager);
                }
            }
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            sslSocketFactory = sSLContext.getSocketFactory();
            Intrinsics.checkNotNullExpressionValue(sslSocketFactory, "sslSocketFactory");
            Intrinsics.checkNotNull(x509TrustManager);
            return new PinnedSSLSocketFactory(sslSocketFactory, x509TrustManager);
        } catch (Exception e3) {
            throw new RuntimeException(e3);
        }
    }
}
