package com.appmattus.certificatetransparency.internal.verifier;

import com.appmattus.certificatetransparency.CTPolicy;
import com.appmattus.certificatetransparency.SctVerificationResult;
import com.appmattus.certificatetransparency.VerificationResult;
import com.appmattus.certificatetransparency.cache.DiskCache;
import com.appmattus.certificatetransparency.chaincleaner.CertificateChainCleaner;
import com.appmattus.certificatetransparency.chaincleaner.CertificateChainCleanerFactory;
import com.appmattus.certificatetransparency.datasource.DataSource;
import com.appmattus.certificatetransparency.internal.loglist.LogListJsonFailedLoadingWithException;
import com.appmattus.certificatetransparency.internal.loglist.NoLogServers;
import com.appmattus.certificatetransparency.internal.utils.Base64;
import com.appmattus.certificatetransparency.internal.utils.CertificateExtKt;
import com.appmattus.certificatetransparency.internal.utils.X509CertificateExtKt;
import com.appmattus.certificatetransparency.internal.verifier.model.Host;
import com.appmattus.certificatetransparency.internal.verifier.model.SignedCertificateTimestamp;
import com.appmattus.certificatetransparency.loglist.LogListDataSourceFactory;
import com.appmattus.certificatetransparency.loglist.LogListResult;
import com.appmattus.certificatetransparency.loglist.LogListService;
import com.appmattus.certificatetransparency.loglist.LogServer;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.coroutines.EmptyCoroutineContext;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.coroutines.BuildersKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@Metadata(d1 = {"\u0000\n\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\b\u0010\u0018\u00002\u00020\u0001¨\u0006\u0002"}, d2 = {"Lcom/appmattus/certificatetransparency/internal/verifier/CertificateTransparencyBase;", "", "certificatetransparency"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes2.dex */
public class CertificateTransparencyBase {

    /* renamed from: a, reason: collision with root package name */
    @NotNull
    public final Set<Host> f1656a;

    /* renamed from: b, reason: collision with root package name */
    @NotNull
    public final Set<Host> f1657b;

    /* renamed from: c, reason: collision with root package name */
    @Nullable
    public final CertificateChainCleanerFactory f1658c;

    @NotNull
    public final Lazy d;

    @NotNull
    public final DataSource<LogListResult> e;

    @NotNull
    public final CTPolicy f;

    /* JADX WARN: Illegal instructions before constructor call */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public CertificateTransparencyBase() {
        /*
            r9 = this;
            kotlin.collections.EmptySet r2 = kotlin.collections.EmptySet.f34571a
            r3 = 0
            r4 = 0
            r5 = 0
            r6 = 0
            r7 = 0
            r8 = 0
            r0 = r9
            r1 = r2
            r0.<init>(r1, r2, r3, r4, r5, r6, r7, r8)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyBase.<init>():void");
    }

    public CertificateTransparencyBase(@NotNull Set<Host> includeHosts, @NotNull Set<Host> excludeHosts, @Nullable CertificateChainCleanerFactory certificateChainCleanerFactory, @Nullable final X509TrustManager x509TrustManager, @Nullable LogListService logListService, @Nullable DataSource<LogListResult> dataSource, @Nullable CTPolicy cTPolicy, @Nullable DiskCache diskCache) {
        Host host;
        Intrinsics.g(includeHosts, "includeHosts");
        Intrinsics.g(excludeHosts, "excludeHosts");
        this.f1656a = includeHosts;
        this.f1657b = excludeHosts;
        this.f1658c = certificateChainCleanerFactory;
        Iterator<T> it = includeHosts.iterator();
        do {
            boolean z = true;
            if (!it.hasNext()) {
                if (!(dataSource == null || logListService == null)) {
                    throw new IllegalArgumentException("LogListService is ignored when overriding logListDataSource".toString());
                }
                if (dataSource != null && diskCache != null) {
                    z = false;
                }
                if (!z) {
                    throw new IllegalArgumentException("DiskCache is ignored when overriding logListDataSource".toString());
                }
                this.d = LazyKt.b(new Function0<CertificateChainCleaner>() { // from class: com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyBase$cleaner$2
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super(0);
                    }

                    @Override // kotlin.jvm.functions.Function0
                    public final CertificateChainCleaner invoke() {
                        CertificateChainCleaner certificateChainCleaner;
                        X509TrustManager x509TrustManager2 = x509TrustManager;
                        if (x509TrustManager2 == null) {
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                            trustManagerFactory.init((KeyStore) null);
                            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                            Intrinsics.f(trustManagers, "getInstance(TrustManager…)\n        }.trustManagers");
                            for (TrustManager trustManager : trustManagers) {
                                if (trustManager instanceof X509TrustManager) {
                                    if (trustManager == null) {
                                        throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                                    }
                                    x509TrustManager2 = (X509TrustManager) trustManager;
                                }
                            }
                            throw new NoSuchElementException("Array contains no element matching the predicate.");
                        }
                        CertificateChainCleanerFactory certificateChainCleanerFactory2 = this.f1658c;
                        return (certificateChainCleanerFactory2 == null || (certificateChainCleaner = certificateChainCleanerFactory2.get(x509TrustManager2)) == null) ? CertificateChainCleaner.INSTANCE.get(x509TrustManager2) : certificateChainCleaner;
                    }
                });
                if (dataSource == null) {
                    LogListDataSourceFactory logListDataSourceFactory = LogListDataSourceFactory.f1692a;
                    logListService = logListService == null ? LogListDataSourceFactory.b(logListDataSourceFactory, null, x509TrustManager, 7) : logListService;
                    logListDataSourceFactory.getClass();
                    dataSource = LogListDataSourceFactory.a(logListService, diskCache);
                }
                this.e = dataSource;
                this.f = cTPolicy == null ? new DefaultPolicy() : cTPolicy;
                return;
            }
            host = (Host) it.next();
            if (!(!host.d)) {
                throw new IllegalArgumentException("Certificate transparency is enabled by default on all domain names".toString());
            }
        } while (!this.f1657b.contains(host));
        throw new IllegalArgumentException("Certificate transparency inclusions must not match exclude directly".toString());
    }

    @NotNull
    public final VerificationResult b(@NotNull String host, @NotNull List<? extends Certificate> certificates) {
        boolean z;
        LogListResult logListJsonFailedLoadingWithException;
        VerificationResult logServersFailed;
        SctVerificationResult sctVerificationResult;
        Object d;
        boolean z2;
        Intrinsics.g(host, "host");
        Intrinsics.g(certificates, "certificates");
        Set<Host> set = this.f1657b;
        boolean z3 = true;
        if (!(set instanceof Collection) || !set.isEmpty()) {
            Iterator<T> it = set.iterator();
            while (it.hasNext()) {
                if (((Host) it.next()).a(host)) {
                    z = true;
                    break;
                }
            }
        }
        z = false;
        if (z) {
            Set<Host> set2 = this.f1656a;
            if (!(set2 instanceof Collection) || !set2.isEmpty()) {
                Iterator<T> it2 = set2.iterator();
                while (it2.hasNext()) {
                    if (((Host) it2.next()).a(host)) {
                        z2 = true;
                        break;
                    }
                }
            }
            z2 = false;
            if (!z2) {
                z3 = false;
            }
        }
        if (!z3) {
            return new VerificationResult.Success.DisabledForHost(host);
        }
        if (certificates.isEmpty()) {
            return VerificationResult.Failure.NoCertificates.f1537b;
        }
        CertificateChainCleaner certificateChainCleaner = (CertificateChainCleaner) this.d.getValue();
        ArrayList arrayList = new ArrayList();
        for (Object obj : certificates) {
            if (obj instanceof X509Certificate) {
                arrayList.add(obj);
            }
        }
        List<X509Certificate> clean = certificateChainCleaner.clean(arrayList, host);
        if (clean.isEmpty()) {
            return VerificationResult.Failure.NoCertificates.f1537b;
        }
        try {
            d = BuildersKt.d(EmptyCoroutineContext.f34623a, new CertificateTransparencyBase$hasValidSignedCertificateTimestamp$result$1(this, null));
            logListJsonFailedLoadingWithException = (LogListResult) d;
        } catch (Exception e) {
            logListJsonFailedLoadingWithException = new LogListJsonFailedLoadingWithException(e);
        }
        if (logListJsonFailedLoadingWithException instanceof LogListResult.Valid) {
            List<LogServer> list = ((LogListResult.Valid) logListJsonFailedLoadingWithException).f1696a;
            int f = MapsKt.f(CollectionsKt.s(list, 10));
            int i = 16;
            if (f < 16) {
                f = 16;
            }
            LinkedHashMap linkedHashMap = new LinkedHashMap(f);
            for (LogServer logServer : list) {
                Base64 base64 = Base64.f1646a;
                byte[] bArr = logServer.f1699c;
                base64.getClass();
                linkedHashMap.put(org.bouncycastle.util.encoders.Base64.c(bArr), new LogSignatureVerifier(logServer));
            }
            X509Certificate x509Certificate = clean.get(0);
            if (CertificateExtKt.a(x509Certificate)) {
                try {
                    List<SignedCertificateTimestamp> a2 = X509CertificateExtKt.a(x509Certificate);
                    int f2 = MapsKt.f(CollectionsKt.s(a2, 10));
                    if (f2 >= 16) {
                        i = f2;
                    }
                    LinkedHashMap linkedHashMap2 = new LinkedHashMap(i);
                    for (Object obj2 : a2) {
                        Base64 base642 = Base64.f1646a;
                        byte[] bArr2 = ((SignedCertificateTimestamp) obj2).f1690b.f1688a;
                        base642.getClass();
                        linkedHashMap2.put(org.bouncycastle.util.encoders.Base64.c(bArr2), obj2);
                    }
                    LinkedHashMap linkedHashMap3 = new LinkedHashMap(MapsKt.f(linkedHashMap2.size()));
                    for (Object obj3 : linkedHashMap2.entrySet()) {
                        Object key = ((Map.Entry) obj3).getKey();
                        Map.Entry entry = (Map.Entry) obj3;
                        String str = (String) entry.getKey();
                        SignedCertificateTimestamp signedCertificateTimestamp = (SignedCertificateTimestamp) entry.getValue();
                        LogSignatureVerifier logSignatureVerifier = (LogSignatureVerifier) linkedHashMap.get(str);
                        if (logSignatureVerifier == null || (sctVerificationResult = logSignatureVerifier.g(signedCertificateTimestamp, clean)) == null) {
                            sctVerificationResult = SctVerificationResult.Invalid.NoTrustedLogServerFound.f1533a;
                        }
                        linkedHashMap3.put(key, sctVerificationResult);
                    }
                    logServersFailed = this.f.a(x509Certificate, linkedHashMap3);
                } catch (IOException e2) {
                    return new VerificationResult.Failure.UnknownIoException(e2);
                }
            } else {
                logServersFailed = VerificationResult.Failure.NoScts.f1538b;
            }
        } else if (logListJsonFailedLoadingWithException instanceof LogListResult.Invalid) {
            logServersFailed = new VerificationResult.Failure.LogServersFailed((LogListResult.Invalid) logListJsonFailedLoadingWithException);
        } else {
            if (logListJsonFailedLoadingWithException != null) {
                throw new NoWhenBranchMatchedException();
            }
            logServersFailed = new VerificationResult.Failure.LogServersFailed(NoLogServers.f1625a);
        }
        return logServersFailed;
    }
}
