package com.appmattus.certificatetransparency.internal.verifier;

import ad.g0;
import ad.m;
import ad.n0;
import com.appmattus.certificatetransparency.chaincleaner.CertificateChainCleaner;
import com.appmattus.certificatetransparency.chaincleaner.CertificateChainCleanerFactory;
import com.appmattus.certificatetransparency.internal.loglist.LogListJsonFailedLoadingWithException;
import com.appmattus.certificatetransparency.internal.loglist.NoLogServers;
import com.appmattus.certificatetransparency.internal.utils.Base64;
import com.appmattus.certificatetransparency.internal.utils.CertificateExtKt;
import com.appmattus.certificatetransparency.internal.utils.X509CertificateExtKt;
import com.appmattus.certificatetransparency.internal.verifier.model.Host;
import com.appmattus.certificatetransparency.internal.verifier.model.SignedCertificateTimestamp;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.X509TrustManager;
import kd.j;
import kd.q;
import u1.f;
import u1.g;
import w1.a;
import y1.b;
import y1.c;
import y1.d;
import zc.l;
import zc.n;

/* compiled from: CertificateTransparencyBase.kt */
/* loaded from: classes.dex */
public class CertificateTransparencyBase {
    private final CertificateChainCleanerFactory certificateChainCleanerFactory;
    private final l cleaner$delegate;
    private final Set<Host> excludeHosts;
    private final Set<Host> includeHosts;
    private final a<b> logListDataSource;
    private final u1.b policy;

    public CertificateTransparencyBase() {
        this(null, null, null, null, null, null, null, null, 255, null);
    }

    public CertificateTransparencyBase(Set<Host> set, Set<Host> set2, CertificateChainCleanerFactory certificateChainCleanerFactory, X509TrustManager x509TrustManager, c cVar, a<b> aVar, u1.b bVar, v1.c cVar2) {
        l a10;
        a<b> aVar2;
        Host host;
        q.f(set, "includeHosts");
        q.f(set2, "excludeHosts");
        this.includeHosts = set;
        this.excludeHosts = set2;
        this.certificateChainCleanerFactory = certificateChainCleanerFactory;
        Iterator<T> it = set.iterator();
        do {
            boolean z10 = true;
            if (!it.hasNext()) {
                if (!(aVar == null || cVar == null)) {
                    throw new IllegalArgumentException("LogListService is ignored when overriding logListDataSource".toString());
                }
                if (aVar != null && cVar2 != null) {
                    z10 = false;
                }
                if (!z10) {
                    throw new IllegalArgumentException("DiskCache is ignored when overriding logListDataSource".toString());
                }
                a10 = n.a(new CertificateTransparencyBase$cleaner$2(x509TrustManager, this));
                this.cleaner$delegate = a10;
                if (aVar == null) {
                    y1.a aVar3 = y1.a.f16391a;
                    aVar2 = aVar3.a(cVar == null ? y1.a.c(aVar3, null, null, 0L, x509TrustManager, 7, null) : cVar, cVar2);
                } else {
                    aVar2 = aVar;
                }
                this.logListDataSource = aVar2;
                this.policy = bVar == null ? new DefaultPolicy() : bVar;
                return;
            }
            host = (Host) it.next();
            if (!(!host.getMatchAll())) {
                throw new IllegalArgumentException("Certificate transparency is enabled by default on all domain names".toString());
            }
        } while (!this.excludeHosts.contains(host));
        throw new IllegalArgumentException("Certificate transparency inclusions must not match exclude directly".toString());
    }

    public /* synthetic */ CertificateTransparencyBase(Set set, Set set2, CertificateChainCleanerFactory certificateChainCleanerFactory, X509TrustManager x509TrustManager, c cVar, a aVar, u1.b bVar, v1.c cVar2, int i10, j jVar) {
        this((i10 & 1) != 0 ? n0.b() : set, (i10 & 2) != 0 ? n0.b() : set2, (i10 & 4) != 0 ? null : certificateChainCleanerFactory, (i10 & 8) != 0 ? null : x509TrustManager, (i10 & 16) != 0 ? null : cVar, (i10 & 32) != 0 ? null : aVar, (i10 & 64) != 0 ? null : bVar, (i10 & 128) == 0 ? cVar2 : null);
    }

    private final boolean enabledForCertificateTransparency(String str) {
        boolean z10;
        boolean z11;
        Set<Host> set = this.excludeHosts;
        if (!(set instanceof Collection) || !set.isEmpty()) {
            Iterator<T> it = set.iterator();
            while (it.hasNext()) {
                if (((Host) it.next()).matches(str)) {
                    z10 = true;
                    break;
                }
            }
        }
        z10 = false;
        if (!z10) {
            return true;
        }
        Set<Host> set2 = this.includeHosts;
        if (!(set2 instanceof Collection) || !set2.isEmpty()) {
            Iterator<T> it2 = set2.iterator();
            while (it2.hasNext()) {
                if (((Host) it2.next()).matches(str)) {
                    z11 = true;
                    break;
                }
            }
        }
        z11 = false;
        return z11;
    }

    private final CertificateChainCleaner getCleaner() {
        return (CertificateChainCleaner) this.cleaner$delegate.getValue();
    }

    private final g hasValidSignedCertificateTimestamp(List<? extends X509Certificate> list) {
        b logListJsonFailedLoadingWithException;
        int p10;
        int b10;
        int b11;
        int p11;
        int b12;
        int b13;
        int b14;
        f fVar;
        Object b15;
        try {
            b15 = kotlinx.coroutines.j.b(null, new CertificateTransparencyBase$hasValidSignedCertificateTimestamp$result$1(this, null), 1, null);
            logListJsonFailedLoadingWithException = (b) b15;
        } catch (Exception e10) {
            logListJsonFailedLoadingWithException = new LogListJsonFailedLoadingWithException(e10);
        }
        if (!(logListJsonFailedLoadingWithException instanceof b.C0342b)) {
            if (logListJsonFailedLoadingWithException instanceof b.a) {
                return new g.b.a((b.a) logListJsonFailedLoadingWithException);
            }
            if (logListJsonFailedLoadingWithException == null) {
                return new g.b.a(NoLogServers.INSTANCE);
            }
            throw new zc.q();
        }
        List<d> a10 = ((b.C0342b) logListJsonFailedLoadingWithException).a();
        p10 = m.p(a10, 10);
        b10 = g0.b(p10);
        b11 = pd.f.b(b10, 16);
        LinkedHashMap linkedHashMap = new LinkedHashMap(b11);
        for (d dVar : a10) {
            linkedHashMap.put(Base64.INSTANCE.toBase64String(dVar.a()), new LogSignatureVerifier(dVar));
        }
        X509Certificate x509Certificate = list.get(0);
        if (!CertificateExtKt.hasEmbeddedSct(x509Certificate)) {
            return g.b.c.f15386b;
        }
        try {
            List<SignedCertificateTimestamp> signedCertificateTimestamps = X509CertificateExtKt.signedCertificateTimestamps(x509Certificate);
            p11 = m.p(signedCertificateTimestamps, 10);
            b12 = g0.b(p11);
            b13 = pd.f.b(b12, 16);
            LinkedHashMap linkedHashMap2 = new LinkedHashMap(b13);
            for (Object obj : signedCertificateTimestamps) {
                linkedHashMap2.put(Base64.INSTANCE.toBase64String(((SignedCertificateTimestamp) obj).getId().getKeyId()), obj);
            }
            b14 = g0.b(linkedHashMap2.size());
            LinkedHashMap linkedHashMap3 = new LinkedHashMap(b14);
            for (Object obj2 : linkedHashMap2.entrySet()) {
                Object key = ((Map.Entry) obj2).getKey();
                Map.Entry entry = (Map.Entry) obj2;
                String str = (String) entry.getKey();
                SignedCertificateTimestamp signedCertificateTimestamp = (SignedCertificateTimestamp) entry.getValue();
                LogSignatureVerifier logSignatureVerifier = (LogSignatureVerifier) linkedHashMap.get(str);
                if (logSignatureVerifier == null || (fVar = logSignatureVerifier.verifySignature(signedCertificateTimestamp, list)) == null) {
                    fVar = f.a.C0306f.f15381a;
                }
                linkedHashMap3.put(key, fVar);
            }
            return this.policy.policyVerificationResult(x509Certificate, linkedHashMap3);
        } catch (IOException e11) {
            return new g.b.e(e11);
        }
    }

    public final g verifyCertificateTransparency(String str, List<? extends Certificate> list) {
        q.f(str, "host");
        q.f(list, "certificates");
        if (!enabledForCertificateTransparency(str)) {
            return new g.c.a(str);
        }
        if (list.isEmpty()) {
            return g.b.C0307b.f15385b;
        }
        CertificateChainCleaner cleaner = getCleaner();
        ArrayList arrayList = new ArrayList();
        for (Object obj : list) {
            if (obj instanceof X509Certificate) {
                arrayList.add(obj);
            }
        }
        List<X509Certificate> clean = cleaner.clean(arrayList, str);
        return clean.isEmpty() ? g.b.C0307b.f15385b : hasValidSignedCertificateTimestamp(clean);
    }
}
