package com.babylon.certificatetransparency.internal.verifier;

import com.babylon.certificatetransparency.CTPolicy;
import com.babylon.certificatetransparency.SctVerificationResult;
import com.babylon.certificatetransparency.VerificationResult;
import com.babylon.certificatetransparency.cache.DiskCache;
import com.babylon.certificatetransparency.chaincleaner.CertificateChainCleaner;
import com.babylon.certificatetransparency.datasource.DataSource;
import com.babylon.certificatetransparency.internal.logclient.model.SignedCertificateTimestamp;
import com.babylon.certificatetransparency.internal.loglist.NoLogServers;
import com.babylon.certificatetransparency.internal.utils.Base64;
import com.babylon.certificatetransparency.internal.utils.CertificateInfo;
import com.babylon.certificatetransparency.internal.utils.X509CertificateExtKt;
import com.babylon.certificatetransparency.internal.verifier.model.Host;
import com.babylon.certificatetransparency.loglist.LogListResult;
import com.babylon.certificatetransparency.loglist.LogServer;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.NoWhenBranchMatchedException;
import kotlin.a;
import kotlin.collections.EmptySet;
import kotlin.collections.a0;
import kotlin.coroutines.EmptyCoroutineContext;
import kotlin.jvm.internal.k;
import kotlin.jvm.internal.n;
import kotlin.jvm.internal.o;
import n9.f;
import w.h;

/* loaded from: classes2.dex */
public class CertificateTransparencyBase {
    private final f cleaner$delegate;
    private final Set<Host> excludeHosts;
    private final Set<Host> includeHosts;
    private final DataSource<LogListResult> logListDataSource;
    private final CTPolicy policy;

    public CertificateTransparencyBase(Set<Host> includeHosts, Set<Host> excludeHosts, final X509TrustManager x509TrustManager, DataSource<LogListResult> dataSource, CTPolicy cTPolicy, DiskCache diskCache) {
        o.v(includeHosts, "includeHosts");
        o.v(excludeHosts, "excludeHosts");
        this.includeHosts = includeHosts;
        this.excludeHosts = excludeHosts;
        if (!(!includeHosts.isEmpty())) {
            throw new IllegalArgumentException("Please provide at least one host to enable certificate transparency verification".toString());
        }
        for (Host host : excludeHosts) {
            if (!(!host.getStartsWithWildcard())) {
                throw new IllegalArgumentException("Certificate transparency exclusions cannot use wildcards".toString());
            }
            if (!(!this.includeHosts.contains(host))) {
                throw new IllegalArgumentException("Certificate transparency exclusions must not match include directly".toString());
            }
        }
        this.cleaner$delegate = a.c(new x9.a() { // from class: com.babylon.certificatetransparency.internal.verifier.CertificateTransparencyBase$cleaner$2
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // x9.a
            /* renamed from: invoke */
            public final CertificateChainCleaner mo203invoke() {
                X509TrustManager x509TrustManager2 = x509TrustManager;
                if (x509TrustManager2 == null) {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init((KeyStore) null);
                    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                    o.u(trustManagers, "getTrustManagers(...)");
                    for (TrustManager trustManager : trustManagers) {
                        if (trustManager instanceof X509TrustManager) {
                            o.t(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                            x509TrustManager2 = (X509TrustManager) trustManager;
                        }
                    }
                    throw new NoSuchElementException("Array contains no element matching the predicate.");
                }
                return CertificateChainCleaner.Companion.get(x509TrustManager2);
            }
        });
        o.s(dataSource);
        this.logListDataSource = dataSource;
        this.policy = cTPolicy == null ? new DefaultPolicy() : cTPolicy;
    }

    public CertificateTransparencyBase(Set set, Set set2, X509TrustManager x509TrustManager, DataSource dataSource, CTPolicy cTPolicy, DiskCache diskCache, int i10, k kVar) {
        this(set, (i10 & 2) != 0 ? EmptySet.INSTANCE : set2, (i10 & 4) != 0 ? null : x509TrustManager, (i10 & 8) != 0 ? null : dataSource, (i10 & 16) != 0 ? null : cTPolicy, (i10 & 32) != 0 ? null : diskCache);
    }

    private final boolean enabledForCertificateTransparency(String str) {
        boolean z10;
        boolean z11;
        Set<Host> set = this.includeHosts;
        if (!(set instanceof Collection) || !set.isEmpty()) {
            Iterator<T> it = set.iterator();
            while (it.hasNext()) {
                if (((Host) it.next()).matches(str)) {
                    z10 = true;
                    break;
                }
            }
        }
        z10 = false;
        if (z10) {
            Set<Host> set2 = this.excludeHosts;
            if (!(set2 instanceof Collection) || !set2.isEmpty()) {
                Iterator<T> it2 = set2.iterator();
                while (it2.hasNext()) {
                    if (((Host) it2.next()).matches(str)) {
                        z11 = true;
                        break;
                    }
                }
            }
            z11 = false;
            if (!z11) {
                return true;
            }
        }
        return false;
    }

    private final CertificateChainCleaner getCleaner() {
        return (CertificateChainCleaner) this.cleaner$delegate.getValue();
    }

    private final VerificationResult hasValidSignedCertificateTimestamp(List<? extends X509Certificate> list) {
        Object B1;
        SctVerificationResult sctVerificationResult;
        B1 = n.B1(EmptyCoroutineContext.INSTANCE, new CertificateTransparencyBase$hasValidSignedCertificateTimestamp$result$1(this, null));
        LogListResult logListResult = (LogListResult) B1;
        if (!(logListResult instanceof LogListResult.Valid)) {
            if (logListResult instanceof LogListResult.Invalid) {
                return new VerificationResult.Failure.LogServersFailed((LogListResult.Invalid) logListResult);
            }
            if (logListResult == null) {
                return new VerificationResult.Failure.LogServersFailed(NoLogServers.INSTANCE);
            }
            throw new NoWhenBranchMatchedException();
        }
        List<LogServer> servers = ((LogListResult.Valid) logListResult).getServers();
        int n02 = h.n0(a0.o1(servers, 10));
        int i10 = 16;
        if (n02 < 16) {
            n02 = 16;
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap(n02);
        for (LogServer logServer : servers) {
            linkedHashMap.put(Base64.INSTANCE.toBase64String(logServer.getId()), new LogSignatureVerifier(logServer));
        }
        X509Certificate x509Certificate = list.get(0);
        if (!CertificateInfo.hasEmbeddedSct(x509Certificate)) {
            return VerificationResult.Failure.NoScts.INSTANCE;
        }
        try {
            List<SignedCertificateTimestamp> signedCertificateTimestamps = X509CertificateExtKt.signedCertificateTimestamps(x509Certificate);
            int n03 = h.n0(a0.o1(signedCertificateTimestamps, 10));
            if (n03 >= 16) {
                i10 = n03;
            }
            LinkedHashMap linkedHashMap2 = new LinkedHashMap(i10);
            for (Object obj : signedCertificateTimestamps) {
                linkedHashMap2.put(Base64.INSTANCE.toBase64String(((SignedCertificateTimestamp) obj).getId().getKeyId()), obj);
            }
            LinkedHashMap linkedHashMap3 = new LinkedHashMap(h.n0(linkedHashMap2.size()));
            for (Object obj2 : linkedHashMap2.entrySet()) {
                Object key = ((Map.Entry) obj2).getKey();
                Map.Entry entry = (Map.Entry) obj2;
                String str = (String) entry.getKey();
                SignedCertificateTimestamp signedCertificateTimestamp = (SignedCertificateTimestamp) entry.getValue();
                LogSignatureVerifier logSignatureVerifier = (LogSignatureVerifier) linkedHashMap.get(str);
                if (logSignatureVerifier == null || (sctVerificationResult = logSignatureVerifier.verifySignature(signedCertificateTimestamp, list)) == null) {
                    sctVerificationResult = SctVerificationResult.Invalid.NoTrustedLogServerFound.INSTANCE;
                }
                linkedHashMap3.put(key, sctVerificationResult);
            }
            return this.policy.policyVerificationResult(x509Certificate, linkedHashMap3);
        } catch (IOException e10) {
            return new VerificationResult.Failure.UnknownIoException(e10);
        }
    }

    public final VerificationResult verifyCertificateTransparency(String host, List<? extends Certificate> certificates) {
        o.v(host, "host");
        o.v(certificates, "certificates");
        if (!enabledForCertificateTransparency(host)) {
            return new VerificationResult.Success.DisabledForHost(host);
        }
        if (certificates.isEmpty()) {
            return VerificationResult.Failure.NoCertificates.INSTANCE;
        }
        CertificateChainCleaner cleaner = getCleaner();
        ArrayList arrayList = new ArrayList();
        for (Object obj : certificates) {
            if (obj instanceof X509Certificate) {
                arrayList.add(obj);
            }
        }
        return hasValidSignedCertificateTimestamp(cleaner.clean(arrayList, host));
    }
}
