package com.appmattus.certificatetransparency.internal.verifier;

import com.appmattus.certificatetransparency.CTLogger;
import com.appmattus.certificatetransparency.CTPolicy;
import com.appmattus.certificatetransparency.VerificationResult;
import com.appmattus.certificatetransparency.cache.DiskCache;
import com.appmattus.certificatetransparency.chaincleaner.CertificateChainCleanerFactory;
import com.appmattus.certificatetransparency.datasource.DataSource;
import com.appmattus.certificatetransparency.internal.utils.asn1.ASN1Kt;
import com.appmattus.certificatetransparency.internal.utils.asn1.query.ASN1Query;
import com.appmattus.certificatetransparency.internal.utils.asn1.query.ASN1QueryKt;
import com.appmattus.certificatetransparency.internal.verifier.model.Host;
import com.appmattus.certificatetransparency.loglist.LogListResult;
import com.appmattus.certificatetransparency.loglist.LogListService;
import java.lang.reflect.Method;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.X509TrustManager;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.tls.internal.der.ObjectIdentifiers;

/* compiled from: CertificateTransparencyTrustManager.kt */
/* loaded from: classes.dex */
public final class CertificateTransparencyTrustManager extends CertificateTransparencyBase implements X509TrustManager {
    private final Method checkServerTrustedMethod;
    private final X509TrustManager delegate;
    private final boolean failOnError;
    private final Method isSameTrustConfigurationMethod;
    private final CTLogger logger;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public CertificateTransparencyTrustManager(X509TrustManager delegate, Set<Host> includeHosts, Set<Host> excludeHosts, CertificateChainCleanerFactory certificateChainCleanerFactory, LogListService logListService, DataSource<LogListResult> dataSource, CTPolicy cTPolicy, DiskCache diskCache, boolean z, CTLogger cTLogger) {
        super(includeHosts, excludeHosts, certificateChainCleanerFactory, delegate, logListService, dataSource, cTPolicy, diskCache);
        Method method;
        Intrinsics.checkNotNullParameter(delegate, "delegate");
        Intrinsics.checkNotNullParameter(includeHosts, "includeHosts");
        Intrinsics.checkNotNullParameter(excludeHosts, "excludeHosts");
        this.delegate = delegate;
        this.failOnError = z;
        this.logger = cTLogger;
        Method method2 = null;
        try {
            method = delegate.getClass().getDeclaredMethod("checkServerTrusted", X509Certificate[].class, String.class, String.class);
        } catch (NoSuchMethodException unused) {
            method = null;
        }
        this.checkServerTrustedMethod = method;
        try {
            method2 = this.delegate.getClass().getDeclaredMethod("isSameTrustConfiguration", String.class, String.class);
        } catch (NoSuchMethodException unused2) {
        }
        this.isSameTrustConfigurationMethod = method2;
    }

    public /* synthetic */ CertificateTransparencyTrustManager(X509TrustManager x509TrustManager, Set set, Set set2, CertificateChainCleanerFactory certificateChainCleanerFactory, LogListService logListService, DataSource dataSource, CTPolicy cTPolicy, DiskCache diskCache, boolean z, CTLogger cTLogger, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(x509TrustManager, set, set2, certificateChainCleanerFactory, logListService, dataSource, cTPolicy, diskCache, (i & 256) != 0 ? true : z, (i & 512) != 0 ? null : cTLogger);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType) {
        Intrinsics.checkNotNullParameter(chain, "chain");
        Intrinsics.checkNotNullParameter(authType, "authType");
        this.delegate.checkClientTrusted(chain, authType);
    }

    public final List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, String host) {
        Intrinsics.checkNotNullParameter(chain, "chain");
        Intrinsics.checkNotNullParameter(authType, "authType");
        Intrinsics.checkNotNullParameter(host, "host");
        Method method = this.checkServerTrustedMethod;
        Intrinsics.checkNotNull(method);
        Object invoke = method.invoke(this.delegate, chain, authType, host);
        Intrinsics.checkNotNull(invoke, "null cannot be cast to non-null type kotlin.collections.List<java.security.cert.X509Certificate>");
        List<X509Certificate> list = (List) invoke;
        VerificationResult verifyCertificateTransparency = verifyCertificateTransparency(host, CollectionsKt___CollectionsKt.toList(list));
        CTLogger cTLogger = this.logger;
        if (cTLogger != null) {
            cTLogger.log(host, verifyCertificateTransparency);
        }
        if ((verifyCertificateTransparency instanceof VerificationResult.Failure) && this.failOnError) {
            throw new CertificateException("Certificate transparency failed");
        }
        return list;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType) {
        Intrinsics.checkNotNullParameter(chain, "chain");
        Intrinsics.checkNotNullParameter(authType, "authType");
        this.delegate.checkServerTrusted(chain, authType);
        byte[] encoded = ((X509Certificate) ArraysKt___ArraysKt.first(chain)).getSubjectX500Principal().getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "leafCertificate.subjectX500Principal.encoded");
        String str = (String) ASN1QueryKt.query(ASN1Kt.toAsn1$default(encoded, null, 1, null), new Function1<ASN1Query, String>() { // from class: com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyTrustManager$checkServerTrusted$commonName$1
            @Override // kotlin.jvm.functions.Function1
            public final String invoke(ASN1Query query) {
                Object obj;
                List<ASN1Query> seq;
                ASN1Query aSN1Query;
                List<ASN1Query> seq2;
                ASN1Query aSN1Query2;
                Intrinsics.checkNotNullParameter(query, "$this$query");
                Iterator<T> it = query.seq().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        obj = null;
                        break;
                    }
                    obj = it.next();
                    if (Intrinsics.areEqual(((ASN1Query) CollectionsKt___CollectionsKt.first((List) ((ASN1Query) CollectionsKt___CollectionsKt.first((List) ((ASN1Query) obj).seq())).seq())).oid(), ObjectIdentifiers.commonName)) {
                        break;
                    }
                }
                ASN1Query aSN1Query3 = (ASN1Query) obj;
                if (aSN1Query3 == null || (seq = aSN1Query3.seq()) == null || (aSN1Query = (ASN1Query) CollectionsKt___CollectionsKt.first((List) seq)) == null || (seq2 = aSN1Query.seq()) == null || (aSN1Query2 = seq2.get(1)) == null) {
                    return null;
                }
                return aSN1Query2.string();
            }
        });
        if (str == null) {
            throw new CertificateException("No commonName found in certificate subjectDN");
        }
        VerificationResult verifyCertificateTransparency = verifyCertificateTransparency(str, ArraysKt___ArraysKt.toList(chain));
        CTLogger cTLogger = this.logger;
        if (cTLogger != null) {
            cTLogger.log(str, verifyCertificateTransparency);
        }
        if ((verifyCertificateTransparency instanceof VerificationResult.Failure) && this.failOnError) {
            throw new CertificateException("Certificate transparency failed");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] acceptedIssuers = this.delegate.getAcceptedIssuers();
        Intrinsics.checkNotNullExpressionValue(acceptedIssuers, "delegate.acceptedIssuers");
        return acceptedIssuers;
    }

    public final boolean isSameTrustConfiguration(String str, String str2) {
        Method method = this.isSameTrustConfigurationMethod;
        Intrinsics.checkNotNull(method);
        Object invoke = method.invoke(this.delegate, str, str2);
        Intrinsics.checkNotNull(invoke, "null cannot be cast to non-null type kotlin.Boolean");
        return ((Boolean) invoke).booleanValue();
    }
}
