package com.babylon.certificatetransparency.internal.verifier;

import com.babylon.certificatetransparency.CTPolicy;
import com.babylon.certificatetransparency.SctVerificationResult;
import com.babylon.certificatetransparency.VerificationResult;
import com.babylon.certificatetransparency.cache.DiskCache;
import com.babylon.certificatetransparency.chaincleaner.CertificateChainCleaner;
import com.babylon.certificatetransparency.chaincleaner.CertificateChainCleanerFactory;
import com.babylon.certificatetransparency.datasource.DataSource;
import com.babylon.certificatetransparency.internal.logclient.model.SignedCertificateTimestamp;
import com.babylon.certificatetransparency.internal.loglist.LogListDataSourceFactory;
import com.babylon.certificatetransparency.internal.loglist.NoLogServers;
import com.babylon.certificatetransparency.internal.utils.Base64;
import com.babylon.certificatetransparency.internal.utils.CertificateExtKt;
import com.babylon.certificatetransparency.internal.utils.X509CertificateExtKt;
import com.babylon.certificatetransparency.internal.verifier.model.Host;
import com.babylon.certificatetransparency.loglist.LogListResult;
import com.babylon.certificatetransparency.loglist.LogServer;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.RangesKt;
import kotlinx.coroutines.BuildersKt__BuildersKt;

/* compiled from: CertificateTransparencyBase.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000d\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\b\u0010\u0018\u00002\u00020\u0001Be\u0012\f\u0010\u0002\u001a\b\u0012\u0004\u0012\u00020\u00040\u0003\u0012\u000e\b\u0002\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00040\u0003\u0012\n\b\u0002\u0010\u0006\u001a\u0004\u0018\u00010\u0007\u0012\n\b\u0002\u0010\b\u001a\u0004\u0018\u00010\t\u0012\u0010\b\u0002\u0010\n\u001a\n\u0012\u0004\u0012\u00020\f\u0018\u00010\u000b\u0012\n\b\u0002\u0010\r\u001a\u0004\u0018\u00010\u000e\u0012\n\b\u0002\u0010\u000f\u001a\u0004\u0018\u00010\u0010¢\u0006\u0002\u0010\u0011J\u0010\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u001bH\u0002J\u0016\u0010\u001c\u001a\u00020\u001d2\f\u0010\u001e\u001a\b\u0012\u0004\u0012\u00020 0\u001fH\u0002J\u001c\u0010!\u001a\u00020\u001d2\u0006\u0010\u001a\u001a\u00020\u001b2\f\u0010\u001e\u001a\b\u0012\u0004\u0012\u00020\"0\u001fR\u0010\u0010\u0006\u001a\u0004\u0018\u00010\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u001b\u0010\u0012\u001a\u00020\u00138BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u0016\u0010\u0017\u001a\u0004\b\u0014\u0010\u0015R\u0014\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00040\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\u0002\u001a\b\u0012\u0004\u0012\u00020\u00040\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\n\u001a\b\u0012\u0004\u0012\u00020\f0\u000bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\r\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006#"}, d2 = {"Lcom/babylon/certificatetransparency/internal/verifier/CertificateTransparencyBase;", "", "includeHosts", "", "Lcom/babylon/certificatetransparency/internal/verifier/model/Host;", "excludeHosts", "certificateChainCleanerFactory", "Lcom/babylon/certificatetransparency/chaincleaner/CertificateChainCleanerFactory;", "trustManager", "Ljavax/net/ssl/X509TrustManager;", "logListDataSource", "Lcom/babylon/certificatetransparency/datasource/DataSource;", "Lcom/babylon/certificatetransparency/loglist/LogListResult;", "policy", "Lcom/babylon/certificatetransparency/CTPolicy;", "diskCache", "Lcom/babylon/certificatetransparency/cache/DiskCache;", "(Ljava/util/Set;Ljava/util/Set;Lcom/babylon/certificatetransparency/chaincleaner/CertificateChainCleanerFactory;Ljavax/net/ssl/X509TrustManager;Lcom/babylon/certificatetransparency/datasource/DataSource;Lcom/babylon/certificatetransparency/CTPolicy;Lcom/babylon/certificatetransparency/cache/DiskCache;)V", "cleaner", "Lcom/babylon/certificatetransparency/chaincleaner/CertificateChainCleaner;", "getCleaner", "()Lcom/babylon/certificatetransparency/chaincleaner/CertificateChainCleaner;", "cleaner$delegate", "Lkotlin/Lazy;", "enabledForCertificateTransparency", "", "host", "", "hasValidSignedCertificateTimestamp", "Lcom/babylon/certificatetransparency/VerificationResult;", "certificates", "", "Ljava/security/cert/X509Certificate;", "verifyCertificateTransparency", "Ljava/security/cert/Certificate;", "certificatetransparency"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes.dex */
public class CertificateTransparencyBase {
    private final CertificateChainCleanerFactory certificateChainCleanerFactory;

    /* renamed from: cleaner$delegate, reason: from kotlin metadata */
    private final Lazy cleaner;
    private final Set<Host> excludeHosts;
    private final Set<Host> includeHosts;
    private final DataSource<LogListResult> logListDataSource;
    private final CTPolicy policy;

    public CertificateTransparencyBase(Set<Host> includeHosts, Set<Host> excludeHosts, CertificateChainCleanerFactory certificateChainCleanerFactory, final X509TrustManager x509TrustManager, DataSource<LogListResult> dataSource, DefaultPolicy defaultPolicy, DiskCache diskCache) {
        Intrinsics.checkNotNullParameter(includeHosts, "includeHosts");
        Intrinsics.checkNotNullParameter(excludeHosts, "excludeHosts");
        this.includeHosts = includeHosts;
        this.excludeHosts = excludeHosts;
        this.certificateChainCleanerFactory = certificateChainCleanerFactory;
        if (!(!includeHosts.isEmpty())) {
            throw new IllegalArgumentException("Please provide at least one host to enable certificate transparency verification".toString());
        }
        for (Host host : excludeHosts) {
            if (!(!host.getStartsWithWildcard())) {
                throw new IllegalArgumentException("Certificate transparency exclusions cannot use wildcards".toString());
            }
            if (!(!this.includeHosts.contains(host))) {
                throw new IllegalArgumentException("Certificate transparency exclusions must not match include directly".toString());
            }
        }
        this.cleaner = LazyKt.lazy(new Function0<CertificateChainCleaner>() { // from class: com.babylon.certificatetransparency.internal.verifier.CertificateTransparencyBase$cleaner$2
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // kotlin.jvm.functions.Function0
            public final CertificateChainCleaner invoke() {
                CertificateChainCleanerFactory certificateChainCleanerFactory2;
                CertificateChainCleaner certificateChainCleaner;
                X509TrustManager x509TrustManager2 = x509TrustManager;
                if (x509TrustManager2 == null) {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init((KeyStore) null);
                    Intrinsics.checkNotNullExpressionValue(trustManagerFactory, "TrustManagerFactory.getI…l as KeyStore?)\n        }");
                    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                    Intrinsics.checkNotNullExpressionValue(trustManagers, "TrustManagerFactory.getI…)\n        }.trustManagers");
                    for (TrustManager trustManager : trustManagers) {
                        if (trustManager instanceof X509TrustManager) {
                            if (trustManager == null) {
                                throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                            }
                            x509TrustManager2 = (X509TrustManager) trustManager;
                        }
                    }
                    throw new NoSuchElementException("Array contains no element matching the predicate.");
                }
                certificateChainCleanerFactory2 = CertificateTransparencyBase.this.certificateChainCleanerFactory;
                return (certificateChainCleanerFactory2 == null || (certificateChainCleaner = certificateChainCleanerFactory2.get(x509TrustManager2)) == null) ? CertificateChainCleaner.INSTANCE.get(x509TrustManager2) : certificateChainCleaner;
            }
        });
        this.logListDataSource = dataSource == null ? LogListDataSourceFactory.INSTANCE.create(diskCache) : dataSource;
        this.policy = defaultPolicy == null ? new DefaultPolicy() : defaultPolicy;
    }

    /* JADX WARN: Illegal instructions before constructor call */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public /* synthetic */ CertificateTransparencyBase(java.util.Set r8, java.util.Set r9, com.babylon.certificatetransparency.chaincleaner.CertificateChainCleanerFactory r10, javax.net.ssl.X509TrustManager r11, com.babylon.certificatetransparency.datasource.DataSource r12, com.babylon.certificatetransparency.CTPolicy r13, com.babylon.certificatetransparency.cache.DiskCache r14, int r15, kotlin.jvm.internal.DefaultConstructorMarker r16) {
        /*
            r7 = this;
            r0 = r15 & 2
            if (r0 == 0) goto L9
            java.util.Set r0 = kotlin.collections.SetsKt.emptySet()
            goto La
        L9:
            r0 = r9
        La:
            r1 = r15 & 4
            r2 = 0
            if (r1 == 0) goto L14
            r1 = r2
            com.babylon.certificatetransparency.chaincleaner.CertificateChainCleanerFactory r1 = (com.babylon.certificatetransparency.chaincleaner.CertificateChainCleanerFactory) r1
            r1 = r2
            goto L15
        L14:
            r1 = r10
        L15:
            r3 = r15 & 8
            if (r3 == 0) goto L1e
            r3 = r2
            javax.net.ssl.X509TrustManager r3 = (javax.net.ssl.X509TrustManager) r3
            r3 = r2
            goto L1f
        L1e:
            r3 = r11
        L1f:
            r4 = r15 & 16
            if (r4 == 0) goto L28
            r4 = r2
            com.babylon.certificatetransparency.datasource.DataSource r4 = (com.babylon.certificatetransparency.datasource.DataSource) r4
            r4 = r2
            goto L29
        L28:
            r4 = r12
        L29:
            r5 = r15 & 32
            if (r5 == 0) goto L32
            r5 = r2
            com.babylon.certificatetransparency.CTPolicy r5 = (com.babylon.certificatetransparency.CTPolicy) r5
            r5 = r2
            goto L33
        L32:
            r5 = r13
        L33:
            r6 = r15 & 64
            if (r6 == 0) goto L3b
            r6 = r2
            com.babylon.certificatetransparency.cache.DiskCache r6 = (com.babylon.certificatetransparency.cache.DiskCache) r6
            goto L3c
        L3b:
            r2 = r14
        L3c:
            r9 = r7
            r10 = r8
            r11 = r0
            r12 = r1
            r13 = r3
            r14 = r4
            r15 = r5
            r16 = r2
            r9.<init>(r10, r11, r12, r13, r14, r15, r16)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.babylon.certificatetransparency.internal.verifier.CertificateTransparencyBase.<init>(java.util.Set, java.util.Set, com.babylon.certificatetransparency.chaincleaner.CertificateChainCleanerFactory, javax.net.ssl.X509TrustManager, com.babylon.certificatetransparency.datasource.DataSource, com.babylon.certificatetransparency.CTPolicy, com.babylon.certificatetransparency.cache.DiskCache, int, kotlin.jvm.internal.DefaultConstructorMarker):void");
    }

    private final boolean enabledForCertificateTransparency(String host) {
        boolean z;
        boolean z2;
        Set<Host> set = this.includeHosts;
        if (!(set instanceof Collection) || !set.isEmpty()) {
            Iterator<T> it = set.iterator();
            while (it.hasNext()) {
                if (((Host) it.next()).matches(host)) {
                    z = true;
                    break;
                }
            }
        }
        z = false;
        if (z) {
            Set<Host> set2 = this.excludeHosts;
            if (!(set2 instanceof Collection) || !set2.isEmpty()) {
                Iterator<T> it2 = set2.iterator();
                while (it2.hasNext()) {
                    if (((Host) it2.next()).matches(host)) {
                        z2 = true;
                        break;
                    }
                }
            }
            z2 = false;
            if (!z2) {
                return true;
            }
        }
        return false;
    }

    private final CertificateChainCleaner getCleaner() {
        return (CertificateChainCleaner) this.cleaner.getValue();
    }

    private final VerificationResult hasValidSignedCertificateTimestamp(List<? extends X509Certificate> certificates) {
        Object runBlocking$default;
        SctVerificationResult.Invalid.NoTrustedLogServerFound noTrustedLogServerFound;
        runBlocking$default = BuildersKt__BuildersKt.runBlocking$default(null, new CertificateTransparencyBase$hasValidSignedCertificateTimestamp$result$1(this, null), 1, null);
        LogListResult logListResult = (LogListResult) runBlocking$default;
        if (!(logListResult instanceof LogListResult.Valid)) {
            if (logListResult instanceof LogListResult.Invalid) {
                return new VerificationResult.Failure.LogServersFailed((LogListResult.Invalid) logListResult);
            }
            if (logListResult == null) {
                return new VerificationResult.Failure.LogServersFailed(NoLogServers.INSTANCE);
            }
            throw new NoWhenBranchMatchedException();
        }
        List<LogServer> servers = ((LogListResult.Valid) logListResult).getServers();
        LinkedHashMap linkedHashMap = new LinkedHashMap(RangesKt.coerceAtLeast(MapsKt.mapCapacity(CollectionsKt.collectionSizeOrDefault(servers, 10)), 16));
        for (LogServer logServer : servers) {
            linkedHashMap.put(Base64.INSTANCE.toBase64String(logServer.getId()), new LogSignatureVerifier(logServer));
        }
        X509Certificate x509Certificate = certificates.get(0);
        if (!CertificateExtKt.hasEmbeddedSct(x509Certificate)) {
            return VerificationResult.Failure.NoScts.INSTANCE;
        }
        try {
            List<SignedCertificateTimestamp> signedCertificateTimestamps = X509CertificateExtKt.signedCertificateTimestamps(x509Certificate);
            LinkedHashMap linkedHashMap2 = new LinkedHashMap(RangesKt.coerceAtLeast(MapsKt.mapCapacity(CollectionsKt.collectionSizeOrDefault(signedCertificateTimestamps, 10)), 16));
            for (Object obj : signedCertificateTimestamps) {
                linkedHashMap2.put(Base64.INSTANCE.toBase64String(((SignedCertificateTimestamp) obj).getId().getKeyId()), obj);
            }
            LinkedHashMap linkedHashMap3 = new LinkedHashMap(MapsKt.mapCapacity(linkedHashMap2.size()));
            for (Object obj2 : linkedHashMap2.entrySet()) {
                Object key = ((Map.Entry) obj2).getKey();
                Map.Entry entry = (Map.Entry) obj2;
                String str = (String) entry.getKey();
                SignedCertificateTimestamp signedCertificateTimestamp = (SignedCertificateTimestamp) entry.getValue();
                LogSignatureVerifier logSignatureVerifier = (LogSignatureVerifier) linkedHashMap.get(str);
                if (logSignatureVerifier == null || (noTrustedLogServerFound = logSignatureVerifier.verifySignature(signedCertificateTimestamp, certificates)) == null) {
                    noTrustedLogServerFound = SctVerificationResult.Invalid.NoTrustedLogServerFound.INSTANCE;
                }
                linkedHashMap3.put(key, noTrustedLogServerFound);
            }
            return this.policy.policyVerificationResult(x509Certificate, linkedHashMap3);
        } catch (IOException e) {
            return new VerificationResult.Failure.UnknownIoException(e);
        }
    }

    public final VerificationResult verifyCertificateTransparency(String host, List<? extends Certificate> certificates) {
        Intrinsics.checkNotNullParameter(host, "host");
        Intrinsics.checkNotNullParameter(certificates, "certificates");
        if (!enabledForCertificateTransparency(host)) {
            return new VerificationResult.Success.DisabledForHost(host);
        }
        if (certificates.isEmpty()) {
            return VerificationResult.Failure.NoCertificates.INSTANCE;
        }
        CertificateChainCleaner cleaner = getCleaner();
        ArrayList arrayList = new ArrayList();
        for (Object obj : certificates) {
            if (obj instanceof X509Certificate) {
                arrayList.add(obj);
            }
        }
        List<X509Certificate> clean = cleaner.clean(arrayList, host);
        return clean.isEmpty() ? VerificationResult.Failure.NoCertificates.INSTANCE : hasValidSignedCertificateTimestamp(clean);
    }
}
