package okhttp3; import io.sentry.protocol.OperatingSystem; import java.security.Principal; import java.security.PublicKey; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import java.util.Set; import javax.net.ssl.SSLPeerUnverifiedException; import kotlin.Deprecated; import kotlin.Metadata; import kotlin.ReplaceWith; import kotlin.collections.ArraysKt; import kotlin.collections.CollectionsKt; import kotlin.jvm.JvmStatic; import kotlin.jvm.functions.Function0; import kotlin.jvm.internal.DefaultConstructorMarker; import kotlin.jvm.internal.Intrinsics; import kotlin.jvm.internal.TypeIntrinsics; import kotlin.text.StringsKt; import okhttp3.internal.HostnamesKt; import okhttp3.internal.tls.CertificateChainCleaner; import okio.ByteString; /* compiled from: CertificatePinner.kt */ @Metadata(bv = {1, 0, 3}, d1 = {"\u0000T\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0003\n\u0002\u0010\b\n\u0002\b\u0006\u0018\u0000 \"2\u00020\u0001:\u0003!\"#B!\b\u0000\u0012\f\u0010\u0002\u001a\b\u0012\u0004\u0012\u00020\u00040\u0003\u0012\n\b\u0002\u0010\u0005\u001a\u0004\u0018\u00010\u0006¢\u0006\u0002\u0010\u0007J)\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0012\u0010\u0010\u001a\u000e\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00130\u00120\u0011H\u0000¢\u0006\u0002\b\u0014J)\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0012\u0010\u0015\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00170\u0016\"\u00020\u0017H\u0007¢\u0006\u0002\u0010\u0018J\u001c\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\f\u0010\u0015\u001a\b\u0012\u0004\u0012\u00020\u00170\u0012J\u0013\u0010\u0019\u001a\u00020\u001a2\b\u0010\u001b\u001a\u0004\u0018\u00010\u0001H\u0096\u0002J\u0014\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\u00040\u00122\u0006\u0010\u000e\u001a\u00020\u000fJ\b\u0010\u001d\u001a\u00020\u001eH\u0016J\u0015\u0010\u001f\u001a\u00020\u00002\u0006\u0010\u0005\u001a\u00020\u0006H\u0000¢\u0006\u0002\b R\u0016\u0010\u0005\u001a\u0004\u0018\u00010\u0006X\u0080\u0004¢\u0006\b\n\u0000\u001a\u0004\b\b\u0010\tR\u0017\u0010\u0002\u001a\b\u0012\u0004\u0012\u00020\u00040\u0003¢\u0006\b\n\u0000\u001a\u0004\b\n\u0010\u000b¨\u0006$"}, d2 = {"Lokhttp3/CertificatePinner;", "", "pins", "", "Lokhttp3/CertificatePinner$Pin;", "certificateChainCleaner", "Lokhttp3/internal/tls/CertificateChainCleaner;", "(Ljava/util/Set;Lokhttp3/internal/tls/CertificateChainCleaner;)V", "getCertificateChainCleaner$okhttp", "()Lokhttp3/internal/tls/CertificateChainCleaner;", "getPins", "()Ljava/util/Set;", "check", "", "hostname", "", "cleanedPeerCertificatesFn", "Lkotlin/Function0;", "", "Ljava/security/cert/X509Certificate;", "check$okhttp", "peerCertificates", "", "Ljava/security/cert/Certificate;", "(Ljava/lang/String;[Ljava/security/cert/Certificate;)V", "equals", "", "other", "findMatchingPins", "hashCode", "", "withCertificateChainCleaner", "withCertificateChainCleaner$okhttp", "Builder", "Companion", "Pin", "okhttp"}, k = 1, mv = {1, 4, 0}) /* loaded from: classes3.dex */ public final class CertificatePinner { /* renamed from: Companion, reason: from kotlin metadata */ public static final Companion INSTANCE = new Companion(null); public static final CertificatePinner DEFAULT = new Builder().build(); private final CertificateChainCleaner certificateChainCleaner; private final Set pins; @JvmStatic public static final String pin(Certificate certificate) { return INSTANCE.pin(certificate); } @JvmStatic public static final ByteString sha1Hash(X509Certificate x509Certificate) { return INSTANCE.sha1Hash(x509Certificate); } @JvmStatic public static final ByteString sha256Hash(X509Certificate x509Certificate) { return INSTANCE.sha256Hash(x509Certificate); } /* renamed from: getCertificateChainCleaner$okhttp, reason: from getter */ public final CertificateChainCleaner getCertificateChainCleaner() { return this.certificateChainCleaner; } public final Set getPins() { return this.pins; } public CertificatePinner(Set pins, CertificateChainCleaner certificateChainCleaner) { Intrinsics.checkNotNullParameter(pins, "pins"); this.pins = pins; this.certificateChainCleaner = certificateChainCleaner; } /* JADX WARN: Illegal instructions before constructor call */ /* Code decompiled incorrectly, please refer to instructions dump. To view partially-correct add '--show-bad-code' argument */ public /* synthetic */ CertificatePinner(java.util.Set r1, okhttp3.internal.tls.CertificateChainCleaner r2, int r3, kotlin.jvm.internal.DefaultConstructorMarker r4) { /* r0 = this; r3 = r3 & 2 if (r3 == 0) goto L8 r2 = 0 r3 = r2 okhttp3.internal.tls.CertificateChainCleaner r3 = (okhttp3.internal.tls.CertificateChainCleaner) r3 L8: r0.(r1, r2) return */ throw new UnsupportedOperationException("Method not decompiled: okhttp3.CertificatePinner.(java.util.Set, okhttp3.internal.tls.CertificateChainCleaner, int, kotlin.jvm.internal.DefaultConstructorMarker):void"); } public final void check(final String hostname, final List peerCertificates) throws SSLPeerUnverifiedException { Intrinsics.checkNotNullParameter(hostname, "hostname"); Intrinsics.checkNotNullParameter(peerCertificates, "peerCertificates"); check$okhttp(hostname, new Function0>() { // from class: okhttp3.CertificatePinner$check$1 /* JADX INFO: Access modifiers changed from: package-private */ /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */ { super(0); } @Override // kotlin.jvm.functions.Function0 public final List invoke() { List list; CertificateChainCleaner certificateChainCleaner = CertificatePinner.this.getCertificateChainCleaner(); if (certificateChainCleaner == null || (list = certificateChainCleaner.clean(peerCertificates, hostname)) == null) { list = peerCertificates; } List list2 = list; ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(list2, 10)); for (Certificate certificate : list2) { if (certificate == null) { throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate"); } arrayList.add((X509Certificate) certificate); } return arrayList; } }); } public final void check$okhttp(String hostname, Function0> cleanedPeerCertificatesFn) { Intrinsics.checkNotNullParameter(hostname, "hostname"); Intrinsics.checkNotNullParameter(cleanedPeerCertificatesFn, "cleanedPeerCertificatesFn"); List findMatchingPins = findMatchingPins(hostname); if (findMatchingPins.isEmpty()) { return; } List invoke = cleanedPeerCertificatesFn.invoke(); for (X509Certificate x509Certificate : invoke) { ByteString byteString = null; ByteString byteString2 = null; for (Pin pin : findMatchingPins) { String hashAlgorithm = pin.getHashAlgorithm(); int hashCode = hashAlgorithm.hashCode(); if (hashCode == -903629273) { if (hashAlgorithm.equals("sha256")) { if (byteString == null) { byteString = INSTANCE.sha256Hash(x509Certificate); } if (Intrinsics.areEqual(pin.getHash(), byteString)) { return; } } else { throw new AssertionError("unsupported hashAlgorithm: " + pin.getHashAlgorithm()); } } else { if (hashCode == 3528965 && hashAlgorithm.equals("sha1")) { if (byteString2 == null) { byteString2 = INSTANCE.sha1Hash(x509Certificate); } if (Intrinsics.areEqual(pin.getHash(), byteString2)) { return; } } throw new AssertionError("unsupported hashAlgorithm: " + pin.getHashAlgorithm()); } } } StringBuilder sb = new StringBuilder("Certificate pinning failure!\n Peer certificate chain:"); for (X509Certificate x509Certificate2 : invoke) { sb.append("\n "); sb.append(INSTANCE.pin(x509Certificate2)); sb.append(": "); Principal subjectDN = x509Certificate2.getSubjectDN(); Intrinsics.checkNotNullExpressionValue(subjectDN, "element.subjectDN"); sb.append(subjectDN.getName()); } sb.append("\n Pinned certificates for "); sb.append(hostname); sb.append(":"); for (Pin pin2 : findMatchingPins) { sb.append("\n "); sb.append(pin2); } String sb2 = sb.toString(); Intrinsics.checkNotNullExpressionValue(sb2, "StringBuilder().apply(builderAction).toString()"); throw new SSLPeerUnverifiedException(sb2); } @Deprecated(message = "replaced with {@link #check(String, List)}.", replaceWith = @ReplaceWith(expression = "check(hostname, peerCertificates.toList())", imports = {})) public final void check(String hostname, Certificate... peerCertificates) throws SSLPeerUnverifiedException { Intrinsics.checkNotNullParameter(hostname, "hostname"); Intrinsics.checkNotNullParameter(peerCertificates, "peerCertificates"); check(hostname, ArraysKt.toList(peerCertificates)); } public final List findMatchingPins(String hostname) { Intrinsics.checkNotNullParameter(hostname, "hostname"); Set set = this.pins; ArrayList emptyList = CollectionsKt.emptyList(); for (Object obj : set) { if (((Pin) obj).matchesHostname(hostname)) { if (emptyList.isEmpty()) { emptyList = new ArrayList(); } if (emptyList == null) { throw new NullPointerException("null cannot be cast to non-null type kotlin.collections.MutableList"); } TypeIntrinsics.asMutableList(emptyList).add(obj); } } return emptyList; } public final CertificatePinner withCertificateChainCleaner$okhttp(CertificateChainCleaner certificateChainCleaner) { Intrinsics.checkNotNullParameter(certificateChainCleaner, "certificateChainCleaner"); return Intrinsics.areEqual(this.certificateChainCleaner, certificateChainCleaner) ? this : new CertificatePinner(this.pins, certificateChainCleaner); } public boolean equals(Object other) { if (other instanceof CertificatePinner) { CertificatePinner certificatePinner = (CertificatePinner) other; if (Intrinsics.areEqual(certificatePinner.pins, this.pins) && Intrinsics.areEqual(certificatePinner.certificateChainCleaner, this.certificateChainCleaner)) { return true; } } return false; } public int hashCode() { int hashCode = (1517 + this.pins.hashCode()) * 41; CertificateChainCleaner certificateChainCleaner = this.certificateChainCleaner; return hashCode + (certificateChainCleaner != null ? certificateChainCleaner.hashCode() : 0); } /* compiled from: CertificatePinner.kt */ @Metadata(bv = {1, 0, 3}, d1 = {"\u00002\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018\u00002\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0003¢\u0006\u0002\u0010\u0005J\u0013\u0010\u000e\u001a\u00020\u000f2\b\u0010\u0010\u001a\u0004\u0018\u00010\u0001H\u0096\u0002J\b\u0010\u0011\u001a\u00020\u0012H\u0016J\u000e\u0010\u0013\u001a\u00020\u000f2\u0006\u0010\u0014\u001a\u00020\u0015J\u000e\u0010\u0016\u001a\u00020\u000f2\u0006\u0010\u0017\u001a\u00020\u0003J\b\u0010\u0018\u001a\u00020\u0003H\u0016R\u0011\u0010\u0006\u001a\u00020\u0007¢\u0006\b\n\u0000\u001a\u0004\b\b\u0010\tR\u0011\u0010\n\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u000b\u0010\fR\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\r\u0010\f¨\u0006\u0019"}, d2 = {"Lokhttp3/CertificatePinner$Pin;", "", "pattern", "", "pin", "(Ljava/lang/String;Ljava/lang/String;)V", "hash", "Lokio/ByteString;", "getHash", "()Lokio/ByteString;", "hashAlgorithm", "getHashAlgorithm", "()Ljava/lang/String;", "getPattern", "equals", "", "other", "hashCode", "", "matchesCertificate", "certificate", "Ljava/security/cert/X509Certificate;", "matchesHostname", "hostname", "toString", "okhttp"}, k = 1, mv = {1, 4, 0}) /* loaded from: classes3.dex */ public static final class Pin { private final ByteString hash; private final String hashAlgorithm; private final String pattern; public final ByteString getHash() { return this.hash; } public final String getHashAlgorithm() { return this.hashAlgorithm; } public final String getPattern() { return this.pattern; } public Pin(String pattern, String pin) { Intrinsics.checkNotNullParameter(pattern, "pattern"); Intrinsics.checkNotNullParameter(pin, "pin"); if (!((StringsKt.startsWith$default(pattern, "*.", false, 2, (Object) null) && StringsKt.indexOf$default((CharSequence) pattern, "*", 1, false, 4, (Object) null) == -1) || (StringsKt.startsWith$default(pattern, "**.", false, 2, (Object) null) && StringsKt.indexOf$default((CharSequence) pattern, "*", 2, false, 4, (Object) null) == -1) || StringsKt.indexOf$default((CharSequence) pattern, "*", 0, false, 6, (Object) null) == -1)) { throw new IllegalArgumentException(("Unexpected pattern: " + pattern).toString()); } String canonicalHost = HostnamesKt.toCanonicalHost(pattern); if (canonicalHost == null) { throw new IllegalArgumentException("Invalid pattern: " + pattern); } this.pattern = canonicalHost; if (StringsKt.startsWith$default(pin, "sha1/", false, 2, (Object) null)) { this.hashAlgorithm = "sha1"; ByteString.Companion companion = ByteString.INSTANCE; String substring = pin.substring(5); Intrinsics.checkNotNullExpressionValue(substring, "(this as java.lang.String).substring(startIndex)"); ByteString decodeBase64 = companion.decodeBase64(substring); if (decodeBase64 == null) { throw new IllegalArgumentException("Invalid pin hash: " + pin); } this.hash = decodeBase64; return; } if (StringsKt.startsWith$default(pin, "sha256/", false, 2, (Object) null)) { this.hashAlgorithm = "sha256"; ByteString.Companion companion2 = ByteString.INSTANCE; String substring2 = pin.substring(7); Intrinsics.checkNotNullExpressionValue(substring2, "(this as java.lang.String).substring(startIndex)"); ByteString decodeBase642 = companion2.decodeBase64(substring2); if (decodeBase642 == null) { throw new IllegalArgumentException("Invalid pin hash: " + pin); } this.hash = decodeBase642; return; } throw new IllegalArgumentException("pins must start with 'sha256/' or 'sha1/': " + pin); } public final boolean matchesHostname(String hostname) { Intrinsics.checkNotNullParameter(hostname, "hostname"); if (StringsKt.startsWith$default(this.pattern, "**.", false, 2, (Object) null)) { int length = this.pattern.length() - 3; int length2 = hostname.length() - length; if (!StringsKt.regionMatches$default(hostname, hostname.length() - length, this.pattern, 3, length, false, 16, (Object) null)) { return false; } if (length2 != 0 && hostname.charAt(length2 - 1) != '.') { return false; } } else if (StringsKt.startsWith$default(this.pattern, "*.", false, 2, (Object) null)) { int length3 = this.pattern.length() - 1; int length4 = hostname.length() - length3; if (!StringsKt.regionMatches$default(hostname, hostname.length() - length3, this.pattern, 1, length3, false, 16, (Object) null) || StringsKt.lastIndexOf$default((CharSequence) hostname, '.', length4 - 1, false, 4, (Object) null) != -1) { return false; } } else { return Intrinsics.areEqual(hostname, this.pattern); } return true; } public final boolean matchesCertificate(X509Certificate certificate) { Intrinsics.checkNotNullParameter(certificate, "certificate"); String str = this.hashAlgorithm; int hashCode = str.hashCode(); if (hashCode == -903629273) { if (str.equals("sha256")) { return Intrinsics.areEqual(this.hash, CertificatePinner.INSTANCE.sha256Hash(certificate)); } } else if (hashCode == 3528965 && str.equals("sha1")) { return Intrinsics.areEqual(this.hash, CertificatePinner.INSTANCE.sha1Hash(certificate)); } return false; } public String toString() { return this.hashAlgorithm + '/' + this.hash.base64(); } public boolean equals(Object other) { if (this == other) { return true; } if (!(other instanceof Pin)) { return false; } Pin pin = (Pin) other; return ((Intrinsics.areEqual(this.pattern, pin.pattern) ^ true) || (Intrinsics.areEqual(this.hashAlgorithm, pin.hashAlgorithm) ^ true) || (Intrinsics.areEqual(this.hash, pin.hash) ^ true)) ? false : true; } public int hashCode() { return (((this.pattern.hashCode() * 31) + this.hashAlgorithm.hashCode()) * 31) + this.hash.hashCode(); } } /* compiled from: CertificatePinner.kt */ @Metadata(bv = {1, 0, 3}, d1 = {"\u0000*\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010!\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000e\n\u0002\u0010\u0011\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J'\u0010\b\u001a\u00020\u00002\u0006\u0010\t\u001a\u00020\n2\u0012\u0010\u0003\u001a\n\u0012\u0006\b\u0001\u0012\u00020\n0\u000b\"\u00020\n¢\u0006\u0002\u0010\fJ\u0006\u0010\r\u001a\u00020\u000eR\u0017\u0010\u0003\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0006\u0010\u0007¨\u0006\u000f"}, d2 = {"Lokhttp3/CertificatePinner$Builder;", "", "()V", "pins", "", "Lokhttp3/CertificatePinner$Pin;", "getPins", "()Ljava/util/List;", "add", "pattern", "", "", "(Ljava/lang/String;[Ljava/lang/String;)Lokhttp3/CertificatePinner$Builder;", OperatingSystem.JsonKeys.BUILD, "Lokhttp3/CertificatePinner;", "okhttp"}, k = 1, mv = {1, 4, 0}) /* loaded from: classes3.dex */ public static final class Builder { private final List pins = new ArrayList(); public final List getPins() { return this.pins; } public final Builder add(String pattern, String... pins) { Intrinsics.checkNotNullParameter(pattern, "pattern"); Intrinsics.checkNotNullParameter(pins, "pins"); for (String str : pins) { this.pins.add(new Pin(pattern, str)); } return this; } /* JADX WARN: Multi-variable type inference failed */ public final CertificatePinner build() { return new CertificatePinner(CollectionsKt.toSet(this.pins), null, 2, 0 == true ? 1 : 0); } } /* compiled from: CertificatePinner.kt */ @Metadata(bv = {1, 0, 3}, d1 = {"\u0000*\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0010\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\bH\u0007J\f\u0010\t\u001a\u00020\n*\u00020\u000bH\u0007J\f\u0010\f\u001a\u00020\n*\u00020\u000bH\u0007R\u0010\u0010\u0003\u001a\u00020\u00048\u0006X\u0087\u0004¢\u0006\u0002\n\u0000¨\u0006\r"}, d2 = {"Lokhttp3/CertificatePinner$Companion;", "", "()V", "DEFAULT", "Lokhttp3/CertificatePinner;", "pin", "", "certificate", "Ljava/security/cert/Certificate;", "sha1Hash", "Lokio/ByteString;", "Ljava/security/cert/X509Certificate;", "sha256Hash", "okhttp"}, k = 1, mv = {1, 4, 0}) /* loaded from: classes3.dex */ public static final class Companion { private Companion() { } public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) { this(); } @JvmStatic public final ByteString sha1Hash(X509Certificate sha1Hash) { Intrinsics.checkNotNullParameter(sha1Hash, "$this$sha1Hash"); ByteString.Companion companion = ByteString.INSTANCE; PublicKey publicKey = sha1Hash.getPublicKey(); Intrinsics.checkNotNullExpressionValue(publicKey, "publicKey"); byte[] encoded = publicKey.getEncoded(); Intrinsics.checkNotNullExpressionValue(encoded, "publicKey.encoded"); return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha1(); } @JvmStatic public final ByteString sha256Hash(X509Certificate sha256Hash) { Intrinsics.checkNotNullParameter(sha256Hash, "$this$sha256Hash"); ByteString.Companion companion = ByteString.INSTANCE; PublicKey publicKey = sha256Hash.getPublicKey(); Intrinsics.checkNotNullExpressionValue(publicKey, "publicKey"); byte[] encoded = publicKey.getEncoded(); Intrinsics.checkNotNullExpressionValue(encoded, "publicKey.encoded"); return ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null).sha256(); } @JvmStatic public final String pin(Certificate certificate) { Intrinsics.checkNotNullParameter(certificate, "certificate"); if (!(certificate instanceof X509Certificate)) { throw new IllegalArgumentException("Certificate pinning requires X509 certificates".toString()); } return "sha256/" + sha256Hash((X509Certificate) certificate).base64(); } } }