package org.owntracks.android.net;

import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt__IteratorsJVMKt$iterator$1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.sequences.ConstrainedOnceSequence;
import kotlin.sequences.SequencesKt;
import org.bouncycastle.jcajce.spec.SkeinParameterSpec;
import org.conscrypt.OkHostnameVerifier;
import timber.log.Timber;

@Metadata(d1 = {"\u00002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\u0018\u00002\u00020\u0001B\u000f\u0012\b\b\u0002\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0010\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\tH\u0002J\u001c\u0010\n\u001a\u00020\u00072\b\u0010\u000b\u001a\u0004\u0018\u00010\f2\b\u0010\r\u001a\u0004\u0018\u00010\u000eH\u0016J\f\u0010\u000f\u001a\u00020\t*\u00020\u0010H\u0002R\u000e\u0010\u0005\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0011"}, d2 = {"Lorg/owntracks/android/net/CALeafCertMatchingHostnameVerifier;", "Ljavax/net/ssl/HostnameVerifier;", "keystore", "Ljava/security/KeyStore;", "(Ljava/security/KeyStore;)V", "caKeyStore", "caStoreContains", "", "fingerprint", "", "verify", "hostname", "", "session", "Ljavax/net/ssl/SSLSession;", "getFingerPrint", "Ljava/security/cert/Certificate;", "app_ossRelease"}, k = 1, mv = {1, 9, 0}, xi = SkeinParameterSpec.PARAM_TYPE_MESSAGE)
/* loaded from: classes.dex */
public final class CALeafCertMatchingHostnameVerifier implements HostnameVerifier {
    private final KeyStore caKeyStore;

    /* JADX WARN: Multi-variable type inference failed */
    public CALeafCertMatchingHostnameVerifier() {
        this(null, 1, 0 == true ? 1 : 0);
    }

    public CALeafCertMatchingHostnameVerifier(KeyStore keystore) {
        Intrinsics.checkNotNullParameter(keystore, "keystore");
        keystore.load(null);
        this.caKeyStore = keystore;
    }

    /* JADX WARN: Illegal instructions before constructor call */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public /* synthetic */ CALeafCertMatchingHostnameVerifier(java.security.KeyStore r1, int r2, kotlin.jvm.internal.DefaultConstructorMarker r3) {
        /*
            r0 = this;
            r2 = r2 & 1
            if (r2 == 0) goto Lf
            java.lang.String r1 = "AndroidCAStore"
            java.security.KeyStore r1 = java.security.KeyStore.getInstance(r1)
            java.lang.String r2 = "getInstance(...)"
            kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r1, r2)
        Lf:
            r0.<init>(r1)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.owntracks.android.net.CALeafCertMatchingHostnameVerifier.<init>(java.security.KeyStore, int, kotlin.jvm.internal.DefaultConstructorMarker):void");
    }

    private final boolean caStoreContains(byte[] fingerprint) {
        Object obj;
        Enumeration<String> aliases = this.caKeyStore.aliases();
        Intrinsics.checkNotNullExpressionValue(aliases, "aliases(...)");
        Iterator it = ((ConstrainedOnceSequence) SequencesKt.asSequence(new CollectionsKt__IteratorsJVMKt$iterator$1(aliases))).iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            Certificate certificate = this.caKeyStore.getCertificate((String) obj);
            Intrinsics.checkNotNullExpressionValue(certificate, "getCertificate(...)");
            if (Arrays.equals(getFingerPrint(certificate), fingerprint)) {
                break;
            }
        }
        return obj != null;
    }

    private final byte[] getFingerPrint(Certificate certificate) {
        byte[] digest = MessageDigest.getInstance("SHA-1").digest(certificate.getEncoded());
        Intrinsics.checkNotNullExpressionValue(digest, "digest(...)");
        return digest;
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String hostname, SSLSession session) {
        Certificate[] peerCertificates = session != null ? session.getPeerCertificates() : null;
        if (peerCertificates == null || peerCertificates.length == 0) {
            Timber.Forest.e("No server peer certificates presented for SSL session.", new Object[0]);
            return OkHostnameVerifier.INSTANCE.verify(new X509Certificate[0], hostname, session);
        }
        byte[] encoded = peerCertificates[0].getEncoded();
        if (encoded == null) {
            encoded = new byte[0];
        }
        byte[] digest = MessageDigest.getInstance("SHA-1").digest(encoded);
        Intrinsics.checkNotNull(digest);
        if (!caStoreContains(digest)) {
            return OkHostnameVerifier.INSTANCE.verify(new X509Certificate[0], hostname, session);
        }
        Timber.Forest.i("CA Fingerprint matches server leaf cert: " + digest + ". Skipping hostname verification", new Object[0]);
        return true;
    }
}
