package com.airwatch.certpinning;

import android.content.Context;
import androidx.annotation.VisibleForTesting;
import com.airwatch.certpinning.TrustSpecs;
import com.airwatch.certpinning.j;
import com.airwatch.certpinning.s;
import com.airwatch.sdk.context.awsdkcontext.SDKDataModel;
import java.net.InetAddress;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.reflect.KClass;
import mi0.Koin;
import ni0.a;

@Metadata(d1 = {"\u0000V\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u000e\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\t\b'\u0018\u0000 \u00192\u00020\u00012\u00020\u00022\u00020\u0003:\u0001\u0013B\u0017\u0012\u0006\u0010\u001f\u001a\u00020\u0007\u0012\u0006\u0010$\u001a\u00020 ¢\u0006\u0004\b1\u00102J%\u0010\n\u001a\u00020\t2\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00050\u00042\u0006\u0010\b\u001a\u00020\u0007H\u0002¢\u0006\u0004\b\n\u0010\u000bJ\b\u0010\r\u001a\u00020\fH\u0002J\b\u0010\u000e\u001a\u00020\u0001H\u0003J\u0018\u0010\u0013\u001a\u00020\t2\u0006\u0010\u0010\u001a\u00020\u000f2\u0006\u0010\u0012\u001a\u00020\u0011H\u0016J%\u0010\u0014\u001a\u00020\t2\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00050\u00042\u0006\u0010\b\u001a\u00020\u0007H\u0016¢\u0006\u0004\b\u0014\u0010\u000bJ+\u0010\u0015\u001a\u00020\t2\u0010\u0010\u0006\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u0005\u0018\u00010\u00042\b\u0010\b\u001a\u0004\u0018\u00010\u0007H\u0016¢\u0006\u0004\b\u0015\u0010\u000bJ\u0015\u0010\u0016\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004H\u0016¢\u0006\u0004\b\u0016\u0010\u0017J\b\u0010\u0018\u001a\u00020\u0000H\u0016J\b\u0010\u0019\u001a\u00020\fH$J-\u0010\u001a\u001a\u00020\t2\u0006\u0010\u0010\u001a\u00020\u000f2\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00050\u00042\u0006\u0010\b\u001a\u00020\u0007H$¢\u0006\u0004\b\u001a\u0010\u001bR\u001a\u0010\u001f\u001a\u00020\u00078\u0004X\u0084\u0004¢\u0006\f\n\u0004\b\u0013\u0010\u001c\u001a\u0004\b\u001d\u0010\u001eR\u001a\u0010$\u001a\u00020 8\u0004X\u0084\u0004¢\u0006\f\n\u0004\b\u001a\u0010!\u001a\u0004\b\"\u0010#R\u001a\u0010)\u001a\u00020%8\u0004X\u0084\u0004¢\u0006\f\n\u0004\b&\u0010'\u001a\u0004\b&\u0010(R\u0014\u0010,\u001a\u00020*8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u000e\u0010+R\u0016\u0010\u0010\u001a\u00020\u000f8\u0002@\u0002X\u0082.¢\u0006\u0006\n\u0004\b\u001d\u0010-R\u0016\u0010\u0012\u001a\u00020\u00118\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b\"\u0010.R\u0018\u00100\u001a\u0004\u0018\u00010\u00018\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b\u0018\u0010/¨\u00063"}, d2 = {"Lcom/airwatch/certpinning/k;", "Ljavax/net/ssl/X509TrustManager;", "Lcom/airwatch/certpinning/j$b;", "Lni0/a;", "", "Ljava/security/cert/X509Certificate;", "chain", "", "authType", "Lrb0/r;", "j", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "", "i", "d", "Ljava/net/InetAddress;", "host", "", "port", "a", "checkServerTrusted", "checkClientTrusted", "getAcceptedIssuers", "()[Ljava/security/cert/X509Certificate;", "g", "h", "b", "(Ljava/net/InetAddress;[Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "Ljava/lang/String;", "e", "()Ljava/lang/String;", "targetHost", "Lcom/airwatch/certpinning/TrustSpecs;", "Lcom/airwatch/certpinning/TrustSpecs;", wg.f.f56340d, "()Lcom/airwatch/certpinning/TrustSpecs;", "trustSpecs", "Landroid/content/Context;", xj.c.f57529d, "Landroid/content/Context;", "()Landroid/content/Context;", "applicationContext", "Lcom/airwatch/certpinning/i;", "Lcom/airwatch/certpinning/i;", "distrustHandler", "Ljava/net/InetAddress;", "I", "Ljavax/net/ssl/X509TrustManager;", "systemTrustManager", "<init>", "(Ljava/lang/String;Lcom/airwatch/certpinning/TrustSpecs;)V", "AWFramework_release"}, k = 1, mv = {1, 5, 1})
@VisibleForTesting(otherwise = 3)
/* loaded from: classes2.dex */
public abstract class k implements X509TrustManager, j.b, ni0.a {

    /* renamed from: a, reason: collision with root package name and from kotlin metadata */
    private final String targetHost;

    /* renamed from: b, reason: collision with root package name and from kotlin metadata */
    private final TrustSpecs trustSpecs;

    /* renamed from: c, reason: collision with root package name and from kotlin metadata */
    private final Context applicationContext;

    /* renamed from: d, reason: collision with root package name and from kotlin metadata */
    private final i distrustHandler;

    /* renamed from: e, reason: collision with root package name and from kotlin metadata */
    private InetAddress host;

    /* renamed from: f, reason: collision with root package name and from kotlin metadata */
    private int port;

    /* renamed from: g, reason: collision with root package name and from kotlin metadata */
    private X509TrustManager systemTrustManager;

    @Metadata(k = 3, mv = {1, 5, 1}, xi = 48)
    /* loaded from: classes2.dex */
    public /* synthetic */ class b {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f8980a;

        static {
            int[] iArr = new int[TrustSpecs.Depth.values().length];
            iArr[TrustSpecs.Depth.LEAF.ordinal()] = 1;
            f8980a = iArr;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public k(String targetHost, TrustSpecs trustSpecs) {
        kotlin.jvm.internal.n.g(targetHost, "targetHost");
        kotlin.jvm.internal.n.g(trustSpecs, "trustSpecs");
        this.targetHost = targetHost;
        this.trustSpecs = trustSpecs;
        boolean z11 = this instanceof ni0.b;
        this.applicationContext = (Context) (z11 ? ((ni0.b) this).getScope() : getKoin().getScopeRegistry().getRootScope()).g(kotlin.jvm.internal.s.b(Context.class), null, null);
        this.distrustHandler = (i) (z11 ? ((ni0.b) this).getScope() : getKoin().getScopeRegistry().getRootScope()).g(kotlin.jvm.internal.s.b(i.class), null, null);
    }

    @VisibleForTesting
    private final X509TrustManager d() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager trustManager = trustManagerFactory.getTrustManagers()[0];
            if (trustManager != null) {
                return (X509TrustManager) trustManager;
            }
            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        } catch (NoSuchAlgorithmException e11) {
            throw new IllegalArgumentException(e11);
        }
    }

    private final boolean i() {
        s.Companion companion = s.INSTANCE;
        return companion.b(this.applicationContext) || companion.c() || this.trustSpecs.getStrict();
    }

    private final void j(X509Certificate[] chain, String authType) {
        ym.g0.i("ExtendedX509TrustManager", "Validating server trust with system trust manager", null, 4, null);
        X509TrustManager x509TrustManager = this.systemTrustManager;
        if (x509TrustManager != null) {
            x509TrustManager.checkServerTrusted(chain, authType);
        }
        ym.g0.i("ExtendedX509TrustManager", "Certificated trusted by system.", null, 4, null);
    }

    @Override // com.airwatch.certpinning.j.b
    public void a(InetAddress host, int i11) {
        kotlin.jvm.internal.n.g(host, "host");
        this.host = host;
        this.port = i11;
    }

    protected abstract void b(InetAddress host, X509Certificate[] chain, String authType) throws CertificateException;

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: c, reason: from getter */
    public final Context getApplicationContext() {
        return this.applicationContext;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType) {
        throw new UnsupportedOperationException();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        X509Certificate[] x509CertificateArr;
        Object M;
        Object M2;
        wi0.a rootScope;
        KClass<?> b11;
        wi0.a rootScope2;
        KClass<?> b12;
        boolean T;
        Object M3;
        kotlin.jvm.internal.n.g(chain, "chain");
        kotlin.jvm.internal.n.g(authType, "authType");
        InetAddress inetAddress = null;
        if (chain.length == 0) {
            ym.g0.z("ExtendedX509TrustManager", "No Certificate chain from server", null, 4, null);
            throw new CertificateException("SSL pinning failure enforced: No server certificate");
        }
        if (!h()) {
            ym.g0.z("ExtendedX509TrustManager", "Trust Material unavailable", null, 4, null);
            j(chain, authType);
            return;
        }
        if (b.f8980a[this.trustSpecs.getDepth().ordinal()] == 1) {
            M3 = kotlin.collections.p.M(chain);
            x509CertificateArr = new X509Certificate[]{(X509Certificate) M3};
        } else {
            x509CertificateArr = chain;
        }
        try {
            ym.g0.i("ExtendedX509TrustManager", kotlin.jvm.internal.n.p("Checking trust with ", this.trustSpecs.getDepth()), null, 4, null);
            InetAddress inetAddress2 = this.host;
            if (inetAddress2 == null) {
                kotlin.jvm.internal.n.y("host");
                inetAddress2 = null;
            }
            b(inetAddress2, x509CertificateArr, authType);
            InetAddress inetAddress3 = this.host;
            if (inetAddress3 == null) {
                kotlin.jvm.internal.n.y("host");
                inetAddress3 = null;
            }
            String hostName = inetAddress3.getHostName();
            kotlin.jvm.internal.n.f(hostName, "host.hostName");
            if (hostName.length() > 0) {
                i iVar = this.distrustHandler;
                InetAddress inetAddress4 = this.host;
                if (inetAddress4 == null) {
                    kotlin.jvm.internal.n.y("host");
                    inetAddress4 = null;
                }
                String hostName2 = inetAddress4.getHostName();
                kotlin.jvm.internal.n.f(hostName2, "host.hostName");
                iVar.b(hostName2);
            }
            InetAddress inetAddress5 = this.host;
            if (inetAddress5 == null) {
                kotlin.jvm.internal.n.y("host");
                inetAddress5 = null;
            }
            ym.g0.z("ExtendedX509TrustManager", kotlin.jvm.internal.n.p("checkServerTrusted: Server certificate pin match for ", inetAddress5), null, 4, null);
            if (this instanceof ni0.b) {
                rootScope = ((ni0.b) this).getScope();
                b11 = kotlin.jvm.internal.s.b(SDKDataModel.class);
            } else {
                rootScope = getKoin().getScopeRegistry().getRootScope();
                b11 = kotlin.jvm.internal.s.b(SDKDataModel.class);
            }
            String B0 = ((SDKDataModel) rootScope.g(b11, null, null)).B0();
            kotlin.jvm.internal.n.f(B0, "get<SDKDataModel>().awSrvUrl");
            if (B0.length() > 0) {
                if (this instanceof ni0.b) {
                    rootScope2 = ((ni0.b) this).getScope();
                    b12 = kotlin.jvm.internal.s.b(SDKDataModel.class);
                } else {
                    rootScope2 = getKoin().getScopeRegistry().getRootScope();
                    b12 = kotlin.jvm.internal.s.b(SDKDataModel.class);
                }
                String B02 = ((SDKDataModel) rootScope2.g(b12, null, null)).B0();
                kotlin.jvm.internal.n.f(B02, "get<SDKDataModel>().awSrvUrl");
                T = kotlin.text.w.T(B02, this.targetHost, false, 2, null);
                if (T) {
                    this.distrustHandler.c(true);
                }
            }
        } catch (Exception e11) {
            ym.g0.X("ExtendedX509TrustManager", kotlin.jvm.internal.n.p("checkServerTrusted: Error matching certificate -> ", e11.getMessage()), null, 4, null);
            i iVar2 = this.distrustHandler;
            InetAddress inetAddress6 = this.host;
            if (inetAddress6 == null) {
                kotlin.jvm.internal.n.y("host");
                inetAddress6 = null;
            }
            String hostName3 = inetAddress6.getHostName();
            kotlin.jvm.internal.n.f(hostName3, "host.hostName");
            SSLPinningFailureHostRecord sSLPinningFailureHostRecord = new SSLPinningFailureHostRecord(hostName3, this.port, 0L, 4, null);
            TrustSpecs trustSpecs = this.trustSpecs;
            M = kotlin.collections.p.M(x509CertificateArr);
            iVar2.a(sSLPinningFailureHostRecord, trustSpecs, (X509Certificate) M);
            if (!i()) {
                j(chain, authType);
                return;
            }
            i iVar3 = this.distrustHandler;
            InetAddress inetAddress7 = this.host;
            if (inetAddress7 == null) {
                kotlin.jvm.internal.n.y("host");
                inetAddress7 = null;
            }
            String hostName4 = inetAddress7.getHostName();
            kotlin.jvm.internal.n.f(hostName4, "host.hostName");
            TrustSpecs trustSpecs2 = this.trustSpecs;
            M2 = kotlin.collections.p.M(x509CertificateArr);
            iVar3.d(hostName4, trustSpecs2, (X509Certificate) M2);
            ym.g0.q("ExtendedX509TrustManager", "checkServerTrusted: Failing request", null, 4, null);
            InetAddress inetAddress8 = this.host;
            if (inetAddress8 == null) {
                kotlin.jvm.internal.n.y("host");
            } else {
                inetAddress = inetAddress8;
            }
            throw new SSLPinningCertificateException(inetAddress.getHostName(), e11.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: e, reason: from getter */
    public final String getTargetHost() {
        return this.targetHost;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: f, reason: from getter */
    public final TrustSpecs getTrustSpecs() {
        return this.trustSpecs;
    }

    public k g() {
        this.systemTrustManager = d();
        return this;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    @Override // ni0.a
    public Koin getKoin() {
        return a.C0780a.a(this);
    }

    protected abstract boolean h();
}
