package com.airwatch.certpinning;

import android.content.Context;
import com.airwatch.certpinning.ExtendedSSLSocketFactory;
import com.airwatch.certpinning.TrustSpecs;
import com.airwatch.sdk.context.awsdkcontext.SDKDataModel;
import com.airwatch.util.Logger;
import java.net.InetAddress;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.collections.ArraysKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.reflect.KClass;
import kotlin.text.StringsKt;
import org.koin.core.Koin;
import org.koin.core.component.KoinComponent;
import org.koin.core.component.KoinScopeComponent;
import org.koin.core.scope.Scope;

@Metadata(d1 = {"\u0000V\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0006\n\u0002\u0010\u0002\n\u0000\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\n\n\u0002\u0010\u000b\n\u0002\b\b\b'\u0018\u0000 .2\u00020\u00012\u00020\u00022\u00020\u0003:\u0001.B\u0015\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bJ)\u0010\u0018\u001a\u00020\u00192\u0010\u0010\u001a\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u001c\u0018\u00010\u001b2\b\u0010\u001d\u001a\u0004\u0018\u00010\u0005H\u0016¢\u0006\u0002\u0010\u001eJ#\u0010\u001f\u001a\u00020\u00192\f\u0010\u001a\u001a\b\u0012\u0004\u0012\u00020\u001c0\u001b2\u0006\u0010\u001d\u001a\u00020\u0005H\u0016¢\u0006\u0002\u0010\u001eJ+\u0010 \u001a\u00020\u00192\u0006\u0010\u000f\u001a\u00020\u00102\f\u0010\u001a\u001a\b\u0012\u0004\u0012\u00020\u001c0\u001b2\u0006\u0010\u001d\u001a\u00020\u0005H$¢\u0006\u0002\u0010!J\u0013\u0010\"\u001a\b\u0012\u0004\u0012\u00020\u001c0\u001bH\u0016¢\u0006\u0002\u0010#J\b\u0010$\u001a\u00020\u0001H\u0003J\b\u0010%\u001a\u00020\u0000H\u0016J\b\u0010&\u001a\u00020'H$J\u0018\u0010(\u001a\u00020\u00192\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0016J\b\u0010)\u001a\u00020'H\u0002J\u0015\u0010*\u001a\u00020\u00192\u0006\u0010+\u001a\u00020\u0001H\u0001¢\u0006\u0002\b,J#\u0010-\u001a\u00020\u00192\f\u0010\u001a\u001a\b\u0012\u0004\u0012\u00020\u001c0\u001b2\u0006\u0010\u001d\u001a\u00020\u0005H\u0002¢\u0006\u0002\u0010\u001eR\u0014\u0010\t\u001a\u00020\nX\u0084\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u000b\u0010\fR\u000e\u0010\r\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000f\u001a\u00020\u0010X\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\u0011\u001a\u00020\u0012X\u0082\u000e¢\u0006\u0002\n\u0000R\u0010\u0010\u0013\u001a\u0004\u0018\u00010\u0001X\u0082\u000e¢\u0006\u0002\n\u0000R\u0014\u0010\u0004\u001a\u00020\u0005X\u0084\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0014\u0010\u0015R\u0014\u0010\u0006\u001a\u00020\u0007X\u0084\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0016\u0010\u0017¨\u0006/"}, d2 = {"Lcom/airwatch/certpinning/ExtendedX509TrustManager;", "Ljavax/net/ssl/X509TrustManager;", "Lcom/airwatch/certpinning/ExtendedSSLSocketFactory$Listener;", "Lorg/koin/core/component/KoinComponent;", "targetHost", "", "trustSpecs", "Lcom/airwatch/certpinning/TrustSpecs;", "(Ljava/lang/String;Lcom/airwatch/certpinning/TrustSpecs;)V", "applicationContext", "Landroid/content/Context;", "getApplicationContext", "()Landroid/content/Context;", "distrustHandler", "Lcom/airwatch/certpinning/DistrustHandler;", "host", "Ljava/net/InetAddress;", "port", "", "systemTrustManager", "getTargetHost", "()Ljava/lang/String;", "getTrustSpecs", "()Lcom/airwatch/certpinning/TrustSpecs;", "checkClientTrusted", "", "chain", "", "Ljava/security/cert/X509Certificate;", "authType", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "checkServerTrusted", "checkTrust", "(Ljava/net/InetAddress;[Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "getAcceptedIssuers", "()[Ljava/security/cert/X509Certificate;", "getSystemTrustManager", "init", "isTrustMaterialAvailable", "", "onStartHandshake", "performStrictValidation", "setSystemTrustManager", "trustManager", "setSystemTrustManager$AWFramework_release", "validateCertWithSystemTrustStore", "Companion", "AWFramework_release"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes3.dex */
public abstract class ExtendedX509TrustManager implements ExtendedSSLSocketFactory.Listener, X509TrustManager, KoinComponent {
    private static final String TAG = "ExtendedX509TrustManager";
    private final Context applicationContext;
    private final DistrustHandler distrustHandler;
    private InetAddress host;
    private int port;
    private X509TrustManager systemTrustManager;
    private final String targetHost;
    private final TrustSpecs trustSpecs;

    @Metadata(k = 3, mv = {1, 5, 1}, xi = 48)
    /* loaded from: classes3.dex */
    public /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;

        static {
            int[] iArr = new int[TrustSpecs.Depth.values().length];
            iArr[TrustSpecs.Depth.LEAF.ordinal()] = 1;
            $EnumSwitchMapping$0 = iArr;
        }
    }

    public ExtendedX509TrustManager(String targetHost, TrustSpecs trustSpecs) {
        Intrinsics.checkNotNullParameter(targetHost, "targetHost");
        Intrinsics.checkNotNullParameter(trustSpecs, "trustSpecs");
        this.targetHost = targetHost;
        this.trustSpecs = trustSpecs;
        ExtendedX509TrustManager extendedX509TrustManager = this;
        boolean z = extendedX509TrustManager instanceof KoinScopeComponent;
        this.applicationContext = (Context) (z ? ((KoinScopeComponent) extendedX509TrustManager).getScope() : extendedX509TrustManager.getKoin().getScopeRegistry().getRootScope()).get(Reflection.getOrCreateKotlinClass(Context.class), null, null);
        this.distrustHandler = (DistrustHandler) (z ? ((KoinScopeComponent) extendedX509TrustManager).getScope() : extendedX509TrustManager.getKoin().getScopeRegistry().getRootScope()).get(Reflection.getOrCreateKotlinClass(DistrustHandler.class), null, null);
    }

    private final X509TrustManager getSystemTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager trustManager = trustManagerFactory.getTrustManagers()[0];
            if (trustManager != null) {
                return (X509TrustManager) trustManager;
            }
            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private final boolean performStrictValidation() {
        return PinningState.INSTANCE.isCompiledStrictMode(this.applicationContext) || PinningState.INSTANCE.isRuntimeStrictMode() || this.trustSpecs.getStrict();
    }

    private final void validateCertWithSystemTrustStore(X509Certificate[] chain, String authType) {
        Logger.d$default(TAG, "Validating server trust with system trust manager", null, 4, null);
        X509TrustManager x509TrustManager = this.systemTrustManager;
        if (x509TrustManager != null) {
            x509TrustManager.checkServerTrusted(chain, authType);
        }
        Logger.d$default(TAG, "Certificated trusted by system.", null, 4, null);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        Scope rootScope;
        KClass<?> orCreateKotlinClass;
        Scope rootScope2;
        KClass<?> orCreateKotlinClass2;
        Intrinsics.checkNotNullParameter(chain, "chain");
        Intrinsics.checkNotNullParameter(authType, "authType");
        InetAddress inetAddress = null;
        if (chain.length == 0) {
            Logger.i$default(TAG, "No Certificate chain from server", null, 4, null);
            throw new CertificateException("SSL pinning failure enforced: No server certificate");
        }
        if (!isTrustMaterialAvailable()) {
            Logger.i$default(TAG, "Trust Material unavailable", null, 4, null);
            validateCertWithSystemTrustStore(chain, authType);
            return;
        }
        X509Certificate[] x509CertificateArr = WhenMappings.$EnumSwitchMapping$0[this.trustSpecs.getDepth().ordinal()] == 1 ? new X509Certificate[]{(X509Certificate) ArraysKt.first(chain)} : chain;
        try {
            Logger.d$default(TAG, Intrinsics.stringPlus("Checking trust with ", this.trustSpecs.getDepth()), null, 4, null);
            InetAddress inetAddress2 = this.host;
            if (inetAddress2 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("host");
                inetAddress2 = null;
            }
            checkTrust(inetAddress2, x509CertificateArr, authType);
            InetAddress inetAddress3 = this.host;
            if (inetAddress3 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("host");
                inetAddress3 = null;
            }
            String hostName = inetAddress3.getHostName();
            Intrinsics.checkNotNullExpressionValue(hostName, "host.hostName");
            if (hostName.length() > 0) {
                DistrustHandler distrustHandler = this.distrustHandler;
                InetAddress inetAddress4 = this.host;
                if (inetAddress4 == null) {
                    Intrinsics.throwUninitializedPropertyAccessException("host");
                    inetAddress4 = null;
                }
                String hostName2 = inetAddress4.getHostName();
                Intrinsics.checkNotNullExpressionValue(hostName2, "host.hostName");
                distrustHandler.resetRetryCount(hostName2);
            }
            InetAddress inetAddress5 = this.host;
            if (inetAddress5 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("host");
                inetAddress5 = null;
            }
            Logger.i$default(TAG, Intrinsics.stringPlus("checkServerTrusted: Server certificate pin match for ", inetAddress5), null, 4, null);
            ExtendedX509TrustManager extendedX509TrustManager = this;
            if (extendedX509TrustManager instanceof KoinScopeComponent) {
                rootScope = ((KoinScopeComponent) extendedX509TrustManager).getScope();
                orCreateKotlinClass = Reflection.getOrCreateKotlinClass(SDKDataModel.class);
            } else {
                rootScope = extendedX509TrustManager.getKoin().getScopeRegistry().getRootScope();
                orCreateKotlinClass = Reflection.getOrCreateKotlinClass(SDKDataModel.class);
            }
            String aWSrvUrl = ((SDKDataModel) rootScope.get(orCreateKotlinClass, null, null)).getAWSrvUrl();
            Intrinsics.checkNotNullExpressionValue(aWSrvUrl, "get<SDKDataModel>().awSrvUrl");
            if (aWSrvUrl.length() > 0) {
                ExtendedX509TrustManager extendedX509TrustManager2 = this;
                if (extendedX509TrustManager2 instanceof KoinScopeComponent) {
                    rootScope2 = ((KoinScopeComponent) extendedX509TrustManager2).getScope();
                    orCreateKotlinClass2 = Reflection.getOrCreateKotlinClass(SDKDataModel.class);
                } else {
                    rootScope2 = extendedX509TrustManager2.getKoin().getScopeRegistry().getRootScope();
                    orCreateKotlinClass2 = Reflection.getOrCreateKotlinClass(SDKDataModel.class);
                }
                String aWSrvUrl2 = ((SDKDataModel) rootScope2.get(orCreateKotlinClass2, null, null)).getAWSrvUrl();
                Intrinsics.checkNotNullExpressionValue(aWSrvUrl2, "get<SDKDataModel>().awSrvUrl");
                if (StringsKt.contains$default((CharSequence) aWSrvUrl2, (CharSequence) this.targetHost, false, 2, (Object) null)) {
                    this.distrustHandler.reportPendingSSLFailures(true);
                }
            }
        } catch (Exception e) {
            Logger.w$default(TAG, Intrinsics.stringPlus("checkServerTrusted: Error matching certificate -> ", e.getMessage()), null, 4, null);
            DistrustHandler distrustHandler2 = this.distrustHandler;
            InetAddress inetAddress6 = this.host;
            if (inetAddress6 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("host");
                inetAddress6 = null;
            }
            String hostName3 = inetAddress6.getHostName();
            Intrinsics.checkNotNullExpressionValue(hostName3, "host.hostName");
            distrustHandler2.onSSLPinningValidationFailure(new SSLPinningFailureHostRecord(hostName3, this.port, 0L, 4, null), this.trustSpecs, (X509Certificate) ArraysKt.first(x509CertificateArr));
            if (!performStrictValidation()) {
                validateCertWithSystemTrustStore(chain, authType);
                return;
            }
            DistrustHandler distrustHandler3 = this.distrustHandler;
            InetAddress inetAddress7 = this.host;
            if (inetAddress7 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("host");
                inetAddress7 = null;
            }
            String hostName4 = inetAddress7.getHostName();
            Intrinsics.checkNotNullExpressionValue(hostName4, "host.hostName");
            distrustHandler3.onSSLPinningRequestFailure(hostName4, this.trustSpecs, (X509Certificate) ArraysKt.first(x509CertificateArr));
            Logger.e$default(TAG, "checkServerTrusted: Failing request", null, 4, null);
            InetAddress inetAddress8 = this.host;
            if (inetAddress8 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("host");
            } else {
                inetAddress = inetAddress8;
            }
            throw new SSLPinningCertificateException(inetAddress.getHostName(), e.getMessage());
        }
    }

    protected abstract void checkTrust(InetAddress host, X509Certificate[] chain, String authType) throws CertificateException;

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Context getApplicationContext() {
        return this.applicationContext;
    }

    @Override // org.koin.core.component.KoinComponent
    public Koin getKoin() {
        return KoinComponent.DefaultImpls.getKoin(this);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String getTargetHost() {
        return this.targetHost;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final TrustSpecs getTrustSpecs() {
        return this.trustSpecs;
    }

    public ExtendedX509TrustManager init() {
        this.systemTrustManager = getSystemTrustManager();
        return this;
    }

    protected abstract boolean isTrustMaterialAvailable();

    @Override // com.airwatch.certpinning.ExtendedSSLSocketFactory.Listener
    public void onStartHandshake(InetAddress host, int port) {
        Intrinsics.checkNotNullParameter(host, "host");
        this.host = host;
        this.port = port;
    }

    public final void setSystemTrustManager$AWFramework_release(X509TrustManager trustManager) {
        Intrinsics.checkNotNullParameter(trustManager, "trustManager");
        this.systemTrustManager = trustManager;
    }
}
