package com.wultra.android.sslpinning;

import android.os.Handler;
import android.os.Looper;
import android.util.Base64;
import com.google.firebase.messaging.Constants;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.wultra.android.sslpinning.interfaces.CryptoProvider;
import com.wultra.android.sslpinning.interfaces.ECPublicKey;
import com.wultra.android.sslpinning.interfaces.SecureDataStore;
import com.wultra.android.sslpinning.interfaces.SignedData;
import com.wultra.android.sslpinning.model.CachedData;
import com.wultra.android.sslpinning.model.CertificateInfo;
import com.wultra.android.sslpinning.model.GetFingerprintResponse;
import com.wultra.android.sslpinning.service.RemoteDataProvider;
import com.wultra.android.sslpinning.service.RemoteDataRequest;
import com.wultra.android.sslpinning.service.RemoteDataResponse;
import com.wultra.android.sslpinning.service.RestApi;
import com.wultra.android.sslpinning.service.UpdateScheduler;
import com.wultra.android.sslpinning.service.WultraDebug;
import com.wultra.android.sslpinning.util.ByteArrayTypeAdapter;
import com.wultra.android.sslpinning.util.CertUtils;
import com.wultra.android.sslpinning.util.DateTypeAdapter;
import java.lang.Thread;
import java.nio.charset.Charset;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import kotlin.Metadata;
import kotlin.TuplesKt;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Ref;
import kotlin.text.Charsets;

/* compiled from: CertStore.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000²\u0001\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010#\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\r\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0010$\n\u0002\b\b\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\u0018\u0000 R2\u00020\u0001:\u0001RB\u001f\b\u0016\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bB)\b\u0000\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\b\u0010\t\u001a\u0004\u0018\u00010\n¢\u0006\u0002\u0010\u000bJ\u000e\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u001f\u001a\u00020\u001cJ\u0010\u0010 \u001a\u00020!2\u0006\u0010\"\u001a\u00020#H\u0003J \u0010$\u001a\u00020\u001e2\u0006\u0010\"\u001a\u00020#2\u0006\u0010%\u001a\u00020&2\u0006\u0010'\u001a\u00020(H\u0002J\u000f\u0010)\u001a\u0004\u0018\u00010\u000fH\u0000¢\u0006\u0002\b*J\u0015\u0010+\u001a\b\u0012\u0004\u0012\u00020\u00120\u0011H\u0000¢\u0006\u0004\b,\u0010-J\u0006\u0010.\u001a\u00020&J\u000f\u0010/\u001a\u0004\u0018\u00010\u000fH\u0000¢\u0006\u0002\b0J\u0015\u00101\u001a\b\u0012\u0004\u0012\u00020\u00120\u0011H\u0000¢\u0006\u0004\b2\u0010-J/\u00103\u001a\u00020\u001e2\u0006\u00104\u001a\u00020\u00152\u001d\u00105\u001a\u0019\u0012\u0004\u0012\u00020\u001c\u0012\u0004\u0012\u00020\u0015\u0012\u0004\u0012\u00020\u001e06¢\u0006\u0002\b7H\u0002J6\u00108\u001a\u00020!2\u0006\u00109\u001a\u00020:2\b\u0010;\u001a\u0004\u0018\u00010\u00152\u0012\u0010<\u001a\u000e\u0012\u0004\u0012\u00020\u0015\u0012\u0004\u0012\u00020\u00150=2\u0006\u0010\"\u001a\u00020#H\u0002J\u0006\u0010>\u001a\u00020\u001eJ\u000e\u0010?\u001a\u00020\u001e2\u0006\u0010\u001f\u001a\u00020\u001cJ\u0006\u0010@\u001a\u00020\u001eJ\b\u0010A\u001a\u00020\u001eH\u0002J\u0015\u0010B\u001a\u00020\u001e2\u0006\u00109\u001a\u00020\u000fH\u0000¢\u0006\u0002\bCJ\u0018\u0010D\u001a\u00020\u001e2\b\b\u0002\u0010E\u001a\u00020F2\u0006\u0010'\u001a\u00020(J%\u0010G\u001a\u00020\u001e2\u0016\u0010D\u001a\u0012\u0012\u0006\u0012\u0004\u0018\u00010\u000f\u0012\u0006\u0012\u0004\u0018\u00010\u000f0HH\u0000¢\u0006\u0002\bIJ\u000e\u0010J\u001a\u00020K2\u0006\u0010L\u001a\u00020MJ\u0016\u0010N\u001a\u00020K2\u0006\u00104\u001a\u00020\u00152\u0006\u0010O\u001a\u00020:J\u0016\u0010P\u001a\u00020K2\u0006\u00104\u001a\u00020\u00152\u0006\u0010Q\u001a\u00020:R\u000e\u0010\f\u001a\u00020\rX\u0082\u000e¢\u0006\u0002\n\u0000R\u0010\u0010\u000e\u001a\u0004\u0018\u00010\u000fX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u0016\u0010\u0010\u001a\b\u0012\u0004\u0012\u00020\u00120\u0011X\u0082\u000e¢\u0006\u0004\n\u0002\u0010\u0013R\u0011\u0010\u0014\u001a\u00020\u00158F¢\u0006\u0006\u001a\u0004\b\u0016\u0010\u0017R\u000e\u0010\u0018\u001a\u00020\u0019X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\u001a\u001a\b\u0012\u0004\u0012\u00020\u001c0\u001bX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006S"}, d2 = {"Lcom/wultra/android/sslpinning/CertStore;", "", "configuration", "Lcom/wultra/android/sslpinning/CertStoreConfiguration;", "cryptoProvider", "Lcom/wultra/android/sslpinning/interfaces/CryptoProvider;", "secureDataStore", "Lcom/wultra/android/sslpinning/interfaces/SecureDataStore;", "(Lcom/wultra/android/sslpinning/CertStoreConfiguration;Lcom/wultra/android/sslpinning/interfaces/CryptoProvider;Lcom/wultra/android/sslpinning/interfaces/SecureDataStore;)V", "remoteDataProvider", "Lcom/wultra/android/sslpinning/service/RemoteDataProvider;", "(Lcom/wultra/android/sslpinning/CertStoreConfiguration;Lcom/wultra/android/sslpinning/interfaces/CryptoProvider;Lcom/wultra/android/sslpinning/interfaces/SecureDataStore;Lcom/wultra/android/sslpinning/service/RemoteDataProvider;)V", "cacheIsLoaded", "", "cachedData", "Lcom/wultra/android/sslpinning/model/CachedData;", "fallbackCertificates", "", "Lcom/wultra/android/sslpinning/model/CertificateInfo;", "[Lcom/wultra/android/sslpinning/model/CertificateInfo;", "instanceIdentifier", "", "getInstanceIdentifier", "()Ljava/lang/String;", "mainThreadHandler", "Landroid/os/Handler;", "validationObservers", "", "Lcom/wultra/android/sslpinning/ValidationObserver;", "addValidationObserver", "", "observer", "doUpdate", "Lcom/wultra/android/sslpinning/UpdateResult;", "currentDate", "Ljava/util/Date;", "doUpdateAsync", "updateType", "Lcom/wultra/android/sslpinning/UpdateType;", "updateObserver", "Lcom/wultra/android/sslpinning/UpdateObserver;", "getCachedData", "getCachedData$library_release", "getCertificates", "getCertificates$library_release", "()[Lcom/wultra/android/sslpinning/model/CertificateInfo;", "getUpdateType", "loadCachedData", "loadCachedData$library_release", "loadFallbackCertificates", "loadFallbackCertificates$library_release", "notifyValidationObservers", "commonName", "observerCallback", "Lkotlin/Function2;", "Lkotlin/ExtensionFunctionType;", "processReceivedData", Constants.ScionAnalytics.MessageType.DATA_MESSAGE, "", "challenge", "responseHeaders", "", "removeAllValidationObservers", "removeValidationObserver", "reset", "restoreCache", "saveDataToCache", "saveDataToCache$library_release", "update", "mode", "Lcom/wultra/android/sslpinning/UpdateMode;", "updateCachedData", "Lkotlin/Function1;", "updateCachedData$library_release", "validateCertificate", "Lcom/wultra/android/sslpinning/ValidationResult;", "certificate", "Ljava/security/cert/X509Certificate;", "validateCertificateData", "certificateData", "validateFingerprint", "fingerprint", "Companion", "library_release"}, k = 1, mv = {1, 1, 16})
/* loaded from: classes4.dex */
public final class CertStore {

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static final Gson GSON;
    public static final String REQUEST_CHALLENGE_HEADER = "X-Cert-Pinning-Challenge";
    public static final String RESPONSE_SIGNATURE_HEADER = "x-cert-pinning-signature";
    private volatile boolean cacheIsLoaded;
    private CachedData cachedData;
    private final CertStoreConfiguration configuration;
    private final CryptoProvider cryptoProvider;
    private CertificateInfo[] fallbackCertificates;
    private final Handler mainThreadHandler;
    private final RemoteDataProvider remoteDataProvider;
    private final SecureDataStore secureDataStore;
    private final Set<ValidationObserver> validationObservers;

    /* compiled from: CertStore.kt */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\u001c\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0002\b\u0002\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u0014\u0010\u0003\u001a\u00020\u0004X\u0080\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0005\u0010\u0006R\u000e\u0010\u0007\u001a\u00020\bX\u0080T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\bX\u0080T¢\u0006\u0002\n\u0000¨\u0006\n"}, d2 = {"Lcom/wultra/android/sslpinning/CertStore$Companion;", "", "()V", "GSON", "Lcom/google/gson/Gson;", "getGSON$library_release", "()Lcom/google/gson/Gson;", "REQUEST_CHALLENGE_HEADER", "", "RESPONSE_SIGNATURE_HEADER", "library_release"}, k = 1, mv = {1, 1, 16})
    /* loaded from: classes4.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final Gson getGSON$library_release() {
            return CertStore.GSON;
        }
    }

    static {
        Gson create = new GsonBuilder().registerTypeAdapter(byte[].class, new ByteArrayTypeAdapter()).registerTypeAdapter(Date.class, new DateTypeAdapter()).create();
        Intrinsics.checkExpressionValueIsNotNull(create, "GsonBuilder()\n          …                .create()");
        GSON = create;
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    public CertStore(CertStoreConfiguration configuration, CryptoProvider cryptoProvider, SecureDataStore secureDataStore) {
        this(configuration, cryptoProvider, secureDataStore, null);
        Intrinsics.checkParameterIsNotNull(configuration, "configuration");
        Intrinsics.checkParameterIsNotNull(cryptoProvider, "cryptoProvider");
        Intrinsics.checkParameterIsNotNull(secureDataStore, "secureDataStore");
    }

    public CertStore(CertStoreConfiguration configuration, CryptoProvider cryptoProvider, SecureDataStore secureDataStore, RemoteDataProvider remoteDataProvider) {
        Intrinsics.checkParameterIsNotNull(configuration, "configuration");
        Intrinsics.checkParameterIsNotNull(cryptoProvider, "cryptoProvider");
        Intrinsics.checkParameterIsNotNull(secureDataStore, "secureDataStore");
        this.configuration = configuration;
        this.cryptoProvider = cryptoProvider;
        this.secureDataStore = secureDataStore;
        this.fallbackCertificates = new CertificateInfo[0];
        this.validationObservers = new LinkedHashSet();
        this.mainThreadHandler = new Handler(Looper.getMainLooper());
        configuration.validate$library_release();
        if (remoteDataProvider != null) {
            this.remoteDataProvider = remoteDataProvider;
        } else {
            this.remoteDataProvider = new RestApi(configuration.getServiceUrl(), configuration.getSslValidationStrategy());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final UpdateResult doUpdate(Date currentDate) {
        String challenge;
        RemoteDataRequest remoteDataRequest;
        try {
            if (this.configuration.getUseChallenge()) {
                challenge = Base64.encodeToString(this.cryptoProvider.getRandomData(16), 2);
                Intrinsics.checkExpressionValueIsNotNull(challenge, "challenge");
                remoteDataRequest = new RemoteDataRequest(MapsKt.mapOf(TuplesKt.to(REQUEST_CHALLENGE_HEADER, challenge)));
            } else {
                challenge = null;
                remoteDataRequest = new RemoteDataRequest(MapsKt.emptyMap());
            }
            RemoteDataResponse fingerprints = this.remoteDataProvider.getFingerprints(remoteDataRequest);
            return processReceivedData(fingerprints.getData(), challenge, fingerprints.getResponseHeaders(), currentDate);
        } catch (Exception unused) {
            return UpdateResult.NETWORK_ERROR;
        }
    }

    private final void doUpdateAsync(final Date currentDate, final UpdateType updateType, final UpdateObserver updateObserver) {
        Runnable runnable = new Runnable() { // from class: com.wultra.android.sslpinning.CertStore$doUpdateAsync$updateRunnable$1
            @Override // java.lang.Runnable
            public final void run() {
                final UpdateResult doUpdate;
                Handler handler;
                doUpdate = CertStore.this.doUpdate(currentDate);
                handler = CertStore.this.mainThreadHandler;
                handler.post(new Runnable() { // from class: com.wultra.android.sslpinning.CertStore$doUpdateAsync$updateRunnable$1.1
                    @Override // java.lang.Runnable
                    public final void run() {
                        updateObserver.onUpdateFinished(updateType, doUpdate);
                    }
                });
            }
        };
        ExecutorService executorService = this.configuration.getExecutorService();
        if (executorService == null || executorService.submit(runnable) == null) {
            Thread thread = new Thread(runnable);
            thread.setName("SilentCertStoreUpdate");
            thread.setPriority(10);
            thread.setUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() { // from class: com.wultra.android.sslpinning.CertStore$doUpdateAsync$1$1
                @Override // java.lang.Thread.UncaughtExceptionHandler
                public final void uncaughtException(Thread thread2, Throwable th) {
                    WultraDebug.INSTANCE.error("Silent update failed, " + thread2 + " crashed with " + th + '.');
                }
            });
            thread.start();
            Unit unit = Unit.INSTANCE;
        }
    }

    private final void notifyValidationObservers(final String commonName, final Function2<? super ValidationObserver, ? super String, Unit> observerCallback) {
        synchronized (this.validationObservers) {
            for (final ValidationObserver validationObserver : this.validationObservers) {
                this.mainThreadHandler.post(new Runnable() { // from class: com.wultra.android.sslpinning.CertStore$notifyValidationObservers$$inlined$synchronized$lambda$1
                    @Override // java.lang.Runnable
                    public final void run() {
                        observerCallback.invoke(ValidationObserver.this, commonName);
                    }
                });
            }
            Unit unit = Unit.INSTANCE;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r10v3, types: [com.wultra.android.sslpinning.UpdateResult, T] */
    private final UpdateResult processReceivedData(byte[] data, String challenge, Map<String, String> responseHeaders, final Date currentDate) {
        GetFingerprintResponse getFingerprintResponse;
        final ECPublicKey importECPublicKey = this.cryptoProvider.importECPublicKey(this.configuration.getPublicKey());
        if (importECPublicKey == null) {
            throw new IllegalArgumentException("Illegal configuration public key");
        }
        if (this.configuration.getUseChallenge()) {
            if (challenge == null) {
                throw new IllegalArgumentException("Missing challenge");
            }
            String str = responseHeaders.get(RESPONSE_SIGNATURE_HEADER);
            if (str == null) {
                WultraDebug.INSTANCE.error("Missing signature header.");
                return UpdateResult.INVALID_SIGNATURE;
            }
            try {
                byte[] signature = Base64.decode(str, 2);
                byte[] bytes = challenge.getBytes(Charsets.UTF_8);
                Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
                byte[] plus = ArraysKt.plus(ArraysKt.plus(bytes, (byte) 38), data);
                CryptoProvider cryptoProvider = this.cryptoProvider;
                Intrinsics.checkExpressionValueIsNotNull(signature, "signature");
                if (!cryptoProvider.ecdsaValidateSignatures(new SignedData(plus, signature), importECPublicKey)) {
                    WultraDebug.INSTANCE.error("Invalid signature in x-cert-pinning-signature header");
                    return UpdateResult.INVALID_SIGNATURE;
                }
            } catch (Throwable th) {
                WultraDebug.INSTANCE.error("Failed to decode signature from header: " + th);
                return UpdateResult.INVALID_SIGNATURE;
            }
        }
        try {
            getFingerprintResponse = (GetFingerprintResponse) GSON.fromJson(new String(data, Charsets.UTF_8), GetFingerprintResponse.class);
        } catch (Throwable th2) {
            WultraDebug.INSTANCE.error("Failed to parse received fingerprint data: " + th2);
            getFingerprintResponse = null;
        }
        final GetFingerprintResponse getFingerprintResponse2 = getFingerprintResponse;
        if (getFingerprintResponse2 != null && getFingerprintResponse2.getFingerprints() != null) {
            final Ref.ObjectRef objectRef = new Ref.ObjectRef();
            objectRef.element = UpdateResult.OK;
            updateCachedData$library_release(new Function1<CachedData, CachedData>() { // from class: com.wultra.android.sslpinning.CertStore$processReceivedData$1
                /* JADX INFO: Access modifiers changed from: package-private */
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(1);
                }

                /* JADX WARN: Multi-variable type inference failed */
                /* JADX WARN: Type inference failed for: r2v11, types: [com.wultra.android.sslpinning.UpdateResult, T] */
                /* JADX WARN: Type inference failed for: r2v5, types: [com.wultra.android.sslpinning.UpdateResult, T] */
                /* JADX WARN: Type inference failed for: r2v8, types: [com.wultra.android.sslpinning.UpdateResult, T] */
                @Override // kotlin.jvm.functions.Function1
                public final CachedData invoke(CachedData cachedData) {
                    CertificateInfo[] certificateInfoArr;
                    CertStoreConfiguration certStoreConfiguration;
                    CertStoreConfiguration certStoreConfiguration2;
                    CertStoreConfiguration certStoreConfiguration3;
                    CertStoreConfiguration certStoreConfiguration4;
                    CryptoProvider cryptoProvider2;
                    if (cachedData == null || (certificateInfoArr = cachedData.getCertificates()) == null) {
                        certificateInfoArr = new CertificateInfo[0];
                    }
                    ArrayList arrayList = new ArrayList();
                    for (CertificateInfo certificateInfo : certificateInfoArr) {
                        if (!certificateInfo.isExpired$library_release(currentDate)) {
                            arrayList.add(certificateInfo);
                        }
                    }
                    List mutableList = CollectionsKt.toMutableList((Collection) arrayList);
                    GetFingerprintResponse.Entry[] fingerprints = getFingerprintResponse2.getFingerprints();
                    int length = fingerprints.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        GetFingerprintResponse.Entry entry = fingerprints[i];
                        CertificateInfo certificateInfo2 = new CertificateInfo(entry);
                        if (!certificateInfo2.isExpired$library_release(currentDate) && mutableList.indexOf(certificateInfo2) == -1) {
                            certStoreConfiguration3 = CertStore.this.configuration;
                            if (!certStoreConfiguration3.getUseChallenge()) {
                                SignedData dataForSignature$library_release = entry.dataForSignature$library_release();
                                if (dataForSignature$library_release == null) {
                                    WultraDebug.INSTANCE.error("CertStore: Failed to prepare data for signature validation. CN = '" + entry.getName() + '\'');
                                    objectRef.element = UpdateResult.INVALID_DATA;
                                    break;
                                }
                                cryptoProvider2 = CertStore.this.cryptoProvider;
                                if (!cryptoProvider2.ecdsaValidateSignatures(dataForSignature$library_release, importECPublicKey)) {
                                    WultraDebug.INSTANCE.error("CertStore: Invalid signature detected. CN = '" + entry.getName() + '\'');
                                    objectRef.element = UpdateResult.INVALID_SIGNATURE;
                                    break;
                                }
                            }
                            certStoreConfiguration4 = CertStore.this.configuration;
                            String[] expectedCommonNames = certStoreConfiguration4.getExpectedCommonNames();
                            if (expectedCommonNames != null && !ArraysKt.contains(expectedCommonNames, certificateInfo2.getCommonName())) {
                                WultraDebug.INSTANCE.warning("CertStore: Loaded data contains name, which will not be trusted. CN = '" + entry.getName() + '\'');
                            }
                            mutableList.add(certificateInfo2);
                        }
                        i++;
                    }
                    if (((UpdateResult) objectRef.element) == UpdateResult.OK && mutableList.isEmpty()) {
                        WultraDebug.INSTANCE.warning("CertStore: Database after update is still empty.");
                        objectRef.element = UpdateResult.STORE_IS_EMPTY;
                    }
                    if (((UpdateResult) objectRef.element) != UpdateResult.OK) {
                        return null;
                    }
                    CollectionsKt.sort(mutableList);
                    Object[] array = mutableList.toArray(new CertificateInfo[0]);
                    if (array == null) {
                        throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
                    }
                    CertificateInfo[] certificateInfoArr2 = (CertificateInfo[]) array;
                    certStoreConfiguration = CertStore.this.configuration;
                    long periodicUpdateIntervalMillis = certStoreConfiguration.getPeriodicUpdateIntervalMillis();
                    certStoreConfiguration2 = CertStore.this.configuration;
                    return new CachedData(certificateInfoArr2, new UpdateScheduler(periodicUpdateIntervalMillis, certStoreConfiguration2.getExpirationUpdateThresholdMillis(), 0.125d).scheduleNextUpdate(certificateInfoArr2, currentDate));
                }
            });
            return (UpdateResult) objectRef.element;
        }
        return UpdateResult.INVALID_DATA;
    }

    private final void restoreCache() {
        if (this.cacheIsLoaded) {
            return;
        }
        this.cachedData = loadCachedData$library_release();
        this.fallbackCertificates = loadFallbackCertificates$library_release();
        this.cacheIsLoaded = true;
    }

    public static /* synthetic */ void update$default(CertStore certStore, UpdateMode updateMode, UpdateObserver updateObserver, int i, Object obj) {
        if ((i & 1) != 0) {
            updateMode = UpdateMode.DEFAULT;
        }
        certStore.update(updateMode, updateObserver);
    }

    public final void addValidationObserver(ValidationObserver observer) {
        Intrinsics.checkParameterIsNotNull(observer, "observer");
        synchronized (this.validationObservers) {
            this.validationObservers.add(observer);
        }
    }

    public final synchronized CachedData getCachedData$library_release() {
        restoreCache();
        return this.cachedData;
    }

    public final synchronized CertificateInfo[] getCertificates$library_release() {
        CertificateInfo[] certificateInfoArr;
        restoreCache();
        CachedData cachedData = this.cachedData;
        if (cachedData == null || (certificateInfoArr = (CertificateInfo[]) ArraysKt.plus((Object[]) cachedData.getCertificates(), (Object[]) this.fallbackCertificates)) == null) {
            certificateInfoArr = this.fallbackCertificates;
        }
        return certificateInfoArr;
    }

    public final String getInstanceIdentifier() {
        String identifier = this.configuration.getIdentifier();
        return identifier != null ? identifier : "default";
    }

    public final UpdateType getUpdateType() {
        Date date = new Date();
        CachedData cachedData$library_release = getCachedData$library_release();
        if (cachedData$library_release != null && cachedData$library_release.numberOfValidCertificates$library_release(date) != 0) {
            return cachedData$library_release.getNextUpdate().before(date) ? UpdateType.SILENT : UpdateType.NO_UPDATE;
        }
        return UpdateType.DIRECT;
    }

    public final CachedData loadCachedData$library_release() {
        byte[] load = this.secureDataStore.load(getInstanceIdentifier());
        if (load != null) {
            try {
                return (CachedData) GSON.fromJson(new String(load, Charsets.UTF_8), CachedData.class);
            } catch (Throwable th) {
                WultraDebug.INSTANCE.error("Failed to parse stored fingerprint data: " + th);
            }
        }
        return null;
    }

    public final CertificateInfo[] loadFallbackCertificates$library_release() {
        GetFingerprintResponse.Entry[] fingerprints;
        GetFingerprintResponse fallbackCertificates = this.configuration.getFallbackCertificates();
        if (fallbackCertificates == null || (fingerprints = fallbackCertificates.getFingerprints()) == null) {
            return new CertificateInfo[0];
        }
        ArrayList arrayList = new ArrayList(fingerprints.length);
        for (GetFingerprintResponse.Entry entry : fingerprints) {
            arrayList.add(new CertificateInfo(entry));
        }
        Object[] array = arrayList.toArray(new CertificateInfo[0]);
        if (array != null) {
            return (CertificateInfo[]) array;
        }
        throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
    }

    public final void removeAllValidationObservers() {
        synchronized (this.validationObservers) {
            this.validationObservers.clear();
            Unit unit = Unit.INSTANCE;
        }
    }

    public final void removeValidationObserver(ValidationObserver observer) {
        Intrinsics.checkParameterIsNotNull(observer, "observer");
        if (!this.validationObservers.contains(observer)) {
            throw new IllegalArgumentException("Cannot remove unknown ValidationObserver");
        }
        synchronized (this.validationObservers) {
            this.validationObservers.remove(observer);
        }
    }

    public final synchronized void reset() {
        WultraDebug.INSTANCE.warning("CertStore: reset() should not be used in production build.");
        this.cachedData = null;
        this.secureDataStore.remove(getInstanceIdentifier());
    }

    public final void saveDataToCache$library_release(CachedData data) {
        Intrinsics.checkParameterIsNotNull(data, "data");
        String json = GSON.toJson(data);
        Intrinsics.checkExpressionValueIsNotNull(json, "GSON.toJson(data)");
        Charset charset = Charsets.UTF_8;
        if (json == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        byte[] bytes = json.getBytes(charset);
        Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
        this.secureDataStore.save(bytes, getInstanceIdentifier());
    }

    public final void update(UpdateMode mode, final UpdateObserver updateObserver) {
        Intrinsics.checkParameterIsNotNull(mode, "mode");
        Intrinsics.checkParameterIsNotNull(updateObserver, "updateObserver");
        Date date = new Date();
        final UpdateType updateType = mode == UpdateMode.FORCED ? UpdateType.DIRECT : getUpdateType();
        this.mainThreadHandler.post(new Runnable() { // from class: com.wultra.android.sslpinning.CertStore$update$1
            @Override // java.lang.Runnable
            public final void run() {
                UpdateObserver.this.onUpdateStarted(updateType);
            }
        });
        if (updateType.isPerformingUpdate()) {
            doUpdateAsync(date, updateType, updateObserver);
        } else {
            this.mainThreadHandler.post(new Runnable() { // from class: com.wultra.android.sslpinning.CertStore$update$2
                @Override // java.lang.Runnable
                public final void run() {
                    UpdateObserver.this.onUpdateFinished(updateType, UpdateResult.OK);
                }
            });
        }
    }

    public final synchronized void updateCachedData$library_release(Function1<? super CachedData, CachedData> update) {
        Intrinsics.checkParameterIsNotNull(update, "update");
        restoreCache();
        CachedData invoke = update.invoke(this.cachedData);
        if (invoke != null) {
            this.cachedData = invoke;
            saveDataToCache$library_release(invoke);
        }
    }

    public final ValidationResult validateCertificate(X509Certificate certificate) {
        Intrinsics.checkParameterIsNotNull(certificate, "certificate");
        byte[] key = certificate.getEncoded();
        CryptoProvider cryptoProvider = this.cryptoProvider;
        Intrinsics.checkExpressionValueIsNotNull(key, "key");
        return validateFingerprint(CertUtils.INSTANCE.parseCommonName(certificate), cryptoProvider.hashSha256(key));
    }

    public final ValidationResult validateCertificateData(String commonName, byte[] certificateData) {
        Intrinsics.checkParameterIsNotNull(commonName, "commonName");
        Intrinsics.checkParameterIsNotNull(certificateData, "certificateData");
        return validateFingerprint(commonName, this.cryptoProvider.hashSha256(certificateData));
    }

    public final ValidationResult validateFingerprint(String commonName, byte[] fingerprint) {
        Intrinsics.checkParameterIsNotNull(commonName, "commonName");
        Intrinsics.checkParameterIsNotNull(fingerprint, "fingerprint");
        String[] expectedCommonNames = this.configuration.getExpectedCommonNames();
        if (expectedCommonNames != null && !ArraysKt.contains(expectedCommonNames, commonName)) {
            notifyValidationObservers(commonName, CertStore$validateFingerprint$1.INSTANCE);
            return ValidationResult.UNTRUSTED;
        }
        CertificateInfo[] certificates$library_release = getCertificates$library_release();
        if (certificates$library_release.length == 0) {
            notifyValidationObservers(commonName, CertStore$validateFingerprint$2.INSTANCE);
            return ValidationResult.EMPTY;
        }
        Date date = new Date();
        int i = 0;
        for (CertificateInfo certificateInfo : certificates$library_release) {
            if (!certificateInfo.isExpired$library_release(date) && Intrinsics.areEqual(certificateInfo.getCommonName(), commonName)) {
                if (Arrays.equals(certificateInfo.getFingerprint(), fingerprint)) {
                    notifyValidationObservers(commonName, CertStore$validateFingerprint$3.INSTANCE);
                    return ValidationResult.TRUSTED;
                }
                i++;
            }
        }
        if (i > 0) {
            notifyValidationObservers(commonName, CertStore$validateFingerprint$4.INSTANCE);
            return ValidationResult.UNTRUSTED;
        }
        notifyValidationObservers(commonName, CertStore$validateFingerprint$5.INSTANCE);
        return ValidationResult.EMPTY;
    }
}
