package de.hafas.l.a;

import android.content.Context;
import android.content.res.XmlResourceParser;
import android.util.Base64;
import android.util.Log;
import de.hafas.common.R;
import de.hafas.utils.c;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;

/* compiled from: ProGuard */
/* loaded from: classes.dex */
public class b implements HostnameVerifier {
    private List<de.hafas.l.a.a.b> a;

    public b(Context context) {
        this.a = new ArrayList();
        try {
            XmlResourceParser xml = context.getResources().getXml(R.xml.network_security_config);
            try {
                xml.next();
                xml.nextTag();
                xml.require(2, null, "network-security-config");
                while (xml.next() != 3) {
                    if (xml.getEventType() == 2 && "domain-config".equals(xml.getName())) {
                        a(xml);
                    }
                }
                if (xml != null) {
                    xml.close();
                }
            } finally {
            }
        } catch (IOException | XmlPullParserException e) {
            if (c.e()) {
                Log.e("TlsPinning", "Invalid TLS pinning configuration! HTTPS in WebViews is now disabled", e);
            }
            this.a = null;
        }
    }

    private String a(XmlPullParser xmlPullParser) {
        if (xmlPullParser.next() != 4) {
            return "";
        }
        String text = xmlPullParser.getText();
        xmlPullParser.nextTag();
        return text;
    }

    private void a(XmlResourceParser xmlResourceParser) {
        xmlResourceParser.require(2, null, "domain-config");
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        while (xmlResourceParser.next() != 3) {
            if (xmlResourceParser.getEventType() == 2) {
                if ("domain".equals(xmlResourceParser.getName())) {
                    arrayList.add(c(xmlResourceParser));
                } else if ("pin-set".equals(xmlResourceParser.getName())) {
                    a(xmlResourceParser, hashSet);
                }
            }
        }
        this.a.add(new de.hafas.l.a.a.b(arrayList, hashSet));
        xmlResourceParser.require(3, null, "domain-config");
    }

    private void a(XmlResourceParser xmlResourceParser, Set<de.hafas.l.a.a.c> set) {
        xmlResourceParser.require(2, null, "pin-set");
        while (xmlResourceParser.next() != 3) {
            if (xmlResourceParser.getEventType() == 2 && "pin".equals(xmlResourceParser.getName())) {
                set.add(b(xmlResourceParser));
            }
        }
        xmlResourceParser.require(3, null, "pin-set");
    }

    private de.hafas.l.a.a.c b(XmlResourceParser xmlResourceParser) {
        xmlResourceParser.require(2, null, "pin");
        String attributeValue = xmlResourceParser.getAttributeValue(null, "digest");
        String a = a((XmlPullParser) xmlResourceParser);
        xmlResourceParser.require(3, null, "pin");
        if (attributeValue == null) {
            attributeValue = "SHA-256";
        }
        return new de.hafas.l.a.a.c(attributeValue, a);
    }

    private de.hafas.l.a.a.a c(XmlResourceParser xmlResourceParser) {
        xmlResourceParser.require(2, null, "domain");
        boolean attributeBooleanValue = xmlResourceParser.getAttributeBooleanValue(null, "includeSubdomains", false);
        String a = a((XmlPullParser) xmlResourceParser);
        xmlResourceParser.require(3, null, "domain");
        return new de.hafas.l.a.a.a(a, attributeBooleanValue);
    }

    public de.hafas.l.a.a.b a(String str) {
        for (de.hafas.l.a.a.b bVar : this.a) {
            if (bVar.a(str)) {
                return bVar;
            }
        }
        return null;
    }

    public boolean a() {
        return this.a != null;
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(str, sSLSession)) {
            return false;
        }
        try {
            Certificate certificate = sSLSession.getPeerCertificates()[0];
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            byte[] encoded = certificate.getPublicKey().getEncoded();
            if (encoded == null) {
                Log.e("TlsPinning", "TLS Pinning error: public key does not support encoding");
                return false;
            }
            messageDigest.update(encoded);
            String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
            de.hafas.l.a.a.b a = a(str);
            if (a == null) {
                return true;
            }
            Set<de.hafas.l.a.a.c> a2 = a.a();
            de.hafas.l.a.a.c cVar = new de.hafas.l.a.a.c("SHA-256", encodeToString);
            boolean contains = a2.contains(cVar);
            if (!contains && c.e()) {
                Log.e("TlsPinning", "TLS PINNING ERROR: Fingerprints do not match! expected: " + a2 + " actual: " + cVar);
            }
            return contains;
        } catch (NoSuchAlgorithmException | SSLPeerUnverifiedException e) {
            if (c.e()) {
                Log.e("TlsPinning", "Error in SSL pinning", e);
            }
            return false;
        }
    }
}
