package defpackage;

import defpackage.lp6;
import defpackage.yk1;
import java.security.SecureRandom;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.cert.X509Certificate;
import kotlin.Unit;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.OkHttpClient;

/* compiled from: CrspOkHttpClient.kt */
/* loaded from: classes5.dex */
public final class sc3 {
    public static final OkHttpClient.Builder getCrspOkHttpClient() {
        try {
            TrustManager[] trustManagerArr = {new brd()};
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            Intrinsics.checkNotNullExpressionValue(socketFactory, "getSocketFactory(...)");
            OkHttpClient.Builder builder = new OkHttpClient.Builder();
            builder.followRedirects(false);
            TrustManager trustManager = trustManagerArr[0];
            Intrinsics.checkNotNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            builder.sslSocketFactory(socketFactory, (X509TrustManager) trustManager);
            builder.hostnameVerifier(new HostnameVerifier() { // from class: rc3
                @Override // javax.net.ssl.HostnameVerifier
                public final boolean verify(String str, SSLSession sSLSession) {
                    boolean crspOkHttpClient$lambda$4;
                    crspOkHttpClient$lambda$4 = sc3.getCrspOkHttpClient$lambda$4(str, sSLSession);
                    return crspOkHttpClient$lambda$4;
                }
            });
            return builder;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final boolean getCrspOkHttpClient$lambda$4(String str, SSLSession sSLSession) {
        X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
        Intrinsics.checkNotNull(peerCertificateChain);
        int length = peerCertificateChain.length;
        int i = 0;
        int i2 = 0;
        while (i < length) {
            X509Certificate x509Certificate = peerCertificateChain[i];
            int i3 = i2 + 1;
            by2 by2Var = by2.INSTANCE;
            String crspSSLSignature = by2Var.getCrspSSLSignature();
            if (crspSSLSignature != null) {
                yk1.a aVar = yk1.K;
                byte[] encoded = x509Certificate.getPublicKey().getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded, "getEncoded(...)");
                String a2 = yk1.a.f(aVar, encoded, 0, 0, 3, null).G().a();
                if (Intrinsics.areEqual(crspSSLSignature, a2)) {
                    lp6.a.d$default(lp6.a.INSTANCE, "[Cert index: " + i2 + "] Config CRSP SSL signature matched, crspSSLSignature: " + crspSSLSignature + ", and Server cert: " + x509Certificate.getSubjectDN().getName() + "sha256/" + a2, "CrspOkHttpClient", null, null, 12, null);
                    return true;
                }
                lp6.a.d$default(lp6.a.INSTANCE, "[Cert index: " + i2 + "] Config CRSP SSL signature not matched, crspSSLSignature: " + crspSSLSignature + ", and Server cert: " + x509Certificate.getSubjectDN().getName() + "sha256/" + a2, "CrspOkHttpClient", null, null, 12, null);
            } else {
                lp6.a.d$default(lp6.a.INSTANCE, "Config crspSSLSignature: " + by2Var.getCrspSSLSignature(), "CrspOkHttpClient", null, null, 12, null);
                Unit unit = Unit.INSTANCE;
            }
            i++;
            i2 = i3;
        }
        return false;
    }
}
