package com.datatheorem.android.trustkit.config;

import android.content.Context;
import android.text.TextUtils;
import com.bitstrips.keyboard.input.correction.dictionary.Dictionary;
import com.datatheorem.android.trustkit.config.DomainPinningPolicy;
import com.datatheorem.android.trustkit.utils.TrustKitLog;
import defpackage.lc;
import defpackage.m;
import defpackage.p7;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.xmlpull.v1.XmlPullParser;

/* loaded from: classes3.dex */
public class TrustKitConfiguration {
    public final Set<DomainPinningPolicy> a;
    public final boolean b;
    public final Set<Certificate> c;

    public TrustKitConfiguration(Set<DomainPinningPolicy> set) {
        this(set, false, null);
    }

    public TrustKitConfiguration(Set<DomainPinningPolicy> set, boolean z, Set<Certificate> set2) {
        if (set.size() < 1) {
            throw new ConfigurationException("Policy contains 0 domains to pin");
        }
        HashSet hashSet = new HashSet();
        for (DomainPinningPolicy domainPinningPolicy : set) {
            if (hashSet.contains(domainPinningPolicy.getHostname())) {
                StringBuilder a = p7.a("Policy contains the same domain defined twice: ");
                a.append(domainPinningPolicy.getHostname());
                throw new ConfigurationException(a.toString());
            }
            hashSet.add(domainPinningPolicy.getHostname());
        }
        this.a = set;
        this.b = z;
        this.c = set2;
    }

    public static TrustKitConfiguration fromXmlPolicy(Context context, XmlPullParser xmlPullParser) {
        boolean valueOf;
        ArrayList arrayList = new ArrayList();
        int eventType = xmlPullParser.getEventType();
        lc lcVar = null;
        while (eventType != 1) {
            if (eventType == 2) {
                if ("domain-config".equals(xmlPullParser.getName())) {
                    arrayList.addAll(m.a(xmlPullParser, (DomainPinningPolicy.Builder) null));
                } else if ("debug-overrides".equals(xmlPullParser.getName())) {
                    xmlPullParser.require(2, null, "debug-overrides");
                    lc lcVar2 = new lc(null);
                    HashSet hashSet = new HashSet();
                    int next = xmlPullParser.next();
                    Boolean bool = null;
                    while (true) {
                        if (next == 3 && "trust-anchors".equals(xmlPullParser.getName())) {
                            break;
                        }
                        if (next == 2 && "certificates".equals(xmlPullParser.getName())) {
                            boolean parseBoolean = Boolean.parseBoolean(xmlPullParser.getAttributeValue(null, "overridePins"));
                            if (bool == null || bool.booleanValue() == parseBoolean) {
                                valueOf = Boolean.valueOf(parseBoolean);
                            } else {
                                valueOf = false;
                                TrustKitLog.w("Warning: different values for overridePins are set in the policy but TrustKit only supports one value; using overridePins=false for all connections");
                            }
                            String trim = xmlPullParser.getAttributeValue(null, "src").trim();
                            if (TextUtils.isEmpty(trim) || trim.equals(Dictionary.TYPE_USER) || trim.equals("system") || !trim.startsWith("@raw")) {
                                TrustKitLog.i("No <debug-overrides> certificates found by TrustKit. Please check your @raw folder (TrustKit doesn't support system and user installed certificates).");
                            } else {
                                hashSet.add(CertificateFactory.getInstance("X.509").generateCertificate(context.getResources().openRawResource(context.getResources().getIdentifier(trim.split("/")[1], "raw", context.getPackageName()))));
                            }
                            bool = valueOf;
                        }
                        next = xmlPullParser.next();
                    }
                    if (bool != null) {
                        lcVar2.a = bool.booleanValue();
                    }
                    if (hashSet.size() > 0) {
                        lcVar2.b = hashSet;
                    }
                    lcVar = lcVar2;
                }
            }
            eventType = xmlPullParser.next();
        }
        HashSet hashSet2 = new HashSet();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            hashSet2.add(((DomainPinningPolicy.Builder) it.next()).build());
        }
        return lcVar != null ? new TrustKitConfiguration(hashSet2, lcVar.a, lcVar.b) : new TrustKitConfiguration(hashSet2);
    }

    public Set<DomainPinningPolicy> getAllPolicies() {
        return this.a;
    }

    public Set<Certificate> getDebugCaCertificates() {
        return this.c;
    }

    public DomainPinningPolicy getPolicyForHostname(String str) {
        if (!DomainValidator.a(true).b(str)) {
            throw new IllegalArgumentException(p7.a("Invalid domain supplied: ", str));
        }
        DomainPinningPolicy domainPinningPolicy = null;
        for (DomainPinningPolicy domainPinningPolicy2 : this.a) {
            if (domainPinningPolicy2.getHostname().equals(str)) {
                return domainPinningPolicy2;
            }
            if (domainPinningPolicy2.shouldIncludeSubdomains()) {
                String hostname = domainPinningPolicy2.getHostname();
                if ((str.endsWith(hostname) && str.charAt((str.length() - hostname.length()) - 1) == '.') && (domainPinningPolicy == null || domainPinningPolicy2.getHostname().length() > domainPinningPolicy.getHostname().length())) {
                    domainPinningPolicy = domainPinningPolicy2;
                }
            }
        }
        return domainPinningPolicy;
    }

    public boolean shouldOverridePins() {
        return this.b;
    }
}
