package haf;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.res.XmlResourceParser;
import android.util.Base64;
import android.util.Log;
import androidx.annotation.NonNull;
import de.eosuptrade.mticket.crypto.HashAlgorithms;
import de.hafas.common.R;
import de.hafas.utils.AppUtils;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.xmlpull.v1.XmlPullParserException;

/* compiled from: ProGuard */
@SuppressLint({"NewApi"})
/* loaded from: classes6.dex */
public final class kg4 implements HostnameVerifier {
    public final ArrayList a;

    public kg4(@NonNull Context context) {
        this.a = new ArrayList();
        try {
            XmlResourceParser xml = context.getResources().getXml(R.xml.haf_network_security_config);
            try {
                xml.next();
                xml.nextTag();
                xml.require(2, null, "network-security-config");
                while (xml.next() != 3) {
                    if (xml.getEventType() == 2 && "domain-config".equals(xml.getName())) {
                        b(xml);
                    }
                }
                xml.close();
            } catch (Throwable th) {
                if (xml != null) {
                    try {
                        xml.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException | XmlPullParserException e) {
            if (AppUtils.isDebug()) {
                Log.e("TlsPinning", "Invalid TLS pinning configuration! HTTPS in WebViews is now disabled", e);
            }
            this.a = null;
        }
    }

    public final h01 a(String str) {
        boolean z;
        Iterator it = this.a.iterator();
        while (it.hasNext()) {
            h01 h01Var = (h01) it.next();
            Iterator<g01> it2 = h01Var.a.iterator();
            while (true) {
                z = false;
                if (!it2.hasNext()) {
                    break;
                }
                g01 next = it2.next();
                String str2 = next.a;
                if (str2.equals(str) || (next.b && str.endsWith(".".concat(str2)))) {
                    z = true;
                }
                if (z) {
                    z = true;
                    break;
                }
            }
            if (z) {
                return h01Var;
            }
        }
        return null;
    }

    public final void b(XmlResourceParser xmlResourceParser) {
        String str;
        xmlResourceParser.require(2, null, "domain-config");
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        while (xmlResourceParser.next() != 3) {
            if (xmlResourceParser.getEventType() == 2) {
                String str2 = "";
                if ("domain".equals(xmlResourceParser.getName())) {
                    xmlResourceParser.require(2, null, "domain");
                    boolean attributeBooleanValue = xmlResourceParser.getAttributeBooleanValue(null, "includeSubdomains", false);
                    if (xmlResourceParser.next() == 4) {
                        str2 = xmlResourceParser.getText();
                        xmlResourceParser.nextTag();
                    }
                    xmlResourceParser.require(3, null, "domain");
                    arrayList.add(new g01(str2, attributeBooleanValue));
                } else if ("pin-set".equals(xmlResourceParser.getName())) {
                    xmlResourceParser.require(2, null, "pin-set");
                    while (xmlResourceParser.next() != 3) {
                        if (xmlResourceParser.getEventType() == 2 && "pin".equals(xmlResourceParser.getName())) {
                            xmlResourceParser.require(2, null, "pin");
                            String attributeValue = xmlResourceParser.getAttributeValue(null, "digest");
                            if (xmlResourceParser.next() == 4) {
                                str = xmlResourceParser.getText();
                                xmlResourceParser.nextTag();
                            } else {
                                str = "";
                            }
                            xmlResourceParser.require(3, null, "pin");
                            if (attributeValue == null) {
                                attributeValue = HashAlgorithms.ALGO_SHA256;
                            }
                            hashSet.add(new fg4(attributeValue, str));
                        }
                    }
                    xmlResourceParser.require(3, null, "pin-set");
                }
            }
        }
        this.a.add(new h01(arrayList, hashSet));
        xmlResourceParser.require(3, null, "domain-config");
    }

    @Override // javax.net.ssl.HostnameVerifier
    public final boolean verify(String str, SSLSession sSLSession) {
        if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(str, sSLSession)) {
            return false;
        }
        try {
            Certificate certificate = sSLSession.getPeerCertificates()[0];
            MessageDigest messageDigest = MessageDigest.getInstance(HashAlgorithms.ALGO_SHA256);
            byte[] encoded = certificate.getPublicKey().getEncoded();
            if (encoded == null) {
                Log.e("TlsPinning", "TLS Pinning error: public key does not support encoding");
                return false;
            }
            messageDigest.update(encoded);
            String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
            h01 a = a(str);
            if (a == null) {
                return true;
            }
            Set<fg4> set = a.b;
            fg4 fg4Var = new fg4(HashAlgorithms.ALGO_SHA256, encodeToString);
            boolean contains = set.contains(fg4Var);
            if (!contains && AppUtils.isDebug()) {
                Log.e("TlsPinning", "TLS PINNING ERROR: Fingerprints do not match! expected: " + set + " actual: " + fg4Var);
            }
            return contains;
        } catch (NoSuchAlgorithmException | SSLPeerUnverifiedException e) {
            if (AppUtils.isDebug()) {
                Log.e("TlsPinning", "Error in SSL pinning", e);
            }
            return false;
        }
    }
}
