package com.norton.staplerclassifiers.networkdetections.sslmitm;

import android.content.Context;
import android.util.Base64;
import bl.l;
import bo.k;
import com.norton.staplerclassifiers.BaseTask;
import com.norton.staplerclassifiers.CaptiveMode;
import com.norton.staplerclassifiers.config.d;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import kotlin.Metadata;
import kotlin.collections.t0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.o;
import kotlin.x1;
import kotlinx.serialization.json.JsonElement;
import kotlinx.serialization.json.p;
import okhttp3.f0;
import okhttp3.g0;
import okhttp3.u;
import org.jetbrains.annotations.NotNull;
import wg.b;

@Metadata(d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0000\u0018\u0000 \u00022\u00020\u0001:\u0001\u0003¨\u0006\u0004"}, d2 = {"Lcom/norton/staplerclassifiers/networkdetections/sslmitm/SSLMITMTask;", "Lcom/norton/staplerclassifiers/BaseTask;", "Companion", "a", "network-detections_debug"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes2.dex */
public final class SSLMITMTask extends BaseTask {

    /* renamed from: f, reason: collision with root package name */
    @NotNull
    public final b f34305f;

    /* renamed from: g, reason: collision with root package name */
    @NotNull
    public final f0.a f34306g;

    /* renamed from: h, reason: collision with root package name */
    @NotNull
    public final a f34307h;

    /* renamed from: i, reason: collision with root package name */
    @k
    public final SSLMITMConfiguration f34308i;

    /* renamed from: j, reason: collision with root package name */
    @NotNull
    public final defpackage.a f34309j;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public SSLMITMTask(Context context, d configurationProvider, String configurationKey) {
        super(context, configurationProvider, configurationKey);
        wg.a captiveNetworkChecker = new wg.a(0);
        f0.a okHttpClientBuilder = new f0.a();
        CertChainCapturingTrustManager certChainCapturingTrustManager = new CertChainCapturingTrustManager();
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(configurationProvider, "configurationProvider");
        Intrinsics.checkNotNullParameter(configurationKey, "configurationKey");
        Intrinsics.checkNotNullParameter(captiveNetworkChecker, "captiveNetworkChecker");
        Intrinsics.checkNotNullParameter(okHttpClientBuilder, "okHttpClientBuilder");
        Intrinsics.checkNotNullParameter(certChainCapturingTrustManager, "certChainCapturingTrustManager");
        this.f34305f = captiveNetworkChecker;
        this.f34306g = okHttpClientBuilder;
        this.f34307h = certChainCapturingTrustManager;
        Intrinsics.checkNotNullParameter(SSLMITMClassifier.NAME, "<set-?>");
        this.f34190d = SSLMITMClassifier.NAME;
        this.f34308i = (SSLMITMConfiguration) configurationProvider.b(configurationKey, SSLMITMConfiguration.INSTANCE.serializer());
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        Intrinsics.checkNotNullExpressionValue(sSLContext, "getInstance(\"TLS\")");
        sSLContext.init(null, new a[]{certChainCapturingTrustManager}, null);
        SSLSocketFactory sslSocketFactory = sSLContext.getSocketFactory();
        Intrinsics.checkNotNullExpressionValue(sslSocketFactory, "sslSocketFactory");
        defpackage.a aVar = new defpackage.a(sslSocketFactory);
        this.f34309j = aVar;
        okHttpClientBuilder.d(aVar, certChainCapturingTrustManager);
    }

    @Override // com.norton.staplerclassifiers.BaseTask
    public final void c() {
        BaseTask.d dVar = this.f34189c;
        SSLMITMConfiguration sSLMITMConfiguration = this.f34308i;
        if (sSLMITMConfiguration == null) {
            dVar.a(6, "No config available");
            return;
        }
        CaptiveMode a10 = this.f34305f.a(sSLMITMConfiguration.f34303b);
        dVar.f34202e = new BaseTask.c(a10, null);
        if (a10 == CaptiveMode.HAS_CAPTIVE) {
            dVar.b(BaseTask.StateType.UNCERTAIN, "captive portal detected");
            return;
        }
        a aVar = this.f34307h;
        u.f49943k.getClass();
        u url = u.b.e(sSLMITMConfiguration.f34302a);
        if (url == null) {
            dVar.a(1, "Invalid MITM configuration URL");
            return;
        }
        f0.a aVar2 = this.f34306g;
        aVar2.getClass();
        f0 f0Var = new f0(aVar2);
        g0.a aVar3 = new g0.a();
        Intrinsics.checkNotNullParameter(url, "url");
        aVar3.f49318a = url;
        try {
            f0Var.a(aVar3.b()).execute();
            if (aVar.getCertChain() == null) {
                dVar.a(8, "Missing cert chain");
                return;
            }
            List<X509Certificate> certChain = aVar.getCertChain();
            Intrinsics.g(certChain);
            Iterator<X509Certificate> it = certChain.iterator();
            while (it.hasNext()) {
                String encodeToString = Base64.encodeToString(it.next().getPublicKey().getEncoded(), 0);
                Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(certifica….encoded, Base64.DEFAULT)");
                if (sSLMITMConfiguration.f34304c.contains(o.R(encodeToString, "\n", ""))) {
                    dVar.b(BaseTask.StateType.SAFE, "MITM attack not detected");
                    return;
                }
            }
            d(certChain);
            com.symantec.symlog.d.f("SSLMITMTask", "Nothing detected.");
            dVar.b(BaseTask.StateType.UNSAFE, "MITM attack detected");
        } catch (IOException e10) {
            com.symantec.symlog.d.a(6, "SSLMITMTask", "exception", e10);
            if (!(e10.getCause() instanceof GeneralSecurityException)) {
                dVar.a(8, "Network error");
                return;
            }
            dVar.b(BaseTask.StateType.UNSAFE, "MITM attack detected");
            List<X509Certificate> certChain2 = aVar.getCertChain();
            if (certChain2 != null) {
                d(certChain2);
            }
        }
    }

    public final void d(List<? extends X509Certificate> list) {
        String it;
        defpackage.a aVar = this.f34309j;
        SSLSocket sSLSocket = aVar.f6b;
        if (sSLSocket != null) {
            StringBuilder sb2 = new StringBuilder("SSL Socket Session ID: ");
            SSLSocket sSLSocket2 = aVar.f6b;
            Intrinsics.g(sSLSocket2);
            sb2.append(sSLSocket2.getSession().getPeerHost());
            com.symantec.symlog.d.f("SSLMITMTask", sb2.toString());
            it = sSLSocket.getInetAddress().getHostAddress();
            Intrinsics.checkNotNullExpressionValue(it, "it");
            com.symantec.symlog.d.f("SSLMITMTask", "Connected to " + sSLSocket.getSession().getPeerHost() + " at IP: " + it);
        } else {
            it = "";
        }
        List<? extends X509Certificate> list2 = list;
        ArrayList arrayList = new ArrayList(t0.s(list2, 10));
        Iterator<T> it2 = list2.iterator();
        while (it2.hasNext()) {
            arrayList.add(Base64.encodeToString(((X509Certificate) it2.next()).getEncoded(), 0));
        }
        JsonElement g10 = p.a(new l<kotlinx.serialization.json.d, x1>() { // from class: com.norton.staplerclassifiers.networkdetections.sslmitm.SSLMITMTask$addTelemetryPayload$jsonPayload$1
            @Override // bl.l
            public /* bridge */ /* synthetic */ x1 invoke(kotlinx.serialization.json.d dVar) {
                invoke2(dVar);
                return x1.f47113a;
            }

            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            public final void invoke2(@NotNull kotlinx.serialization.json.d Json) {
                Intrinsics.checkNotNullParameter(Json, "$this$Json");
            }
        }).g(SSLMITMTelemetryPayload.INSTANCE.serializer(), new SSLMITMTelemetryPayload(it, arrayList));
        BaseTask.c cVar = this.f34189c.f34202e;
        if (cVar == null) {
            return;
        }
        cVar.f34197b = g10;
    }
}
