Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package okhttp3;
- import java.security.cert.Certificate;
- import java.security.cert.X509Certificate;
- import java.util.ArrayList;
- import java.util.Collections;
- import java.util.LinkedHashSet;
- import java.util.List;
- import java.util.Set;
- import javax.annotation.Nullable;
- import javax.net.ssl.SSLPeerUnverifiedException;
- import okhttp3.internal.Util;
- import okhttp3.internal.tls.CertificateChainCleaner;
- import p363e.C11133f;
- public final class CertificatePinner {
- public static final CertificatePinner DEFAULT = new Builder().build();
- @Nullable
- private final CertificateChainCleaner certificateChainCleaner;
- private final Set<Pin> pins;
- public static final class Builder {
- private final List<Pin> pins = new ArrayList();
- public final Builder add(String str, String... strArr) {
- if (str != null) {
- for (String pin : strArr) {
- this.pins.add(new Pin(str, pin));
- }
- return this;
- }
- throw new NullPointerException("pattern == null");
- }
- public final CertificatePinner build() {
- return new CertificatePinner(new LinkedHashSet(this.pins), null);
- }
- }
- static final class Pin {
- final String canonicalHostname;
- final C11133f hash;
- final String hashAlgorithm;
- final String pattern;
- Pin(String str, String str2) {
- String str3;
- this.pattern = str;
- if (str.startsWith("*.")) {
- StringBuilder sb = new StringBuilder("http://");
- sb.append(str.substring(2));
- str3 = HttpUrl.parse(sb.toString()).host();
- } else {
- str3 = HttpUrl.parse("http://".concat(String.valueOf(str))).host();
- }
- this.canonicalHostname = str3;
- if (str2.startsWith("sha1/")) {
- this.hashAlgorithm = "sha1/";
- this.hash = C11133f.m35517b(str2.substring(5));
- } else if (str2.startsWith("sha256/")) {
- this.hashAlgorithm = "sha256/";
- this.hash = C11133f.m35517b(str2.substring(7));
- } else {
- throw new IllegalArgumentException("pins must start with 'sha256/' or 'sha1/': ".concat(String.valueOf(str2)));
- }
- if (this.hash == null) {
- throw new IllegalArgumentException("pins must be base64: ".concat(String.valueOf(str2)));
- }
- }
- /* access modifiers changed from: 0000 */
- public final boolean matches(String str) {
- if (!this.pattern.startsWith("*.")) {
- return str.equals(this.canonicalHostname);
- }
- int indexOf = str.indexOf(46);
- if ((str.length() - indexOf) - 1 == this.canonicalHostname.length()) {
- if (str.regionMatches(false, indexOf + 1, this.canonicalHostname, 0, this.canonicalHostname.length())) {
- return true;
- }
- }
- return false;
- }
- public final boolean equals(Object obj) {
- if (obj instanceof Pin) {
- Pin pin = (Pin) obj;
- if (this.pattern.equals(pin.pattern) && this.hashAlgorithm.equals(pin.hashAlgorithm) && this.hash.equals(pin.hash)) {
- return true;
- }
- }
- return false;
- }
- public final int hashCode() {
- return ((((this.pattern.hashCode() + 527) * 31) + this.hashAlgorithm.hashCode()) * 31) + this.hash.hashCode();
- }
- public final String toString() {
- StringBuilder sb = new StringBuilder();
- sb.append(this.hashAlgorithm);
- sb.append(this.hash.mo32336b());
- return sb.toString();
- }
- }
- CertificatePinner(Set<Pin> set, @Nullable CertificateChainCleaner certificateChainCleaner2) {
- this.pins = set;
- this.certificateChainCleaner = certificateChainCleaner2;
- }
- public final boolean equals(@Nullable Object obj) {
- if (obj == this) {
- return true;
- }
- if (obj instanceof CertificatePinner) {
- CertificatePinner certificatePinner = (CertificatePinner) obj;
- if (Util.equal(this.certificateChainCleaner, certificatePinner.certificateChainCleaner) && this.pins.equals(certificatePinner.pins)) {
- return true;
- }
- }
- return false;
- }
- public final int hashCode() {
- return ((this.certificateChainCleaner != null ? this.certificateChainCleaner.hashCode() : 0) * 31) + this.pins.hashCode();
- }
- public final void check(String str, List<Certificate> list) throws SSLPeerUnverifiedException {
- List findMatchingPins = findMatchingPins(str);
- if (!findMatchingPins.isEmpty()) {
- if (this.certificateChainCleaner != null) {
- list = this.certificateChainCleaner.clean(list, str);
- }
- int size = list.size();
- for (int i = 0; i < size; i++) {
- X509Certificate x509Certificate = (X509Certificate) list.get(i);
- int size2 = findMatchingPins.size();
- C11133f fVar = null;
- C11133f fVar2 = null;
- for (int i2 = 0; i2 < size2; i2++) {
- Pin pin = (Pin) findMatchingPins.get(i2);
- if (pin.hashAlgorithm.equals("sha256/")) {
- if (fVar == null) {
- fVar = sha256(x509Certificate);
- }
- if (pin.hash.equals(fVar)) {
- return;
- }
- } else if (pin.hashAlgorithm.equals("sha1/")) {
- if (fVar2 == null) {
- fVar2 = sha1(x509Certificate);
- }
- if (pin.hash.equals(fVar2)) {
- return;
- }
- } else {
- StringBuilder sb = new StringBuilder("unsupported hashAlgorithm: ");
- sb.append(pin.hashAlgorithm);
- throw new AssertionError(sb.toString());
- }
- }
- }
- StringBuilder sb2 = new StringBuilder("Certificate pinning failure!\n Peer certificate chain:");
- int size3 = list.size();
- for (int i3 = 0; i3 < size3; i3++) {
- X509Certificate x509Certificate2 = (X509Certificate) list.get(i3);
- sb2.append("\n ");
- sb2.append(pin(x509Certificate2));
- sb2.append(": ");
- sb2.append(x509Certificate2.getSubjectDN().getName());
- }
- sb2.append("\n Pinned certificates for ");
- sb2.append(str);
- sb2.append(":");
- int size4 = findMatchingPins.size();
- for (int i4 = 0; i4 < size4; i4++) {
- Pin pin2 = (Pin) findMatchingPins.get(i4);
- sb2.append("\n ");
- sb2.append(pin2);
- }
- throw new SSLPeerUnverifiedException(sb2.toString());
- }
- }
- /* access modifiers changed from: 0000 */
- public final List<Pin> findMatchingPins(String str) {
- List<Pin> emptyList = Collections.emptyList();
- for (Pin pin : this.pins) {
- if (pin.matches(str)) {
- if (emptyList.isEmpty()) {
- emptyList = new ArrayList<>();
- }
- emptyList.add(pin);
- }
- }
- return emptyList;
- }
- /* access modifiers changed from: 0000 */
- public final CertificatePinner withCertificateChainCleaner(@Nullable CertificateChainCleaner certificateChainCleaner2) {
- if (Util.equal(this.certificateChainCleaner, certificateChainCleaner2)) {
- return this;
- }
- return new CertificatePinner(this.pins, certificateChainCleaner2);
- }
- public static String pin(Certificate certificate) {
- if (certificate instanceof X509Certificate) {
- StringBuilder sb = new StringBuilder("sha256/");
- sb.append(sha256((X509Certificate) certificate).mo32336b());
- return sb.toString();
- }
- throw new IllegalArgumentException("Certificate pinning requires X509 certificates");
- }
- static C11133f sha1(X509Certificate x509Certificate) {
- return C11133f.m35516a(x509Certificate.getPublicKey().getEncoded()).mo32339d();
- }
- static C11133f sha256(X509Certificate x509Certificate) {
- return C11133f.m35516a(x509Certificate.getPublicKey().getEncoded()).mo32340e();
- }
- }
Add Comment
Please, Sign In to add comment