package com.amazon.rabbit.android.data.gateway;

import com.amazon.rabbit.android.log.metrics.mobileanalytics.MobileAnalyticsHelper;
import com.amazon.rabbitmobilemetrics.keys.EventAttributes;
import com.amazon.rabbitmobilemetrics.keys.EventNames;
import com.amazonaws.mobileconnectors.amazonmobileanalytics.AnalyticsEvent;
import com.google.common.base.Strings;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import okhttp3.CertificatePinner;
import okhttp3.Handshake;
import okhttp3.Interceptor;
import okhttp3.Request;
import okhttp3.Response;

/* loaded from: classes3.dex */
public class CertificateInterceptor implements Interceptor {
    private final HashMap<String, Certificate> certIssuerMap = new HashMap<>();
    private final MobileAnalyticsHelper mobileAnalyticsHelper;

    public CertificateInterceptor(MobileAnalyticsHelper mobileAnalyticsHelper) {
        this.mobileAnalyticsHelper = mobileAnalyticsHelper;
    }

    private static String algPart(String str) {
        int indexOf = str.indexOf(47);
        return indexOf == -1 ? "" : str.substring(0, indexOf);
    }

    private static String fingerprintPart(String str) {
        int indexOf = str.indexOf(47);
        return indexOf == -1 ? str : indexOf >= str.length() + (-1) ? "" : str.substring(indexOf + 1);
    }

    private void logNonX509CertificateToAma(String str) {
        AnalyticsEvent createEvent = this.mobileAnalyticsHelper.createEvent(EventNames.APP_DETECTED_NONX509CERTIFICATE.toString());
        createEvent.addAttribute(EventAttributes.URL.toString(), str);
        this.mobileAnalyticsHelper.recordEvent(createEvent);
    }

    private void logX509CertificateToAma(String str, X509Certificate x509Certificate) {
        String nullToEmpty = Strings.nullToEmpty(CertificatePinner.pin(x509Certificate));
        String fingerprintPart = fingerprintPart(nullToEmpty);
        String algPart = algPart(nullToEmpty);
        AnalyticsEvent createEvent = this.mobileAnalyticsHelper.createEvent(EventNames.APP_DETECTED_X509CERTIFICATE.toString());
        createEvent.addAttribute(EventAttributes.URL.toString(), str);
        createEvent.addAttribute(EventAttributes.SIGNING_ALGORITHM_NAME.toString(), x509Certificate.getSigAlgName());
        createEvent.addAttribute(EventAttributes.CERT_FINGERPRINT.toString(), fingerprintPart);
        createEvent.addAttribute(EventAttributes.CERT_FINGERPRINT_ALG.toString(), algPart);
        createEvent.addAttribute(EventAttributes.CERT_FINGERPRINT_ENCODING.toString(), fingerprintPart.isEmpty() ? "" : "Base64");
        createEvent.addAttribute(EventAttributes.CERT_ISSUER.toString(), x509Certificate.getIssuerX500Principal().toString());
        createEvent.addAttribute(EventAttributes.CERT_SUBJECT.toString(), x509Certificate.getSubjectX500Principal().toString());
        this.mobileAnalyticsHelper.recordEvent(createEvent);
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Request request = chain.request();
        Response proceed = chain.proceed(request);
        Handshake handshake = proceed.handshake;
        if (handshake == null) {
            return proceed;
        }
        boolean z = false;
        List<Certificate> list = handshake.peerCertificates;
        Iterator<Certificate> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Certificate next = it.next();
            if ((next instanceof X509Certificate) && !this.certIssuerMap.containsKey(((X509Certificate) next).getIssuerX500Principal().toString())) {
                z = true;
                this.certIssuerMap.clear();
                break;
            }
        }
        for (Certificate certificate : list) {
            if (!(certificate instanceof X509Certificate)) {
                logNonX509CertificateToAma(request.url.toString());
            } else if (z) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                logX509CertificateToAma(request.url.toString(), x509Certificate);
                this.certIssuerMap.put(x509Certificate.getIssuerX500Principal().toString(), certificate);
            }
        }
        return proceed;
    }
}
