package com.appmattus.certificaterevocation.internal.revoker;

import com.appmattus.certificaterevocation.CRLogger;
import com.appmattus.certificaterevocation.RevocationResult;
import com.appmattus.certificatetransparency.chaincleaner.CertificateChainCleanerFactory;
import java.security.cert.Certificate;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509TrustManager;
import lm.j;
import lm.q;
import okhttp3.Connection;
import okhttp3.Handshake;
import okhttp3.Interceptor;
import okhttp3.Response;
import yl.y;

/* loaded from: classes.dex */
public final class CertificateRevocationInterceptor extends CertificateRevocationBase implements Interceptor {
    private final boolean failOnError;
    private final CRLogger logger;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public CertificateRevocationInterceptor(Set<CrlItem> set, CertificateChainCleanerFactory certificateChainCleanerFactory, X509TrustManager x509TrustManager, boolean z10, CRLogger cRLogger) {
        super(set, certificateChainCleanerFactory, x509TrustManager);
        q.f(set, "crlSet");
        this.failOnError = z10;
        this.logger = cRLogger;
    }

    public /* synthetic */ CertificateRevocationInterceptor(Set set, CertificateChainCleanerFactory certificateChainCleanerFactory, X509TrustManager x509TrustManager, boolean z10, CRLogger cRLogger, int i2, j jVar) {
        this(set, (i2 & 2) != 0 ? null : certificateChainCleanerFactory, x509TrustManager, (i2 & 8) != 0 ? true : z10, (i2 & 16) != 0 ? null : cRLogger);
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) {
        List<Certificate> list;
        Handshake handshake;
        q.f(chain, "chain");
        String host = chain.request().url().host();
        Connection connection = chain.connection();
        if (connection == null || (handshake = connection.handshake()) == null || (list = handshake.peerCertificates()) == null) {
            list = y.f19949m;
        }
        Connection connection2 = chain.connection();
        RevocationResult verifyCertificateRevocation = (connection2 != null ? connection2.socket() : null) instanceof SSLSocket ? verifyCertificateRevocation(host, list) : RevocationResult.Success.InsecureConnection.INSTANCE;
        CRLogger cRLogger = this.logger;
        if (cRLogger != null) {
            cRLogger.log(host, verifyCertificateRevocation);
        }
        if ((verifyCertificateRevocation instanceof RevocationResult.Failure) && this.failOnError) {
            throw new SSLPeerUnverifiedException("Certificate revocation failed");
        }
        return chain.proceed(chain.request());
    }
}
