package de.a.a.b;

import de.a.a.b.a;
import de.a.a.d;
import de.a.a.e;
import de.a.a.i.g;
import de.a.a.i.t;
import de.a.a.k;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.cert.CertificateEncodingException;

/* compiled from: DaneVerifier.java */
/* loaded from: classes.dex */
public class b {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f13366a = Logger.getLogger(b.class.getName());

    /* renamed from: b, reason: collision with root package name */
    private final de.a.a.a f13367b;

    public b() {
        this(new de.a.a.c.a());
    }

    public b(de.a.a.a aVar) {
        this.f13367b = aVar;
    }

    private static boolean a(X509Certificate x509Certificate, t tVar, String str) throws CertificateException {
        byte[] encoded;
        switch (tVar.f13642a) {
            case 1:
            case 3:
                switch (tVar.f13643b) {
                    case 0:
                        encoded = x509Certificate.getEncoded();
                        break;
                    case 1:
                        encoded = x509Certificate.getPublicKey().getEncoded();
                        break;
                    default:
                        f13366a.warning("TLSA selector " + ((int) tVar.f13643b) + " not supported while verifying " + str);
                        return false;
                }
                switch (tVar.f13644c) {
                    case 0:
                        break;
                    case 1:
                        try {
                            encoded = MessageDigest.getInstance("SHA-256").digest(encoded);
                            break;
                        } catch (NoSuchAlgorithmException e2) {
                            throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e2);
                        }
                    case 2:
                        try {
                            encoded = MessageDigest.getInstance("SHA-512").digest(encoded);
                            break;
                        } catch (NoSuchAlgorithmException e3) {
                            throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e3);
                        }
                    default:
                        f13366a.warning("TLSA matching type " + ((int) tVar.f13644c) + " not supported while verifying " + str);
                        return false;
                }
                if (tVar.a(encoded)) {
                    return tVar.f13642a == 3;
                }
                throw new a.C0167a(tVar, encoded);
            case 2:
            default:
                f13366a.warning("TLSA certificate usage " + ((int) tVar.f13642a) + " not supported while verifying " + str);
                return false;
        }
    }

    private static X509Certificate[] a(javax.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i3 >= x509CertificateArr.length) {
                return x509CertificateArr2;
            }
            try {
                x509CertificateArr2[i3] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateArr[i3].getEncoded()));
            } catch (CertificateException | CertificateEncodingException e2) {
                f13366a.log(Level.WARNING, "Could not convert", e2);
            }
            i2 = i3 + 1;
        }
    }

    public boolean a(SSLSession sSLSession) throws CertificateException {
        try {
            return a(a(sSLSession.getPeerCertificateChain()), sSLSession.getPeerHost(), sSLSession.getPeerPort());
        } catch (SSLPeerUnverifiedException e2) {
            throw new CertificateException("Peer not verified", e2);
        }
    }

    public boolean a(SSLSocket sSLSocket) throws CertificateException {
        if (sSLSocket.isConnected()) {
            return a(sSLSocket.getSession());
        }
        throw new IllegalStateException("Socket not yet connected.");
    }

    public boolean a(X509Certificate[] x509CertificateArr, String str, int i2) throws CertificateException {
        boolean z = false;
        e a2 = e.a("_" + i2 + "._tcp." + str);
        try {
            d a3 = this.f13367b.a(a2, k.b.TLSA);
            if (a3.f13424i) {
                LinkedList linkedList = new LinkedList();
                Iterator<k<? extends g>> it = a3.l.iterator();
                boolean z2 = false;
                while (true) {
                    if (!it.hasNext()) {
                        z = z2;
                        break;
                    }
                    k<? extends g> next = it.next();
                    if (next.f13660b == k.b.TLSA && next.f13659a.equals(a2)) {
                        try {
                            z2 |= a(x509CertificateArr[0], (t) next.f13664f, str);
                        } catch (a.C0167a e2) {
                            linkedList.add(e2);
                        }
                        if (z2) {
                            z = z2;
                            break;
                        }
                    }
                    z2 = z2;
                }
                if (!z && !linkedList.isEmpty()) {
                    throw new a.b(linkedList);
                }
            } else {
                String str2 = "Got TLSA response from DNS server, but was not signed properly.";
                if (a3 instanceof de.a.a.c.b) {
                    str2 = "Got TLSA response from DNS server, but was not signed properly. Reasons:";
                    Iterator<de.a.a.c.g> it2 = ((de.a.a.c.b) a3).k().iterator();
                    while (it2.hasNext()) {
                        str2 = str2 + " " + it2.next();
                    }
                }
                f13366a.info(str2);
            }
            return z;
        } catch (IOException e3) {
            throw new RuntimeException(e3);
        }
    }
}
