package p.e.c;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.cert.CertificateEncodingException;
import p.e.c.a;
import p.e.g.h;
import p.e.m.w;
import p.e.m.z;

/* compiled from: DaneVerifier.java */
/* loaded from: classes3.dex */
public class c {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f28310a = Logger.getLogger(c.class.getName());

    /* renamed from: b, reason: collision with root package name */
    private final p.e.c f28311b;

    public c() {
        this(new p.e.g.c());
    }

    public c(p.e.c cVar) {
        this.f28311b = cVar;
    }

    private static boolean a(X509Certificate x509Certificate, z zVar, String str) throws CertificateException {
        byte[] encoded;
        z.a aVar = zVar.f28652g;
        if (aVar == null) {
            f28310a.warning("TLSA certificate usage byte " + ((int) zVar.f28651f) + " is not supported while verifying " + str);
            return false;
        }
        int i2 = b.f28307a[aVar.ordinal()];
        if (i2 != 1 && i2 != 2) {
            f28310a.warning("TLSA certificate usage " + zVar.f28652g + " (" + ((int) zVar.f28651f) + ") not supported while verifying " + str);
            return false;
        }
        z.c cVar = zVar.f28654i;
        if (cVar == null) {
            f28310a.warning("TLSA selector byte " + ((int) zVar.f28653h) + " is not supported while verifying " + str);
            return false;
        }
        int i3 = b.f28308b[cVar.ordinal()];
        if (i3 == 1) {
            encoded = x509Certificate.getEncoded();
        } else {
            if (i3 != 2) {
                f28310a.warning("TLSA selector " + zVar.f28654i + " (" + ((int) zVar.f28653h) + ") not supported while verifying " + str);
                return false;
            }
            encoded = x509Certificate.getPublicKey().getEncoded();
        }
        z.b bVar = zVar.f28656k;
        if (bVar == null) {
            f28310a.warning("TLSA matching type byte " + ((int) zVar.f28655j) + " is not supported while verifying " + str);
            return false;
        }
        int i4 = b.f28309c[bVar.ordinal()];
        if (i4 != 1) {
            if (i4 == 2) {
                try {
                    encoded = MessageDigest.getInstance("SHA-256").digest(encoded);
                } catch (NoSuchAlgorithmException e2) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e2);
                }
            } else {
                if (i4 != 3) {
                    f28310a.warning("TLSA matching type " + zVar.f28656k + " not supported while verifying " + str);
                    return false;
                }
                try {
                    encoded = MessageDigest.getInstance("SHA-512").digest(encoded);
                } catch (NoSuchAlgorithmException e3) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e3);
                }
            }
        }
        if (zVar.a(encoded)) {
            return zVar.f28652g == z.a.domainIssuedCertificate;
        }
        throw new a.C0340a(zVar, encoded);
    }

    private static X509Certificate[] a(javax.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            try {
                x509CertificateArr2[i2] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateArr[i2].getEncoded()));
            } catch (CertificateException | CertificateEncodingException e2) {
                f28310a.log(Level.WARNING, "Could not convert", e2);
            }
        }
        return x509CertificateArr2;
    }

    public boolean a(SSLSession sSLSession) throws CertificateException {
        try {
            return a(a(sSLSession.getPeerCertificateChain()), sSLSession.getPeerHost(), sSLSession.getPeerPort());
        } catch (SSLPeerUnverifiedException e2) {
            throw new CertificateException("Peer not verified", e2);
        }
    }

    public boolean a(SSLSocket sSLSocket) throws CertificateException {
        if (sSLSocket.isConnected()) {
            return a(sSLSocket.getSession());
        }
        throw new IllegalStateException("Socket not yet connected.");
    }

    public boolean a(X509Certificate[] x509CertificateArr, String str, int i2) throws CertificateException {
        p.e.f.a a2 = p.e.f.a.a("_" + i2 + "._tcp." + str);
        try {
            p.e.e.b a3 = this.f28311b.a(a2, w.b.TLSA);
            if (!a3.f28330j) {
                String str2 = "Got TLSA response from DNS server, but was not signed properly.";
                if (a3 instanceof p.e.g.d) {
                    str2 = "Got TLSA response from DNS server, but was not signed properly. Reasons:";
                    Iterator<h> it = ((p.e.g.d) a3).k().iterator();
                    while (it.hasNext()) {
                        str2 = str2 + " " + it.next();
                    }
                }
                f28310a.info(str2);
                return false;
            }
            LinkedList linkedList = new LinkedList();
            boolean z = false;
            for (w<? extends p.e.m.h> wVar : a3.f28333m) {
                if (wVar.f28601b == w.b.TLSA && wVar.f28600a.equals(a2)) {
                    try {
                        z |= a(x509CertificateArr[0], (z) wVar.f28605f, str);
                    } catch (a.C0340a e2) {
                        linkedList.add(e2);
                    }
                    if (z) {
                        break;
                    }
                }
            }
            if (z || linkedList.isEmpty()) {
                return z;
            }
            throw new a.b(linkedList);
        } catch (IOException e3) {
            throw new RuntimeException(e3);
        }
    }
}
