package org.minidns.dane;

import defpackage.c0;
import defpackage.nx0;
import defpackage.px0;
import defpackage.qm4;
import defpackage.rx0;
import defpackage.sy4;
import defpackage.xn0;
import defpackage.xn3;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.cert.CertificateEncodingException;
import org.acra.ACRAConstants;
import org.minidns.dane.DaneCertificateException;

/* loaded from: classes2.dex */
public class a {
    public static final Logger b = Logger.getLogger(a.class.getName());
    public final c0 a;

    /* renamed from: org.minidns.dane.a$a, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class C0293a {
        public static final /* synthetic */ int[] a;
        public static final /* synthetic */ int[] b;
        public static final /* synthetic */ int[] c;

        static {
            int[] iArr = new int[qm4.b.values().length];
            c = iArr;
            try {
                iArr[qm4.b.noHash.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                c[qm4.b.sha256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                c[qm4.b.sha512.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            int[] iArr2 = new int[qm4.c.values().length];
            b = iArr2;
            try {
                iArr2[qm4.c.fullCertificate.ordinal()] = 1;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                b[qm4.c.subjectPublicKeyInfo.ordinal()] = 2;
            } catch (NoSuchFieldError unused5) {
            }
            int[] iArr3 = new int[qm4.a.values().length];
            a = iArr3;
            try {
                iArr3[qm4.a.serviceCertificateConstraint.ordinal()] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                a[qm4.a.domainIssuedCertificate.ordinal()] = 2;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                a[qm4.a.caConstraint.ordinal()] = 3;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                a[qm4.a.trustAnchorAssertion.ordinal()] = 4;
            } catch (NoSuchFieldError unused9) {
            }
        }
    }

    public a() {
        this(new px0());
    }

    public a(c0 c0Var) {
        this.a = c0Var;
    }

    public static boolean a(X509Certificate x509Certificate, qm4 qm4Var, String str) throws CertificateException {
        byte[] encoded;
        qm4.a aVar = qm4Var.o;
        if (aVar == null) {
            b.warning("TLSA certificate usage byte " + ((int) qm4Var.n) + " is not supported while verifying " + str);
            return false;
        }
        int i = C0293a.a[aVar.ordinal()];
        if (i != 1 && i != 2) {
            b.warning("TLSA certificate usage " + qm4Var.o + " (" + ((int) qm4Var.n) + ") not supported while verifying " + str);
            return false;
        }
        qm4.c cVar = qm4Var.q;
        if (cVar == null) {
            b.warning("TLSA selector byte " + ((int) qm4Var.p) + " is not supported while verifying " + str);
            return false;
        }
        int i2 = C0293a.b[cVar.ordinal()];
        if (i2 == 1) {
            encoded = x509Certificate.getEncoded();
        } else {
            if (i2 != 2) {
                b.warning("TLSA selector " + qm4Var.q + " (" + ((int) qm4Var.p) + ") not supported while verifying " + str);
                return false;
            }
            encoded = x509Certificate.getPublicKey().getEncoded();
        }
        qm4.b bVar = qm4Var.s;
        if (bVar == null) {
            b.warning("TLSA matching type byte " + ((int) qm4Var.r) + " is not supported while verifying " + str);
            return false;
        }
        int i3 = C0293a.c[bVar.ordinal()];
        if (i3 != 1) {
            if (i3 == 2) {
                try {
                    encoded = MessageDigest.getInstance("SHA-256").digest(encoded);
                } catch (NoSuchAlgorithmException e) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e);
                }
            } else {
                if (i3 != 3) {
                    b.warning("TLSA matching type " + qm4Var.s + " not supported while verifying " + str);
                    return false;
                }
                try {
                    encoded = MessageDigest.getInstance("SHA-512").digest(encoded);
                } catch (NoSuchAlgorithmException e2) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e2);
                }
            }
        }
        if (qm4Var.x(encoded)) {
            return qm4Var.o == qm4.a.domainIssuedCertificate;
        }
        throw new DaneCertificateException.CertificateMismatch(qm4Var, encoded);
    }

    public static X509Certificate[] b(javax.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            try {
                x509CertificateArr2[i] = (X509Certificate) CertificateFactory.getInstance(ACRAConstants.DEFAULT_CERTIFICATE_TYPE).generateCertificate(new ByteArrayInputStream(x509CertificateArr[i].getEncoded()));
            } catch (CertificateException | CertificateEncodingException e) {
                b.log(Level.WARNING, "Could not convert", e);
            }
        }
        return x509CertificateArr2;
    }

    public boolean c(SSLSession sSLSession) throws CertificateException {
        try {
            return e(b(sSLSession.getPeerCertificateChain()), sSLSession.getPeerHost(), sSLSession.getPeerPort());
        } catch (SSLPeerUnverifiedException e) {
            throw new CertificateException("Peer not verified", e);
        }
    }

    public boolean d(SSLSocket sSLSocket) throws CertificateException {
        if (sSLSocket.isConnected()) {
            return c(sSLSocket.getSession());
        }
        throw new IllegalStateException("Socket not yet connected.");
    }

    public boolean e(X509Certificate[] x509CertificateArr, String str, int i) throws CertificateException {
        org.minidns.dnsname.a p = org.minidns.dnsname.a.p("_" + i + "._tcp." + str);
        try {
            nx0 q = this.a.q(p, xn3.c.TLSA);
            if (!q.i) {
                String str2 = "Got TLSA response from DNS server, but was not signed properly.";
                if (q instanceof rx0) {
                    str2 = "Got TLSA response from DNS server, but was not signed properly. Reasons:";
                    Iterator<sy4> it = ((rx0) q).p().iterator();
                    while (it.hasNext()) {
                        str2 = str2 + " " + it.next();
                    }
                }
                b.info(str2);
                return false;
            }
            LinkedList linkedList = new LinkedList();
            boolean z = false;
            for (xn3<? extends xn0> xn3Var : q.l) {
                if (xn3Var.b == xn3.c.TLSA && xn3Var.a.equals(p)) {
                    try {
                        z |= a(x509CertificateArr[0], (qm4) xn3Var.f, str);
                    } catch (DaneCertificateException.CertificateMismatch e) {
                        linkedList.add(e);
                    }
                    if (z) {
                        break;
                    }
                }
            }
            if (z || linkedList.isEmpty()) {
                return z;
            }
            throw new DaneCertificateException.MultipleCertificateMismatchExceptions(linkedList);
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }
}
