package t2;

import b3.t;
import com.huawei.hms.aaid.constant.AaidIdConstant;
import de.measite.minidns.d;
import de.measite.minidns.e;
import de.measite.minidns.k;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.cert.CertificateEncodingException;
import t2.a;
import u2.g;

/* compiled from: DaneVerifier.java */
/* loaded from: classes.dex */
public class b {

    /* renamed from: b, reason: collision with root package name */
    private static final Logger f13195b = Logger.getLogger(b.class.getName());

    /* renamed from: a, reason: collision with root package name */
    private final de.measite.minidns.a f13196a;

    public b() {
        this(new u2.a());
    }

    public b(de.measite.minidns.a aVar) {
        this.f13196a = aVar;
    }

    private static boolean a(X509Certificate x509Certificate, t tVar, String str) {
        byte[] encoded;
        byte b5 = tVar.f3833c;
        if (b5 != 1 && b5 != 3) {
            f13195b.warning("TLSA certificate usage " + ((int) tVar.f3833c) + " not supported while verifying " + str);
            return false;
        }
        byte b6 = tVar.f3834d;
        if (b6 == 0) {
            encoded = x509Certificate.getEncoded();
        } else {
            if (b6 != 1) {
                f13195b.warning("TLSA selector " + ((int) tVar.f3834d) + " not supported while verifying " + str);
                return false;
            }
            encoded = x509Certificate.getPublicKey().getEncoded();
        }
        byte b7 = tVar.f3835e;
        if (b7 != 0) {
            if (b7 == 1) {
                try {
                    encoded = MessageDigest.getInstance(AaidIdConstant.SIGNATURE_SHA256).digest(encoded);
                } catch (NoSuchAlgorithmException e5) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e5);
                }
            } else {
                if (b7 != 2) {
                    f13195b.warning("TLSA matching type " + ((int) tVar.f3835e) + " not supported while verifying " + str);
                    return false;
                }
                try {
                    encoded = MessageDigest.getInstance("SHA-512").digest(encoded);
                } catch (NoSuchAlgorithmException e6) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e6);
                }
            }
        }
        if (tVar.f(encoded)) {
            return tVar.f3833c == 3;
        }
        throw new a.C0235a(tVar, encoded);
    }

    private static X509Certificate[] b(javax.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i5 = 0; i5 < x509CertificateArr.length; i5++) {
            try {
                x509CertificateArr2[i5] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateArr[i5].getEncoded()));
            } catch (CertificateException | CertificateEncodingException e5) {
                f13195b.log(Level.WARNING, "Could not convert", e5);
            }
        }
        return x509CertificateArr2;
    }

    public boolean c(SSLSession sSLSession) {
        try {
            return e(b(sSLSession.getPeerCertificateChain()), sSLSession.getPeerHost(), sSLSession.getPeerPort());
        } catch (SSLPeerUnverifiedException e5) {
            throw new CertificateException("Peer not verified", e5);
        }
    }

    public boolean d(SSLSocket sSLSocket) {
        if (sSLSocket.isConnected()) {
            return c(sSLSocket.getSession());
        }
        throw new IllegalStateException("Socket not yet connected.");
    }

    public boolean e(X509Certificate[] x509CertificateArr, String str, int i5) {
        e f5 = e.f("_" + i5 + "._tcp." + str);
        try {
            d o4 = this.f13196a.o(f5, k.c.TLSA);
            if (!o4.f9276i) {
                String str2 = "Got TLSA response from DNS server, but was not signed properly.";
                if (o4 instanceof u2.b) {
                    str2 = "Got TLSA response from DNS server, but was not signed properly. Reasons:";
                    Iterator<g> it = ((u2.b) o4).p().iterator();
                    while (it.hasNext()) {
                        str2 = str2 + " " + it.next();
                    }
                }
                f13195b.info(str2);
                return false;
            }
            LinkedList linkedList = new LinkedList();
            boolean z4 = false;
            for (k<? extends b3.g> kVar : o4.f9279l) {
                if (kVar.f9342b == k.c.TLSA && kVar.f9341a.equals(f5)) {
                    try {
                        z4 |= a(x509CertificateArr[0], (t) kVar.f9346f, str);
                    } catch (a.C0235a e5) {
                        linkedList.add(e5);
                    }
                    if (z4) {
                        break;
                    }
                }
            }
            if (z4 || linkedList.isEmpty()) {
                return z4;
            }
            throw new a.b(linkedList);
        } catch (IOException e6) {
            throw new RuntimeException(e6);
        }
    }
}
