package b.a.a.b;

import b.a.a.aa;
import b.a.a.ab;
import b.a.a.c.i;
import b.a.a.g;
import b.a.a.i.u;
import b.a.a.k;
import b.a.a.x;
import b.a.a.y;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.cert.CertificateEncodingException;

/* loaded from: classes.dex */
public class d {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f49a = Logger.getLogger(d.class.getName());

    /* renamed from: b, reason: collision with root package name */
    private final b.a.a.a f50b;

    public d() {
        this(new b.a.a.c.a());
    }

    private d(b.a.a.a aVar) {
        this.f50b = aVar;
    }

    private static boolean a(X509Certificate x509Certificate, u uVar, String str) {
        byte[] encoded;
        switch (uVar.f140a) {
            case 1:
            case 3:
                switch (uVar.f141b) {
                    case 0:
                        encoded = x509Certificate.getEncoded();
                        break;
                    case 1:
                        encoded = x509Certificate.getPublicKey().getEncoded();
                        break;
                    default:
                        f49a.warning("TLSA selector " + ((int) uVar.f141b) + " not supported while verifying " + str);
                        return false;
                }
                switch (uVar.c) {
                    case 0:
                        break;
                    case 1:
                        try {
                            encoded = MessageDigest.getInstance("SHA-256").digest(encoded);
                            break;
                        } catch (NoSuchAlgorithmException e) {
                            throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e);
                        }
                    case 2:
                        try {
                            encoded = MessageDigest.getInstance("SHA-512").digest(encoded);
                            break;
                        } catch (NoSuchAlgorithmException e2) {
                            throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e2);
                        }
                    default:
                        f49a.warning("TLSA matching type " + ((int) uVar.c) + " not supported while verifying " + str);
                        return false;
                }
                if (uVar.a(encoded)) {
                    return uVar.f140a == 3;
                }
                throw new b(uVar, encoded);
            case 2:
            default:
                f49a.warning("TLSA certificate usage " + ((int) uVar.f140a) + " not supported while verifying " + str);
                return false;
        }
    }

    private boolean a(X509Certificate[] x509CertificateArr, String str, int i) {
        boolean z = false;
        k a2 = k.a("_" + i + "._tcp." + str);
        try {
            g a3 = this.f50b.a(new x(a2, ab.TLSA, aa.IN, (byte) 0));
            if (a3.i) {
                LinkedList linkedList = new LinkedList();
                boolean z2 = false;
                for (y<? extends b.a.a.i.g> yVar : a3.l) {
                    if (yVar.f167b == ab.TLSA && yVar.f166a.equals(a2)) {
                        try {
                            z2 |= a(x509CertificateArr[0], (u) yVar.f, str);
                        } catch (b e) {
                            linkedList.add(e);
                        }
                        if (z2) {
                            break;
                        }
                    }
                    z2 = z2;
                }
                z = z2;
                if (!z && !linkedList.isEmpty()) {
                    throw new c(linkedList);
                }
            } else {
                String str2 = "Got TLSA response from DNS server, but was not signed properly.";
                if (a3 instanceof b.a.a.c.d) {
                    str2 = "Got TLSA response from DNS server, but was not signed properly. Reasons:";
                    Iterator<i> it = ((b.a.a.c.d) a3).g().iterator();
                    while (it.hasNext()) {
                        str2 = str2 + " " + it.next();
                    }
                }
                f49a.info(str2);
            }
            return z;
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }

    private static X509Certificate[] a(javax.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= x509CertificateArr.length) {
                return x509CertificateArr2;
            }
            try {
                x509CertificateArr2[i2] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateArr[i2].getEncoded()));
            } catch (CertificateException | CertificateEncodingException e) {
                f49a.log(Level.WARNING, "Could not convert", e);
            }
            i = i2 + 1;
        }
    }

    public final boolean a(SSLSession sSLSession) {
        try {
            return a(a(sSLSession.getPeerCertificateChain()), sSLSession.getPeerHost(), sSLSession.getPeerPort());
        } catch (SSLPeerUnverifiedException e) {
            throw new CertificateException("Peer not verified", e);
        }
    }
}
