package r.e.g;

import com.huawei.hms.aaid.constant.AaidIdConstant;
import com.hyphenate.util.HanziToPinyin;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.cert.CertificateEncodingException;
import r.e.g.a;
import r.e.k.g;
import r.e.q.h;
import r.e.q.u;
import r.e.q.x;

/* loaded from: classes2.dex */
public class b {

    /* renamed from: b, reason: collision with root package name */
    public static final Logger f22142b = Logger.getLogger(b.class.getName());

    /* renamed from: a, reason: collision with root package name */
    public final r.e.a f22143a;

    /* loaded from: classes2.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f22144a;

        /* renamed from: b, reason: collision with root package name */
        public static final /* synthetic */ int[] f22145b;

        /* renamed from: c, reason: collision with root package name */
        public static final /* synthetic */ int[] f22146c = new int[x.b.values().length];

        static {
            try {
                f22146c[x.b.noHash.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f22146c[x.b.sha256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f22146c[x.b.sha512.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            f22145b = new int[x.c.values().length];
            try {
                f22145b[x.c.fullCertificate.ordinal()] = 1;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                f22145b[x.c.subjectPublicKeyInfo.ordinal()] = 2;
            } catch (NoSuchFieldError unused5) {
            }
            f22144a = new int[x.a.values().length];
            try {
                f22144a[x.a.serviceCertificateConstraint.ordinal()] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f22144a[x.a.domainIssuedCertificate.ordinal()] = 2;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f22144a[x.a.caConstraint.ordinal()] = 3;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                f22144a[x.a.trustAnchorAssertion.ordinal()] = 4;
            } catch (NoSuchFieldError unused9) {
            }
        }
    }

    public b() {
        this(new r.e.k.b());
    }

    public b(r.e.a aVar) {
        this.f22143a = aVar;
    }

    public static boolean a(X509Certificate x509Certificate, x xVar, String str) {
        byte[] encoded;
        Logger logger;
        StringBuilder sb;
        byte b2;
        byte b3;
        x.a aVar = xVar.f22459d;
        if (aVar != null) {
            int i2 = a.f22144a[aVar.ordinal()];
            if (i2 == 1 || i2 == 2) {
                x.c cVar = xVar.f22461f;
                if (cVar == null) {
                    logger = f22142b;
                    sb = new StringBuilder();
                    sb.append("TLSA selector byte ");
                    b2 = xVar.f22460e;
                } else {
                    int i3 = a.f22145b[cVar.ordinal()];
                    if (i3 == 1) {
                        encoded = x509Certificate.getEncoded();
                    } else if (i3 != 2) {
                        logger = f22142b;
                        sb = new StringBuilder();
                        sb.append("TLSA selector ");
                        sb.append(xVar.f22461f);
                        sb.append(" (");
                        b3 = xVar.f22460e;
                    } else {
                        encoded = x509Certificate.getPublicKey().getEncoded();
                    }
                    x.b bVar = xVar.f22463h;
                    if (bVar != null) {
                        int i4 = a.f22146c[bVar.ordinal()];
                        if (i4 != 1) {
                            if (i4 == 2) {
                                try {
                                    encoded = MessageDigest.getInstance(AaidIdConstant.SIGNATURE_SHA256).digest(encoded);
                                } catch (NoSuchAlgorithmException e2) {
                                    throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e2);
                                }
                            } else {
                                if (i4 != 3) {
                                    logger = f22142b;
                                    sb = new StringBuilder();
                                    sb.append("TLSA matching type ");
                                    sb.append(xVar.f22463h);
                                    sb.append(" not supported while verifying ");
                                    sb.append(str);
                                    logger.warning(sb.toString());
                                    return false;
                                }
                                try {
                                    encoded = MessageDigest.getInstance("SHA-512").digest(encoded);
                                } catch (NoSuchAlgorithmException e3) {
                                    throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e3);
                                }
                            }
                        }
                        if (xVar.a(encoded)) {
                            return xVar.f22459d == x.a.domainIssuedCertificate;
                        }
                        throw new a.C0275a(xVar, encoded);
                    }
                    logger = f22142b;
                    sb = new StringBuilder();
                    sb.append("TLSA matching type byte ");
                    b2 = xVar.f22462g;
                }
            } else {
                logger = f22142b;
                sb = new StringBuilder();
                sb.append("TLSA certificate usage ");
                sb.append(xVar.f22459d);
                sb.append(" (");
                b3 = xVar.f22458c;
            }
            sb.append((int) b3);
            sb.append(") not supported while verifying ");
            sb.append(str);
            logger.warning(sb.toString());
            return false;
        }
        logger = f22142b;
        sb = new StringBuilder();
        sb.append("TLSA certificate usage byte ");
        b2 = xVar.f22458c;
        sb.append((int) b2);
        sb.append(" is not supported while verifying ");
        sb.append(str);
        logger.warning(sb.toString());
        return false;
    }

    public static X509Certificate[] a(javax.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            try {
                x509CertificateArr2[i2] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateArr[i2].getEncoded()));
            } catch (CertificateException | CertificateEncodingException e2) {
                f22142b.log(Level.WARNING, "Could not convert", e2);
            }
        }
        return x509CertificateArr2;
    }

    public boolean a(SSLSession sSLSession) {
        try {
            return a(a(sSLSession.getPeerCertificateChain()), sSLSession.getPeerHost(), sSLSession.getPeerPort());
        } catch (SSLPeerUnverifiedException e2) {
            throw new CertificateException("Peer not verified", e2);
        }
    }

    public boolean a(SSLSocket sSLSocket) {
        if (sSLSocket.isConnected()) {
            return a(sSLSocket.getSession());
        }
        throw new IllegalStateException("Socket not yet connected.");
    }

    public boolean a(X509Certificate[] x509CertificateArr, String str, int i2) {
        r.e.j.a a2 = r.e.j.a.a("_" + i2 + "._tcp." + str);
        try {
            r.e.i.a c2 = this.f22143a.c(a2, u.c.TLSA);
            if (!c2.f22162i) {
                String str2 = "Got TLSA response from DNS server, but was not signed properly.";
                if (c2 instanceof r.e.k.c) {
                    str2 = "Got TLSA response from DNS server, but was not signed properly. Reasons:";
                    Iterator<g> it2 = ((r.e.k.c) c2).l().iterator();
                    while (it2.hasNext()) {
                        str2 = str2 + HanziToPinyin.Token.SEPARATOR + it2.next();
                    }
                }
                f22142b.info(str2);
                return false;
            }
            LinkedList linkedList = new LinkedList();
            boolean z = false;
            for (u<? extends h> uVar : c2.f22165l) {
                if (uVar.f22407b == u.c.TLSA && uVar.f22406a.equals(a2)) {
                    try {
                        z |= a(x509CertificateArr[0], (x) uVar.f22411f, str);
                    } catch (a.C0275a e2) {
                        linkedList.add(e2);
                    }
                    if (z) {
                        break;
                    }
                }
            }
            if (z || linkedList.isEmpty()) {
                return z;
            }
            throw new a.b(linkedList);
        } catch (IOException e3) {
            throw new RuntimeException(e3);
        }
    }
}
