package k.b.f;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.cert.CertificateEncodingException;
import k.b.j.c;
import k.b.j.e;
import k.b.o.h;
import k.b.o.u;
import k.b.o.x;
import org.minidns.dane.DaneCertificateException;

/* loaded from: classes.dex */
public class a {

    /* renamed from: a, reason: collision with root package name */
    public static final Logger f9559a = Logger.getLogger(a.class.getName());

    /* renamed from: b, reason: collision with root package name */
    public final k.b.a f9560b = new k.b.j.b(k.b.a.f9520a);

    public static boolean a(X509Certificate x509Certificate, x xVar, String str) throws CertificateException {
        byte[] encoded;
        x.a aVar = xVar.f9797i;
        if (aVar == null) {
            Logger logger = f9559a;
            StringBuilder j2 = e.b.d.a.a.j("TLSA certificate usage byte ");
            j2.append((int) xVar.f9796h);
            j2.append(" is not supported while verifying ");
            j2.append(str);
            logger.warning(j2.toString());
            return false;
        }
        int ordinal = aVar.ordinal();
        if (ordinal != 1 && ordinal != 3) {
            Logger logger2 = f9559a;
            StringBuilder j3 = e.b.d.a.a.j("TLSA certificate usage ");
            j3.append(xVar.f9797i);
            j3.append(" (");
            j3.append((int) xVar.f9796h);
            j3.append(") not supported while verifying ");
            j3.append(str);
            logger2.warning(j3.toString());
            return false;
        }
        x.c cVar = xVar.f9799k;
        if (cVar == null) {
            Logger logger3 = f9559a;
            StringBuilder j4 = e.b.d.a.a.j("TLSA selector byte ");
            j4.append((int) xVar.f9798j);
            j4.append(" is not supported while verifying ");
            j4.append(str);
            logger3.warning(j4.toString());
            return false;
        }
        int ordinal2 = cVar.ordinal();
        if (ordinal2 == 0) {
            encoded = x509Certificate.getEncoded();
        } else {
            if (ordinal2 != 1) {
                Logger logger4 = f9559a;
                StringBuilder j5 = e.b.d.a.a.j("TLSA selector ");
                j5.append(xVar.f9799k);
                j5.append(" (");
                j5.append((int) xVar.f9798j);
                j5.append(") not supported while verifying ");
                j5.append(str);
                logger4.warning(j5.toString());
                return false;
            }
            encoded = x509Certificate.getPublicKey().getEncoded();
        }
        x.b bVar = xVar.m;
        if (bVar == null) {
            Logger logger5 = f9559a;
            StringBuilder j6 = e.b.d.a.a.j("TLSA matching type byte ");
            j6.append((int) xVar.f9800l);
            j6.append(" is not supported while verifying ");
            j6.append(str);
            logger5.warning(j6.toString());
            return false;
        }
        int ordinal3 = bVar.ordinal();
        if (ordinal3 != 0) {
            if (ordinal3 == 1) {
                try {
                    encoded = MessageDigest.getInstance("SHA-256").digest(encoded);
                } catch (NoSuchAlgorithmException e2) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e2);
                }
            } else {
                if (ordinal3 != 2) {
                    Logger logger6 = f9559a;
                    StringBuilder j7 = e.b.d.a.a.j("TLSA matching type ");
                    j7.append(xVar.m);
                    j7.append(" not supported while verifying ");
                    j7.append(str);
                    logger6.warning(j7.toString());
                    return false;
                }
                try {
                    encoded = MessageDigest.getInstance("SHA-512").digest(encoded);
                } catch (NoSuchAlgorithmException e3) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e3);
                }
            }
        }
        if (Arrays.equals(xVar.n, encoded)) {
            return xVar.f9797i == x.a.domainIssuedCertificate;
        }
        throw new DaneCertificateException.CertificateMismatch(xVar, encoded);
    }

    public static X509Certificate[] b(javax.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            try {
                x509CertificateArr2[i2] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateArr[i2].getEncoded()));
            } catch (CertificateException | CertificateEncodingException e2) {
                f9559a.log(Level.WARNING, "Could not convert", e2);
            }
        }
        return x509CertificateArr2;
    }

    public boolean c(X509Certificate[] x509CertificateArr, String str, int i2) throws CertificateException {
        k.b.i.a e2 = k.b.i.a.e("_" + i2 + "._tcp." + str);
        try {
            k.b.a aVar = this.f9560b;
            u.b bVar = u.b.TLSA;
            aVar.getClass();
            k.b.h.a j2 = aVar.j(new k.b.h.b(e2, bVar, u.a.IN));
            if (!j2.f9574j) {
                String str2 = "Got TLSA response from DNS server, but was not signed properly.";
                if (j2 instanceof c) {
                    str2 = e.b.d.a.a.y("Got TLSA response from DNS server, but was not signed properly.", " Reasons:");
                    Iterator<e> it2 = ((c) j2).w.iterator();
                    while (it2.hasNext()) {
                        str2 = str2 + " " + it2.next();
                    }
                }
                f9559a.info(str2);
                return false;
            }
            LinkedList linkedList = new LinkedList();
            boolean z = false;
            for (u<? extends h> uVar : j2.m) {
                if (uVar.f9758b == u.b.TLSA && uVar.f9757a.equals(e2)) {
                    try {
                        z |= a(x509CertificateArr[0], (x) uVar.f9762f, str);
                    } catch (DaneCertificateException.CertificateMismatch e3) {
                        linkedList.add(e3);
                    }
                    if (z) {
                        break;
                    }
                }
            }
            if (z || linkedList.isEmpty()) {
                return z;
            }
            throw new DaneCertificateException.MultipleCertificateMismatchExceptions(linkedList);
        } catch (IOException e4) {
            throw new RuntimeException(e4);
        }
    }
}
