package r10;

import c20.h;
import c20.u;
import c20.x;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.cert.CertificateEncodingException;
import r10.a;
import v10.f;

/* compiled from: DaneVerifier.java */
/* loaded from: classes2.dex */
public final class b {

    /* renamed from: b, reason: collision with root package name */
    public static final Logger f36086b = Logger.getLogger(b.class.getName());

    /* renamed from: a, reason: collision with root package name */
    public final o10.a f36087a = new v10.b();

    /* compiled from: DaneVerifier.java */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f36088a;

        /* renamed from: b, reason: collision with root package name */
        public static final /* synthetic */ int[] f36089b;

        /* renamed from: c, reason: collision with root package name */
        public static final /* synthetic */ int[] f36090c;

        static {
            int[] iArr = new int[x.b.values().length];
            f36090c = iArr;
            try {
                iArr[x.b.noHash.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f36090c[x.b.sha256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f36090c[x.b.sha512.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            int[] iArr2 = new int[x.c.values().length];
            f36089b = iArr2;
            try {
                iArr2[x.c.fullCertificate.ordinal()] = 1;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                f36089b[x.c.subjectPublicKeyInfo.ordinal()] = 2;
            } catch (NoSuchFieldError unused5) {
            }
            int[] iArr3 = new int[x.a.values().length];
            f36088a = iArr3;
            try {
                iArr3[x.a.serviceCertificateConstraint.ordinal()] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f36088a[x.a.domainIssuedCertificate.ordinal()] = 2;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f36088a[x.a.caConstraint.ordinal()] = 3;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                f36088a[x.a.trustAnchorAssertion.ordinal()] = 4;
            } catch (NoSuchFieldError unused9) {
            }
        }
    }

    public static boolean a(X509Certificate x509Certificate, x xVar, String str) throws CertificateException {
        byte[] encoded;
        x.a aVar = xVar.f8360r;
        Logger logger = f36086b;
        byte b11 = xVar.f8359g;
        if (aVar == null) {
            logger.warning("TLSA certificate usage byte " + ((int) b11) + " is not supported while verifying " + str);
            return false;
        }
        int i11 = a.f36088a[aVar.ordinal()];
        x.a aVar2 = xVar.f8360r;
        if (i11 != 1 && i11 != 2) {
            logger.warning("TLSA certificate usage " + aVar2 + " (" + ((int) b11) + ") not supported while verifying " + str);
            return false;
        }
        byte b12 = xVar.f8361x;
        x.c cVar = xVar.f8362y;
        if (cVar == null) {
            logger.warning("TLSA selector byte " + ((int) b12) + " is not supported while verifying " + str);
            return false;
        }
        int i12 = a.f36089b[cVar.ordinal()];
        if (i12 == 1) {
            encoded = x509Certificate.getEncoded();
        } else {
            if (i12 != 2) {
                logger.warning("TLSA selector " + cVar + " (" + ((int) b12) + ") not supported while verifying " + str);
                return false;
            }
            encoded = x509Certificate.getPublicKey().getEncoded();
        }
        x.b bVar = xVar.C;
        if (bVar == null) {
            logger.warning("TLSA matching type byte " + ((int) xVar.A) + " is not supported while verifying " + str);
            return false;
        }
        int i13 = a.f36090c[bVar.ordinal()];
        if (i13 != 1) {
            if (i13 == 2) {
                try {
                    encoded = MessageDigest.getInstance("SHA-256").digest(encoded);
                } catch (NoSuchAlgorithmException e11) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e11);
                }
            } else {
                if (i13 != 3) {
                    logger.warning("TLSA matching type " + bVar + " not supported while verifying " + str);
                    return false;
                }
                try {
                    encoded = MessageDigest.getInstance("SHA-512").digest(encoded);
                } catch (NoSuchAlgorithmException e12) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e12);
                }
            }
        }
        if (Arrays.equals(xVar.D, encoded)) {
            return aVar2 == x.a.domainIssuedCertificate;
        }
        throw new a.C0655a();
    }

    public static X509Certificate[] b(javax.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i11 = 0; i11 < x509CertificateArr.length; i11++) {
            try {
                x509CertificateArr2[i11] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateArr[i11].getEncoded()));
            } catch (CertificateException | CertificateEncodingException e11) {
                f36086b.log(Level.WARNING, "Could not convert", e11);
            }
        }
        return x509CertificateArr2;
    }

    public final boolean c(X509Certificate[] x509CertificateArr, String str, int i11) throws CertificateException {
        String str2;
        u10.a a11 = u10.a.a("_" + i11 + "._tcp." + str);
        try {
            o10.a aVar = this.f36087a;
            u.c cVar = u.c.TLSA;
            aVar.getClass();
            t10.a g11 = aVar.g(new t10.b(a11, cVar, u.b.IN));
            if (!g11.f38626i) {
                if (g11 instanceof v10.c) {
                    Iterator<f> it = ((v10.c) g11).f41350x.iterator();
                    str2 = "Got TLSA response from DNS server, but was not signed properly. Reasons:";
                    while (it.hasNext()) {
                        str2 = str2 + " " + it.next();
                    }
                } else {
                    str2 = "Got TLSA response from DNS server, but was not signed properly.";
                }
                f36086b.info(str2);
                return false;
            }
            LinkedList linkedList = new LinkedList();
            boolean z11 = false;
            for (u<? extends h> uVar : g11.f38629l) {
                if (uVar.f8343b == u.c.TLSA && uVar.f8342a.equals(a11)) {
                    try {
                        z11 |= a(x509CertificateArr[0], (x) uVar.f8347f, str);
                    } catch (a.C0655a e11) {
                        linkedList.add(e11);
                    }
                    if (z11) {
                        break;
                    }
                }
            }
            if (z11 || linkedList.isEmpty()) {
                return z11;
            }
            throw new a.b(linkedList);
        } catch (IOException e12) {
            throw new RuntimeException(e12);
        }
    }
}
