package k.a.a.m;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.cert.CertificateEncodingException;
import k.a.a.d;
import k.a.a.e;
import k.a.a.j;
import k.a.a.k;
import k.a.a.m.a;
import k.a.a.n.g;
import k.a.a.t.t;

/* compiled from: DaneVerifier.java */
/* loaded from: classes2.dex */
public class b {
    public static final Logger b = Logger.getLogger(b.class.getName());
    public final k.a.a.a a = new k.a.a.n.a(k.a.a.a.f14763e);

    public static boolean a(X509Certificate x509Certificate, t tVar, String str) throws CertificateException {
        byte[] encoded;
        byte b2 = tVar.c;
        if (b2 != 1 && b2 != 3) {
            Logger logger = b;
            StringBuilder b3 = i.d.c.a.a.b("TLSA certificate usage ");
            b3.append((int) tVar.c);
            b3.append(" not supported while verifying ");
            b3.append(str);
            logger.warning(b3.toString());
            return false;
        }
        byte b4 = tVar.d;
        if (b4 == 0) {
            encoded = x509Certificate.getEncoded();
        } else {
            if (b4 != 1) {
                Logger logger2 = b;
                StringBuilder b5 = i.d.c.a.a.b("TLSA selector ");
                b5.append((int) tVar.d);
                b5.append(" not supported while verifying ");
                b5.append(str);
                logger2.warning(b5.toString());
                return false;
            }
            encoded = x509Certificate.getPublicKey().getEncoded();
        }
        byte b6 = tVar.f14896e;
        if (b6 != 0) {
            if (b6 == 1) {
                try {
                    encoded = MessageDigest.getInstance("SHA-256").digest(encoded);
                } catch (NoSuchAlgorithmException e2) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e2);
                }
            } else {
                if (b6 != 2) {
                    Logger logger3 = b;
                    StringBuilder b7 = i.d.c.a.a.b("TLSA matching type ");
                    b7.append((int) tVar.f14896e);
                    b7.append(" not supported while verifying ");
                    b7.append(str);
                    logger3.warning(b7.toString());
                    return false;
                }
                try {
                    encoded = MessageDigest.getInstance("SHA-512").digest(encoded);
                } catch (NoSuchAlgorithmException e3) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e3);
                }
            }
        }
        if (Arrays.equals(tVar.f14897f, encoded)) {
            return tVar.c == 3;
        }
        throw new a.C0334a(tVar, encoded);
    }

    public static X509Certificate[] a(javax.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            try {
                x509CertificateArr2[i2] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateArr[i2].getEncoded()));
            } catch (CertificateException | CertificateEncodingException e2) {
                b.log(Level.WARNING, "Could not convert", e2);
            }
        }
        return x509CertificateArr2;
    }

    public boolean a(X509Certificate[] x509CertificateArr, String str, int i2) throws CertificateException {
        e a = e.a("_" + i2 + "._tcp." + str);
        try {
            k.a.a.a aVar = this.a;
            k.b bVar = k.b.TLSA;
            if (aVar == null) {
                throw null;
            }
            d c = aVar.c(new j(a, bVar, k.a.IN));
            if (!c.f14779i) {
                String str2 = "Got TLSA response from DNS server, but was not signed properly.";
                if (c instanceof k.a.a.n.b) {
                    str2 = i.d.c.a.a.a("Got TLSA response from DNS server, but was not signed properly.", " Reasons:");
                    Iterator<g> it = ((k.a.a.n.b) c).f14833w.iterator();
                    while (it.hasNext()) {
                        str2 = str2 + " " + it.next();
                    }
                }
                b.info(str2);
                return false;
            }
            LinkedList linkedList = new LinkedList();
            boolean z2 = false;
            for (k<? extends k.a.a.t.g> kVar : c.f14782l) {
                if (kVar.b == k.b.TLSA && kVar.a.equals(a)) {
                    try {
                        z2 |= a(x509CertificateArr[0], (t) kVar.f14823f, str);
                    } catch (a.C0334a e2) {
                        linkedList.add(e2);
                    }
                    if (z2) {
                        break;
                    }
                }
            }
            if (z2 || linkedList.isEmpty()) {
                return z2;
            }
            throw new a.b(linkedList);
        } catch (IOException e3) {
            throw new RuntimeException(e3);
        }
    }
}
