package a.a.a.b;

import a.a.a.b.a;
import a.a.a.c.h;
import a.a.a.d;
import a.a.a.e;
import a.a.a.i.g;
import a.a.a.i.t;
import a.a.a.n;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.cert.CertificateEncodingException;
import org.jivesoftware.smack.util.TLSUtils;

/* loaded from: classes.dex */
public class b {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f19a = Logger.getLogger(b.class.getName());

    /* renamed from: b, reason: collision with root package name */
    private final a.a.a.a f20b;

    public b() {
        this(new a.a.a.c.a());
    }

    public b(a.a.a.a aVar) {
        this.f20b = aVar;
    }

    private static boolean a(X509Certificate x509Certificate, t tVar, String str) throws CertificateException {
        byte[] encoded;
        switch (tVar.j) {
            case 1:
            case 3:
                switch (tVar.k) {
                    case 0:
                        encoded = x509Certificate.getEncoded();
                        break;
                    case 1:
                        encoded = x509Certificate.getPublicKey().getEncoded();
                        break;
                    default:
                        f19a.warning("TLSA selector " + ((int) tVar.k) + " not supported while verifying " + str);
                        return false;
                }
                switch (tVar.l) {
                    case 0:
                        break;
                    case 1:
                        try {
                            encoded = MessageDigest.getInstance("SHA-256").digest(encoded);
                            break;
                        } catch (NoSuchAlgorithmException e) {
                            throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e);
                        }
                    case 2:
                        try {
                            encoded = MessageDigest.getInstance("SHA-512").digest(encoded);
                            break;
                        } catch (NoSuchAlgorithmException e2) {
                            throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e2);
                        }
                    default:
                        f19a.warning("TLSA matching type " + ((int) tVar.l) + " not supported while verifying " + str);
                        return false;
                }
                if (tVar.a(encoded)) {
                    return tVar.j == 3;
                }
                throw new a.C0001a(tVar, encoded);
            case 2:
            default:
                f19a.warning("TLSA certificate usage " + ((int) tVar.j) + " not supported while verifying " + str);
                return false;
        }
    }

    private static X509Certificate[] a(Certificate[] certificateArr) {
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : certificateArr) {
            if (certificate instanceof X509Certificate) {
                arrayList.add((X509Certificate) certificate);
            }
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    private static X509Certificate[] a(javax.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= x509CertificateArr.length) {
                return x509CertificateArr2;
            }
            try {
                x509CertificateArr2[i2] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateArr[i2].getEncoded()));
            } catch (CertificateException | CertificateEncodingException e) {
                f19a.log(Level.WARNING, "Could not convert", e);
            }
            i = i2 + 1;
        }
    }

    public HttpsURLConnection a(HttpsURLConnection httpsURLConnection) throws IOException, CertificateException {
        return a(httpsURLConnection, null);
    }

    public HttpsURLConnection a(HttpsURLConnection httpsURLConnection, X509TrustManager x509TrustManager) throws IOException, CertificateException {
        try {
            SSLContext sSLContext = SSLContext.getInstance(TLSUtils.TLS);
            c cVar = new c(x509TrustManager);
            sSLContext.init(null, new TrustManager[]{cVar}, null);
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            httpsURLConnection.connect();
            if (a(a(httpsURLConnection.getServerCertificates()), httpsURLConnection.getURL().getHost(), httpsURLConnection.getURL().getPort() < 0 ? httpsURLConnection.getURL().getDefaultPort() : httpsURLConnection.getURL().getPort()) || !cVar.a()) {
                return httpsURLConnection;
            }
            throw new IOException("Peer verification failed using PKIX", cVar.b());
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public boolean a(SSLSession sSLSession) throws CertificateException {
        try {
            return a(a(sSLSession.getPeerCertificateChain()), sSLSession.getPeerHost(), sSLSession.getPeerPort());
        } catch (SSLPeerUnverifiedException e) {
            throw new CertificateException("Peer not verified", e);
        }
    }

    public boolean a(SSLSocket sSLSocket) throws CertificateException {
        if (sSLSocket.isConnected()) {
            return a(sSLSocket.getSession());
        }
        throw new IllegalStateException("Socket not yet connected.");
    }

    public boolean a(X509Certificate[] x509CertificateArr, String str, int i) throws CertificateException {
        boolean z = false;
        e a2 = e.a("_" + i + "._tcp." + str);
        try {
            d a3 = this.f20b.a(a2, n.b.TLSA);
            if (a3.i) {
                LinkedList linkedList = new LinkedList();
                Iterator<n<? extends g>> it = a3.l.iterator();
                boolean z2 = false;
                while (true) {
                    if (!it.hasNext()) {
                        z = z2;
                        break;
                    }
                    n<? extends g> next = it.next();
                    if (next.f237b == n.b.TLSA && next.f236a.equals(a2)) {
                        try {
                            z2 |= a(x509CertificateArr[0], (t) next.f, str);
                        } catch (a.C0001a e) {
                            linkedList.add(e);
                        }
                        if (z2) {
                            z = z2;
                            break;
                        }
                    }
                    z2 = z2;
                }
                if (!z && !linkedList.isEmpty()) {
                    throw new a.b(linkedList);
                }
            } else {
                String str2 = "Got TLSA response from DNS server, but was not signed properly.";
                if (a3 instanceof a.a.a.c.b) {
                    str2 = "Got TLSA response from DNS server, but was not signed properly. Reasons:";
                    Iterator<h> it2 = ((a.a.a.c.b) a3).o().iterator();
                    while (it2.hasNext()) {
                        str2 = str2 + " " + it2.next();
                    }
                }
                f19a.info(str2);
            }
            return z;
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }
}
