package org.e.c;

import com.samsung.oep.util.OHConstants;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.logging.Logger;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.e.c.a;
import org.e.h.e;
import org.e.n.h;
import org.e.n.u;
import org.e.n.x;
import org.spongycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: classes3.dex */
public class b {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f22193a = Logger.getLogger(b.class.getName());

    /* renamed from: b, reason: collision with root package name */
    private final org.e.h.b f22194b;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.e.c.b$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass1 {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f22195a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f22196b;

        /* renamed from: c, reason: collision with root package name */
        static final /* synthetic */ int[] f22197c;

        static {
            int[] iArr = new int[x.b.values().length];
            f22197c = iArr;
            try {
                iArr[x.b.noHash.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f22197c[x.b.sha256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f22197c[x.b.sha512.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            int[] iArr2 = new int[x.c.values().length];
            f22196b = iArr2;
            try {
                iArr2[x.c.fullCertificate.ordinal()] = 1;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                f22196b[x.c.subjectPublicKeyInfo.ordinal()] = 2;
            } catch (NoSuchFieldError unused5) {
            }
            int[] iArr3 = new int[x.a.values().length];
            f22195a = iArr3;
            try {
                iArr3[x.a.serviceCertificateConstraint.ordinal()] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f22195a[x.a.domainIssuedCertificate.ordinal()] = 2;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f22195a[x.a.caConstraint.ordinal()] = 3;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                f22195a[x.a.trustAnchorAssertion.ordinal()] = 4;
            } catch (NoSuchFieldError unused9) {
            }
        }
    }

    public b() {
        this(new org.e.h.b());
    }

    public b(org.e.h.b bVar) {
        this.f22194b = bVar;
    }

    private static boolean a(X509Certificate x509Certificate, x xVar, String str) throws CertificateException {
        byte[] encoded;
        if (xVar.f22424b == null) {
            f22193a.warning("TLSA certificate usage byte " + ((int) xVar.f22423a) + " is not supported while verifying " + str);
            return false;
        }
        int i = AnonymousClass1.f22195a[xVar.f22424b.ordinal()];
        if (i != 1 && i != 2) {
            f22193a.warning("TLSA certificate usage " + xVar.f22424b + " (" + ((int) xVar.f22423a) + ") not supported while verifying " + str);
            return false;
        }
        if (xVar.f22426d == null) {
            f22193a.warning("TLSA selector byte " + ((int) xVar.f22425c) + " is not supported while verifying " + str);
            return false;
        }
        int i2 = AnonymousClass1.f22196b[xVar.f22426d.ordinal()];
        if (i2 == 1) {
            encoded = x509Certificate.getEncoded();
        } else {
            if (i2 != 2) {
                f22193a.warning("TLSA selector " + xVar.f22426d + " (" + ((int) xVar.f22425c) + ") not supported while verifying " + str);
                return false;
            }
            encoded = x509Certificate.getPublicKey().getEncoded();
        }
        if (xVar.f == null) {
            f22193a.warning("TLSA matching type byte " + ((int) xVar.e) + " is not supported while verifying " + str);
            return false;
        }
        int i3 = AnonymousClass1.f22197c[xVar.f.ordinal()];
        if (i3 != 1) {
            if (i3 == 2) {
                try {
                    encoded = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA256).digest(encoded);
                } catch (NoSuchAlgorithmException e) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e);
                }
            } else {
                if (i3 != 3) {
                    f22193a.warning("TLSA matching type " + xVar.f + " not supported while verifying " + str);
                    return false;
                }
                try {
                    encoded = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA512).digest(encoded);
                } catch (NoSuchAlgorithmException e2) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e2);
                }
            }
        }
        if (xVar.a(encoded)) {
            return xVar.f22424b == x.a.domainIssuedCertificate;
        }
        throw new a.C0427a(xVar, encoded);
    }

    private static X509Certificate[] a(Certificate[] certificateArr) {
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : certificateArr) {
            if (certificate instanceof X509Certificate) {
                arrayList.add((X509Certificate) certificate);
            }
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    public boolean a(SSLSession sSLSession) throws CertificateException {
        try {
            return a(a(sSLSession.getPeerCertificates()), sSLSession.getPeerHost(), sSLSession.getPeerPort());
        } catch (SSLPeerUnverifiedException e) {
            throw new CertificateException("Peer not verified", e);
        }
    }

    public boolean a(X509Certificate[] x509CertificateArr, String str, int i) throws CertificateException {
        org.e.f.a a2 = org.e.f.a.a(OHConstants.UNDERSCORE + i + "._tcp." + str);
        try {
            org.e.h.c a3 = this.f22194b.a((CharSequence) a2, u.b.TLSA);
            org.e.e.a aVar = a3.f22271b.f22248d;
            if (!a3.a()) {
                String str2 = "Got TLSA response from DNS server, but was not signed properly. Reasons:";
                Iterator<e> it = a3.b().iterator();
                while (it.hasNext()) {
                    str2 = str2 + " " + it.next();
                }
                f22193a.info(str2);
                return false;
            }
            LinkedList linkedList = new LinkedList();
            boolean z = false;
            for (u<? extends h> uVar : aVar.l) {
                if (uVar.f22403b == u.b.TLSA && uVar.f22402a.equals(a2)) {
                    try {
                        z |= a(x509CertificateArr[0], (x) uVar.f, str);
                    } catch (a.C0427a e) {
                        linkedList.add(e);
                    }
                    if (z) {
                        break;
                    }
                }
            }
            if (z || linkedList.isEmpty()) {
                return z;
            }
            throw new a.b(linkedList);
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }
}
