package de.measite.minidns.dane;

import de.measite.minidns.dane.DaneCertificateException;
import de.measite.minidns.e.u;
import java.io.ByteArrayInputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.cert.CertificateEncodingException;

/* loaded from: classes.dex */
public class a {
    private static final Logger LOGGER = Logger.getLogger(a.class.getName());
    private final de.measite.minidns.a aMV;

    public a() {
        this(new de.measite.minidns.dnssec.a());
    }

    private a(de.measite.minidns.a aVar) {
        this.aMV = aVar;
    }

    private static boolean a(X509Certificate x509Certificate, u uVar, String str) throws CertificateException {
        byte[] encoded;
        byte b2 = uVar.aOZ;
        if (b2 != 1 && b2 != 3) {
            LOGGER.warning("TLSA certificate usage " + ((int) uVar.aOZ) + " not supported while verifying " + str);
            return false;
        }
        switch (uVar.aPa) {
            case 0:
                encoded = x509Certificate.getEncoded();
                break;
            case 1:
                encoded = x509Certificate.getPublicKey().getEncoded();
                break;
            default:
                LOGGER.warning("TLSA selector " + ((int) uVar.aPa) + " not supported while verifying " + str);
                return false;
        }
        switch (uVar.aPb) {
            case 0:
                break;
            case 1:
                try {
                    encoded = MessageDigest.getInstance("SHA-256").digest(encoded);
                    break;
                } catch (NoSuchAlgorithmException e) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e);
                }
            case 2:
                try {
                    encoded = MessageDigest.getInstance("SHA-512").digest(encoded);
                    break;
                } catch (NoSuchAlgorithmException e2) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e2);
                }
            default:
                LOGGER.warning("TLSA matching type " + ((int) uVar.aPb) + " not supported while verifying " + str);
                return false;
        }
        if (Arrays.equals(uVar.aPc, encoded)) {
            return uVar.aOZ == 3;
        }
        throw new DaneCertificateException.CertificateMismatch(uVar, encoded);
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Found unreachable blocks
        	at jadx.core.dex.visitors.blocks.DominatorTree.sortBlocks(DominatorTree.java:34)
        	at jadx.core.dex.visitors.blocks.DominatorTree.compute(DominatorTree.java:24)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.computeDominators(BlockProcessor.java:209)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:50)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private boolean a(java.security.cert.X509Certificate[] r8, java.lang.String r9, int r10) throws java.security.cert.CertificateException {
        /*
            r7 = this;
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            java.lang.String r1 = "_"
            r0.<init>(r1)
            r0.append(r10)
            java.lang.String r10 = "._tcp."
            r0.append(r10)
            r0.append(r9)
            java.lang.String r10 = r0.toString()
            de.measite.minidns.k r10 = de.measite.minidns.k.aL(r10)
            de.measite.minidns.a r0 = r7.aMV     // Catch: java.io.IOException -> Lbd
            de.measite.minidns.v r1 = de.measite.minidns.v.TLSA     // Catch: java.io.IOException -> Lbd
            de.measite.minidns.r r2 = new de.measite.minidns.r     // Catch: java.io.IOException -> Lbd
            de.measite.minidns.u r3 = de.measite.minidns.u.IN     // Catch: java.io.IOException -> Lbd
            r4 = 0
            r2.<init>(r10, r1, r3, r4)     // Catch: java.io.IOException -> Lbd
            de.measite.minidns.g r0 = r0.a(r2)     // Catch: java.io.IOException -> Lbd
            boolean r1 = r0.aJo
            if (r1 != 0) goto L74
            java.lang.String r8 = "Got TLSA response from DNS server, but was not signed properly."
            boolean r9 = r0 instanceof de.measite.minidns.dnssec.d
            if (r9 == 0) goto L6e
            java.lang.StringBuilder r9 = new java.lang.StringBuilder
            r9.<init>()
            r9.append(r8)
            java.lang.String r8 = " Reasons:"
            r9.append(r8)
            java.lang.String r8 = r9.toString()
            de.measite.minidns.dnssec.d r0 = (de.measite.minidns.dnssec.d) r0
            java.util.Set<de.measite.minidns.dnssec.g> r9 = r0.aNi
            java.util.Iterator r9 = r9.iterator()
        L4d:
            boolean r10 = r9.hasNext()
            if (r10 == 0) goto L6e
            java.lang.Object r10 = r9.next()
            de.measite.minidns.dnssec.g r10 = (de.measite.minidns.dnssec.g) r10
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r0.<init>()
            r0.append(r8)
            java.lang.String r8 = " "
            r0.append(r8)
            r0.append(r10)
            java.lang.String r8 = r0.toString()
            goto L4d
        L6e:
            java.util.logging.Logger r9 = de.measite.minidns.dane.a.LOGGER
            r9.info(r8)
            return r4
        L74:
            java.util.LinkedList r1 = new java.util.LinkedList
            r1.<init>()
            java.util.List<de.measite.minidns.s<? extends de.measite.minidns.e.g>> r0 = r0.aJr
            java.util.Iterator r0 = r0.iterator()
            r2 = 0
        L80:
            boolean r3 = r0.hasNext()
            if (r3 == 0) goto Lad
            java.lang.Object r3 = r0.next()
            de.measite.minidns.s r3 = (de.measite.minidns.s) r3
            de.measite.minidns.v r5 = r3.aKV
            de.measite.minidns.v r6 = de.measite.minidns.v.TLSA
            if (r5 != r6) goto L80
            de.measite.minidns.k r5 = r3.aKU
            boolean r5 = r5.equals(r10)
            if (r5 == 0) goto L80
            D extends de.measite.minidns.e.g r3 = r3.aLb
            de.measite.minidns.e.u r3 = (de.measite.minidns.e.u) r3
            r5 = r8[r4]     // Catch: de.measite.minidns.dane.DaneCertificateException.CertificateMismatch -> La6
            boolean r3 = a(r5, r3, r9)     // Catch: de.measite.minidns.dane.DaneCertificateException.CertificateMismatch -> La6
            r2 = r2 | r3
            goto Laa
        La6:
            r3 = move-exception
            r1.add(r3)
        Laa:
            if (r2 != 0) goto Lad
            goto L80
        Lad:
            if (r2 != 0) goto Lbc
            boolean r8 = r1.isEmpty()
            if (r8 == 0) goto Lb6
            goto Lbc
        Lb6:
            de.measite.minidns.dane.DaneCertificateException$MultipleCertificateMismatchExceptions r8 = new de.measite.minidns.dane.DaneCertificateException$MultipleCertificateMismatchExceptions
            r8.<init>(r1)
            throw r8
        Lbc:
            return r2
        Lbd:
            r8 = move-exception
            java.lang.RuntimeException r9 = new java.lang.RuntimeException
            r9.<init>(r8)
            throw r9
        Lc4:
            goto Lc4
        */
        throw new UnsupportedOperationException("Method not decompiled: de.measite.minidns.dane.a.a(java.security.cert.X509Certificate[], java.lang.String, int):boolean");
    }

    private static X509Certificate[] a(javax.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            try {
                x509CertificateArr2[i] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateArr[i].getEncoded()));
            } catch (CertificateException | CertificateEncodingException e) {
                LOGGER.log(Level.WARNING, "Could not convert", e);
            }
        }
        return x509CertificateArr2;
    }

    public final boolean a(SSLSession sSLSession) throws CertificateException {
        try {
            return a(a(sSLSession.getPeerCertificateChain()), sSLSession.getPeerHost(), sSLSession.getPeerPort());
        } catch (SSLPeerUnverifiedException e) {
            throw new CertificateException("Peer not verified", e);
        }
    }
}
