package rc;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.cert.CertificateEncodingException;
import pc.d;
import pc.i;
import pc.j;
import rc.a;
import sc.f;
import yc.g;
import yc.t;

/* loaded from: classes.dex */
public final class b {

    /* renamed from: b, reason: collision with root package name */
    public static final Logger f18083b = Logger.getLogger(b.class.getName());

    /* renamed from: a, reason: collision with root package name */
    public final pc.a f18084a = new sc.a();

    public static boolean a(X509Certificate x509Certificate, t tVar, String str) {
        byte[] encoded;
        StringBuilder sb2;
        byte b10 = tVar.f20496c;
        if (b10 == 1 || b10 == 3) {
            byte b11 = tVar.d;
            if (b11 == 0) {
                encoded = x509Certificate.getEncoded();
            } else if (b11 != 1) {
                sb2 = new StringBuilder("TLSA selector ");
                sb2.append((int) b11);
            } else {
                encoded = x509Certificate.getPublicKey().getEncoded();
            }
            b11 = tVar.f20497e;
            if (b11 != 0) {
                if (b11 == 1) {
                    try {
                        encoded = MessageDigest.getInstance("SHA-256").digest(encoded);
                    } catch (NoSuchAlgorithmException e10) {
                        throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e10);
                    }
                } else if (b11 != 2) {
                    sb2 = new StringBuilder("TLSA matching type ");
                    sb2.append((int) b11);
                } else {
                    try {
                        encoded = MessageDigest.getInstance("SHA-512").digest(encoded);
                    } catch (NoSuchAlgorithmException e11) {
                        throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e11);
                    }
                }
            }
            if (Arrays.equals(tVar.f20498f, encoded)) {
                return b10 == 3;
            }
            throw new a.C0197a();
        }
        sb2 = new StringBuilder("TLSA certificate usage ");
        sb2.append((int) b10);
        sb2.append(" not supported while verifying ");
        sb2.append(str);
        f18083b.warning(sb2.toString());
        return false;
    }

    public static X509Certificate[] b(javax.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            try {
                x509CertificateArr2[i2] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateArr[i2].getEncoded()));
            } catch (CertificateException | CertificateEncodingException e10) {
                f18083b.log(Level.WARNING, "Could not convert", e10);
            }
        }
        return x509CertificateArr2;
    }

    public final boolean c(X509Certificate[] x509CertificateArr, String str, int i2) {
        String str2;
        d a10 = d.a("_" + i2 + "._tcp." + str);
        try {
            pc.a aVar = this.f18084a;
            j.b bVar = j.b.TLSA;
            aVar.getClass();
            j.a aVar2 = j.a.IN;
            pc.c g10 = aVar.g(new i(a10, bVar, 0));
            if (!g10.f17157i) {
                if (g10 instanceof sc.b) {
                    Iterator<f> it = ((sc.b) g10).f18628w.iterator();
                    str2 = "Got TLSA response from DNS server, but was not signed properly. Reasons:";
                    while (it.hasNext()) {
                        str2 = str2 + " " + it.next();
                    }
                } else {
                    str2 = "Got TLSA response from DNS server, but was not signed properly.";
                }
                f18083b.info(str2);
                return false;
            }
            LinkedList linkedList = new LinkedList();
            boolean z10 = false;
            for (j<? extends g> jVar : g10.f17160l) {
                if (jVar.f17231b == j.b.TLSA && jVar.f17230a.equals(a10)) {
                    try {
                        z10 |= a(x509CertificateArr[0], (t) jVar.f17234f, str);
                    } catch (a.C0197a e10) {
                        linkedList.add(e10);
                    }
                    if (z10) {
                        break;
                    }
                }
            }
            if (z10 || linkedList.isEmpty()) {
                return z10;
            }
            throw new a.b(linkedList);
        } catch (IOException e11) {
            throw new RuntimeException(e11);
        }
    }
}
