package F4;

import F4.a;
import K4.c;
import K4.e;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.logging.Logger;
import org.minidns.record.u;
import org.minidns.record.x;

/* loaded from: classes4.dex */
public class b {

    /* renamed from: b, reason: collision with root package name */
    private static final Logger f705b = Logger.getLogger(b.class.getName());

    /* renamed from: a, reason: collision with root package name */
    private final K4.b f706a;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f707a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f708b;

        /* renamed from: c, reason: collision with root package name */
        static final /* synthetic */ int[] f709c;

        static {
            int[] iArr = new int[x.b.values().length];
            f709c = iArr;
            try {
                iArr[x.b.noHash.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f709c[x.b.sha256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f709c[x.b.sha512.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            int[] iArr2 = new int[x.c.values().length];
            f708b = iArr2;
            try {
                iArr2[x.c.fullCertificate.ordinal()] = 1;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                f708b[x.c.subjectPublicKeyInfo.ordinal()] = 2;
            } catch (NoSuchFieldError unused5) {
            }
            int[] iArr3 = new int[x.a.values().length];
            f707a = iArr3;
            try {
                iArr3[x.a.serviceCertificateConstraint.ordinal()] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f707a[x.a.domainIssuedCertificate.ordinal()] = 2;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f707a[x.a.caConstraint.ordinal()] = 3;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                f707a[x.a.trustAnchorAssertion.ordinal()] = 4;
            } catch (NoSuchFieldError unused9) {
            }
        }
    }

    public b(K4.b bVar) {
        this.f706a = bVar;
    }

    private static boolean a(X509Certificate x509Certificate, x xVar, String str) {
        byte[] encoded;
        x.a aVar = xVar.f12481d;
        if (aVar == null) {
            f705b.warning("TLSA certificate usage byte " + ((int) xVar.f12480c) + " is not supported while verifying " + str);
            return false;
        }
        int i5 = a.f707a[aVar.ordinal()];
        if (i5 != 1 && i5 != 2) {
            f705b.warning("TLSA certificate usage " + xVar.f12481d + " (" + ((int) xVar.f12480c) + ") not supported while verifying " + str);
            return false;
        }
        x.c cVar = xVar.f12483f;
        if (cVar == null) {
            f705b.warning("TLSA selector byte " + ((int) xVar.f12482e) + " is not supported while verifying " + str);
            return false;
        }
        int i6 = a.f708b[cVar.ordinal()];
        if (i6 == 1) {
            encoded = x509Certificate.getEncoded();
        } else {
            if (i6 != 2) {
                f705b.warning("TLSA selector " + xVar.f12483f + " (" + ((int) xVar.f12482e) + ") not supported while verifying " + str);
                return false;
            }
            encoded = x509Certificate.getPublicKey().getEncoded();
        }
        x.b bVar = xVar.f12485h;
        if (bVar == null) {
            f705b.warning("TLSA matching type byte " + ((int) xVar.f12484g) + " is not supported while verifying " + str);
            return false;
        }
        int i7 = a.f709c[bVar.ordinal()];
        if (i7 != 1) {
            if (i7 == 2) {
                try {
                    encoded = MessageDigest.getInstance("SHA-256").digest(encoded);
                } catch (NoSuchAlgorithmException e5) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-256 for matching", e5);
                }
            } else {
                if (i7 != 3) {
                    f705b.warning("TLSA matching type " + xVar.f12485h + " not supported while verifying " + str);
                    return false;
                }
                try {
                    encoded = MessageDigest.getInstance("SHA-512").digest(encoded);
                } catch (NoSuchAlgorithmException e6) {
                    throw new CertificateException("Verification using TLSA failed: could not SHA-512 for matching", e6);
                }
            }
        }
        if (xVar.G(encoded)) {
            return xVar.f12481d == x.a.domainIssuedCertificate;
        }
        throw new a.C0032a(xVar, encoded);
    }

    public boolean b(X509Certificate[] x509CertificateArr, String str, int i5) {
        I4.a r5 = I4.a.r("_" + i5 + "._tcp." + str);
        try {
            c z5 = this.f706a.z(r5, u.c.TLSA);
            H4.a aVar = z5.f1499b.f1246c;
            if (!z5.b()) {
                String str2 = "Got TLSA response from DNS server, but was not signed properly. Reasons:";
                Iterator it = z5.a().iterator();
                while (it.hasNext()) {
                    str2 = str2 + " " + ((e) it.next());
                }
                f705b.info(str2);
                return false;
            }
            LinkedList linkedList = new LinkedList();
            boolean z6 = false;
            for (u uVar : aVar.f1059l) {
                if (uVar.f12454a.equals(r5)) {
                    u.c cVar = uVar.f12455b;
                    if (cVar == u.c.TLSA) {
                        try {
                            z6 |= a(x509CertificateArr[0], (x) uVar.f12459f, str);
                        } catch (a.C0032a e5) {
                            linkedList.add(e5);
                        }
                        if (z6) {
                            break;
                        }
                    } else if (cVar == u.c.CNAME) {
                        r5 = ((org.minidns.record.c) uVar.f12459f).f12452c;
                    }
                }
            }
            if (z6 || linkedList.isEmpty()) {
                return z6;
            }
            throw new a.b(linkedList);
        } catch (IOException e6) {
            throw new RuntimeException(e6);
        }
    }
}
