package org.minidns.dane.java7;

import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.minidns.dane.DaneVerifier;
import org.minidns.dane.X509TrustManagerUtil;
import org.minidns.dnssec.DnssecClient;

/* loaded from: classes2.dex */
public class DaneExtendedTrustManager extends X509ExtendedTrustManager {
    private static final Logger LOGGER = Logger.getLogger(DaneExtendedTrustManager.class.getName());
    private final X509TrustManager base;
    private final DaneVerifier verifier;

    public DaneExtendedTrustManager() {
        this(X509TrustManagerUtil.getDefault());
    }

    public DaneExtendedTrustManager(X509TrustManager x509TrustManager) {
        this(new DaneVerifier(), x509TrustManager);
    }

    public DaneExtendedTrustManager(DaneVerifier daneVerifier, X509TrustManager x509TrustManager) {
        this.verifier = daneVerifier;
        this.base = x509TrustManager;
    }

    public DaneExtendedTrustManager(DnssecClient dnssecClient) {
        this(dnssecClient, X509TrustManagerUtil.getDefault());
    }

    public DaneExtendedTrustManager(DnssecClient dnssecClient, X509TrustManager x509TrustManager) {
        this(new DaneVerifier(dnssecClient), x509TrustManager);
    }

    public static void inject() {
        inject(new DaneExtendedTrustManager());
    }

    public static void inject(DaneExtendedTrustManager daneExtendedTrustManager) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{daneExtendedTrustManager}, null);
            SSLContext.setDefault(sSLContext);
        } catch (KeyManagementException | NoSuchAlgorithmException e6) {
            throw new RuntimeException(e6);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (this.base == null) {
            LOGGER.warning("DaneExtendedTrustManager invalidly used for client certificate check and no fallback X509TrustManager specified");
        } else {
            LOGGER.info("DaneExtendedTrustManager invalidly used for client certificate check, forwarding request to fallback X509TrustManage");
            this.base.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        if (this.base == null) {
            LOGGER.warning("DaneExtendedTrustManager invalidly used for client certificate check and no fallback X509TrustManager specified");
            return;
        }
        LOGGER.info("DaneExtendedTrustManager invalidly used for client certificate check forwarding request to fallback X509TrustManage");
        X509TrustManager x509TrustManager = this.base;
        if (x509TrustManager instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) x509TrustManager).checkClientTrusted(x509CertificateArr, str, socket);
        } else {
            x509TrustManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        if (this.base == null) {
            LOGGER.warning("DaneExtendedTrustManager invalidly used for client certificate check and no fallback X509TrustManager specified");
            return;
        }
        LOGGER.info("DaneExtendedTrustManager invalidly used for client certificate check, forwarding request to fallback X509TrustManage");
        X509TrustManager x509TrustManager = this.base;
        if (x509TrustManager instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) x509TrustManager).checkClientTrusted(x509CertificateArr, str, sSLEngine);
        } else {
            x509TrustManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        LOGGER.info("DaneExtendedTrustManager cannot be used without hostname information, forwarding request to fallback X509TrustManage");
        this.base.checkServerTrusted(x509CertificateArr, str);
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x0046  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0045 A[RETURN] */
    @Override // javax.net.ssl.X509ExtendedTrustManager
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void checkServerTrusted(java.security.cert.X509Certificate[] r5, java.lang.String r6, java.net.Socket r7) {
        /*
            r4 = this;
            boolean r0 = r7 instanceof javax.net.ssl.SSLSocket
            if (r0 == 0) goto L56
            r0 = r7
            javax.net.ssl.SSLSocket r0 = (javax.net.ssl.SSLSocket) r0
            javax.net.ssl.SSLSession r0 = a4.c.r(r0)
            java.lang.String r0 = r0.getPeerHost()
            if (r0 != 0) goto L19
            java.util.logging.Logger r0 = org.minidns.dane.java7.DaneExtendedTrustManager.LOGGER
            java.lang.String r1 = "Hostname returned by sslSocket.getHandshakeSession().getPeerHost() is null"
            r0.warning(r1)
            goto L37
        L19:
            boolean r1 = org.minidns.util.InetAddressUtil.isIpAddress(r0)
            if (r1 == 0) goto L39
            java.util.logging.Logger r1 = org.minidns.dane.java7.DaneExtendedTrustManager.LOGGER
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            java.lang.String r3 = "Hostname returned by sslSocket.getHandshakeSession().getPeerHost() '"
            r2.<init>(r3)
            r2.append(r0)
            java.lang.String r0 = "' is an IP address"
            r2.append(r0)
            java.lang.String r0 = r2.toString()
            r1.warning(r0)
        L37:
            r0 = 0
            goto L43
        L39:
            int r1 = r7.getPort()
            org.minidns.dane.DaneVerifier r2 = r4.verifier
            boolean r0 = r2.verifyCertificateChain(r5, r0, r1)
        L43:
            if (r0 == 0) goto L46
            return
        L46:
            javax.net.ssl.X509TrustManager r0 = r4.base
            boolean r1 = r0 instanceof javax.net.ssl.X509ExtendedTrustManager
            if (r1 == 0) goto L52
            javax.net.ssl.X509ExtendedTrustManager r0 = (javax.net.ssl.X509ExtendedTrustManager) r0
            a4.d.y(r0, r5, r6, r7)
            goto L55
        L52:
            r0.checkServerTrusted(r5, r6)
        L55:
            return
        L56:
            java.lang.IllegalStateException r5 = new java.lang.IllegalStateException
            java.lang.StringBuilder r6 = new java.lang.StringBuilder
            java.lang.String r0 = "The provided socket '"
            r6.<init>(r0)
            r6.append(r7)
            java.lang.String r7 = "' is not of type SSLSocket"
            r6.append(r7)
            java.lang.String r6 = r6.toString()
            r5.<init>(r6)
            throw r5
        */
        throw new UnsupportedOperationException("Method not decompiled: org.minidns.dane.java7.DaneExtendedTrustManager.checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String, java.net.Socket):void");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        if (this.verifier.verifyCertificateChain(x509CertificateArr, sSLEngine.getPeerHost(), sSLEngine.getPeerPort())) {
            return;
        }
        X509TrustManager x509TrustManager = this.base;
        if (x509TrustManager instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) x509TrustManager).checkServerTrusted(x509CertificateArr, str, sSLEngine);
        } else {
            x509TrustManager.checkServerTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.base.getAcceptedIssuers();
    }
}
