package com.e.a.c;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;

/* loaded from: classes2.dex */
public final class g extends d {

    /* renamed from: d, reason: collision with root package name */
    private X509Certificate f17709d;

    /* renamed from: e, reason: collision with root package name */
    private X509Certificate f17710e;

    /* JADX INFO: Access modifiers changed from: package-private */
    public g(h hVar, SSLSocket sSLSocket) {
        super(hVar, sSLSocket);
    }

    private static X509Certificate a(com.e.a.b bVar, X509Certificate x509Certificate, String str) throws com.e.a.j {
        if (x509Certificate == null) {
            return b(bVar);
        }
        throw new com.e.a.j("Duplicate " + str + " certificates in CERTS cell");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static javax.security.cert.X509Certificate a(SSLSession sSLSession) {
        try {
            return sSLSession.getPeerCertificateChain()[0];
        } catch (SSLPeerUnverifiedException e2) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(Principal principal) {
        String substring;
        String name = principal.getName();
        if (name.indexOf(",") >= 0) {
            return true;
        }
        int indexOf = name.indexOf("CN=");
        if (indexOf == -1) {
            substring = "";
        } else {
            int indexOf2 = name.indexOf(44, indexOf);
            substring = indexOf2 == -1 ? name.substring(indexOf) : name.substring(indexOf, indexOf2);
        }
        return !substring.endsWith(".net");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(javax.security.cert.X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (Exception e2) {
            return false;
        }
    }

    private static X509Certificate b(com.e.a.b bVar) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            byte[] bArr = new byte[bVar.d()];
            bVar.a(bArr);
            return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e2) {
            return null;
        }
    }

    private RSAPublicKey e() {
        try {
            return (RSAPublicKey) this.f17702b.getSession().getPeerCertificateChain()[0].getPublicKey();
        } catch (SSLPeerUnverifiedException e2) {
            return null;
        }
    }

    @Override // com.e.a.c.d
    final void a() throws IOException, InterruptedException, com.e.a.k {
        a(3);
        b();
        com.e.a.b a2 = a(129);
        int c2 = a2.c();
        if (c2 != 2) {
            throw new com.e.a.j("Expecting 2 certificates and got " + c2);
        }
        this.f17709d = null;
        this.f17710e = null;
        for (int i2 = 0; i2 < c2; i2++) {
            int c3 = a2.c();
            if (c3 == 1) {
                this.f17709d = a(a2, this.f17709d, "Link (type = 1)");
            } else {
                if (c3 != 2) {
                    throw new com.e.a.j("Unexpected certificate type = " + c3 + " in CERTS cell");
                }
                this.f17710e = a(a2, this.f17710e, "Identity (type = 2)");
            }
        }
        com.e.a.b a3 = a(130, 8);
        if (a3.b() == 8) {
            a(a3);
        } else {
            a(a(8));
        }
        PublicKey publicKey = this.f17710e.getPublicKey();
        a(publicKey);
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        if (rSAPublicKey.getModulus().bitLength() != 1024) {
            throw new com.e.a.j("Invalid RSA modulus length in router identity key");
        }
        try {
            this.f17710e.checkValidity();
            this.f17710e.verify(rSAPublicKey);
            this.f17709d.checkValidity();
            this.f17709d.verify(rSAPublicKey);
            if (!e().getModulus().equals(((RSAPublicKey) this.f17709d.getPublicKey()).getModulus())) {
                throw new com.e.a.j("Link certificate in CERTS cell does not match connection certificate");
            }
            c();
        } catch (GeneralSecurityException e2) {
            throw new com.e.a.j("Router presented invalid certificate chain in CERTS cell");
        }
    }
}
