package com.e.a.c;

import com.e.a.j;
import com.e.a.k;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.codehaus.jackson.org.objectweb.asm.Opcodes;

/* loaded from: classes2.dex */
public final class d extends b {

    /* renamed from: d, reason: collision with root package name */
    private X509Certificate f4704d;

    /* renamed from: e, reason: collision with root package name */
    private X509Certificate f4705e;

    /* JADX INFO: Access modifiers changed from: package-private */
    public d(e eVar, SSLSocket sSLSocket) {
        super(eVar, sSLSocket);
    }

    private static String a(String str) {
        int indexOf = str.indexOf("CN=");
        if (indexOf == -1) {
            return "";
        }
        int indexOf2 = str.indexOf(44, indexOf);
        return indexOf2 == -1 ? str.substring(indexOf) : str.substring(indexOf, indexOf2);
    }

    private static X509Certificate a(com.e.a.b bVar, X509Certificate x509Certificate, String str) throws j {
        if (x509Certificate == null) {
            return b(bVar);
        }
        throw new j("Duplicate " + str + " certificates in CERTS cell");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static javax.security.cert.X509Certificate a(SSLSession sSLSession) {
        try {
            return sSLSession.getPeerCertificateChain()[0];
        } catch (SSLPeerUnverifiedException unused) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(Principal principal) {
        String name = principal.getName();
        return name.indexOf(",") >= 0 || !a(name).endsWith(".net");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(javax.security.cert.X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    private static X509Certificate b(com.e.a.b bVar) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            byte[] bArr = new byte[bVar.d()];
            bVar.a(bArr);
            return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException unused) {
            return null;
        }
    }

    private RSAPublicKey e() {
        try {
            return (RSAPublicKey) this.b.getSession().getPeerCertificateChain()[0].getPublicKey();
        } catch (SSLPeerUnverifiedException unused) {
            return null;
        }
    }

    @Override // com.e.a.c.b
    final void a() throws IOException, InterruptedException, k {
        a(3);
        b();
        com.e.a.b a2 = a(Integer.valueOf(Opcodes.LOR));
        int c2 = a2.c();
        if (c2 != 2) {
            throw new j("Expecting 2 certificates and got ".concat(String.valueOf(c2)));
        }
        this.f4704d = null;
        this.f4705e = null;
        int i = 0;
        do {
            int c3 = a2.c();
            if (c3 == 1) {
                this.f4704d = a(a2, this.f4704d, "Link (type = 1)");
            } else {
                if (c3 != 2) {
                    throw new j("Unexpected certificate type = " + c3 + " in CERTS cell");
                }
                this.f4705e = a(a2, this.f4705e, "Identity (type = 2)");
            }
            i++;
        } while (i < c2);
        com.e.a.b a3 = a(Integer.valueOf(Opcodes.IXOR), 8);
        if (a3.b() == 8) {
            a(a3);
        } else {
            Integer.valueOf(8);
            a(a(8));
        }
        PublicKey publicKey = this.f4705e.getPublicKey();
        a(publicKey);
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        if (rSAPublicKey.getModulus().bitLength() != 1024) {
            throw new j("Invalid RSA modulus length in router identity key");
        }
        try {
            this.f4705e.checkValidity();
            this.f4705e.verify(rSAPublicKey);
            this.f4704d.checkValidity();
            this.f4704d.verify(rSAPublicKey);
            if (!e().getModulus().equals(((RSAPublicKey) this.f4704d.getPublicKey()).getModulus())) {
                throw new j("Link certificate in CERTS cell does not match connection certificate");
            }
            c();
        } catch (GeneralSecurityException unused) {
            throw new j("Router presented invalid certificate chain in CERTS cell");
        }
    }
}
