package org.minidns.dnssec;

import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import org.minidns.dnsmessage.Question;
import org.minidns.dnsname.DnsName;
import org.minidns.dnssec.UnverifiedReason;
import org.minidns.dnssec.algorithms.AlgorithmMap;
import org.minidns.record.DNSKEY;
import org.minidns.record.Data;
import org.minidns.record.DelegatingDnssecRR;
import org.minidns.record.NSEC;
import org.minidns.record.NSEC3;
import org.minidns.record.RRSIG;
import org.minidns.record.Record;
import org.minidns.util.Base32;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class Verifier {
    private AlgorithmMap a = AlgorithmMap.e;

    static byte[] a(RRSIG rrsig, List<Record<? extends Data>> list) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        try {
            rrsig.j(dataOutputStream);
            DnsName dnsName = list.get(0).a;
            if (!dnsName.o()) {
                if (dnsName.j() < rrsig.h) {
                    throw new DnssecValidationFailedException("Invalid RRsig record");
                }
                if (dnsName.j() > rrsig.h) {
                    dnsName = DnsName.f("*." + ((Object) dnsName.w(rrsig.h)));
                }
            }
            DnsName dnsName2 = dnsName;
            ArrayList arrayList = new ArrayList();
            for (Record<? extends Data> record : list) {
                arrayList.add(new Record(dnsName2, record.b, record.d, rrsig.i, record.f).f());
            }
            final int size = dnsName2.size() + 10;
            Collections.sort(arrayList, new Comparator<byte[]>() { // from class: org.minidns.dnssec.Verifier.1
                @Override // java.util.Comparator
                /* renamed from: a, reason: merged with bridge method [inline-methods] */
                public int compare(byte[] bArr, byte[] bArr2) {
                    int length;
                    int length2;
                    for (int i = size; i < bArr.length && i < bArr2.length; i++) {
                        if (bArr[i] != bArr2[i]) {
                            length = bArr[i] & 255;
                            length2 = bArr2[i] & 255;
                            break;
                        }
                    }
                    length = bArr.length;
                    length2 = bArr2.length;
                    return length - length2;
                }
            });
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                dataOutputStream.write((byte[]) it.next());
            }
            dataOutputStream.flush();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    static byte[] b(DigestCalculator digestCalculator, byte[] bArr, byte[] bArr2, int i) {
        while (true) {
            int i2 = i - 1;
            if (i < 0) {
                return bArr2;
            }
            byte[] bArr3 = new byte[bArr2.length + bArr.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(bArr, 0, bArr3, bArr2.length, bArr.length);
            bArr2 = digestCalculator.a(bArr3);
            i = i2;
        }
    }

    static boolean c(String str, String str2, String str3) {
        return d(DnsName.f(str), DnsName.f(str2), DnsName.f(str3));
    }

    static boolean d(DnsName dnsName, DnsName dnsName2, DnsName dnsName3) {
        int j = dnsName2.j();
        int j2 = dnsName3.j();
        int j3 = dnsName.j();
        if (j3 > j && !dnsName.n(dnsName2) && dnsName.w(j).compareTo(dnsName2) < 0) {
            return false;
        }
        if (j3 <= j && dnsName.compareTo(dnsName2.w(j3)) < 0) {
            return false;
        }
        if (j3 <= j2 || dnsName.n(dnsName3) || dnsName.w(j2).compareTo(dnsName3) <= 0) {
            return j3 > j2 || dnsName.compareTo(dnsName3.w(j3)) < 0;
        }
        return false;
    }

    public UnverifiedReason e(List<Record<? extends Data>> list, RRSIG rrsig, DNSKEY dnskey) {
        SignatureVerifier c = this.a.c(rrsig.f);
        if (c == null) {
            return new UnverifiedReason.AlgorithmNotSupportedReason(rrsig.g, rrsig.d(), list.get(0));
        }
        if (c.a(a(rrsig, list), rrsig.n, dnskey.i())) {
            return null;
        }
        throw new DnssecValidationFailedException(list, "Signature is invalid.");
    }

    public UnverifiedReason f(Record<DNSKEY> record, DelegatingDnssecRR delegatingDnssecRR) {
        DNSKEY dnskey = record.f;
        DigestCalculator a = this.a.a(delegatingDnssecRR.h);
        if (a == null) {
            return new UnverifiedReason.AlgorithmNotSupportedReason(delegatingDnssecRR.i, delegatingDnssecRR.d(), record);
        }
        byte[] g = dnskey.g();
        byte[] h = record.a.h();
        byte[] bArr = new byte[h.length + g.length];
        System.arraycopy(h, 0, bArr, 0, h.length);
        System.arraycopy(g, 0, bArr, h.length, g.length);
        try {
            if (delegatingDnssecRR.i(a.a(bArr))) {
                return null;
            }
            throw new DnssecValidationFailedException(record, "SEP is not properly signed by parent DS!");
        } catch (Exception e) {
            return new UnverifiedReason.AlgorithmExceptionThrownReason(delegatingDnssecRR.h, "DS", record, e);
        }
    }

    public UnverifiedReason g(Record<? extends Data> record, Question question) {
        NSEC nsec = (NSEC) record.f;
        if ((!record.a.equals(question.a) || Arrays.asList(nsec.g).contains(question.b)) && !d(question.a, record.a, nsec.e)) {
            return new UnverifiedReason.NSECDoesNotMatchReason(question, record);
        }
        return null;
    }

    public UnverifiedReason h(DnsName dnsName, Record<? extends Data> record, Question question) {
        NSEC3 nsec3 = (NSEC3) record.f;
        DigestCalculator b = this.a.b(nsec3.e);
        if (b == null) {
            return new UnverifiedReason.AlgorithmNotSupportedReason(nsec3.f, nsec3.d(), record);
        }
        String a = Base32.a(b(b, nsec3.i, question.a.h(), nsec3.h));
        if (!record.a.equals(DnsName.f(a + "." + ((Object) dnsName)))) {
            if (c(a, record.a.i(), Base32.a(nsec3.j))) {
                return null;
            }
            return new UnverifiedReason.NSECDoesNotMatchReason(question, record);
        }
        for (Record.TYPE type : nsec3.l) {
            if (type.equals(question.b)) {
                return new UnverifiedReason.NSECDoesNotMatchReason(question, record);
            }
        }
        return null;
    }
}
