package de.measite.minidns.dnssec;

import de.measite.minidns.DNSName;
import de.measite.minidns.Question;
import de.measite.minidns.Record;
import de.measite.minidns.dnssec.UnverifiedReason;
import de.measite.minidns.dnssec.algorithms.AlgorithmMap;
import de.measite.minidns.record.DNSKEY;
import de.measite.minidns.record.DS;
import de.measite.minidns.record.Data;
import de.measite.minidns.record.NSEC;
import de.measite.minidns.record.NSEC3;
import de.measite.minidns.record.RRSIG;
import de.measite.minidns.util.Base32;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import kotlin.UByte;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: Verifier.java */
/* loaded from: classes3.dex */
public class a {
    private AlgorithmMap a = AlgorithmMap.a;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: Verifier.java */
    /* renamed from: de.measite.minidns.dnssec.a$a, reason: collision with other inner class name */
    /* loaded from: classes3.dex */
    public static class C0418a implements Comparator<byte[]> {
        final /* synthetic */ int a;

        C0418a(int i) {
            this.a = i;
        }

        @Override // java.util.Comparator
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public int compare(byte[] bArr, byte[] bArr2) {
            int length;
            int length2;
            for (int i = this.a; i < bArr.length && i < bArr2.length; i++) {
                if (bArr[i] != bArr2[i]) {
                    length = bArr[i] & UByte.f3709b;
                    length2 = bArr2[i] & UByte.f3709b;
                    break;
                }
            }
            length = bArr.length;
            length2 = bArr2.length;
            return length - length2;
        }
    }

    static byte[] a(RRSIG rrsig, List<Record<? extends Data>> list) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        try {
            rrsig.g(dataOutputStream);
            DNSName dNSName = list.get(0).a;
            if (!dNSName.m()) {
                if (dNSName.i() < rrsig.g) {
                    throw new DNSSECValidationFailedException("Invalid RRsig record");
                }
                if (dNSName.i() > rrsig.g) {
                    dNSName = DNSName.e("*." + ((Object) dNSName.t(rrsig.g)));
                }
            }
            DNSName dNSName2 = dNSName;
            ArrayList arrayList = new ArrayList();
            for (Record<? extends Data> record : list) {
                arrayList.add(new Record(dNSName2, record.f3508b, record.d, rrsig.h, record.f).k());
            }
            Collections.sort(arrayList, new C0418a(dNSName2.s() + 10));
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                dataOutputStream.write((byte[]) it.next());
            }
            dataOutputStream.flush();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    static byte[] b(DigestCalculator digestCalculator, byte[] bArr, byte[] bArr2, int i) {
        while (true) {
            int i2 = i - 1;
            if (i < 0) {
                return bArr2;
            }
            byte[] bArr3 = new byte[bArr2.length + bArr.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(bArr, 0, bArr3, bArr2.length, bArr.length);
            bArr2 = digestCalculator.a(bArr3);
            i = i2;
        }
    }

    static boolean c(DNSName dNSName, DNSName dNSName2, DNSName dNSName3) {
        int i = dNSName2.i();
        int i2 = dNSName3.i();
        int i3 = dNSName.i();
        if (i3 > i && !dNSName.k(dNSName2) && dNSName.t(i).compareTo(dNSName2) < 0) {
            return false;
        }
        if (i3 <= i && dNSName.compareTo(dNSName2.t(i3)) < 0) {
            return false;
        }
        if (i3 <= i2 || dNSName.k(dNSName3) || dNSName.t(i2).compareTo(dNSName3) <= 0) {
            return i3 > i2 || dNSName.compareTo(dNSName3.t(i3)) < 0;
        }
        return false;
    }

    static boolean d(String str, String str2, String str3) {
        return c(DNSName.e(str), DNSName.e(str2), DNSName.e(str3));
    }

    static String e(String str, int i) {
        if (str.isEmpty() && i == 0) {
            return str;
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException();
        }
        String[] split = str.split("\\.");
        if (split.length == i) {
            return str;
        }
        if (split.length < i) {
            throw new IllegalArgumentException();
        }
        StringBuilder sb = new StringBuilder();
        for (int length = split.length - i; length < split.length; length++) {
            sb.append(split[length]);
            if (length != split.length - 1) {
                sb.append('.');
            }
        }
        return sb.toString();
    }

    public UnverifiedReason f(Record<DNSKEY> record, DS ds) {
        DNSKEY dnskey = record.f;
        DigestCalculator a = this.a.a(ds.g);
        if (a == null) {
            return new UnverifiedReason.AlgorithmNotSupportedReason(ds.h, "DS", record);
        }
        byte[] d = dnskey.d();
        byte[] f = record.a.f();
        byte[] bArr = new byte[f.length + d.length];
        System.arraycopy(f, 0, bArr, 0, f.length);
        System.arraycopy(d, 0, bArr, f.length, d.length);
        try {
            if (ds.f(a.a(bArr))) {
                return null;
            }
            throw new DNSSECValidationFailedException(record, "SEP is not properly signed by parent DS!");
        } catch (Exception e) {
            return new UnverifiedReason.AlgorithmExceptionThrownReason(ds.g, "DS", record, e);
        }
    }

    public UnverifiedReason g(List<Record<? extends Data>> list, RRSIG rrsig, DNSKEY dnskey) {
        SignatureVerifier c = this.a.c(rrsig.e);
        if (c == null) {
            return new UnverifiedReason.AlgorithmNotSupportedReason(rrsig.f, "RRSIG", list.get(0));
        }
        if (c.a(a(rrsig, list), rrsig.m, dnskey.f())) {
            return null;
        }
        throw new DNSSECValidationFailedException(list, "Signature is invalid.");
    }

    public UnverifiedReason h(Record<? extends Data> record, Question question) {
        NSEC nsec = (NSEC) record.f;
        if ((!record.a.equals(question.f3505b) || Arrays.asList(nsec.e).contains(question.c)) && !c(question.f3505b, record.a, nsec.c)) {
            return new UnverifiedReason.NSECDoesNotMatchReason(question, record);
        }
        return null;
    }

    public UnverifiedReason i(DNSName dNSName, Record<? extends Data> record, Question question) {
        NSEC3 nsec3 = (NSEC3) record.f;
        DigestCalculator b2 = this.a.b(nsec3.f);
        if (b2 == null) {
            return new UnverifiedReason.AlgorithmNotSupportedReason(nsec3.g, "NSEC3", record);
        }
        String a = Base32.a(b(b2, nsec3.j, question.f3505b.f(), nsec3.i));
        if (!record.a.equals(DNSName.e(a + "." + ((Object) dNSName)))) {
            if (d(a, record.a.h(), Base32.a(nsec3.k))) {
                return null;
            }
            return new UnverifiedReason.NSECDoesNotMatchReason(question, record);
        }
        for (Record.TYPE type : nsec3.m) {
            if (type.equals(question.c)) {
                return new UnverifiedReason.NSECDoesNotMatchReason(question, record);
            }
        }
        return null;
    }

    public UnverifiedReason j(CharSequence charSequence, Record<? extends Data> record, Question question) {
        return i(DNSName.d(charSequence), record, question);
    }
}
