package de.measite.minidns.dnssec;

import de.measite.minidns.DNSName;
import de.measite.minidns.Question;
import de.measite.minidns.Record;
import de.measite.minidns.dnssec.UnverifiedReason;
import de.measite.minidns.dnssec.algorithms.AlgorithmMap;
import de.measite.minidns.record.DNSKEY;
import de.measite.minidns.record.DS;
import de.measite.minidns.record.Data;
import de.measite.minidns.record.NSEC;
import de.measite.minidns.record.NSEC3;
import de.measite.minidns.record.RRSIG;
import de.measite.minidns.util.Base32;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: Verifier.java */
/* loaded from: classes2.dex */
public final class b {

    /* renamed from: a, reason: collision with root package name */
    private AlgorithmMap f3267a = AlgorithmMap.f3255a;

    public static UnverifiedReason a(Record<? extends Data> record, Question question) {
        NSEC nsec = (NSEC) record.f;
        if ((!record.f3214a.equals(question.f3208a) || Arrays.asList(nsec.f3311b).contains(question.f3209b)) && !a(question.f3208a, record.f3214a, nsec.f3310a)) {
            return new UnverifiedReason.NSECDoesNotMatchReason(question, record);
        }
        return null;
    }

    private UnverifiedReason a(CharSequence charSequence, Record<? extends Data> record, Question question) {
        return a(DNSName.a(charSequence), record, question);
    }

    private static String a(String str, int i) {
        if (str.isEmpty() && i == 0) {
            return str;
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException();
        }
        String[] split = str.split("\\.");
        if (split.length == i) {
            return str;
        }
        if (split.length < i) {
            throw new IllegalArgumentException();
        }
        StringBuilder sb = new StringBuilder();
        for (int length = split.length - i; length < split.length; length++) {
            sb.append(split[length]);
            if (length != split.length - 1) {
                sb.append('.');
            }
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(DNSName dNSName, DNSName dNSName2, DNSName dNSName3) {
        int d = dNSName2.d();
        int d2 = dNSName3.d();
        int d3 = dNSName.d();
        if (d3 > d && !dNSName.b(dNSName2) && dNSName.a(d).compareTo(dNSName2) < 0) {
            return false;
        }
        if (d3 <= d && dNSName.compareTo(dNSName2.a(d3)) < 0) {
            return false;
        }
        if (d3 <= d2 || dNSName.b(dNSName3) || dNSName.a(d2).compareTo(dNSName3) <= 0) {
            return d3 > d2 || dNSName.compareTo(dNSName3.a(d3)) < 0;
        }
        return false;
    }

    private static boolean a(String str, String str2, String str3) {
        return a(DNSName.a(str), DNSName.a(str2), DNSName.a(str3));
    }

    private static byte[] a(DigestCalculator digestCalculator, byte[] bArr, byte[] bArr2, int i) {
        while (true) {
            int i2 = i - 1;
            if (i < 0) {
                return bArr2;
            }
            byte[] bArr3 = new byte[bArr2.length + bArr.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(bArr, 0, bArr3, bArr2.length, bArr.length);
            bArr2 = digestCalculator.a(bArr3);
            i = i2;
        }
    }

    private static byte[] a(RRSIG rrsig, List<Record<? extends Data>> list) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        try {
            rrsig.c(dataOutputStream);
            DNSName dNSName = list.get(0).f3214a;
            if (!dNSName.f()) {
                if (dNSName.d() < rrsig.d) {
                    throw new DNSSECValidationFailedException("Invalid RRsig record");
                }
                if (dNSName.d() > rrsig.d) {
                    dNSName = DNSName.a("*." + ((Object) dNSName.a(rrsig.d)));
                }
            }
            DNSName dNSName2 = dNSName;
            ArrayList arrayList = new ArrayList();
            for (Record<? extends Data> record : list) {
                arrayList.add(new Record(dNSName2, record.f3215b, record.d, rrsig.e, record.f).a());
            }
            Collections.sort(arrayList, new c(dNSName2.c() + 10));
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                dataOutputStream.write((byte[]) it.next());
            }
            dataOutputStream.flush();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public final UnverifiedReason a(DNSName dNSName, Record<? extends Data> record, Question question) {
        int i;
        NSEC3 nsec3 = (NSEC3) record.f;
        DigestCalculator a2 = this.f3267a.a(nsec3.f3313b);
        if (a2 == null) {
            return new UnverifiedReason.AlgorithmNotSupportedReason(nsec3.c, "NSEC3", record);
        }
        byte[] bArr = nsec3.f;
        byte[] a3 = question.f3208a.a();
        int i2 = nsec3.e;
        while (true) {
            int i3 = i2 - 1;
            if (i2 < 0) {
                break;
            }
            byte[] bArr2 = new byte[a3.length + bArr.length];
            System.arraycopy(a3, 0, bArr2, 0, a3.length);
            System.arraycopy(bArr, 0, bArr2, a3.length, bArr.length);
            a3 = a2.a(bArr2);
            i2 = i3;
        }
        String a4 = Base32.a(a3);
        if (!record.f3214a.equals(DNSName.a(a4 + "." + ((Object) dNSName)))) {
            if (a(DNSName.a(a4), DNSName.a(record.f3214a.b()), DNSName.a(Base32.a(nsec3.g)))) {
                return null;
            }
            return new UnverifiedReason.NSECDoesNotMatchReason(question, record);
        }
        for (Record.TYPE type : nsec3.h) {
            if (type.equals(question.f3209b)) {
                return new UnverifiedReason.NSECDoesNotMatchReason(question, record);
            }
        }
        return null;
    }

    public final UnverifiedReason a(Record<DNSKEY> record, DS ds) {
        DNSKEY dnskey = record.f;
        DigestCalculator a2 = this.f3267a.a(ds.d);
        if (a2 == null) {
            return new UnverifiedReason.AlgorithmNotSupportedReason(ds.e, "DS", record);
        }
        byte[] e = dnskey.e();
        byte[] a3 = record.f3214a.a();
        byte[] bArr = new byte[a3.length + e.length];
        System.arraycopy(a3, 0, bArr, 0, a3.length);
        System.arraycopy(e, 0, bArr, a3.length, e.length);
        try {
            if (ds.a(a2.a(bArr))) {
                return null;
            }
            throw new DNSSECValidationFailedException(record, "SEP is not properly signed by parent DS!");
        } catch (Exception e2) {
            return new UnverifiedReason.AlgorithmExceptionThrownReason(ds.d, "DS", record, e2);
        }
    }

    public final UnverifiedReason a(List<Record<? extends Data>> list, RRSIG rrsig, DNSKEY dnskey) {
        SignatureVerifier a2 = this.f3267a.a(rrsig.f3323b);
        if (a2 == null) {
            return new UnverifiedReason.AlgorithmNotSupportedReason(rrsig.c, "RRSIG", list.get(0));
        }
        if (a2.a(a(rrsig, list), rrsig.j, dnskey.c())) {
            return null;
        }
        throw new DNSSECValidationFailedException(list, "Signature is invalid.");
    }
}
