package org.minidns.dnssec;

import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import kotlin.UByte;
import okhttp3.CertificatePinner;
import org.minidns.dnsmessage.Question;
import org.minidns.dnsname.DnsName;
import org.minidns.dnssec.UnverifiedReason;
import org.minidns.dnssec.algorithms.AlgorithmMap;
import org.minidns.record.DNSKEY;
import org.minidns.record.Data;
import org.minidns.record.DelegatingDnssecRR;
import org.minidns.record.NSEC;
import org.minidns.record.NSEC3;
import org.minidns.record.RRSIG;
import org.minidns.record.Record;
import org.minidns.util.Base32;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class Verifier {

    /* renamed from: a, reason: collision with root package name */
    public AlgorithmMap f34533a = AlgorithmMap.e;

    public static byte[] a(RRSIG rrsig, List<Record<? extends Data>> list) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        try {
            rrsig.i(dataOutputStream);
            DnsName dnsName = list.get(0).f34676a;
            if (!dnsName.v()) {
                if (dnsName.m() < rrsig.f34668f) {
                    throw new DnssecValidationFailedException("Invalid RRsig record");
                }
                if (dnsName.m() > rrsig.f34668f) {
                    dnsName = DnsName.d(CertificatePinner.f31114c + ((Object) dnsName.D(rrsig.f34668f)));
                }
            }
            DnsName dnsName2 = dnsName;
            ArrayList arrayList = new ArrayList();
            for (Record<? extends Data> record : list) {
                arrayList.add(new Record(dnsName2, record.f34677b, record.d, rrsig.f34669g, record.f34679f).k());
            }
            final int C = dnsName2.C() + 10;
            Collections.sort(arrayList, new Comparator<byte[]>() { // from class: org.minidns.dnssec.Verifier.1
                @Override // java.util.Comparator
                /* renamed from: a, reason: merged with bridge method [inline-methods] */
                public int compare(byte[] bArr, byte[] bArr2) {
                    int length;
                    int length2;
                    for (int i2 = C; i2 < bArr.length && i2 < bArr2.length; i2++) {
                        if (bArr[i2] != bArr2[i2]) {
                            length = bArr[i2] & UByte.f27485c;
                            length2 = bArr2[i2] & UByte.f27485c;
                            break;
                        }
                    }
                    length = bArr.length;
                    length2 = bArr2.length;
                    return length - length2;
                }
            });
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                dataOutputStream.write((byte[]) it.next());
            }
            dataOutputStream.flush();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] b(DigestCalculator digestCalculator, byte[] bArr, byte[] bArr2, int i2) {
        while (true) {
            int i3 = i2 - 1;
            if (i2 < 0) {
                return bArr2;
            }
            byte[] bArr3 = new byte[bArr2.length + bArr.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(bArr, 0, bArr3, bArr2.length, bArr.length);
            bArr2 = digestCalculator.a(bArr3);
            i2 = i3;
        }
    }

    public static boolean c(String str, String str2, String str3) {
        return d(DnsName.d(str), DnsName.d(str2), DnsName.d(str3));
    }

    public static boolean d(DnsName dnsName, DnsName dnsName2, DnsName dnsName3) {
        int m2 = dnsName2.m();
        int m3 = dnsName3.m();
        int m4 = dnsName.m();
        if (m4 > m2 && !dnsName.t(dnsName2) && dnsName.D(m2).compareTo(dnsName2) < 0) {
            return false;
        }
        if (m4 <= m2 && dnsName.compareTo(dnsName2.D(m4)) < 0) {
            return false;
        }
        if (m4 <= m3 || dnsName.t(dnsName3) || dnsName.D(m3).compareTo(dnsName3) <= 0) {
            return m4 > m3 || dnsName.compareTo(dnsName3.D(m4)) < 0;
        }
        return false;
    }

    public static String e(String str, int i2) {
        if (str.isEmpty() && i2 == 0) {
            return str;
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException();
        }
        String[] split = str.split("\\.");
        if (split.length == i2) {
            return str;
        }
        if (split.length < i2) {
            throw new IllegalArgumentException();
        }
        StringBuilder sb = new StringBuilder();
        for (int length = split.length - i2; length < split.length; length++) {
            sb.append(split[length]);
            if (length != split.length - 1) {
                sb.append('.');
            }
        }
        return sb.toString();
    }

    public UnverifiedReason f(List<Record<? extends Data>> list, RRSIG rrsig, DNSKEY dnskey) {
        SignatureVerifier c2 = this.f34533a.c(rrsig.d);
        if (c2 == null) {
            return new UnverifiedReason.AlgorithmNotSupportedReason(rrsig.e, rrsig.a(), list.get(0));
        }
        if (c2.a(a(rrsig, list), rrsig.f34674l, dnskey.h())) {
            return null;
        }
        throw new DnssecValidationFailedException(list, "Signature is invalid.");
    }

    public UnverifiedReason g(Record<DNSKEY> record, DelegatingDnssecRR delegatingDnssecRR) {
        DNSKEY dnskey = record.f34679f;
        DigestCalculator a2 = this.f34533a.a(delegatingDnssecRR.f34637f);
        if (a2 == null) {
            return new UnverifiedReason.AlgorithmNotSupportedReason(delegatingDnssecRR.f34638g, delegatingDnssecRR.a(), record);
        }
        byte[] f2 = dnskey.f();
        byte[] i2 = record.f34676a.i();
        byte[] bArr = new byte[i2.length + f2.length];
        System.arraycopy(i2, 0, bArr, 0, i2.length);
        System.arraycopy(f2, 0, bArr, i2.length, f2.length);
        try {
            if (delegatingDnssecRR.h(a2.a(bArr))) {
                return null;
            }
            throw new DnssecValidationFailedException(record, "SEP is not properly signed by parent DS!");
        } catch (Exception e) {
            return new UnverifiedReason.AlgorithmExceptionThrownReason(delegatingDnssecRR.f34637f, "DS", record, e);
        }
    }

    public UnverifiedReason h(Record<? extends Data> record, Question question) {
        NSEC nsec = (NSEC) record.f34679f;
        if ((!record.f34676a.equals(question.f34485a) || Arrays.asList(nsec.e).contains(question.f34486b)) && !d(question.f34485a, record.f34676a, nsec.f34647c)) {
            return new UnverifiedReason.NSECDoesNotMatchReason(question, record);
        }
        return null;
    }

    public UnverifiedReason i(CharSequence charSequence, Record<? extends Data> record, Question question) {
        return j(DnsName.c(charSequence), record, question);
    }

    public UnverifiedReason j(DnsName dnsName, Record<? extends Data> record, Question question) {
        NSEC3 nsec3 = (NSEC3) record.f34679f;
        DigestCalculator b2 = this.f34533a.b(nsec3.f34651c);
        if (b2 == null) {
            return new UnverifiedReason.AlgorithmNotSupportedReason(nsec3.d, nsec3.a(), record);
        }
        String a2 = Base32.a(b(b2, nsec3.f34653g, question.f34485a.i(), nsec3.f34652f));
        if (!record.f34676a.equals(DnsName.d(a2 + "." + ((Object) dnsName)))) {
            if (c(a2, record.f34676a.l(), Base32.a(nsec3.f34654h))) {
                return null;
            }
            return new UnverifiedReason.NSECDoesNotMatchReason(question, record);
        }
        for (Record.TYPE type : nsec3.f34656j) {
            if (type.equals(question.f34486b)) {
                return new UnverifiedReason.NSECDoesNotMatchReason(question, record);
            }
        }
        return null;
    }
}
