package org.xbill.DNS;

import defpackage.iv;
import defpackage.iw;
import defpackage.iy;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;

/* loaded from: classes3.dex */
public class DNSSEC {

    /* loaded from: classes3.dex */
    public static class Algorithm {
        public static final int DH = 2;
        public static final int DSA = 3;
        public static final int DSA_NSEC3_SHA1 = 6;
        public static final int ECC = 4;
        public static final int INDIRECT = 252;
        public static final int PRIVATEDNS = 253;
        public static final int PRIVATEOID = 254;
        public static final int RSAMD5 = 1;
        public static final int RSASHA1 = 5;
        public static final int RSASHA256 = 8;
        public static final int RSASHA512 = 10;
        public static final int RSA_NSEC3_SHA1 = 7;
        private static iw a = new iw("DNSSEC algorithm", 2);

        static {
            a.b(255);
            a.a(true);
            a.a(1, "RSAMD5");
            a.a(2, "DH");
            a.a(3, "DSA");
            a.a(4, "ECC");
            a.a(5, "RSASHA1");
            a.a(6, "DSA-NSEC3-SHA1");
            a.a(7, "RSA-NSEC3-SHA1");
            a.a(8, "RSASHA256");
            a.a(10, "RSASHA512");
            a.a(252, "INDIRECT");
            a.a(253, "PRIVATEDNS");
            a.a(254, "PRIVATEOID");
        }

        private Algorithm() {
        }

        public static String string(int i) {
            return a.d(i);
        }

        public static int value(String str) {
            return a.b(str);
        }
    }

    /* loaded from: classes3.dex */
    public static class DNSSECException extends Exception {
        DNSSECException(String str) {
            super(str);
        }
    }

    /* loaded from: classes3.dex */
    public static class IncompatibleKeyException extends IllegalArgumentException {
        IncompatibleKeyException() {
            super("incompatible keys");
        }
    }

    /* loaded from: classes3.dex */
    public static class KeyMismatchException extends DNSSECException {
        /* JADX WARN: Illegal instructions before constructor call */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        KeyMismatchException(defpackage.iv r4, defpackage.iy r5) {
            /*
                r3 = this;
                java.lang.StringBuffer r0 = new java.lang.StringBuffer
                r0.<init>()
                java.lang.String r1 = "key "
                r0.append(r1)
                org.xbill.DNS.Name r1 = r4.getName()
                r0.append(r1)
                java.lang.String r1 = "/"
                r0.append(r1)
                int r2 = r4.getAlgorithm()
                java.lang.String r2 = org.xbill.DNS.DNSSEC.Algorithm.string(r2)
                r0.append(r2)
                r0.append(r1)
                int r4 = r4.getFootprint()
                r0.append(r4)
                java.lang.String r4 = " "
                r0.append(r4)
                java.lang.String r4 = "does not match signature "
                r0.append(r4)
                org.xbill.DNS.Name r4 = r5.getSigner()
                r0.append(r4)
                r0.append(r1)
                int r4 = r5.getAlgorithm()
                java.lang.String r4 = org.xbill.DNS.DNSSEC.Algorithm.string(r4)
                r0.append(r4)
                r0.append(r1)
                int r4 = r5.getFootprint()
                r0.append(r4)
                java.lang.String r4 = r0.toString()
                r3.<init>(r4)
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: org.xbill.DNS.DNSSEC.KeyMismatchException.<init>(iv, iy):void");
        }
    }

    /* loaded from: classes3.dex */
    public static class MalformedKeyException extends DNSSECException {
        /* JADX WARN: Illegal instructions before constructor call */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        MalformedKeyException(defpackage.iv r3) {
            /*
                r2 = this;
                java.lang.StringBuffer r0 = new java.lang.StringBuffer
                r0.<init>()
                java.lang.String r1 = "Invalid key data: "
                r0.append(r1)
                java.lang.String r3 = r3.rdataToString()
                r0.append(r3)
                java.lang.String r3 = r0.toString()
                r2.<init>(r3)
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: org.xbill.DNS.DNSSEC.MalformedKeyException.<init>(iv):void");
        }
    }

    /* loaded from: classes3.dex */
    public static class SignatureExpiredException extends DNSSECException {
        private Date a;
        private Date b;

        SignatureExpiredException(Date date, Date date2) {
            super("signature expired");
            this.a = date;
            this.b = date2;
        }

        public Date getExpiration() {
            return this.a;
        }

        public Date getVerifyTime() {
            return this.b;
        }
    }

    /* loaded from: classes3.dex */
    public static class SignatureNotYetValidException extends DNSSECException {
        private Date a;
        private Date b;

        SignatureNotYetValidException(Date date, Date date2) {
            super("signature is not yet valid");
            this.a = date;
            this.b = date2;
        }

        public Date getExpiration() {
            return this.a;
        }

        public Date getVerifyTime() {
            return this.b;
        }
    }

    /* loaded from: classes3.dex */
    public static class SignatureVerificationException extends DNSSECException {
        SignatureVerificationException() {
            super("signature verification failed");
        }
    }

    /* loaded from: classes3.dex */
    public static class UnsupportedAlgorithmException extends DNSSECException {
        /* JADX WARN: Illegal instructions before constructor call */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        UnsupportedAlgorithmException(int r3) {
            /*
                r2 = this;
                java.lang.StringBuffer r0 = new java.lang.StringBuffer
                r0.<init>()
                java.lang.String r1 = "Unsupported algorithm: "
                r0.append(r1)
                r0.append(r3)
                java.lang.String r3 = r0.toString()
                r2.<init>(r3)
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: org.xbill.DNS.DNSSEC.UnsupportedAlgorithmException.<init>(int):void");
        }
    }

    private DNSSEC() {
    }

    private static int a(BigInteger bigInteger) {
        return (bigInteger.bitLength() + 7) / 8;
    }

    private static BigInteger a(DNSInput dNSInput) {
        return new BigInteger(1, dNSInput.readByteArray());
    }

    private static BigInteger a(DNSInput dNSInput, int i) {
        return new BigInteger(1, dNSInput.readByteArray(i));
    }

    public static PublicKey a(iv ivVar) {
        int algorithm = ivVar.getAlgorithm();
        try {
            if (algorithm != 1) {
                if (algorithm != 3) {
                    if (algorithm != 10 && algorithm != 5) {
                        if (algorithm != 6) {
                            if (algorithm != 7 && algorithm != 8) {
                                throw new UnsupportedAlgorithmException(algorithm);
                            }
                        }
                    }
                }
                return c(ivVar);
            }
            return b(ivVar);
        } catch (IOException unused) {
            throw new MalformedKeyException(ivVar);
        } catch (GeneralSecurityException e) {
            throw new DNSSECException(e.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SIGRecord a(Message message, SIGRecord sIGRecord, KEYRecord kEYRecord, PrivateKey privateKey, Date date, Date date2) {
        int algorithm = kEYRecord.getAlgorithm();
        a(privateKey, algorithm);
        SIGRecord sIGRecord2 = new SIGRecord(Name.root, 255, 0L, 0, algorithm, 0L, date2, date, kEYRecord.getFootprint(), kEYRecord.getName(), null);
        DNSOutput dNSOutput = new DNSOutput();
        a(dNSOutput, sIGRecord2);
        if (sIGRecord != null) {
            dNSOutput.writeByteArray(sIGRecord.getSignature());
        }
        message.a(dNSOutput);
        sIGRecord2.a(a(privateKey, kEYRecord.getPublicKey(), algorithm, dNSOutput.toByteArray(), (String) null));
        return sIGRecord2;
    }

    static void a(PrivateKey privateKey, int i) {
        if (i != 1) {
            if (i != 3) {
                if (i != 10 && i != 5) {
                    if (i != 6) {
                        if (i != 7 && i != 8) {
                            throw new UnsupportedAlgorithmException(i);
                        }
                    }
                }
            }
            if (!(privateKey instanceof DSAPrivateKey)) {
                throw new IncompatibleKeyException();
            }
            return;
        }
        if (!(privateKey instanceof RSAPrivateKey)) {
            throw new IncompatibleKeyException();
        }
    }

    private static void a(PublicKey publicKey, int i, byte[] bArr, byte[] bArr2) {
        if (publicKey instanceof DSAPublicKey) {
            try {
                bArr2 = a(bArr2);
            } catch (IOException unused) {
                throw new IllegalStateException();
            }
        }
        try {
            Signature signature = Signature.getInstance(algString(i));
            signature.initVerify(publicKey);
            signature.update(bArr);
            if (signature.verify(bArr2)) {
            } else {
                throw new SignatureVerificationException();
            }
        } catch (GeneralSecurityException e) {
            throw new DNSSECException(e.toString());
        }
    }

    private static void a(DNSOutput dNSOutput, iy iyVar) {
        dNSOutput.writeU16(iyVar.getTypeCovered());
        dNSOutput.writeU8(iyVar.getAlgorithm());
        dNSOutput.writeU8(iyVar.getLabels());
        dNSOutput.writeU32(iyVar.getOrigTTL());
        dNSOutput.writeU32(iyVar.getExpire().getTime() / 1000);
        dNSOutput.writeU32(iyVar.getTimeSigned().getTime() / 1000);
        dNSOutput.writeU16(iyVar.getFootprint());
        iyVar.getSigner().toWireCanonical(dNSOutput);
    }

    private static void a(DNSOutput dNSOutput, BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray[0] == 0) {
            dNSOutput.writeByteArray(byteArray, 1, byteArray.length - 1);
        } else {
            dNSOutput.writeByteArray(byteArray);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(Message message, byte[] bArr, SIGRecord sIGRecord, SIGRecord sIGRecord2, KEYRecord kEYRecord) {
        if (!a(sIGRecord, kEYRecord)) {
            throw new KeyMismatchException(kEYRecord, sIGRecord);
        }
        Date date = new Date();
        if (date.compareTo(sIGRecord.getExpire()) > 0) {
            throw new SignatureExpiredException(sIGRecord.getExpire(), date);
        }
        if (date.compareTo(sIGRecord.getTimeSigned()) < 0) {
            throw new SignatureNotYetValidException(sIGRecord.getTimeSigned(), date);
        }
        DNSOutput dNSOutput = new DNSOutput();
        a(dNSOutput, sIGRecord);
        if (sIGRecord2 != null) {
            dNSOutput.writeByteArray(sIGRecord2.getSignature());
        }
        Header header = (Header) message.getHeader().clone();
        header.b(3);
        dNSOutput.writeByteArray(header.toWire());
        dNSOutput.writeByteArray(bArr, 12, message.c - 12);
        a(kEYRecord.getPublicKey(), sIGRecord.getAlgorithm(), dNSOutput.toByteArray(), sIGRecord.getSignature());
    }

    private static boolean a(iy iyVar, iv ivVar) {
        return ivVar.getAlgorithm() == iyVar.getAlgorithm() && ivVar.getFootprint() == iyVar.getFootprint() && ivVar.getName().equals(iyVar.getSigner());
    }

    private static byte[] a(PrivateKey privateKey, PublicKey publicKey, int i, byte[] bArr, String str) {
        try {
            Signature signature = str != null ? Signature.getInstance(algString(i), str) : Signature.getInstance(algString(i));
            signature.initSign(privateKey);
            signature.update(bArr);
            byte[] sign = signature.sign();
            if (!(publicKey instanceof DSAPublicKey)) {
                return sign;
            }
            try {
                return a(sign, (a(((DSAPublicKey) publicKey).getParams().getP()) - 64) / 8);
            } catch (IOException unused) {
                throw new IllegalStateException();
            }
        } catch (GeneralSecurityException e) {
            throw new DNSSECException(e.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] a(PublicKey publicKey, int i) {
        if (i != 1) {
            if (i != 3) {
                if (i != 10 && i != 5) {
                    if (i != 6) {
                        if (i != 7 && i != 8) {
                            throw new UnsupportedAlgorithmException(i);
                        }
                    }
                }
            }
            if (publicKey instanceof DSAPublicKey) {
                return a((DSAPublicKey) publicKey);
            }
            throw new IncompatibleKeyException();
        }
        if (publicKey instanceof RSAPublicKey) {
            return a((RSAPublicKey) publicKey);
        }
        throw new IncompatibleKeyException();
    }

    private static byte[] a(DSAPublicKey dSAPublicKey) {
        DNSOutput dNSOutput = new DNSOutput();
        BigInteger q = dSAPublicKey.getParams().getQ();
        BigInteger p = dSAPublicKey.getParams().getP();
        BigInteger g = dSAPublicKey.getParams().getG();
        BigInteger y = dSAPublicKey.getY();
        dNSOutput.writeU8((p.toByteArray().length - 64) / 8);
        a(dNSOutput, q);
        a(dNSOutput, p);
        a(dNSOutput, g);
        a(dNSOutput, y);
        return dNSOutput.toByteArray();
    }

    private static byte[] a(RSAPublicKey rSAPublicKey) {
        DNSOutput dNSOutput = new DNSOutput();
        BigInteger publicExponent = rSAPublicKey.getPublicExponent();
        BigInteger modulus = rSAPublicKey.getModulus();
        int a = a(publicExponent);
        if (a < 256) {
            dNSOutput.writeU8(a);
        } else {
            dNSOutput.writeU8(0);
            dNSOutput.writeU16(a);
        }
        a(dNSOutput, publicExponent);
        a(dNSOutput, modulus);
        return dNSOutput.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] a(DNSKEYRecord dNSKEYRecord, int i) {
        MessageDigest messageDigest;
        DNSOutput dNSOutput = new DNSOutput();
        dNSOutput.writeU16(dNSKEYRecord.getFootprint());
        dNSOutput.writeU8(dNSKEYRecord.getAlgorithm());
        dNSOutput.writeU8(i);
        try {
            if (i == 1) {
                messageDigest = MessageDigest.getInstance("sha-1");
            } else {
                if (i != 2) {
                    StringBuffer stringBuffer = new StringBuffer();
                    stringBuffer.append("unknown DS digest type ");
                    stringBuffer.append(i);
                    throw new IllegalArgumentException(stringBuffer.toString());
                }
                messageDigest = MessageDigest.getInstance("sha-256");
            }
            messageDigest.update(dNSKEYRecord.getName().toWire());
            messageDigest.update(dNSKEYRecord.rdataToWireCanonical());
            dNSOutput.writeByteArray(messageDigest.digest());
            return dNSOutput.toByteArray();
        } catch (NoSuchAlgorithmException unused) {
            throw new IllegalStateException("no message digest support");
        }
    }

    private static byte[] a(byte[] bArr) {
        if (bArr.length != 41) {
            throw new SignatureVerificationException();
        }
        DNSInput dNSInput = new DNSInput(bArr);
        DNSOutput dNSOutput = new DNSOutput();
        dNSInput.readU8();
        byte[] readByteArray = dNSInput.readByteArray(20);
        int i = readByteArray[0] < 0 ? 21 : 20;
        byte[] readByteArray2 = dNSInput.readByteArray(20);
        int i2 = readByteArray2[0] >= 0 ? 20 : 21;
        dNSOutput.writeU8(48);
        dNSOutput.writeU8(i + i2 + 4);
        dNSOutput.writeU8(2);
        dNSOutput.writeU8(i);
        if (i > 20) {
            dNSOutput.writeU8(0);
        }
        dNSOutput.writeByteArray(readByteArray);
        dNSOutput.writeU8(2);
        dNSOutput.writeU8(i2);
        if (i2 > 20) {
            dNSOutput.writeU8(0);
        }
        dNSOutput.writeByteArray(readByteArray2);
        return dNSOutput.toByteArray();
    }

    private static byte[] a(byte[] bArr, int i) {
        DNSInput dNSInput = new DNSInput(bArr);
        DNSOutput dNSOutput = new DNSOutput();
        dNSOutput.writeU8(i);
        if (dNSInput.readU8() != 48) {
            throw new IOException();
        }
        dNSInput.readU8();
        if (dNSInput.readU8() != 2) {
            throw new IOException();
        }
        int readU8 = dNSInput.readU8();
        if (readU8 == 21) {
            if (dNSInput.readU8() != 0) {
                throw new IOException();
            }
        } else if (readU8 != 20) {
            throw new IOException();
        }
        dNSOutput.writeByteArray(dNSInput.readByteArray(20));
        if (dNSInput.readU8() != 2) {
            throw new IOException();
        }
        int readU82 = dNSInput.readU8();
        if (readU82 == 21) {
            if (dNSInput.readU8() != 0) {
                throw new IOException();
            }
        } else if (readU82 != 20) {
            throw new IOException();
        }
        dNSOutput.writeByteArray(dNSInput.readByteArray(20));
        return dNSOutput.toByteArray();
    }

    public static String algString(int i) {
        if (i == 1) {
            return "MD5withRSA";
        }
        if (i == 3) {
            return "SHA1withDSA";
        }
        if (i == 10) {
            return "SHA512withRSA";
        }
        if (i == 5) {
            return "SHA1withRSA";
        }
        if (i == 6) {
            return "SHA1withDSA";
        }
        if (i == 7) {
            return "SHA1withRSA";
        }
        if (i == 8) {
            return "SHA256withRSA";
        }
        throw new UnsupportedAlgorithmException(i);
    }

    private static PublicKey b(iv ivVar) {
        DNSInput dNSInput = new DNSInput(ivVar.getKey());
        int readU8 = dNSInput.readU8();
        if (readU8 == 0) {
            readU8 = dNSInput.readU16();
        }
        BigInteger a = a(dNSInput, readU8);
        return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(a(dNSInput), a));
    }

    private static PublicKey c(iv ivVar) {
        DNSInput dNSInput = new DNSInput(ivVar.getKey());
        int readU8 = dNSInput.readU8();
        if (readU8 > 8) {
            throw new MalformedKeyException(ivVar);
        }
        BigInteger a = a(dNSInput, 20);
        int i = (readU8 * 8) + 64;
        BigInteger a2 = a(dNSInput, i);
        BigInteger a3 = a(dNSInput, i);
        return KeyFactory.getInstance("DSA").generatePublic(new DSAPublicKeySpec(a(dNSInput, i), a2, a, a3));
    }

    public static byte[] digestMessage(SIGRecord sIGRecord, Message message, byte[] bArr) {
        DNSOutput dNSOutput = new DNSOutput();
        a(dNSOutput, sIGRecord);
        if (bArr != null) {
            dNSOutput.writeByteArray(bArr);
        }
        message.a(dNSOutput);
        return dNSOutput.toByteArray();
    }

    public static byte[] digestRRset(RRSIGRecord rRSIGRecord, RRset rRset) {
        DNSOutput dNSOutput = new DNSOutput();
        a(dNSOutput, rRSIGRecord);
        int size = rRset.size();
        Record[] recordArr = new Record[size];
        Iterator rrs = rRset.rrs();
        Name name = rRset.getName();
        int labels = rRSIGRecord.getLabels() + 1;
        Name wild = name.labels() > labels ? name.wild(name.labels() - labels) : null;
        while (rrs.hasNext()) {
            size--;
            recordArr[size] = (Record) rrs.next();
        }
        Arrays.sort(recordArr);
        DNSOutput dNSOutput2 = new DNSOutput();
        if (wild != null) {
            wild.toWireCanonical(dNSOutput2);
        } else {
            name.toWireCanonical(dNSOutput2);
        }
        dNSOutput2.writeU16(rRset.getType());
        dNSOutput2.writeU16(rRset.getDClass());
        dNSOutput2.writeU32(rRSIGRecord.getOrigTTL());
        for (Record record : recordArr) {
            dNSOutput.writeByteArray(dNSOutput2.toByteArray());
            int current = dNSOutput.current();
            dNSOutput.writeU16(0);
            dNSOutput.writeByteArray(record.rdataToWireCanonical());
            int current2 = (dNSOutput.current() - current) - 2;
            dNSOutput.save();
            dNSOutput.jump(current);
            dNSOutput.writeU16(current2);
            dNSOutput.restore();
        }
        return dNSOutput.toByteArray();
    }

    public static RRSIGRecord sign(RRset rRset, DNSKEYRecord dNSKEYRecord, PrivateKey privateKey, Date date, Date date2) {
        return sign(rRset, dNSKEYRecord, privateKey, date, date2, null);
    }

    public static RRSIGRecord sign(RRset rRset, DNSKEYRecord dNSKEYRecord, PrivateKey privateKey, Date date, Date date2, String str) {
        int algorithm = dNSKEYRecord.getAlgorithm();
        a(privateKey, algorithm);
        RRSIGRecord rRSIGRecord = new RRSIGRecord(rRset.getName(), rRset.getDClass(), rRset.getTTL(), rRset.getType(), algorithm, rRset.getTTL(), date2, date, dNSKEYRecord.getFootprint(), dNSKEYRecord.getName(), null);
        rRSIGRecord.a(a(privateKey, dNSKEYRecord.getPublicKey(), algorithm, digestRRset(rRSIGRecord, rRset), str));
        return rRSIGRecord;
    }

    public static void verify(RRset rRset, RRSIGRecord rRSIGRecord, DNSKEYRecord dNSKEYRecord) {
        if (!a(rRSIGRecord, dNSKEYRecord)) {
            throw new KeyMismatchException(dNSKEYRecord, rRSIGRecord);
        }
        Date date = new Date();
        if (date.compareTo(rRSIGRecord.getExpire()) > 0) {
            throw new SignatureExpiredException(rRSIGRecord.getExpire(), date);
        }
        if (date.compareTo(rRSIGRecord.getTimeSigned()) < 0) {
            throw new SignatureNotYetValidException(rRSIGRecord.getTimeSigned(), date);
        }
        a(dNSKEYRecord.getPublicKey(), rRSIGRecord.getAlgorithm(), digestRRset(rRSIGRecord, rRset), rRSIGRecord.getSignature());
    }
}
