package org.xbill.DNS;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;

/* loaded from: classes.dex */
public class DNSSEC {

    /* renamed from: a, reason: collision with root package name */
    private static final int f3117a = 48;
    private static final int b = 2;
    private static final int c = 20;

    /* loaded from: classes.dex */
    public static class DNSSECException extends Exception {
        DNSSECException(String str) {
            super(str);
        }
    }

    /* loaded from: classes.dex */
    public static class IncompatibleKeyException extends IllegalArgumentException {
        IncompatibleKeyException() {
            super("incompatible keys");
        }
    }

    /* loaded from: classes.dex */
    public static class KeyMismatchException extends DNSSECException {
        private KEYBase key;
        private SIGBase sig;

        KeyMismatchException(KEYBase kEYBase, SIGBase sIGBase) {
            super("key " + kEYBase.getName() + "/" + a.a(kEYBase.getAlgorithm()) + "/" + kEYBase.getFootprint() + " does not match signature " + sIGBase.getSigner() + "/" + a.a(sIGBase.getAlgorithm()) + "/" + sIGBase.getFootprint());
        }
    }

    /* loaded from: classes.dex */
    public static class MalformedKeyException extends DNSSECException {
        MalformedKeyException(KEYBase kEYBase) {
            super("Invalid key data: " + kEYBase.rdataToString());
        }
    }

    /* loaded from: classes.dex */
    public static class SignatureExpiredException extends DNSSECException {
        private Date now;
        private Date when;

        SignatureExpiredException(Date date, Date date2) {
            super("signature expired");
            this.when = date;
            this.now = date2;
        }

        public Date getExpiration() {
            return this.when;
        }

        public Date getVerifyTime() {
            return this.now;
        }
    }

    /* loaded from: classes.dex */
    public static class SignatureNotYetValidException extends DNSSECException {
        private Date now;
        private Date when;

        SignatureNotYetValidException(Date date, Date date2) {
            super("signature is not yet valid");
            this.when = date;
            this.now = date2;
        }

        public Date getExpiration() {
            return this.when;
        }

        public Date getVerifyTime() {
            return this.now;
        }
    }

    /* loaded from: classes.dex */
    public static class SignatureVerificationException extends DNSSECException {
        SignatureVerificationException() {
            super("signature verification failed");
        }
    }

    /* loaded from: classes.dex */
    public static class UnsupportedAlgorithmException extends DNSSECException {
        UnsupportedAlgorithmException(int i) {
            super("Unsupported algorithm: " + i);
        }
    }

    /* loaded from: classes.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public static final int f3118a = 1;
        public static final int b = 2;
        public static final int c = 3;
        public static final int d = 4;
        public static final int e = 5;
        public static final int f = 6;
        public static final int g = 7;
        public static final int h = 8;
        public static final int i = 10;
        public static final int j = 252;
        public static final int k = 253;
        public static final int l = 254;
        private static q m = new q("DNSSEC algorithm", 2);

        static {
            m.b(255);
            m.a(true);
            m.a(1, "RSAMD5");
            m.a(2, "DH");
            m.a(3, "DSA");
            m.a(4, "ECC");
            m.a(5, "RSASHA1");
            m.a(6, "DSA-NSEC3-SHA1");
            m.a(7, "RSA-NSEC3-SHA1");
            m.a(8, "RSASHA256");
            m.a(10, "RSASHA512");
            m.a(252, "INDIRECT");
            m.a(253, "PRIVATEDNS");
            m.a(254, "PRIVATEOID");
        }

        private a() {
        }

        public static int a(String str) {
            return m.b(str);
        }

        public static String a(int i2) {
            return m.d(i2);
        }
    }

    private DNSSEC() {
    }

    private static int a(BigInteger bigInteger) {
        return (bigInteger.bitLength() + 7) / 8;
    }

    private static String a(int i) throws UnsupportedAlgorithmException {
        switch (i) {
            case 1:
                return "MD5withRSA";
            case 2:
            case 4:
            case 9:
            default:
                throw new UnsupportedAlgorithmException(i);
            case 3:
            case 6:
                return "SHA1withDSA";
            case 5:
            case 7:
                return "SHA1withRSA";
            case 8:
                return "SHA256withRSA";
            case 10:
                return "SHA512withRSA";
        }
    }

    private static BigInteger a(f fVar) {
        return new BigInteger(1, fVar.i());
    }

    private static BigInteger a(f fVar, int i) throws IOException {
        return new BigInteger(1, fVar.c(i));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PublicKey a(KEYBase kEYBase) throws DNSSECException {
        int algorithm = kEYBase.getAlgorithm();
        try {
            switch (algorithm) {
                case 1:
                case 5:
                case 7:
                case 8:
                case 10:
                    return b(kEYBase);
                case 2:
                case 4:
                case 9:
                default:
                    throw new UnsupportedAlgorithmException(algorithm);
                case 3:
                case 6:
                    return c(kEYBase);
            }
        } catch (IOException e) {
            throw new MalformedKeyException(kEYBase);
        } catch (GeneralSecurityException e2) {
            throw new DNSSECException(e2.toString());
        }
    }

    public static RRSIGRecord a(RRset rRset, DNSKEYRecord dNSKEYRecord, PrivateKey privateKey, Date date, Date date2) throws DNSSECException {
        int algorithm = dNSKEYRecord.getAlgorithm();
        a(privateKey, algorithm);
        RRSIGRecord rRSIGRecord = new RRSIGRecord(rRset.getName(), rRset.getDClass(), rRset.getTTL(), rRset.getType(), algorithm, rRset.getTTL(), date2, date, dNSKEYRecord.getFootprint(), dNSKEYRecord.getName(), null);
        rRSIGRecord.setSignature(a(privateKey, dNSKEYRecord.getPublicKey(), algorithm, a(rRSIGRecord, rRset)));
        return rRSIGRecord;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SIGRecord a(p pVar, SIGRecord sIGRecord, KEYRecord kEYRecord, PrivateKey privateKey, Date date, Date date2) throws DNSSECException {
        int algorithm = kEYRecord.getAlgorithm();
        a(privateKey, algorithm);
        SIGRecord sIGRecord2 = new SIGRecord(Name.root, 255, 0L, 0, algorithm, 0L, date2, date, kEYRecord.getFootprint(), kEYRecord.getName(), null);
        g gVar = new g();
        a(gVar, sIGRecord2);
        if (sIGRecord != null) {
            gVar.a(sIGRecord.getSignature());
        }
        pVar.a(gVar);
        sIGRecord2.setSignature(a(privateKey, kEYRecord.getPublicKey(), algorithm, gVar.d()));
        return sIGRecord2;
    }

    static void a(PrivateKey privateKey, int i) throws UnsupportedAlgorithmException {
        switch (i) {
            case 1:
            case 5:
            case 7:
            case 8:
            case 10:
                if (!(privateKey instanceof RSAPrivateKey)) {
                    throw new IncompatibleKeyException();
                }
                return;
            case 2:
            case 4:
            case 9:
            default:
                throw new UnsupportedAlgorithmException(i);
            case 3:
            case 6:
                if (!(privateKey instanceof DSAPrivateKey)) {
                    throw new IncompatibleKeyException();
                }
                return;
        }
    }

    private static void a(PublicKey publicKey, int i, byte[] bArr, byte[] bArr2) throws DNSSECException {
        if (publicKey instanceof DSAPublicKey) {
            try {
                bArr2 = a(bArr2);
            } catch (IOException e) {
                throw new IllegalStateException();
            }
        }
        try {
            Signature signature = Signature.getInstance(a(i));
            signature.initVerify(publicKey);
            signature.update(bArr);
            if (signature.verify(bArr2)) {
            } else {
                throw new SignatureVerificationException();
            }
        } catch (GeneralSecurityException e2) {
            throw new DNSSECException(e2.toString());
        }
    }

    public static void a(RRset rRset, RRSIGRecord rRSIGRecord, DNSKEYRecord dNSKEYRecord) throws DNSSECException {
        if (!a(rRSIGRecord, dNSKEYRecord)) {
            throw new KeyMismatchException(dNSKEYRecord, rRSIGRecord);
        }
        Date date = new Date();
        if (date.compareTo(rRSIGRecord.getExpire()) > 0) {
            throw new SignatureExpiredException(rRSIGRecord.getExpire(), date);
        }
        if (date.compareTo(rRSIGRecord.getTimeSigned()) < 0) {
            throw new SignatureNotYetValidException(rRSIGRecord.getTimeSigned(), date);
        }
        a(dNSKEYRecord.getPublicKey(), rRSIGRecord.getAlgorithm(), a(rRSIGRecord, rRset), rRSIGRecord.getSignature());
    }

    private static void a(g gVar, BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray[0] == 0) {
            gVar.a(byteArray, 1, byteArray.length - 1);
        } else {
            gVar.a(byteArray);
        }
    }

    private static void a(g gVar, SIGBase sIGBase) {
        gVar.c(sIGBase.getTypeCovered());
        gVar.b(sIGBase.getAlgorithm());
        gVar.b(sIGBase.getLabels());
        gVar.a(sIGBase.getOrigTTL());
        gVar.a(sIGBase.getExpire().getTime() / 1000);
        gVar.a(sIGBase.getTimeSigned().getTime() / 1000);
        gVar.c(sIGBase.getFootprint());
        sIGBase.getSigner().toWireCanonical(gVar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(p pVar, byte[] bArr, SIGRecord sIGRecord, SIGRecord sIGRecord2, KEYRecord kEYRecord) throws DNSSECException {
        if (!a(sIGRecord, kEYRecord)) {
            throw new KeyMismatchException(kEYRecord, sIGRecord);
        }
        Date date = new Date();
        if (date.compareTo(sIGRecord.getExpire()) > 0) {
            throw new SignatureExpiredException(sIGRecord.getExpire(), date);
        }
        if (date.compareTo(sIGRecord.getTimeSigned()) < 0) {
            throw new SignatureNotYetValidException(sIGRecord.getTimeSigned(), date);
        }
        g gVar = new g();
        a(gVar, sIGRecord);
        if (sIGRecord2 != null) {
            gVar.a(sIGRecord2.getSignature());
        }
        m mVar = (m) pVar.a().clone();
        mVar.h(3);
        gVar.a(mVar.a());
        gVar.a(bArr, 12, pVar.d - 12);
        a(kEYRecord.getPublicKey(), sIGRecord.getAlgorithm(), gVar.d(), sIGRecord.getSignature());
    }

    private static boolean a(SIGBase sIGBase, KEYBase kEYBase) {
        return kEYBase.getAlgorithm() == sIGBase.getAlgorithm() && kEYBase.getFootprint() == sIGBase.getFootprint() && kEYBase.getName().equals(sIGBase.getSigner());
    }

    private static byte[] a(PrivateKey privateKey, PublicKey publicKey, int i, byte[] bArr) throws DNSSECException {
        try {
            Signature signature = Signature.getInstance(a(i));
            signature.initSign(privateKey);
            signature.update(bArr);
            byte[] sign = signature.sign();
            if (!(publicKey instanceof DSAPublicKey)) {
                return sign;
            }
            try {
                return a(sign, (a(((DSAPublicKey) publicKey).getParams().getP()) - 64) / 8);
            } catch (IOException e) {
                throw new IllegalStateException();
            }
        } catch (GeneralSecurityException e2) {
            throw new DNSSECException(e2.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] a(PublicKey publicKey, int i) throws DNSSECException {
        switch (i) {
            case 1:
            case 5:
            case 7:
            case 8:
            case 10:
                if (publicKey instanceof RSAPublicKey) {
                    return a((RSAPublicKey) publicKey);
                }
                throw new IncompatibleKeyException();
            case 2:
            case 4:
            case 9:
            default:
                throw new UnsupportedAlgorithmException(i);
            case 3:
            case 6:
                if (publicKey instanceof DSAPublicKey) {
                    return a((DSAPublicKey) publicKey);
                }
                throw new IncompatibleKeyException();
        }
    }

    private static byte[] a(DSAPublicKey dSAPublicKey) {
        g gVar = new g();
        BigInteger q = dSAPublicKey.getParams().getQ();
        BigInteger p = dSAPublicKey.getParams().getP();
        BigInteger g = dSAPublicKey.getParams().getG();
        BigInteger y = dSAPublicKey.getY();
        gVar.b((p.toByteArray().length - 64) / 8);
        a(gVar, q);
        a(gVar, p);
        a(gVar, g);
        a(gVar, y);
        return gVar.d();
    }

    private static byte[] a(RSAPublicKey rSAPublicKey) {
        g gVar = new g();
        BigInteger publicExponent = rSAPublicKey.getPublicExponent();
        BigInteger modulus = rSAPublicKey.getModulus();
        int a2 = a(publicExponent);
        if (a2 < 256) {
            gVar.b(a2);
        } else {
            gVar.b(0);
            gVar.c(a2);
        }
        a(gVar, publicExponent);
        a(gVar, modulus);
        return gVar.d();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] a(DNSKEYRecord dNSKEYRecord, int i) {
        MessageDigest messageDigest;
        g gVar = new g();
        gVar.c(dNSKEYRecord.getFootprint());
        gVar.b(dNSKEYRecord.getAlgorithm());
        gVar.b(i);
        try {
            switch (i) {
                case 1:
                    messageDigest = MessageDigest.getInstance(org.jivesoftware.smackx.e.f2895a);
                    break;
                case 2:
                    messageDigest = MessageDigest.getInstance("sha-256");
                    break;
                default:
                    throw new IllegalArgumentException("unknown DS digest type " + i);
            }
            messageDigest.update(dNSKEYRecord.getName().toWire());
            messageDigest.update(dNSKEYRecord.rdataToWireCanonical());
            gVar.a(messageDigest.digest());
            return gVar.d();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("no message digest support");
        }
    }

    public static byte[] a(RRSIGRecord rRSIGRecord, RRset rRset) {
        int i;
        Name name;
        g gVar = new g();
        a(gVar, rRSIGRecord);
        int size = rRset.size();
        Record[] recordArr = new Record[size];
        Iterator rrs = rRset.rrs();
        Name name2 = rRset.getName();
        int labels = rRSIGRecord.getLabels() + 1;
        if (name2.labels() > labels) {
            i = size;
            name = name2.wild(name2.labels() - labels);
        } else {
            i = size;
            name = null;
        }
        while (rrs.hasNext()) {
            int i2 = i - 1;
            recordArr[i2] = (Record) rrs.next();
            i = i2;
        }
        Arrays.sort(recordArr);
        g gVar2 = new g();
        if (name != null) {
            name.toWireCanonical(gVar2);
        } else {
            name2.toWireCanonical(gVar2);
        }
        gVar2.c(rRset.getType());
        gVar2.c(rRset.getDClass());
        gVar2.a(rRSIGRecord.getOrigTTL());
        for (Record record : recordArr) {
            gVar.a(gVar2.d());
            int a2 = gVar.a();
            gVar.c(0);
            gVar.a(record.rdataToWireCanonical());
            int a3 = (gVar.a() - a2) - 2;
            gVar.b();
            gVar.a(a2);
            gVar.c(a3);
            gVar.c();
        }
        return gVar.d();
    }

    public static byte[] a(SIGRecord sIGRecord, p pVar, byte[] bArr) {
        g gVar = new g();
        a(gVar, sIGRecord);
        if (bArr != null) {
            gVar.a(bArr);
        }
        pVar.a(gVar);
        return gVar.d();
    }

    private static byte[] a(byte[] bArr) throws DNSSECException, IOException {
        if (bArr.length != 41) {
            throw new SignatureVerificationException();
        }
        f fVar = new f(bArr);
        g gVar = new g();
        fVar.f();
        byte[] c2 = fVar.c(20);
        int i = c2[0] < 0 ? 21 : 20;
        byte[] c3 = fVar.c(20);
        int i2 = c3[0] >= 0 ? 20 : 21;
        gVar.b(48);
        gVar.b(i + i2 + 4);
        gVar.b(2);
        gVar.b(i);
        if (i > 20) {
            gVar.b(0);
        }
        gVar.a(c2);
        gVar.b(2);
        gVar.b(i2);
        if (i2 > 20) {
            gVar.b(0);
        }
        gVar.a(c3);
        return gVar.d();
    }

    private static byte[] a(byte[] bArr, int i) throws IOException {
        f fVar = new f(bArr);
        g gVar = new g();
        gVar.b(i);
        if (fVar.f() != 48) {
            throw new IOException();
        }
        fVar.f();
        if (fVar.f() != 2) {
            throw new IOException();
        }
        int f = fVar.f();
        if (f == 21) {
            if (fVar.f() != 0) {
                throw new IOException();
            }
        } else if (f != 20) {
            throw new IOException();
        }
        gVar.a(fVar.c(20));
        if (fVar.f() != 2) {
            throw new IOException();
        }
        int f2 = fVar.f();
        if (f2 == 21) {
            if (fVar.f() != 0) {
                throw new IOException();
            }
        } else if (f2 != 20) {
            throw new IOException();
        }
        gVar.a(fVar.c(20));
        return gVar.d();
    }

    private static PublicKey b(KEYBase kEYBase) throws IOException, GeneralSecurityException {
        f fVar = new f(kEYBase.getKey());
        int f = fVar.f();
        if (f == 0) {
            f = fVar.g();
        }
        BigInteger a2 = a(fVar, f);
        return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(a(fVar), a2));
    }

    private static PublicKey c(KEYBase kEYBase) throws IOException, GeneralSecurityException, MalformedKeyException {
        f fVar = new f(kEYBase.getKey());
        int f = fVar.f();
        if (f > 8) {
            throw new MalformedKeyException(kEYBase);
        }
        BigInteger a2 = a(fVar, 20);
        BigInteger a3 = a(fVar, (f * 8) + 64);
        BigInteger a4 = a(fVar, (f * 8) + 64);
        return KeyFactory.getInstance("DSA").generatePublic(new DSAPublicKeySpec(a(fVar, (f * 8) + 64), a3, a2, a4));
    }
}
