package org.minidns.dnssec;

import java.io.IOException;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.minidns.AbstractDnsClient;
import org.minidns.dnsmessage.DnsMessage;
import org.minidns.dnsname.DnsName;
import org.minidns.dnsqueryresult.DnsQueryResult;
import org.minidns.dnssec.DnssecValidationFailedException;
import org.minidns.dnssec.c;
import org.minidns.iterative.ReliableDnsClient;
import org.minidns.record.NSEC3;
import org.minidns.record.Record;
import org.minidns.record.f;
import org.minidns.record.g;
import org.minidns.record.h;
import org.minidns.record.i;
import org.minidns.record.m;
import org.minidns.record.q;

/* compiled from: DnssecClient.java */
/* loaded from: classes5.dex */
public class a extends ReliableDnsClient {

    /* renamed from: p, reason: collision with root package name */
    private static final BigInteger f39777p = new BigInteger("1628686155461064465348252249725010996177649738666492500572664444461532807739744536029771810659241049343994038053541290419968870563183856865780916376571550372513476957870843322273120879361960335192976656756972171258658400305760429696147778001233984421619267530978084631948434496468785021389956803104620471232008587410372348519229650742022804219634190734272506220018657920136902014393834092648785514548876370028925405557661759399901378816916683122474038734912535425670533237815676134840739565610963796427401855723026687073600445461090736240030247906095053875491225879656640052743394090544036297390104110989318819106653199917493");

    /* renamed from: q, reason: collision with root package name */
    private static final DnsName f39778q = DnsName.c("dlv.isc.org");

    /* renamed from: m, reason: collision with root package name */
    private final Map<DnsName, byte[]> f39779m;

    /* renamed from: n, reason: collision with root package name */
    private boolean f39780n;

    /* renamed from: o, reason: collision with root package name */
    private DnsName f39781o;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: DnssecClient.java */
    /* renamed from: org.minidns.dnssec.a$a, reason: collision with other inner class name */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class C0490a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f39782a;

        static {
            int[] iArr = new int[Record.TYPE.values().length];
            f39782a = iArr;
            try {
                iArr[Record.TYPE.NSEC.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f39782a[Record.TYPE.NSEC3.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: DnssecClient.java */
    /* loaded from: classes5.dex */
    public static class b {

        /* renamed from: a, reason: collision with root package name */
        boolean f39783a;

        /* renamed from: b, reason: collision with root package name */
        boolean f39784b;

        /* renamed from: c, reason: collision with root package name */
        Set<c> f39785c;

        private b() {
            this.f39783a = false;
            this.f39784b = false;
            this.f39785c = new HashSet();
        }

        /* synthetic */ b(C0490a c0490a) {
            this();
        }
    }

    public a(org.minidns.a aVar) {
        super(aVar);
        this.f39779m = new ConcurrentHashMap();
        this.f39780n = true;
        n(DnsName.f39753g, f39777p.toByteArray());
    }

    private static boolean o(String str, String str2) {
        if (str.equals(str2) || str2.isEmpty()) {
            return true;
        }
        String[] split = str.split("\\.");
        String[] split2 = str2.split("\\.");
        if (split2.length > split.length) {
            return false;
        }
        for (int i10 = 1; i10 <= split2.length; i10++) {
            if (!split2[split2.length - i10].equals(split[split.length - i10])) {
                return false;
            }
        }
        return true;
    }

    private org.minidns.dnssec.b p(DnsQueryResult dnsQueryResult) throws IOException {
        if (dnsQueryResult == null) {
            return null;
        }
        DnsMessage dnsMessage = dnsQueryResult.f39765c;
        DnsMessage.b a10 = dnsMessage.a();
        Set<c> t10 = t(dnsMessage);
        a10.v(t10.isEmpty());
        List<Record<? extends h>> list = dnsMessage.f39687l;
        List<Record<? extends h>> list2 = dnsMessage.f39688m;
        List<Record<? extends h>> list3 = dnsMessage.f39689n;
        HashSet hashSet = new HashSet();
        Record.c(hashSet, q.class, list);
        Record.c(hashSet, q.class, list2);
        Record.c(hashSet, q.class, list3);
        if (this.f39780n) {
            a10.u(s(list));
            a10.y(s(list2));
            a10.t(s(list3));
        }
        return new org.minidns.dnssec.b(a10.r(), dnsQueryResult, hashSet, t10);
    }

    private static List<Record<? extends h>> s(List<Record<? extends h>> list) {
        if (list.isEmpty()) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (Record<? extends h> record : list) {
            if (record.f39863b != Record.TYPE.RRSIG) {
                arrayList.add(record);
            }
        }
        return arrayList;
    }

    private Set<c> t(DnsMessage dnsMessage) throws IOException {
        return !dnsMessage.f39687l.isEmpty() ? u(dnsMessage) : v(dnsMessage);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set<c> u(DnsMessage dnsMessage) throws IOException {
        boolean z10 = false;
        org.minidns.dnsmessage.a aVar = dnsMessage.f39686k.get(0);
        List<Record<? extends h>> list = dnsMessage.f39687l;
        List<Record<? extends h>> f10 = dnsMessage.f();
        b x10 = x(aVar, list, f10);
        Set<c> set = x10.f39785c;
        if (!set.isEmpty()) {
            return set;
        }
        HashSet hashSet = new HashSet();
        Iterator<Record<? extends h>> it2 = f10.iterator();
        while (it2.hasNext()) {
            Record<E> e10 = it2.next().e(f.class);
            if (e10 != 0) {
                Set<c> w10 = w(e10);
                if (w10.isEmpty()) {
                    z10 = true;
                } else {
                    hashSet.addAll(w10);
                }
                if (!x10.f39784b) {
                    AbstractDnsClient.f39615h.finer("SEP key is not self-signed.");
                }
                it2.remove();
            }
        }
        if (x10.f39784b && !z10) {
            set.addAll(hashSet);
        }
        if (x10.f39783a && !x10.f39784b) {
            set.add(new c.g(aVar.f39748a));
        }
        if (!f10.isEmpty()) {
            if (f10.size() != list.size()) {
                throw new DnssecValidationFailedException(aVar, "Only some records are signed!");
            }
            set.add(new c.h(aVar));
        }
        return set;
    }

    private Set<c> v(DnsMessage dnsMessage) throws IOException {
        DnsName dnsName;
        c h10;
        HashSet hashSet = new HashSet();
        boolean z10 = false;
        org.minidns.dnsmessage.a aVar = dnsMessage.f39686k.get(0);
        List<Record<? extends h>> list = dnsMessage.f39688m;
        Iterator<Record<? extends h>> it2 = list.iterator();
        while (true) {
            if (!it2.hasNext()) {
                dnsName = null;
                break;
            }
            Record<? extends h> next = it2.next();
            if (next.f39863b == Record.TYPE.SOA) {
                dnsName = next.f39862a;
                break;
            }
        }
        if (dnsName == null) {
            throw new DnssecValidationFailedException.AuthorityDoesNotContainSoa(dnsMessage);
        }
        boolean z11 = false;
        for (Record<? extends h> record : list) {
            int i10 = C0490a.f39782a[record.f39863b.ordinal()];
            if (i10 == 1) {
                h10 = d.h(record.a(m.class), aVar);
            } else if (i10 == 2) {
                h10 = d.i(dnsName, record.a(NSEC3.class), aVar);
            }
            if (h10 != null) {
                hashSet.add(h10);
            } else {
                z11 = true;
            }
            z10 = true;
        }
        if (z10 && !z11) {
            throw new DnssecValidationFailedException(aVar, "Invalid NSEC!");
        }
        List<Record<? extends h>> g10 = dnsMessage.g();
        b x10 = x(aVar, list, g10);
        if (z11 && x10.f39785c.isEmpty()) {
            hashSet.clear();
        } else {
            hashSet.addAll(x10.f39785c);
        }
        if (g10.isEmpty() || g10.size() == list.size()) {
            return hashSet;
        }
        throw new DnssecValidationFailedException(aVar, "Only some resource records from the authority section are signed!");
    }

    private Set<c> w(Record<f> record) throws IOException {
        i iVar;
        DnsName dnsName;
        f fVar = record.f39867f;
        HashSet hashSet = new HashSet();
        Set<c> hashSet2 = new HashSet<>();
        if (this.f39779m.containsKey(record.f39862a)) {
            if (fVar.j(this.f39779m.get(record.f39862a))) {
                return hashSet;
            }
            hashSet.add(new c.C0491c(record));
            return hashSet;
        }
        if (record.f39862a.n()) {
            hashSet.add(new c.f());
            return hashSet;
        }
        org.minidns.dnssec.b q10 = q(record.f39862a, Record.TYPE.DS);
        hashSet.addAll(q10.a());
        Iterator it2 = q10.f39787b.f39765c.h(g.class).iterator();
        while (true) {
            if (!it2.hasNext()) {
                iVar = null;
                break;
            }
            iVar = (g) ((Record) it2.next()).f39867f;
            if (fVar.i() == iVar.f39957c) {
                hashSet2 = q10.a();
                break;
            }
        }
        if (iVar == null) {
            AbstractDnsClient.f39615h.fine("There is no DS record for " + ((Object) record.f39862a) + ", server gives empty result");
        }
        if (iVar == null && (dnsName = this.f39781o) != null && !dnsName.m(record.f39862a)) {
            org.minidns.dnssec.b q11 = q(DnsName.e(record.f39862a, this.f39781o), Record.TYPE.DLV);
            hashSet.addAll(q11.a());
            Iterator it3 = q11.f39787b.f39765c.h(org.minidns.record.d.class).iterator();
            while (true) {
                if (!it3.hasNext()) {
                    break;
                }
                Record record2 = (Record) it3.next();
                if (record.f39867f.i() == ((org.minidns.record.d) record2.f39867f).f39957c) {
                    AbstractDnsClient.f39615h.fine("Found DLV for " + ((Object) record.f39862a) + ", awesome.");
                    iVar = (i) record2.f39867f;
                    hashSet2 = q11.a();
                    break;
                }
            }
        }
        if (iVar == null) {
            if (!hashSet.isEmpty()) {
                return hashSet;
            }
            hashSet.add(new c.i(record.f39862a));
            return hashSet;
        }
        c g10 = d.g(record, iVar);
        if (g10 == null) {
            return hashSet2;
        }
        hashSet.add(g10);
        return hashSet;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private b x(org.minidns.dnsmessage.a aVar, Collection<Record<? extends h>> collection, List<Record<? extends h>> list) throws IOException {
        Date date = new Date();
        LinkedList linkedList = new LinkedList();
        b bVar = new b(null);
        ArrayList<Record> arrayList = new ArrayList(list.size());
        Iterator<Record<? extends h>> it2 = list.iterator();
        while (it2.hasNext()) {
            Record<E> e10 = it2.next().e(q.class);
            if (e10 != 0) {
                q qVar = (q) e10.f39867f;
                if (qVar.f39987h.compareTo(date) < 0 || qVar.f39988i.compareTo(date) > 0) {
                    linkedList.add(qVar);
                } else {
                    arrayList.add(e10);
                }
            }
        }
        if (arrayList.isEmpty()) {
            if (linkedList.isEmpty()) {
                bVar.f39785c.add(new c.h(aVar));
            } else {
                bVar.f39785c.add(new c.e(aVar, linkedList));
            }
            return bVar;
        }
        for (Record record : arrayList) {
            q qVar2 = (q) record.f39867f;
            ArrayList arrayList2 = new ArrayList(collection.size());
            for (Record<? extends h> record2 : collection) {
                if (record2.f39863b == qVar2.f39982c && record2.f39862a.equals(record.f39862a)) {
                    arrayList2.add(record2);
                }
            }
            bVar.f39785c.addAll(y(aVar, qVar2, arrayList2));
            if (aVar.f39748a.equals(qVar2.f39990k) && qVar2.f39982c == Record.TYPE.DNSKEY) {
                Iterator<Record<? extends h>> it3 = arrayList2.iterator();
                while (it3.hasNext()) {
                    f fVar = (f) it3.next().e(f.class).f39867f;
                    it3.remove();
                    if (fVar.i() == qVar2.f39989j) {
                        bVar.f39784b = true;
                    }
                }
                bVar.f39783a = true;
            }
            if (o(record.f39862a.ace, qVar2.f39990k.ace)) {
                list.removeAll(arrayList2);
            } else {
                AbstractDnsClient.f39615h.finer("Records at " + ((Object) record.f39862a) + " are cross-signed with a key from " + ((Object) qVar2.f39990k));
            }
            list.remove(record);
        }
        return bVar;
    }

    private Set<c> y(org.minidns.dnsmessage.a aVar, q qVar, List<Record<? extends h>> list) throws IOException {
        HashSet hashSet = new HashSet();
        Record.TYPE type = qVar.f39982c;
        Record.TYPE type2 = Record.TYPE.DNSKEY;
        f fVar = null;
        if (type == type2) {
            Iterator it2 = Record.b(f.class, list).iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Record record = (Record) it2.next();
                if (((f) record.f39867f).i() == qVar.f39989j) {
                    fVar = (f) record.f39867f;
                    break;
                }
            }
        } else if (aVar.f39749b != Record.TYPE.DS || !qVar.f39990k.equals(aVar.f39748a)) {
            org.minidns.dnssec.b q10 = q(qVar.f39990k, type2);
            hashSet.addAll(q10.a());
            Iterator it3 = q10.f39787b.f39765c.h(f.class).iterator();
            while (true) {
                if (!it3.hasNext()) {
                    break;
                }
                Record record2 = (Record) it3.next();
                if (((f) record2.f39867f).i() == qVar.f39989j) {
                    fVar = (f) record2.f39867f;
                    break;
                }
            }
        } else {
            hashSet.add(new c.i(aVar.f39748a));
            return hashSet;
        }
        if (fVar != null) {
            c f10 = d.f(list, qVar, fVar);
            if (f10 != null) {
                hashSet.add(f10);
            }
            return hashSet;
        }
        throw new DnssecValidationFailedException(aVar, list.size() + " " + qVar.f39982c + " record(s) are signed using an unknown key.");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.minidns.iterative.ReliableDnsClient, org.minidns.AbstractDnsClient
    public DnsMessage.b k(DnsMessage.b bVar) {
        bVar.s().i(this.f39621e.a()).g();
        bVar.w(true);
        return super.k(bVar);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.minidns.iterative.ReliableDnsClient
    public String l(DnsMessage dnsMessage) {
        return !dnsMessage.q() ? "DNSSEC OK (DO) flag not set in response" : !dnsMessage.f39685j ? "CHECKING DISABLED (CD) flag not set in response" : super.l(dnsMessage);
    }

    public void n(DnsName dnsName, byte[] bArr) {
        this.f39779m.put(dnsName, bArr);
    }

    public org.minidns.dnssec.b q(CharSequence charSequence, Record.TYPE type) throws IOException {
        return r(new org.minidns.dnsmessage.a(charSequence, type, Record.CLASS.IN));
    }

    @Override // org.minidns.AbstractDnsClient
    public DnsQueryResult query(org.minidns.dnsmessage.a aVar) throws IOException {
        org.minidns.dnssec.b r10 = r(aVar);
        if (r10.b()) {
            return r10.f39787b;
        }
        throw new IOException();
    }

    public org.minidns.dnssec.b r(org.minidns.dnsmessage.a aVar) throws IOException {
        return p(super.query(aVar));
    }
}
