package org.minidns.dnssec;

import java.io.IOException;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.minidns.dnsmessage.DnsMessage;
import org.minidns.dnsname.DnsName;
import org.minidns.iterative.ReliableDnsClient;
import org.minidns.record.Record;
import org.minidns.record.s;

/* loaded from: classes2.dex */
public class b extends ReliableDnsClient {
    private static final BigInteger i = new BigInteger("03010001a80020a95566ba42e886bb804cda84e47ef56dbd7aec612615552cec906d2116d0ef207028c51554144dfeafe7c7cb8f005dd18234133ac0710a81182ce1fd14ad2283bc83435f9df2f6313251931a176df0da51e54f42e604860dfb359580250f559cc543c4ffd51cbe3de8cfd06719237f9fc47ee729da06835fa452e825e9a18ebc2ecbcf563474652c33cf56a9033bcdf5d973121797ec8089041b6e03a1b72d0a735b984e03687309332324f27c2dba85e9db15e83a0143382e974b0621c18e625ecec907577d9e7bade95241a81ebbe8a901d4d3276e40b114c0a2e6fc38d19c2e6aab02644b2813f575fc21601e0dee49cd9ee96a43103e524d62873d", 16);
    private static final DnsName j = DnsName.from("dlv.isc.org");
    private p k;
    private final Map<DnsName, byte[]> l;
    private boolean m;
    private DnsName n;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.minidns.dnssec.b$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] a = new int[Record.TYPE.values().length];

        static {
            try {
                a[Record.TYPE.NSEC.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                a[Record.TYPE.NSEC3.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    public b() {
        this(a);
    }

    public b(org.minidns.a aVar) {
        super(aVar);
        this.k = new p();
        this.l = new ConcurrentHashMap();
        this.m = true;
        a(DnsName.ROOT, i.toByteArray());
    }

    private static List<Record<? extends org.minidns.record.h>> a(List<Record<? extends org.minidns.record.h>> list) {
        if (list.isEmpty()) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (Record<? extends org.minidns.record.h> record : list) {
            if (record.b != Record.TYPE.RRSIG) {
                arrayList.add(record);
            }
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00e1  */
    /* JADX WARN: Removed duplicated region for block: B:35:0x012a  */
    /* JADX WARN: Removed duplicated region for block: B:41:0x0138  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.Set<org.minidns.dnssec.f> a(org.minidns.dnsmessage.b r10, org.minidns.record.Record<org.minidns.record.f> r11) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 331
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.minidns.dnssec.b.a(org.minidns.dnsmessage.b, org.minidns.record.Record):java.util.Set");
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set<f> a(org.minidns.dnsmessage.b bVar, s sVar, List<Record<? extends org.minidns.record.h>> list) throws IOException {
        HashSet hashSet = new HashSet();
        org.minidns.record.f fVar = null;
        if (sVar.a == Record.TYPE.DNSKEY) {
            Iterator<Record<? extends org.minidns.record.h>> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Record<E> a = it.next().a(org.minidns.record.f.class);
                if (a != 0 && ((org.minidns.record.f) a.f).b() == sVar.h) {
                    fVar = (org.minidns.record.f) a.f;
                    break;
                }
            }
        } else {
            if (bVar.b == Record.TYPE.DS && sVar.i.equals(bVar.a)) {
                hashSet.add(new o(bVar.a.ace));
                return hashSet;
            }
            d a2 = a((CharSequence) sVar.i, Record.TYPE.DNSKEY);
            if (a2 == null) {
                throw new DnssecValidationFailedException(bVar, "There is no DNSKEY " + ((Object) sVar.i) + ", but it is used");
            }
            hashSet.addAll(a2.k());
            Iterator<Record<? extends org.minidns.record.h>> it2 = a2.l.iterator();
            while (it2.hasNext()) {
                Record<E> a3 = it2.next().a(org.minidns.record.f.class);
                if (a3 != 0 && ((org.minidns.record.f) a3.f).b() == sVar.h) {
                    fVar = (org.minidns.record.f) a3.f;
                }
            }
        }
        if (fVar != null) {
            f a4 = this.k.a(list, sVar, fVar);
            if (a4 != null) {
                hashSet.add(a4);
            }
            return hashSet;
        }
        throw new DnssecValidationFailedException(bVar, list.size() + " " + sVar.a + " record(s) are signed using an unknown key.");
    }

    /* JADX WARN: Multi-variable type inference failed */
    private c a(org.minidns.dnsmessage.b bVar, Collection<Record<? extends org.minidns.record.h>> collection, List<Record<? extends org.minidns.record.h>> list) throws IOException {
        Set<f> set;
        f nVar;
        Date date = new Date();
        LinkedList linkedList = new LinkedList();
        c cVar = new c(this, null);
        ArrayList<Record> arrayList = new ArrayList(list.size());
        Iterator<Record<? extends org.minidns.record.h>> it = list.iterator();
        while (it.hasNext()) {
            Record<E> a = it.next().a(s.class);
            if (a != 0) {
                s sVar = (s) a.f;
                if (sVar.f.compareTo(date) < 0 || sVar.g.compareTo(date) > 0) {
                    linkedList.add(sVar);
                } else {
                    arrayList.add(a);
                }
            }
        }
        if (arrayList.isEmpty()) {
            if (linkedList.isEmpty()) {
                set = cVar.c;
                nVar = new n(bVar);
            } else {
                set = cVar.c;
                nVar = new k(bVar, linkedList);
            }
            set.add(nVar);
            return cVar;
        }
        for (Record record : arrayList) {
            s sVar2 = (s) record.f;
            ArrayList arrayList2 = new ArrayList(collection.size());
            for (Record<? extends org.minidns.record.h> record2 : collection) {
                if (record2.b == sVar2.a && record2.a.equals(record.a)) {
                    arrayList2.add(record2);
                }
            }
            cVar.c.addAll(a(bVar, sVar2, arrayList2));
            if (bVar.a.equals(sVar2.i) && sVar2.a == Record.TYPE.DNSKEY) {
                Iterator<Record<? extends org.minidns.record.h>> it2 = arrayList2.iterator();
                while (it2.hasNext()) {
                    org.minidns.record.f fVar = (org.minidns.record.f) it2.next().a(org.minidns.record.f.class).f;
                    it2.remove();
                    if (fVar.b() == sVar2.h) {
                        cVar.b = true;
                    }
                }
                cVar.a = true;
            }
            if (a(record.a.ace, sVar2.i.ace)) {
                list.removeAll(arrayList2);
            } else {
                b.finer("Records at " + ((Object) record.a) + " are cross-signed with a key from " + ((Object) sVar2.i));
            }
            list.remove(record);
        }
        return cVar;
    }

    private d a(DnsMessage dnsMessage, Set<f> set) {
        List<Record<? extends org.minidns.record.h>> list = dnsMessage.l;
        List<Record<? extends org.minidns.record.h>> list2 = dnsMessage.m;
        List<Record<? extends org.minidns.record.h>> list3 = dnsMessage.n;
        HashSet hashSet = new HashSet();
        Record.a(hashSet, s.class, list);
        Record.a(hashSet, s.class, list2);
        Record.a(hashSet, s.class, list3);
        org.minidns.dnsmessage.a h = dnsMessage.h();
        if (this.m) {
            h.a(a(list));
            h.b(a(list2));
            h.c(a(list3));
        }
        return new d(h, hashSet, set);
    }

    private static boolean a(String str, String str2) {
        if (str.equals(str2) || str2.isEmpty()) {
            return true;
        }
        String[] split = str.split("\\.");
        String[] split2 = str2.split("\\.");
        if (split2.length > split.length) {
            return false;
        }
        for (int i2 = 1; i2 <= split2.length; i2++) {
            if (!split2[split2.length - i2].equals(split[split.length - i2])) {
                return false;
            }
        }
        return true;
    }

    private Set<f> b(DnsMessage dnsMessage) throws IOException {
        return !dnsMessage.l.isEmpty() ? c(dnsMessage) : d(dnsMessage);
    }

    private d b(org.minidns.dnsmessage.b bVar, DnsMessage dnsMessage) throws IOException {
        if (dnsMessage == null) {
            return null;
        }
        if (dnsMessage.i) {
            dnsMessage = dnsMessage.h().b(false).b();
        }
        return a(dnsMessage, b(dnsMessage));
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set<f> c(DnsMessage dnsMessage) throws IOException {
        boolean z = false;
        org.minidns.dnsmessage.b bVar = dnsMessage.k.get(0);
        List<Record<? extends org.minidns.record.h>> list = dnsMessage.l;
        List<Record<? extends org.minidns.record.h>> c = dnsMessage.c();
        c a = a(bVar, list, c);
        Set<f> set = a.c;
        if (!set.isEmpty()) {
            return set;
        }
        HashSet hashSet = new HashSet();
        Iterator<Record<? extends org.minidns.record.h>> it = c.iterator();
        while (it.hasNext()) {
            Record<E> a2 = it.next().a(org.minidns.record.f.class);
            if (a2 != 0) {
                Set<f> a3 = a(bVar, (Record<org.minidns.record.f>) a2);
                if (a3.isEmpty()) {
                    z = true;
                } else {
                    hashSet.addAll(a3);
                }
                if (!a.b) {
                    b.finer("SEP key is not self-signed.");
                }
                it.remove();
            }
        }
        if (a.b && !z) {
            set.addAll(hashSet);
        }
        if (a.a && !a.b) {
            set.add(new m(bVar.a.ace));
        }
        if (!c.isEmpty()) {
            if (c.size() != list.size()) {
                throw new DnssecValidationFailedException(bVar, "Only some records are signed!");
            }
            set.add(new n(bVar));
        }
        return set;
    }

    private Set<f> d(DnsMessage dnsMessage) throws IOException {
        f a;
        HashSet hashSet = new HashSet();
        boolean z = false;
        org.minidns.dnsmessage.b bVar = dnsMessage.k.get(0);
        List<Record<? extends org.minidns.record.h>> list = dnsMessage.m;
        DnsName dnsName = null;
        for (Record<? extends org.minidns.record.h> record : list) {
            if (record.b == Record.TYPE.SOA) {
                dnsName = record.a;
            }
        }
        if (dnsName == null) {
            throw new DnssecValidationFailedException(bVar, "NSECs must always match to a SOA");
        }
        boolean z2 = false;
        for (Record<? extends org.minidns.record.h> record2 : list) {
            int i2 = AnonymousClass1.a[record2.b.ordinal()];
            if (i2 == 1) {
                a = this.k.a(record2, bVar);
            } else if (i2 == 2) {
                a = this.k.a(dnsName, record2, bVar);
            }
            if (a != null) {
                hashSet.add(a);
            } else {
                z2 = true;
            }
            z = true;
        }
        if (z && !z2) {
            throw new DnssecValidationFailedException(bVar, "Invalid NSEC!");
        }
        List<Record<? extends org.minidns.record.h>> d = dnsMessage.d();
        c a2 = a(bVar, list, d);
        if (z2 && a2.c.isEmpty()) {
            hashSet.clear();
        } else {
            hashSet.addAll(a2.c);
        }
        if (d.isEmpty() || d.size() == list.size()) {
            return hashSet;
        }
        throw new DnssecValidationFailedException(bVar, "Only some nameserver records are signed!");
    }

    @Override // org.minidns.iterative.ReliableDnsClient
    protected String a(DnsMessage dnsMessage) {
        return !dnsMessage.g() ? "DNSSEC OK (DO) flag not set in response" : !dnsMessage.j ? "CHECKING DISABLED (CD) flag not set in response" : super.a(dnsMessage);
    }

    @Override // org.minidns.AbstractDnsClient
    public DnsMessage a(org.minidns.dnsmessage.b bVar) throws IOException {
        return d(bVar);
    }

    public d a(CharSequence charSequence, Record.TYPE type) throws IOException {
        org.minidns.dnsmessage.b bVar = new org.minidns.dnsmessage.b(charSequence, type, Record.CLASS.IN);
        return b(bVar, super.a(bVar));
    }

    public void a(DnsName dnsName, byte[] bArr) {
        this.l.put(dnsName, bArr);
    }

    @Override // org.minidns.iterative.ReliableDnsClient, org.minidns.AbstractDnsClient
    protected boolean a(org.minidns.dnsmessage.b bVar, DnsMessage dnsMessage) {
        return super.a(bVar, dnsMessage);
    }

    @Override // org.minidns.iterative.ReliableDnsClient, org.minidns.AbstractDnsClient
    protected org.minidns.dnsmessage.a b(org.minidns.dnsmessage.a aVar) {
        aVar.a().a(this.f.a()).a();
        aVar.c(true);
        return super.b(aVar);
    }

    public d d(org.minidns.dnsmessage.b bVar) throws IOException {
        return b(bVar, super.a(bVar));
    }
}
