package org.xbill.DNS.dnssec;

import defpackage.p70;
import defpackage.r70;
import defpackage.r8;
import defpackage.w70;
import defpackage.x70;
import defpackage.y70;
import java.security.Security;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import org.xbill.DNS.DClass;
import org.xbill.DNS.DNSKEYRecord;
import org.xbill.DNS.DNSSEC;
import org.xbill.DNS.DSRecord;
import org.xbill.DNS.Message;
import org.xbill.DNS.NSECRecord;
import org.xbill.DNS.Name;
import org.xbill.DNS.RRSIGRecord;
import org.xbill.DNS.RRset;
import org.xbill.DNS.Record;
import org.xbill.DNS.Type;

/* loaded from: classes.dex */
public final class ValUtils {

    @Generated
    public static final Logger h = LoggerFactory.getLogger((Class<?>) ValUtils.class);
    public static final Name i = Name.fromConstantString(Marker.ANY_MARKER);
    public boolean e;
    public boolean f;
    public boolean g;
    public int[] b = null;
    public Properties c = null;
    public boolean d = true;
    public final p70 a = new p70();

    /* loaded from: classes.dex */
    public static class NsecProvesNodataResponse {
        public boolean a;
        public Name b;
    }

    public ValUtils() {
        this.e = Security.getProviders("MessageDigest.GOST3411") != null;
        this.f = Security.getProviders("KeyFactory.Ed25519") != null;
        this.g = Security.getProviders("KeyFactory.Ed448") != null;
    }

    public static w70 b(Message message, x70 x70Var) {
        w70 w70Var = w70.UNKNOWN;
        w70 w70Var2 = w70.REFERRAL;
        w70 w70Var3 = w70.NODATA;
        if (x70Var.f() == 3 && x70Var.d(1) == 0) {
            return w70.NAMEERROR;
        }
        boolean z = false;
        if (!message.getHeader().getFlag(7) && x70Var.d(1) == 0 && x70Var.f() != 0) {
            for (y70 y70Var : x70Var.g(2)) {
                if (y70Var.getType() == 6) {
                    return w70Var3;
                }
                if (y70Var.getType() == 43) {
                    return w70Var2;
                }
                if (y70Var.getType() == 2) {
                    z = true;
                }
            }
            return z ? w70Var2 : w70Var3;
        }
        if (x70Var.g(2).isEmpty() && x70Var.g(1).size() == 1 && x70Var.f() == 0 && x70Var.g(1).get(0).getType() == 2 && !x70Var.g(1).get(0).getName().equals(message.getQuestion().getName())) {
            return w70Var2;
        }
        if (x70Var.f() != 0 && x70Var.f() != 3) {
            return w70Var;
        }
        if (x70Var.f() == 0 && x70Var.d(1) == 0) {
            return w70Var3;
        }
        int type = x70Var.b.getType();
        if (type == 255) {
            return w70.ANY;
        }
        for (y70 y70Var2 : x70Var.g(1)) {
            if (y70Var2.getType() == type) {
                return w70.POSITIVE;
            }
            if (y70Var2.getType() == 5 || y70Var2.getType() == 39) {
                if (type == 43) {
                    return w70.CNAME;
                }
                z = true;
            }
        }
        if (z) {
            return x70Var.f() == 3 ? w70.CNAME_NAMEERROR : w70.CNAME_NODATA;
        }
        h.warn("Failed to classify response message:\n{}", x70Var);
        return w70Var;
    }

    public static Name c(Name name, Name name2, Name name3) {
        Name f = f(name, name2);
        Name f2 = f(name, name3);
        return f.labels() > f2.labels() ? f : f2;
    }

    public static Name f(Name name, Name name2) {
        int min = Math.min(name.labels(), name2.labels());
        Name name3 = new Name(name, name.labels() - min);
        Name name4 = new Name(name2, name2.labels() - min);
        for (int i2 = 0; i2 < min - 1; i2++) {
            Name name5 = new Name(name3, i2);
            if (name5.equals(new Name(name4, i2))) {
                return name5;
            }
        }
        return Name.root;
    }

    public static boolean g(y70 y70Var, NSECRecord nSECRecord, Name name) {
        Name name2 = y70Var.getName();
        Name next = nSECRecord.getNext();
        if (name.equals(name2) || !next.subdomain(y70Var.g())) {
            return false;
        }
        if (name.subdomain(name2)) {
            if (nSECRecord.hasType(39)) {
                return false;
            }
            if (nSECRecord.hasType(2) && !nSECRecord.hasType(6)) {
                return false;
            }
        }
        return name2.equals(next) ? n(name, next) : name2.compareTo(next) > 0 ? name2.compareTo(name) < 0 && n(name, next) : name2.compareTo(name) < 0 && name.compareTo(next) < 0;
    }

    public static SecurityStatus h(NSECRecord nSECRecord, Name name) {
        return ((!nSECRecord.hasType(6) || Name.root.equals(name)) && !nSECRecord.hasType(43)) ? !nSECRecord.hasType(2) ? SecurityStatus.INSECURE : SecurityStatus.SECURE : SecurityStatus.BOGUS;
    }

    public static boolean i(y70 y70Var, NSECRecord nSECRecord, Name name) {
        int labels = name.labels() - c(name, y70Var.getName(), nSECRecord.getNext()).labels();
        if (labels > 0) {
            return g(y70Var, nSECRecord, name.wild(labels));
        }
        return false;
    }

    public static NsecProvesNodataResponse j(y70 y70Var, NSECRecord nSECRecord, Name name, int i2) {
        NsecProvesNodataResponse nsecProvesNodataResponse = new NsecProvesNodataResponse();
        if (y70Var.getName().equals(name)) {
            if (nSECRecord.hasType(i2)) {
                h.debug("NSEC proofed that {} exists", Type.string(i2));
                nsecProvesNodataResponse.a = false;
                return nsecProvesNodataResponse;
            }
            if (nSECRecord.hasType(5)) {
                h.debug("NSEC proofed CNAME");
                nsecProvesNodataResponse.a = false;
                return nsecProvesNodataResponse;
            }
            if (i2 != 43 && nSECRecord.hasType(2) && !nSECRecord.hasType(6)) {
                h.debug("NSEC proofed missing referral");
                nsecProvesNodataResponse.a = false;
                return nsecProvesNodataResponse;
            }
            if (i2 != 43 || !nSECRecord.hasType(6) || Name.root.equals(name)) {
                nsecProvesNodataResponse.a = true;
                return nsecProvesNodataResponse;
            }
            h.debug("NSEC from wrong zone");
            nsecProvesNodataResponse.a = false;
            return nsecProvesNodataResponse;
        }
        if (n(nSECRecord.getNext(), name) && y70Var.getName().compareTo(name) < 0) {
            nsecProvesNodataResponse.a = true;
            return nsecProvesNodataResponse;
        }
        if (!y70Var.getName().isWild()) {
            nsecProvesNodataResponse.a = false;
            return nsecProvesNodataResponse;
        }
        Name name2 = new Name(y70Var.getName(), 1);
        if (n(name, name2)) {
            if (nSECRecord.hasType(5)) {
                h.debug("NSEC proofed wildcard CNAME");
                nsecProvesNodataResponse.a = false;
                return nsecProvesNodataResponse;
            }
            if (nSECRecord.hasType(2) && !nSECRecord.hasType(6)) {
                h.debug("Wrong parent (wildcard) NSEC used");
                nsecProvesNodataResponse.a = false;
                return nsecProvesNodataResponse;
            }
            if (nSECRecord.hasType(i2)) {
                h.debug("NSEC proofed that {} exists", Type.string(i2));
                nsecProvesNodataResponse.a = false;
                return nsecProvesNodataResponse;
            }
        }
        nsecProvesNodataResponse.b = name2;
        nsecProvesNodataResponse.a = true;
        return nsecProvesNodataResponse;
    }

    public static Name l(RRset rRset) {
        List<RRSIGRecord> sigs = rRset.sigs();
        RRSIGRecord rRSIGRecord = sigs.get(0);
        for (int i2 = 1; i2 < sigs.size(); i2++) {
            if (sigs.get(i2).getLabels() != rRSIGRecord.getLabels()) {
                throw new IllegalArgumentException("failed.wildcard.label_count_mismatch");
            }
        }
        Name name = rRset.getName();
        if (rRset.getName().isWild()) {
            name = new Name(name, 1);
        }
        int labels = (name.labels() - 1) - rRSIGRecord.getLabels();
        if (labels > 0) {
            return name.wild(labels);
        }
        return null;
    }

    public static void m(y70 y70Var, RRSIGRecord rRSIGRecord) {
        if (y70Var.getType() != 47) {
            return;
        }
        Record first = y70Var.first();
        int labels = first.getName().labels() - 1;
        if (first.getName().isWild()) {
            labels--;
        }
        if (rRSIGRecord.getLabels() == labels) {
            y70Var.f = first.getName();
        } else {
            if (rRSIGRecord.getLabels() >= labels) {
                throw new IllegalArgumentException("invalid nsec record");
            }
            y70Var.f = first.getName().wild(rRSIGRecord.getSigner().labels() - rRSIGRecord.getLabels());
        }
    }

    public static boolean n(Name name, Name name2) {
        if (name.labels() <= name2.labels()) {
            return false;
        }
        return new Name(name, name.labels() - name2.labels()).equals(name2);
    }

    public boolean a(RRset rRset) {
        Iterator<Record> it = rRset.rrs().iterator();
        while (it.hasNext()) {
            if (d(((DSRecord) it.next()).getAlgorithm())) {
                return true;
            }
        }
        return false;
    }

    public boolean d(int i2) {
        String H = r8.H("dnsjava.dnssec.algorithm.", i2);
        switch (i2) {
            case 3:
            case 6:
                Properties properties = this.c;
                if (properties == null) {
                    return false;
                }
                return Boolean.parseBoolean(properties.getProperty(H, Boolean.FALSE.toString()));
            case 4:
            case 9:
            case 11:
            default:
                return false;
            case 5:
            case 7:
            case 8:
            case 10:
            case 13:
            case 14:
                return k(H, true);
            case 12:
                return k(H, this.e);
            case 15:
                return k(H, this.f);
            case 16:
                return k(H, this.g);
        }
    }

    public boolean e(int i2) {
        String H = r8.H("dnsjava.dnssec.digest.", i2);
        if (i2 != 1 && i2 != 2) {
            if (i2 == 3) {
                return k(H, this.e);
            }
            if (i2 != 4) {
                return false;
            }
        }
        Properties properties = this.c;
        if (properties == null) {
            return true;
        }
        return Boolean.parseBoolean(properties.getProperty(H, Boolean.TRUE.toString()));
    }

    public final boolean k(String str, boolean z) {
        if (!z) {
            return false;
        }
        Properties properties = this.c;
        if (properties == null) {
            return true;
        }
        return Boolean.parseBoolean(properties.getProperty(str, Boolean.TRUE.toString()));
    }

    public r70 o(y70 y70Var, y70 y70Var2, Instant instant) {
        r70 r70Var;
        List list;
        if (y70Var.e == SecurityStatus.SECURE) {
            h.trace("RRset <{}/{}/{}> previously found to be SECURE", y70Var.getName(), Type.string(y70Var.getType()), DClass.string(y70Var.getDClass()));
            return new r70(SecurityStatus.SECURE, -1, null);
        }
        if (this.a == null) {
            throw null;
        }
        List<RRSIGRecord> sigs = y70Var.sigs();
        if (!sigs.isEmpty()) {
            r70 r70Var2 = new r70(SecurityStatus.BOGUS, 10, R.get("validate.bogus.missingsig", new Object[0]));
            Iterator<RRSIGRecord> it = sigs.iterator();
            r70Var = r70Var2;
            while (true) {
                if (!it.hasNext()) {
                    p70.a.info("RRset failed to verify: all signatures were BOGUS");
                    break;
                }
                RRSIGRecord next = it.next();
                if (y70Var.getName().subdomain(y70Var2.getName())) {
                    if (next.getSigner().equals(y70Var2.getName())) {
                        int footprint = next.getFootprint();
                        int algorithm = next.getAlgorithm();
                        ArrayList arrayList = new ArrayList(y70Var2.size());
                        Iterator<Record> it2 = y70Var2.rrs().iterator();
                        while (it2.hasNext()) {
                            DNSKEYRecord dNSKEYRecord = (DNSKEYRecord) it2.next();
                            if (dNSKEYRecord.getAlgorithm() == algorithm && dNSKEYRecord.getFootprint() == footprint) {
                                arrayList.add(dNSKEYRecord);
                            }
                        }
                        list = arrayList;
                    } else {
                        p70.a.trace("Could not find appropriate key because incorrect keyset was supplied. Wanted: {}, got: {}", next.getSigner(), y70Var2.getName());
                        list = Collections.emptyList();
                    }
                    if (list.isEmpty()) {
                        p70.a.trace("Could not find appropriate key");
                        r70Var = new r70(SecurityStatus.BOGUS, 9, R.get("dnskey.no_key", next.getSigner()));
                    } else {
                        Iterator it3 = list.iterator();
                        if (it3.hasNext()) {
                            try {
                                DNSSEC.verify(y70Var, next, (DNSKEYRecord) it3.next(), instant);
                                m(y70Var, next);
                                r70Var = new r70(SecurityStatus.SECURE, -1, null);
                            } catch (DNSSEC.KeyMismatchException unused) {
                                r70Var = new r70(SecurityStatus.BOGUS, 6, R.get("dnskey.no_match", new Object[0]));
                            } catch (DNSSEC.SignatureExpiredException unused2) {
                                r70Var = new r70(SecurityStatus.BOGUS, 7, R.get("dnskey.expired", new Object[0]));
                            } catch (DNSSEC.SignatureNotYetValidException unused3) {
                                r70Var = new r70(SecurityStatus.BOGUS, 8, R.get("dnskey.not_yet_valid", new Object[0]));
                            } catch (DNSSEC.DNSSECException e) {
                                p70.a.error("Failed to validate RRset {}/{}", y70Var.getName(), Type.string(y70Var.getType()), e);
                                r70Var = new r70(SecurityStatus.BOGUS, 6, R.get("dnskey.invalid", new Object[0]));
                            }
                        } else {
                            r70Var = new r70(SecurityStatus.UNCHECKED, -1, null);
                        }
                    }
                } else {
                    p70.a.debug("Signer name is off-tree");
                    r70Var = new r70(SecurityStatus.BOGUS, 6, R.get("dnskey.key_offtree", y70Var2.getName(), y70Var.getName()));
                }
                if (r70Var.a == SecurityStatus.SECURE) {
                    break;
                }
            }
        } else {
            p70.a.info("RRset failed to verify due to lack of signatures");
            r70Var = new r70(SecurityStatus.BOGUS, 10, R.get("validate.bogus.missingsig", new Object[0]));
        }
        y70Var.e = r70Var.a;
        return r70Var;
    }
}
