package org.xbill.DNS.dnssec;

import com.google.android.gms.internal.common.AJMx.ttNj;
import defpackage.dk;
import defpackage.fk;
import defpackage.ix;
import defpackage.ny;
import defpackage.ow;
import defpackage.zc;
import java.security.Security;
import java.time.Instant;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import kotlin.io.sue.xCClfkhIxReV;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import org.xbill.DNS.DClass;
import org.xbill.DNS.DNSKEYRecord;
import org.xbill.DNS.DSRecord;
import org.xbill.DNS.Message;
import org.xbill.DNS.NSECRecord;
import org.xbill.DNS.Name;
import org.xbill.DNS.NameTooLongException;
import org.xbill.DNS.RRSIGRecord;
import org.xbill.DNS.RRset;
import org.xbill.DNS.Record;
import org.xbill.DNS.Type;

/* loaded from: classes2.dex */
public final class ValUtils {

    @Generated
    public static final Logger h = LoggerFactory.getLogger((Class<?>) ValUtils.class);
    public static final Name i = Name.fromConstantString(Marker.ANY_MARKER);
    public boolean e;
    public boolean f;
    public boolean g;
    public int[] b = null;
    public Properties c = null;
    public boolean d = true;
    public final zc a = new zc();

    /* loaded from: classes.dex */
    public static class NsecProvesNodataResponse {
        public boolean a;
        public Name b;
    }

    /* loaded from: classes.dex */
    public static /* synthetic */ class a {
        public static final /* synthetic */ int[] a;

        static {
            int[] iArr = new int[SecurityStatus.values().length];
            a = iArr;
            try {
                iArr[SecurityStatus.SECURE.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                a[SecurityStatus.BOGUS.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                a[SecurityStatus.INSECURE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    public ValUtils() {
        this.e = Security.getProviders("MessageDigest.GOST3411") != null;
        this.f = Security.getProviders("KeyFactory.Ed25519") != null;
        this.g = Security.getProviders("KeyFactory.Ed448") != null;
    }

    public static ow c(Message message, ix ixVar) {
        if (ixVar.k() == 3 && ixVar.f(1) == 0) {
            return ow.NAMEERROR;
        }
        boolean z = false;
        if (!message.getHeader().getFlag(7) && ixVar.f(1) == 0 && ixVar.k() != 0) {
            for (ny nyVar : ixVar.l(2)) {
                if (nyVar.getType() == 6) {
                    return ow.NODATA;
                }
                if (nyVar.getType() == 43) {
                    return ow.REFERRAL;
                }
                if (nyVar.getType() == 2) {
                    z = true;
                }
            }
            return z ? ow.REFERRAL : ow.NODATA;
        }
        if (ixVar.l(2).isEmpty() && ixVar.l(1).size() == 1 && ixVar.k() == 0 && ixVar.l(1).get(0).getType() == 2 && !ixVar.l(1).get(0).getName().equals(message.getQuestion().getName())) {
            return ow.REFERRAL;
        }
        if (ixVar.k() != 0 && ixVar.k() != 3) {
            return ow.UNKNOWN;
        }
        if (ixVar.k() == 0 && ixVar.f(1) == 0) {
            return ow.NODATA;
        }
        int type = ixVar.j().getType();
        if (type == 255) {
            return ow.ANY;
        }
        for (ny nyVar2 : ixVar.l(1)) {
            if (nyVar2.getType() == type) {
                return ow.POSITIVE;
            }
            if (nyVar2.getType() == 5 || nyVar2.getType() == 39) {
                if (type == 43) {
                    return ow.CNAME;
                }
                z = true;
            }
        }
        if (z) {
            return ixVar.k() == 3 ? ow.CNAME_NAMEERROR : ow.CNAME_NODATA;
        }
        h.warn("Failed to classify response message:\n{}", ixVar);
        return ow.UNKNOWN;
    }

    public static Name d(Name name, Name name2, Name name3) {
        Name k = k(name, name2);
        Name k2 = k(name, name3);
        return k.labels() > k2.labels() ? k : k2;
    }

    public static Name k(Name name, Name name2) {
        int min = Math.min(name.labels(), name2.labels());
        Name name3 = new Name(name, name.labels() - min);
        Name name4 = new Name(name2, name2.labels() - min);
        for (int i2 = 0; i2 < min - 1; i2++) {
            Name name5 = new Name(name3, i2);
            if (name5.equals(new Name(name4, i2))) {
                return name5;
            }
        }
        return Name.root;
    }

    public static boolean l(ny nyVar, NSECRecord nSECRecord, Name name) {
        Name name2 = nyVar.getName();
        Name next = nSECRecord.getNext();
        if (name.equals(name2) || !next.subdomain(nyVar.h())) {
            return false;
        }
        if (name.subdomain(name2)) {
            if (nSECRecord.hasType(39)) {
                return false;
            }
            if (nSECRecord.hasType(2) && !nSECRecord.hasType(6)) {
                return false;
            }
        }
        return name2.equals(next) ? u(name, next) : name2.compareTo(next) > 0 ? name2.compareTo(name) < 0 && u(name, next) : name2.compareTo(name) < 0 && name.compareTo(next) < 0;
    }

    public static SecurityStatus m(NSECRecord nSECRecord, Name name) {
        return ((!nSECRecord.hasType(6) || Name.root.equals(name)) && !nSECRecord.hasType(43)) ? !nSECRecord.hasType(2) ? SecurityStatus.INSECURE : SecurityStatus.SECURE : SecurityStatus.BOGUS;
    }

    public static boolean n(ny nyVar, NSECRecord nSECRecord, Name name) {
        int labels = name.labels() - d(name, nyVar.getName(), nSECRecord.getNext()).labels();
        if (labels > 0) {
            return l(nyVar, nSECRecord, name.wild(labels));
        }
        return false;
    }

    public static NsecProvesNodataResponse o(ny nyVar, NSECRecord nSECRecord, Name name, int i2) {
        NsecProvesNodataResponse nsecProvesNodataResponse = new NsecProvesNodataResponse();
        if (nyVar.getName().equals(name)) {
            if (nSECRecord.hasType(i2)) {
                h.debug("NSEC proofed that {} exists", Type.string(i2));
                nsecProvesNodataResponse.a = false;
                return nsecProvesNodataResponse;
            }
            if (nSECRecord.hasType(5)) {
                h.debug("NSEC proofed CNAME");
                nsecProvesNodataResponse.a = false;
                return nsecProvesNodataResponse;
            }
            if (i2 != 43 && nSECRecord.hasType(2) && !nSECRecord.hasType(6)) {
                h.debug("NSEC proofed missing referral");
                nsecProvesNodataResponse.a = false;
                return nsecProvesNodataResponse;
            }
            if (i2 != 43 || !nSECRecord.hasType(6) || Name.root.equals(name)) {
                nsecProvesNodataResponse.a = true;
                return nsecProvesNodataResponse;
            }
            h.debug(xCClfkhIxReV.OdsqtWJKCV);
            nsecProvesNodataResponse.a = false;
            return nsecProvesNodataResponse;
        }
        if (u(nSECRecord.getNext(), name) && nyVar.getName().compareTo(name) < 0) {
            nsecProvesNodataResponse.a = true;
            return nsecProvesNodataResponse;
        }
        if (!nyVar.getName().isWild()) {
            nsecProvesNodataResponse.a = false;
            return nsecProvesNodataResponse;
        }
        Name name2 = new Name(nyVar.getName(), 1);
        if (u(name, name2)) {
            if (nSECRecord.hasType(5)) {
                h.debug("NSEC proofed wildcard CNAME");
                nsecProvesNodataResponse.a = false;
                return nsecProvesNodataResponse;
            }
            if (nSECRecord.hasType(2) && !nSECRecord.hasType(6)) {
                h.debug("Wrong parent (wildcard) NSEC used");
                nsecProvesNodataResponse.a = false;
                return nsecProvesNodataResponse;
            }
            if (nSECRecord.hasType(i2)) {
                h.debug("NSEC proofed that {} exists", Type.string(i2));
                nsecProvesNodataResponse.a = false;
                return nsecProvesNodataResponse;
            }
        }
        nsecProvesNodataResponse.b = name2;
        nsecProvesNodataResponse.a = true;
        return nsecProvesNodataResponse;
    }

    public static Name q(Name name, ny nyVar, NSECRecord nSECRecord) throws NameTooLongException {
        return Name.concatenate(i, d(name, nyVar.getName(), nSECRecord.getNext()));
    }

    public static Name s(RRset rRset) {
        List<RRSIGRecord> sigs = rRset.sigs();
        RRSIGRecord rRSIGRecord = sigs.get(0);
        for (int i2 = 1; i2 < sigs.size(); i2++) {
            if (sigs.get(i2).getLabels() != rRSIGRecord.getLabels()) {
                throw new IllegalArgumentException("failed.wildcard.label_count_mismatch");
            }
        }
        Name name = rRset.getName();
        if (rRset.getName().isWild()) {
            name = new Name(name, 1);
        }
        int labels = (name.labels() - 1) - rRSIGRecord.getLabels();
        if (labels > 0) {
            return name.wild(labels);
        }
        return null;
    }

    public static void t(ny nyVar, RRSIGRecord rRSIGRecord) {
        if (nyVar.getType() != 47) {
            return;
        }
        Record first = nyVar.first();
        int labels = first.getName().labels() - 1;
        if (first.getName().isWild()) {
            labels--;
        }
        if (rRSIGRecord.getLabels() == labels) {
            nyVar.i(first.getName());
        } else {
            if (rRSIGRecord.getLabels() >= labels) {
                throw new IllegalArgumentException("invalid nsec record");
            }
            nyVar.i(first.getName().wild(rRSIGRecord.getSigner().labels() - rRSIGRecord.getLabels()));
        }
    }

    public static boolean u(Name name, Name name2) {
        if (name.labels() <= name2.labels()) {
            return false;
        }
        return new Name(name, name.labels() - name2.labels()).equals(name2);
    }

    public boolean a(RRset rRset) {
        Iterator<Record> it = rRset.rrs().iterator();
        while (it.hasNext()) {
            if (j(((DSRecord) it.next()).getDigestID())) {
                return true;
            }
        }
        return false;
    }

    public boolean b(RRset rRset) {
        Iterator<Record> it = rRset.rrs().iterator();
        while (it.hasNext()) {
            if (i(((DSRecord) it.next()).getAlgorithm())) {
                return true;
            }
        }
        return false;
    }

    public int e(ny nyVar) {
        int[] iArr = this.b;
        int i2 = 0;
        if (iArr == null) {
            Iterator<Record> it = nyVar.rrs().iterator();
            while (it.hasNext()) {
                DSRecord dSRecord = (DSRecord) it.next();
                if (dSRecord.getDigestID() > i2 && j(dSRecord.getDigestID()) && i(dSRecord.getAlgorithm())) {
                    i2 = dSRecord.getDigestID();
                }
            }
            return i2;
        }
        for (int i3 : iArr) {
            Iterator<Record> it2 = nyVar.rrs().iterator();
            while (it2.hasNext()) {
                DSRecord dSRecord2 = (DSRecord) it2.next();
                if (dSRecord2.getDigestID() == i3) {
                    return dSRecord2.getDigestID();
                }
            }
        }
        return 0;
    }

    public final fk f(ny nyVar, Instant instant, DSRecord dSRecord, DNSKEYRecord dNSKEYRecord) {
        byte[] digest = new DSRecord(Name.root, dSRecord.getDClass(), 0L, dSRecord.getDigestID(), dNSKEYRecord).getDigest();
        byte[] digest2 = dSRecord.getDigest();
        if (digest.length != digest2.length) {
            fk n = fk.n(dSRecord.getName(), dSRecord.getDClass(), dSRecord.getTTL());
            n.q(6, R.get("dnskey.invalid", new Object[0]));
            return n;
        }
        for (int i2 = 0; i2 < digest.length; i2++) {
            if (digest[i2] != digest2[i2]) {
                fk n2 = fk.n(dSRecord.getName(), dSRecord.getDClass(), dSRecord.getTTL());
                n2.q(6, R.get("dnskey.invalid", new Object[0]));
                return n2;
            }
        }
        dk c = this.a.c(nyVar, dNSKEYRecord, instant);
        int i3 = a.a[c.a.ordinal()];
        if (i3 == 1) {
            nyVar.j(SecurityStatus.SECURE);
            return fk.o(nyVar);
        }
        if (i3 != 2) {
            throw new IllegalStateException("Unexpected security status");
        }
        fk n3 = fk.n(dSRecord.getName(), dSRecord.getDClass(), dSRecord.getTTL());
        n3.q(c.b, c.c);
        return n3;
    }

    public boolean g(ix ixVar) {
        for (ny nyVar : ixVar.l(2)) {
            if (nyVar.getType() == 47 || nyVar.getType() == 50) {
                if (!nyVar.sigs().isEmpty()) {
                    return true;
                }
            }
        }
        return false;
    }

    public void h(Properties properties) {
        this.e = Security.getProviders("MessageDigest.GOST3411") != null;
        this.f = Security.getProviders("KeyFactory.Ed25519") != null;
        this.g = Security.getProviders("KeyFactory.Ed448") != null;
        this.c = properties;
        String property = properties.getProperty("dnsjava.dnssec.digest_preference");
        if (property != null) {
            String[] split = property.split(",");
            this.b = new int[split.length];
            for (int i2 = 0; i2 < split.length; i2++) {
                this.b[i2] = Integer.parseInt(split[i2]);
                if (!j(this.b[i2])) {
                    throw new IllegalArgumentException("Unsupported or disabled digest ID in digest preferences");
                }
            }
        }
        this.d = Boolean.parseBoolean(properties.getProperty("dnsjava.dnssec.harden_algo_downgrade"));
    }

    public boolean i(int i2) {
        String str = "dnsjava.dnssec.algorithm." + i2;
        switch (i2) {
            case 3:
            case 6:
                Properties properties = this.c;
                if (properties == null) {
                    return false;
                }
                return Boolean.parseBoolean(properties.getProperty(str, Boolean.FALSE.toString()));
            case 4:
            case 9:
            case 11:
            default:
                return false;
            case 5:
            case 7:
            case 8:
            case 10:
            case 13:
            case 14:
                return r(str, true);
            case 12:
                return r(str, this.e);
            case 15:
                return r(str, this.f);
            case 16:
                return r(str, this.g);
        }
    }

    public boolean j(int i2) {
        String str = "dnsjava.dnssec.digest." + i2;
        if (i2 != 1 && i2 != 2) {
            if (i2 == 3) {
                return r(str, this.e);
            }
            if (i2 != 4) {
                return false;
            }
        }
        Properties properties = this.c;
        if (properties == null) {
            return true;
        }
        return Boolean.parseBoolean(properties.getProperty(str, Boolean.TRUE.toString()));
    }

    public dk p(Message message, ix ixVar, ny nyVar, Instant instant) {
        Name name = message.getQuestion().getName();
        ny d = ixVar.d(name, 47, message.getQuestion().getDClass(), 2);
        if (d != null) {
            dk w = w(d, nyVar, instant);
            if (w.a != SecurityStatus.SECURE) {
                return new dk(SecurityStatus.BOGUS, 6, R.get("failed.ds.nsec", w.c));
            }
            SecurityStatus m = m((NSECRecord) d.first(), name);
            int i2 = a.a[m.ordinal()];
            return i2 != 1 ? i2 != 3 ? new dk(m, 6, R.get("failed.ds.nsec.hasdata", new Object[0])) : new dk(m, -1, R.get("failed.ds.nodelegation", new Object[0])) : new dk(m, -1, R.get("insecure.ds.nsec", new Object[0]));
        }
        NsecProvesNodataResponse nsecProvesNodataResponse = new NsecProvesNodataResponse();
        Name name2 = null;
        NSECRecord nSECRecord = null;
        boolean z = false;
        for (ny nyVar2 : ixVar.m(2, 47)) {
            dk w2 = w(nyVar2, nyVar, instant);
            SecurityStatus securityStatus = w2.a;
            if (securityStatus != SecurityStatus.SECURE) {
                return new dk(securityStatus, w2.b, R.get("failed.ds.nsec.ent", new Object[0]));
            }
            NSECRecord nSECRecord2 = (NSECRecord) nyVar2.rrs().get(0);
            NsecProvesNodataResponse o = o(nyVar2, nSECRecord2, name, 43);
            if (o.a) {
                if (o.b == null || !nSECRecord2.getName().isWild()) {
                    z = true;
                } else {
                    z = true;
                    nSECRecord = nSECRecord2;
                }
            }
            if (l(nyVar2, nSECRecord2, name)) {
                name2 = d(name, nyVar2.getName(), nSECRecord2.getNext());
            }
            nsecProvesNodataResponse = o;
        }
        Name name3 = nsecProvesNodataResponse.b;
        if (name3 != null && (name2 == null || !name2.equals(name3))) {
            z = false;
        }
        return z ? nsecProvesNodataResponse.b != null ? new dk(m(nSECRecord, name), 12, R.get("failed.ds.nowildcardproof", new Object[0])) : new dk(SecurityStatus.INSECURE, -1, R.get("insecure.ds.nsec.ent", new Object[0])) : new dk(SecurityStatus.UNCHECKED, 5, R.get("failed.ds.nonconclusive", new Object[0]));
    }

    public final boolean r(String str, boolean z) {
        if (!z) {
            return false;
        }
        Properties properties = this.c;
        if (properties == null) {
            return true;
        }
        return Boolean.parseBoolean(properties.getProperty(str, Boolean.TRUE.toString()));
    }

    public fk v(ny nyVar, ny nyVar2, long j, Instant instant) {
        if (!a(nyVar2)) {
            fk p = fk.p(nyVar2.getName(), nyVar2.getDClass(), nyVar2.getTTL());
            p.q(2, R.get("failed.ds.nodigest", nyVar2.getName()));
            return p;
        }
        if (!b(nyVar2)) {
            fk p2 = fk.p(nyVar2.getName(), nyVar2.getDClass(), nyVar2.getTTL());
            p2.q(1, R.get("failed.ds.noalg", nyVar2.getName()));
            return p2;
        }
        int e = e(nyVar2);
        Iterator<Record> it = nyVar2.rrs().iterator();
        fk fkVar = null;
        while (it.hasNext()) {
            DSRecord dSRecord = (DSRecord) it.next();
            if (!this.d || dSRecord.getDigestID() == e) {
                Iterator<Record> it2 = nyVar.rrs().iterator();
                while (it2.hasNext()) {
                    DNSKEYRecord dNSKEYRecord = (DNSKEYRecord) it2.next();
                    if (dSRecord.getFootprint() == dNSKEYRecord.getFootprint() && dSRecord.getAlgorithm() == dNSKEYRecord.getAlgorithm()) {
                        fkVar = f(nyVar, instant, dSRecord, dNSKEYRecord);
                        if (fkVar.l()) {
                            return fkVar;
                        }
                    }
                }
            }
        }
        if (fkVar != null) {
            return fkVar;
        }
        fk n = fk.n(nyVar2.getName(), nyVar2.getDClass(), j);
        n.q(9, R.get(ttNj.KBJ, new Object[0]));
        return n;
    }

    public dk w(ny nyVar, ny nyVar2, Instant instant) {
        SecurityStatus g = nyVar.g();
        SecurityStatus securityStatus = SecurityStatus.SECURE;
        if (g == securityStatus) {
            h.trace("RRset <{}/{}/{}> previously found to be SECURE", nyVar.getName(), Type.string(nyVar.getType()), DClass.string(nyVar.getDClass()));
            return new dk(securityStatus, -1, null);
        }
        dk b = this.a.b(nyVar, nyVar2, instant);
        nyVar.j(b.a);
        return b;
    }
}
