package de.measite.minidns.dnssec;

import cn.com.jit.pnxclient.constant.PNXConfigConstant;
import de.measite.minidns.DNSName;
import de.measite.minidns.Record;
import de.measite.minidns.dnssec.e;
import de.measite.minidns.record.NSEC3;
import de.measite.minidns.record.g;
import de.measite.minidns.record.l;
import de.measite.minidns.record.p;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: Verifier.java */
/* loaded from: classes3.dex */
public class f {

    /* renamed from: a, reason: collision with root package name */
    private de.measite.minidns.dnssec.g.a f16135a = de.measite.minidns.dnssec.g.a.f16137a;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: Verifier.java */
    /* loaded from: classes3.dex */
    public static class a implements Comparator<byte[]> {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ int f16136a;

        a(int i) {
            this.f16136a = i;
        }

        @Override // java.util.Comparator
        public int compare(byte[] bArr, byte[] bArr2) {
            int length;
            int length2;
            for (int i = this.f16136a; i < bArr.length && i < bArr2.length; i++) {
                if (bArr[i] != bArr2[i]) {
                    length = bArr[i] & 255;
                    length2 = bArr2[i] & 255;
                    break;
                }
            }
            length = bArr.length;
            length2 = bArr2.length;
            return length - length2;
        }
    }

    static byte[] a(p pVar, List<Record<? extends g>> list) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        try {
            pVar.writePartialSignature(dataOutputStream);
            DNSName dNSName = list.get(0).f16089a;
            if (!dNSName.isRootLabel()) {
                if (dNSName.getLabelCount() < pVar.f) {
                    throw new DNSSECValidationFailedException("Invalid RRsig record");
                }
                if (dNSName.getLabelCount() > pVar.f) {
                    dNSName = DNSName.from("*." + ((Object) dNSName.stripToLabels(pVar.f)));
                }
            }
            DNSName dNSName2 = dNSName;
            ArrayList arrayList = new ArrayList();
            for (Record<? extends g> record : list) {
                arrayList.add(new Record(dNSName2, record.f16090b, record.d, pVar.g, record.f).toByteArray());
            }
            Collections.sort(arrayList, new a(dNSName2.size() + 10));
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                dataOutputStream.write((byte[]) it.next());
            }
            dataOutputStream.flush();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    static byte[] b(c cVar, byte[] bArr, byte[] bArr2, int i) {
        while (true) {
            int i2 = i - 1;
            if (i < 0) {
                return bArr2;
            }
            byte[] bArr3 = new byte[bArr2.length + bArr.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(bArr, 0, bArr3, bArr2.length, bArr.length);
            bArr2 = cVar.digest(bArr3);
            i = i2;
        }
    }

    static boolean c(DNSName dNSName, DNSName dNSName2, DNSName dNSName3) {
        int labelCount = dNSName2.getLabelCount();
        int labelCount2 = dNSName3.getLabelCount();
        int labelCount3 = dNSName.getLabelCount();
        if (labelCount3 > labelCount && !dNSName.isChildOf(dNSName2) && dNSName.stripToLabels(labelCount).compareTo(dNSName2) < 0) {
            return false;
        }
        if (labelCount3 <= labelCount && dNSName.compareTo(dNSName2.stripToLabels(labelCount3)) < 0) {
            return false;
        }
        if (labelCount3 <= labelCount2 || dNSName.isChildOf(dNSName3) || dNSName.stripToLabels(labelCount2).compareTo(dNSName3) <= 0) {
            return labelCount3 > labelCount2 || dNSName.compareTo(dNSName3.stripToLabels(labelCount3)) < 0;
        }
        return false;
    }

    static boolean d(String str, String str2, String str3) {
        return c(DNSName.from(str), DNSName.from(str2), DNSName.from(str3));
    }

    public e verify(Record<de.measite.minidns.record.e> record, de.measite.minidns.record.f fVar) {
        de.measite.minidns.record.e eVar = record.f;
        c dsDigestCalculator = this.f16135a.getDsDigestCalculator(fVar.f);
        if (dsDigestCalculator == null) {
            return new e.b(fVar.g, "DS", record);
        }
        byte[] byteArray = eVar.toByteArray();
        byte[] bytes = record.f16089a.getBytes();
        byte[] bArr = new byte[bytes.length + byteArray.length];
        System.arraycopy(bytes, 0, bArr, 0, bytes.length);
        System.arraycopy(byteArray, 0, bArr, bytes.length, byteArray.length);
        try {
            if (fVar.digestEquals(dsDigestCalculator.digest(bArr))) {
                return null;
            }
            throw new DNSSECValidationFailedException(record, "SEP is not properly signed by parent DS!");
        } catch (Exception e) {
            return new e.a(fVar.f, "DS", record, e);
        }
    }

    public e verify(List<Record<? extends g>> list, p pVar, de.measite.minidns.record.e eVar) {
        d signatureVerifier = this.f16135a.getSignatureVerifier(pVar.d);
        if (signatureVerifier == null) {
            return new e.b(pVar.e, "RRSIG", list.get(0));
        }
        if (signatureVerifier.verify(a(pVar, list), pVar.l, eVar.getKey())) {
            return null;
        }
        throw new DNSSECValidationFailedException(list, "Signature is invalid.");
    }

    public e verifyNsec(Record<? extends g> record, de.measite.minidns.c cVar) {
        l lVar = (l) record.f;
        if ((!record.f16089a.equals(cVar.f16101a) || Arrays.asList(lVar.e).contains(cVar.f16102b)) && !c(cVar.f16101a, record.f16089a, lVar.f16179c)) {
            return new e.d(cVar, record);
        }
        return null;
    }

    public e verifyNsec3(DNSName dNSName, Record<? extends g> record, de.measite.minidns.c cVar) {
        NSEC3 nsec3 = (NSEC3) record.f;
        c nsecDigestCalculator = this.f16135a.getNsecDigestCalculator(nsec3.d);
        if (nsecDigestCalculator == null) {
            return new e.b(nsec3.e, "NSEC3", record);
        }
        String encodeToString = de.measite.minidns.util.a.encodeToString(b(nsecDigestCalculator, nsec3.h, cVar.f16101a.getBytes(), nsec3.g));
        if (!record.f16089a.equals(DNSName.from(encodeToString + PNXConfigConstant.IP_SEPARATOR + ((Object) dNSName)))) {
            if (d(encodeToString, record.f16089a.getHostpart(), de.measite.minidns.util.a.encodeToString(nsec3.i))) {
                return null;
            }
            return new e.d(cVar, record);
        }
        for (Record.TYPE type : nsec3.k) {
            if (type.equals(cVar.f16102b)) {
                return new e.d(cVar, record);
            }
        }
        return null;
    }

    public e verifyNsec3(CharSequence charSequence, Record<? extends g> record, de.measite.minidns.c cVar) {
        return verifyNsec3(DNSName.from(charSequence), record, cVar);
    }
}
