package de.measite.minidns.dnssec;

import de.measite.minidns.AbstractDNSClient;
import de.measite.minidns.DNSMessage;
import de.measite.minidns.DNSName;
import de.measite.minidns.Record;
import de.measite.minidns.dnssec.f;
import de.measite.minidns.i;
import de.measite.minidns.iterative.ReliableDNSClient;
import de.measite.minidns.record.p;
import java.io.IOException;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: classes2.dex */
public class b extends ReliableDNSClient {
    private static final BigInteger k = new BigInteger("03010001a80020a95566ba42e886bb804cda84e47ef56dbd7aec612615552cec906d2116d0ef207028c51554144dfeafe7c7cb8f005dd18234133ac0710a81182ce1fd14ad2283bc83435f9df2f6313251931a176df0da51e54f42e604860dfb359580250f559cc543c4ffd51cbe3de8cfd06719237f9fc47ee729da06835fa452e825e9a18ebc2ecbcf563474652c33cf56a9033bcdf5d973121797ec8089041b6e03a1b72d0a735b984e03687309332324f27c2dba85e9db15e83a0143382e974b0621c18e625ecec907577d9e7bade95241a81ebbe8a901d4d3276e40b114c0a2e6fc38d19c2e6aab02644b2813f575fc21601e0dee49cd9ee96a43103e524d62873d", 16);
    private static final DNSName l = DNSName.from("dlv.isc.org");
    private h m;
    private final Map<DNSName, byte[]> n;
    private boolean o;
    private DNSName p;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public class a {

        /* renamed from: a, reason: collision with root package name */
        boolean f15737a;

        /* renamed from: b, reason: collision with root package name */
        boolean f15738b;

        /* renamed from: c, reason: collision with root package name */
        Set<f> f15739c;

        private a() {
            this.f15737a = false;
            this.f15738b = false;
            this.f15739c = new HashSet();
        }

        /* synthetic */ a(b bVar, de.measite.minidns.dnssec.a aVar) {
            this();
        }
    }

    public b() {
        this(AbstractDNSClient.f15611a);
    }

    public b(de.measite.minidns.b bVar) {
        super(bVar);
        this.m = new h();
        this.n = new ConcurrentHashMap();
        this.o = true;
        a(DNSName.EMPTY, k.toByteArray());
    }

    /* JADX WARN: Multi-variable type inference failed */
    private a a(i iVar, Collection<Record<? extends de.measite.minidns.record.g>> collection, List<Record<? extends de.measite.minidns.record.g>> list) throws IOException {
        Date date = new Date();
        LinkedList linkedList = new LinkedList();
        a aVar = new a(this, null);
        ArrayList<Record> arrayList = new ArrayList(list.size());
        Iterator<Record<? extends de.measite.minidns.record.g>> it = list.iterator();
        while (it.hasNext()) {
            Record<E> a2 = it.next().a(p.class);
            if (a2 != 0) {
                p pVar = (p) a2.f15667f;
                if (pVar.i.compareTo(date) < 0 || pVar.j.compareTo(date) > 0) {
                    linkedList.add(pVar);
                } else {
                    arrayList.add(a2);
                }
            }
        }
        if (arrayList.isEmpty()) {
            if (linkedList.isEmpty()) {
                aVar.f15739c.add(new f.h(iVar));
            } else {
                aVar.f15739c.add(new f.e(iVar, linkedList));
            }
            return aVar;
        }
        for (Record record : arrayList) {
            p pVar2 = (p) record.f15667f;
            ArrayList arrayList2 = new ArrayList(collection.size());
            for (Record<? extends de.measite.minidns.record.g> record2 : collection) {
                if (record2.f15663b == pVar2.f15837d && record2.f15662a.equals(record.f15662a)) {
                    arrayList2.add(record2);
                }
            }
            aVar.f15739c.addAll(a(iVar, pVar2, arrayList2));
            if (iVar.f15775b.equals(pVar2.l) && pVar2.f15837d == Record.TYPE.DNSKEY) {
                Iterator<Record<? extends de.measite.minidns.record.g>> it2 = arrayList2.iterator();
                while (it2.hasNext()) {
                    de.measite.minidns.record.e eVar = (de.measite.minidns.record.e) it2.next().a(de.measite.minidns.record.e.class).f15667f;
                    it2.remove();
                    if (eVar.g() == pVar2.k) {
                        aVar.f15738b = true;
                    }
                }
                aVar.f15737a = true;
            }
            if (a(record.f15662a.ace, pVar2.l.ace)) {
                list.removeAll(arrayList2);
            } else {
                AbstractDNSClient.f15612b.finer("Records at " + ((Object) record.f15662a) + " are cross-signed with a key from " + ((Object) pVar2.l));
            }
            list.remove(record);
        }
        return aVar;
    }

    private c a(DNSMessage dNSMessage, Set<f> set) {
        List<Record<? extends de.measite.minidns.record.g>> list = dNSMessage.m;
        List<Record<? extends de.measite.minidns.record.g>> list2 = dNSMessage.n;
        List<Record<? extends de.measite.minidns.record.g>> list3 = dNSMessage.o;
        HashSet hashSet = new HashSet();
        Record.a(hashSet, p.class, list);
        Record.a(hashSet, p.class, list2);
        Record.a(hashSet, p.class, list3);
        DNSMessage.a a2 = dNSMessage.a();
        if (this.o) {
            a2.c(a(list));
            a2.d(a(list2));
            a2.b(a(list3));
        }
        return new c(a2, hashSet, set);
    }

    private static List<Record<? extends de.measite.minidns.record.g>> a(List<Record<? extends de.measite.minidns.record.g>> list) {
        if (list.isEmpty()) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (Record<? extends de.measite.minidns.record.g> record : list) {
            if (record.f15663b != Record.TYPE.RRSIG) {
                arrayList.add(record);
            }
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set<f> a(i iVar, Record<de.measite.minidns.record.e> record) throws IOException {
        Set<f> set;
        DNSName dNSName;
        c b2;
        de.measite.minidns.record.e eVar = record.f15667f;
        HashSet hashSet = new HashSet();
        Set<f> hashSet2 = new HashSet<>();
        if (this.n.containsKey(record.f15662a)) {
            if (eVar.a(this.n.get(record.f15662a))) {
                return hashSet;
            }
            hashSet.add(new f.c(record));
            return hashSet;
        }
        if (record.f15662a.isRootLabel()) {
            hashSet.add(new f.C0145f());
            return hashSet;
        }
        de.measite.minidns.record.f fVar = null;
        c b3 = b((CharSequence) record.f15662a, Record.TYPE.DS);
        if (b3 == null) {
            AbstractDNSClient.f15612b.fine("There is no DS record for " + ((Object) record.f15662a) + ", server gives no result");
        } else {
            hashSet.addAll(b3.o());
            Iterator<Record<? extends de.measite.minidns.record.g>> it = b3.m.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Record<E> a2 = it.next().a(de.measite.minidns.record.f.class);
                if (a2 != 0) {
                    de.measite.minidns.record.f fVar2 = (de.measite.minidns.record.f) a2.f15667f;
                    if (eVar.g() == fVar2.f15814d) {
                        hashSet2 = b3.o();
                        fVar = fVar2;
                        break;
                    }
                }
            }
            if (fVar == null) {
                AbstractDNSClient.f15612b.fine("There is no DS record for " + ((Object) record.f15662a) + ", server gives empty result");
            }
        }
        if (fVar == null && (dNSName = this.p) != null && !dNSName.isChildOf(record.f15662a) && (b2 = b((CharSequence) DNSName.from(record.f15662a, this.p), Record.TYPE.DLV)) != null) {
            hashSet.addAll(b2.o());
            Iterator<Record<? extends de.measite.minidns.record.g>> it2 = b2.m.iterator();
            while (it2.hasNext()) {
                Record<E> a3 = it2.next().a(de.measite.minidns.record.d.class);
                if (a3 != 0 && record.f15667f.g() == ((de.measite.minidns.record.d) a3.f15667f).f15814d) {
                    AbstractDNSClient.f15612b.fine("Found DLV for " + ((Object) record.f15662a) + ", awesome.");
                    fVar = (de.measite.minidns.record.f) a3.f15667f;
                    set = b2.o();
                    break;
                }
            }
        }
        set = hashSet2;
        if (fVar == null) {
            if (!hashSet.isEmpty()) {
                return hashSet;
            }
            hashSet.add(new f.i(record.f15662a.ace));
            return hashSet;
        }
        f a4 = this.m.a(record, fVar);
        if (a4 == null) {
            return set;
        }
        hashSet.add(a4);
        return hashSet;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set<f> a(i iVar, p pVar, List<Record<? extends de.measite.minidns.record.g>> list) throws IOException {
        HashSet hashSet = new HashSet();
        de.measite.minidns.record.e eVar = null;
        if (pVar.f15837d == Record.TYPE.DNSKEY) {
            Iterator<Record<? extends de.measite.minidns.record.g>> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Record<E> a2 = it.next().a(de.measite.minidns.record.e.class);
                if (a2 != 0 && ((de.measite.minidns.record.e) a2.f15667f).g() == pVar.k) {
                    eVar = (de.measite.minidns.record.e) a2.f15667f;
                    break;
                }
            }
        } else {
            if (iVar.f15776c == Record.TYPE.DS && pVar.l.equals(iVar.f15775b)) {
                hashSet.add(new f.i(iVar.f15775b.ace));
                return hashSet;
            }
            c b2 = b((CharSequence) pVar.l, Record.TYPE.DNSKEY);
            if (b2 == null) {
                throw new DNSSECValidationFailedException(iVar, "There is no DNSKEY " + ((Object) pVar.l) + ", but it is used");
            }
            hashSet.addAll(b2.o());
            Iterator<Record<? extends de.measite.minidns.record.g>> it2 = b2.m.iterator();
            while (it2.hasNext()) {
                Record<E> a3 = it2.next().a(de.measite.minidns.record.e.class);
                if (a3 != 0 && ((de.measite.minidns.record.e) a3.f15667f).g() == pVar.k) {
                    eVar = (de.measite.minidns.record.e) a3.f15667f;
                }
            }
        }
        if (eVar != null) {
            f a4 = this.m.a(list, pVar, eVar);
            if (a4 != null) {
                hashSet.add(a4);
            }
            return hashSet;
        }
        throw new DNSSECValidationFailedException(iVar, list.size() + " " + pVar.f15837d + " record(s) are signed using an unknown key.");
    }

    private static boolean a(String str, String str2) {
        if (str.equals(str2) || str2.isEmpty()) {
            return true;
        }
        String[] split = str.split("\\.");
        String[] split2 = str2.split("\\.");
        if (split2.length > split.length) {
            return false;
        }
        for (int i = 1; i <= split2.length; i++) {
            if (!split2[split2.length - i].equals(split[split.length - i])) {
                return false;
            }
        }
        return true;
    }

    private c b(i iVar, DNSMessage dNSMessage) throws IOException {
        if (dNSMessage == null) {
            return null;
        }
        if (dNSMessage.j) {
            dNSMessage = dNSMessage.a().a(false).a();
        }
        return a(dNSMessage, b(dNSMessage));
    }

    private Set<f> b(DNSMessage dNSMessage) throws IOException {
        return !dNSMessage.m.isEmpty() ? c(dNSMessage) : d(dNSMessage);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set<f> c(DNSMessage dNSMessage) throws IOException {
        boolean z = false;
        i iVar = dNSMessage.l.get(0);
        List<Record<? extends de.measite.minidns.record.g>> list = dNSMessage.m;
        List<Record<? extends de.measite.minidns.record.g>> f2 = dNSMessage.f();
        a a2 = a(iVar, list, f2);
        Set<f> set = a2.f15739c;
        if (!set.isEmpty()) {
            return set;
        }
        HashSet hashSet = new HashSet();
        Iterator<Record<? extends de.measite.minidns.record.g>> it = f2.iterator();
        while (it.hasNext()) {
            Record<E> a3 = it.next().a(de.measite.minidns.record.e.class);
            if (a3 != 0) {
                Set<f> a4 = a(iVar, (Record<de.measite.minidns.record.e>) a3);
                if (a4.isEmpty()) {
                    z = true;
                } else {
                    hashSet.addAll(a4);
                }
                if (!a2.f15738b) {
                    AbstractDNSClient.f15612b.finer("SEP key is not self-signed.");
                }
                it.remove();
            }
        }
        if (a2.f15738b && !z) {
            set.addAll(hashSet);
        }
        if (a2.f15737a && !a2.f15738b) {
            set.add(new f.g(iVar.f15775b.ace));
        }
        if (!f2.isEmpty()) {
            if (f2.size() != list.size()) {
                throw new DNSSECValidationFailedException(iVar, "Only some records are signed!");
            }
            set.add(new f.h(iVar));
        }
        return set;
    }

    private Set<f> d(DNSMessage dNSMessage) throws IOException {
        f a2;
        HashSet hashSet = new HashSet();
        boolean z = false;
        i iVar = dNSMessage.l.get(0);
        List<Record<? extends de.measite.minidns.record.g>> list = dNSMessage.n;
        DNSName dNSName = null;
        for (Record<? extends de.measite.minidns.record.g> record : list) {
            if (record.f15663b == Record.TYPE.SOA) {
                dNSName = record.f15662a;
            }
        }
        if (dNSName == null) {
            throw new DNSSECValidationFailedException(iVar, "NSECs must always match to a SOA");
        }
        boolean z2 = false;
        for (Record<? extends de.measite.minidns.record.g> record2 : list) {
            int i = de.measite.minidns.dnssec.a.f15721a[record2.f15663b.ordinal()];
            if (i == 1) {
                a2 = this.m.a(record2, iVar);
            } else if (i == 2) {
                a2 = this.m.a(dNSName, record2, iVar);
            }
            if (a2 != null) {
                hashSet.add(a2);
            } else {
                z2 = true;
            }
            z = true;
        }
        if (z && !z2) {
            throw new DNSSECValidationFailedException(iVar, "Invalid NSEC!");
        }
        List<Record<? extends de.measite.minidns.record.g>> g2 = dNSMessage.g();
        a a3 = a(iVar, list, g2);
        if (z2 && a3.f15739c.isEmpty()) {
            hashSet.clear();
        } else {
            hashSet.addAll(a3.f15739c);
        }
        if (g2.isEmpty() || g2.size() == list.size()) {
            return hashSet;
        }
        throw new DNSSECValidationFailedException(iVar, "Only some nameserver records are signed!");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.measite.minidns.iterative.ReliableDNSClient, de.measite.minidns.AbstractDNSClient
    public DNSMessage.a a(DNSMessage.a aVar) {
        aVar.d().a(this.f15617g.b()).b();
        aVar.d(true);
        super.a(aVar);
        return aVar;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.measite.minidns.iterative.ReliableDNSClient
    public String a(DNSMessage dNSMessage) {
        return !dNSMessage.l() ? "DNSSEC OK (DO) flag not set in response" : !dNSMessage.k ? "CHECKING DISABLED (CD) flag not set in response" : super.a(dNSMessage);
    }

    public void a(DNSName dNSName, byte[] bArr) {
        this.n.put(dNSName, bArr);
    }

    public void a(boolean z) {
        this.o = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.measite.minidns.iterative.ReliableDNSClient, de.measite.minidns.AbstractDNSClient
    public boolean a(i iVar, DNSMessage dNSMessage) {
        return super.a(iVar, dNSMessage);
    }

    public c b(CharSequence charSequence, Record.TYPE type) throws IOException {
        i iVar = new i(charSequence, type, Record.CLASS.IN);
        return b(iVar, super.c(iVar));
    }

    @Override // de.measite.minidns.AbstractDNSClient
    public DNSMessage c(i iVar) throws IOException {
        return d(iVar);
    }

    public void c() {
        this.n.clear();
    }

    public c d(i iVar) throws IOException {
        return b(iVar, super.c(iVar));
    }

    public void d() {
        f(null);
    }

    public void e() {
        f(l);
    }

    public void f(DNSName dNSName) {
        this.p = dNSName;
    }

    public boolean f() {
        return this.o;
    }

    public void g(DNSName dNSName) {
        this.n.remove(dNSName);
    }
}
