package org.xbill.DNS;

import com.umeng.commonsdk.proguard.ap;
import java.util.Date;
import org.xbill.DNS.utils.HMAC;
import org.xbill.DNS.utils.base64;

/* loaded from: classes2.dex */
public class TSIG {
    public static final short FUDGE = 300;
    private Name a;
    private Name b;
    private String c;
    private int d;
    private byte[] e;
    public static final Name HMAC_MD5 = Name.fromConstantString("HMAC-MD5.SIG-ALG.REG.INT.");
    public static final Name HMAC = HMAC_MD5;
    public static final Name HMAC_SHA1 = Name.fromConstantString("hmac-sha1.");
    public static final Name HMAC_SHA224 = Name.fromConstantString("hmac-sha224.");
    public static final Name HMAC_SHA256 = Name.fromConstantString("hmac-sha256.");
    public static final Name HMAC_SHA384 = Name.fromConstantString("hmac-sha384.");
    public static final Name HMAC_SHA512 = Name.fromConstantString("hmac-sha512.");

    /* loaded from: classes2.dex */
    public static class StreamVerifier {
        private TSIG a;
        private HMAC b;
        private int c = 0;
        private int d;
        private TSIGRecord e;

        public StreamVerifier(TSIG tsig, TSIGRecord tSIGRecord) {
            this.a = tsig;
            this.b = new HMAC(TSIG.a(this.a), TSIG.b(this.a), TSIG.c(this.a));
            this.e = tSIGRecord;
        }

        public int verify(Message message, byte[] bArr) {
            TSIGRecord tsig = message.getTSIG();
            this.c++;
            if (this.c == 1) {
                int verify = this.a.verify(message, bArr, this.e);
                if (verify == 0) {
                    byte[] signature = tsig.getSignature();
                    DNSOutput dNSOutput = new DNSOutput();
                    dNSOutput.writeU16(signature.length);
                    this.b.update(dNSOutput.toByteArray());
                    this.b.update(signature);
                }
                this.e = tsig;
                return verify;
            }
            if (tsig != null) {
                message.getHeader().b(3);
            }
            byte[] wire = message.getHeader().toWire();
            if (tsig != null) {
                message.getHeader().a(3);
            }
            this.b.update(wire);
            this.b.update(bArr, wire.length, tsig == null ? bArr.length - wire.length : message.a - wire.length);
            if (tsig == null) {
                if (this.c - this.d >= 100) {
                    message.b = 4;
                    return 1;
                }
                message.b = 2;
                return 0;
            }
            this.d = this.c;
            this.e = tsig;
            if (!tsig.getName().equals(TSIG.d(this.a)) || !tsig.getAlgorithm().equals(TSIG.e(this.a))) {
                if (Options.check("verbose")) {
                    System.err.println("BADKEY failure");
                }
                message.b = 4;
                return 17;
            }
            DNSOutput dNSOutput2 = new DNSOutput();
            long time = tsig.getTimeSigned().getTime() / 1000;
            dNSOutput2.writeU16((int) (time >> 32));
            dNSOutput2.writeU32(time & 4294967295L);
            dNSOutput2.writeU16(tsig.getFudge());
            this.b.update(dNSOutput2.toByteArray());
            if (!this.b.verify(tsig.getSignature())) {
                if (Options.check("verbose")) {
                    System.err.println("BADSIG failure");
                }
                message.b = 4;
                return 16;
            }
            this.b.clear();
            DNSOutput dNSOutput3 = new DNSOutput();
            dNSOutput3.writeU16(tsig.getSignature().length);
            this.b.update(dNSOutput3.toByteArray());
            this.b.update(tsig.getSignature());
            message.b = 1;
            return 0;
        }
    }

    public TSIG(String str, String str2) {
        this(HMAC_MD5, str, str2);
    }

    public TSIG(String str, String str2, String str3) {
        this(HMAC_MD5, str2, str3);
        if (str.equalsIgnoreCase("hmac-md5")) {
            this.b = HMAC_MD5;
        } else if (str.equalsIgnoreCase("hmac-sha1")) {
            this.b = HMAC_SHA1;
        } else if (str.equalsIgnoreCase("hmac-sha224")) {
            this.b = HMAC_SHA224;
        } else if (str.equalsIgnoreCase("hmac-sha256")) {
            this.b = HMAC_SHA256;
        } else if (str.equalsIgnoreCase("hmac-sha384")) {
            this.b = HMAC_SHA384;
        } else {
            if (!str.equalsIgnoreCase("hmac-sha512")) {
                throw new IllegalArgumentException("Invalid TSIG algorithm");
            }
            this.b = HMAC_SHA512;
        }
        a();
    }

    public TSIG(Name name, String str, String str2) {
        this.e = base64.fromString(str2);
        if (this.e == null) {
            throw new IllegalArgumentException("Invalid TSIG key string");
        }
        try {
            this.a = Name.fromString(str, Name.root);
            this.b = name;
            a();
        } catch (TextParseException unused) {
            throw new IllegalArgumentException("Invalid TSIG key name");
        }
    }

    public TSIG(Name name, Name name2, byte[] bArr) {
        this.a = name2;
        this.b = name;
        this.e = bArr;
        a();
    }

    public TSIG(Name name, byte[] bArr) {
        this(HMAC_MD5, name, bArr);
    }

    static String a(TSIG tsig) {
        return tsig.c;
    }

    private void a() {
        if (this.b.equals(HMAC_MD5)) {
            this.c = "md5";
            this.d = 64;
            return;
        }
        if (this.b.equals(HMAC_SHA1)) {
            this.c = "sha-1";
            this.d = 64;
            return;
        }
        if (this.b.equals(HMAC_SHA224)) {
            this.c = "sha-224";
            this.d = 64;
            return;
        }
        if (this.b.equals(HMAC_SHA256)) {
            this.c = "sha-256";
            this.d = 64;
        } else if (this.b.equals(HMAC_SHA512)) {
            this.c = "sha-512";
            this.d = 128;
        } else {
            if (!this.b.equals(HMAC_SHA384)) {
                throw new IllegalArgumentException("Invalid algorithm");
            }
            this.c = "sha-384";
            this.d = 128;
        }
    }

    static int b(TSIG tsig) {
        return tsig.d;
    }

    static byte[] c(TSIG tsig) {
        return tsig.e;
    }

    static Name d(TSIG tsig) {
        return tsig.a;
    }

    static Name e(TSIG tsig) {
        return tsig.b;
    }

    public static TSIG fromString(String str) {
        String[] split = str.split("[:/]", 3);
        if (split.length < 2) {
            throw new IllegalArgumentException("Invalid TSIG key specification");
        }
        if (split.length == 3) {
            try {
                return new TSIG(split[0], split[1], split[2]);
            } catch (IllegalArgumentException unused) {
                split = str.split("[:/]", 2);
            }
        }
        return new TSIG(HMAC_MD5, split[0], split[1]);
    }

    public void apply(Message message, int i, TSIGRecord tSIGRecord) {
        message.addRecord(generate(message, message.toWire(), i, tSIGRecord), 3);
        message.b = 3;
    }

    public void apply(Message message, TSIGRecord tSIGRecord) {
        apply(message, 0, tSIGRecord);
    }

    public void applyStream(Message message, TSIGRecord tSIGRecord, boolean z) {
        if (z) {
            apply(message, tSIGRecord);
            return;
        }
        Date date = new Date();
        HMAC hmac = new HMAC(this.c, this.d, this.e);
        int intValue = Options.intValue("tsigfudge");
        int i = (intValue < 0 || intValue > 32767) ? 300 : intValue;
        DNSOutput dNSOutput = new DNSOutput();
        dNSOutput.writeU16(tSIGRecord.getSignature().length);
        hmac.update(dNSOutput.toByteArray());
        hmac.update(tSIGRecord.getSignature());
        hmac.update(message.toWire());
        DNSOutput dNSOutput2 = new DNSOutput();
        long time = date.getTime() / 1000;
        dNSOutput2.writeU16((int) (time >> 32));
        dNSOutput2.writeU32(time & 4294967295L);
        dNSOutput2.writeU16(i);
        hmac.update(dNSOutput2.toByteArray());
        message.addRecord(new TSIGRecord(this.a, 255, 0L, this.b, date, i, hmac.sign(), message.getHeader().getID(), 0, null), 3);
        message.b = 3;
    }

    public TSIGRecord generate(Message message, byte[] bArr, int i, TSIGRecord tSIGRecord) {
        byte[] bArr2;
        Date date = i != 18 ? new Date() : tSIGRecord.getTimeSigned();
        HMAC hmac = (i == 0 || i == 18) ? new HMAC(this.c, this.d, this.e) : null;
        int intValue = Options.intValue("tsigfudge");
        int i2 = (intValue < 0 || intValue > 32767) ? 300 : intValue;
        if (tSIGRecord != null) {
            DNSOutput dNSOutput = new DNSOutput();
            dNSOutput.writeU16(tSIGRecord.getSignature().length);
            if (hmac != null) {
                hmac.update(dNSOutput.toByteArray());
                hmac.update(tSIGRecord.getSignature());
            }
        }
        if (hmac != null) {
            hmac.update(bArr);
        }
        DNSOutput dNSOutput2 = new DNSOutput();
        this.a.toWireCanonical(dNSOutput2);
        dNSOutput2.writeU16(255);
        dNSOutput2.writeU32(0L);
        this.b.toWireCanonical(dNSOutput2);
        long time = date.getTime() / 1000;
        dNSOutput2.writeU16((int) (time >> 32));
        dNSOutput2.writeU32(time & 4294967295L);
        dNSOutput2.writeU16(i2);
        dNSOutput2.writeU16(i);
        dNSOutput2.writeU16(0);
        if (hmac != null) {
            hmac.update(dNSOutput2.toByteArray());
        }
        byte[] sign = hmac != null ? hmac.sign() : new byte[0];
        if (i == 18) {
            DNSOutput dNSOutput3 = new DNSOutput();
            long time2 = new Date().getTime() / 1000;
            dNSOutput3.writeU16((int) (time2 >> 32));
            dNSOutput3.writeU32(time2 & 4294967295L);
            bArr2 = dNSOutput3.toByteArray();
        } else {
            bArr2 = null;
        }
        return new TSIGRecord(this.a, 255, 0L, this.b, date, i2, sign, message.getHeader().getID(), i, bArr2);
    }

    public int recordLength() {
        return this.a.length() + 10 + this.b.length() + 8 + 18 + 4 + 8;
    }

    public byte verify(Message message, byte[] bArr, int i, TSIGRecord tSIGRecord) {
        message.b = 4;
        TSIGRecord tsig = message.getTSIG();
        HMAC hmac = new HMAC(this.c, this.d, this.e);
        if (tsig == null) {
            return (byte) 1;
        }
        if (!tsig.getName().equals(this.a) || !tsig.getAlgorithm().equals(this.b)) {
            if (Options.check("verbose")) {
                System.err.println("BADKEY failure");
            }
            return (byte) 17;
        }
        if (Math.abs(System.currentTimeMillis() - tsig.getTimeSigned().getTime()) > tsig.getFudge() * 1000) {
            if (!Options.check("verbose")) {
                return (byte) 18;
            }
            System.err.println("BADTIME failure");
            return (byte) 18;
        }
        if (tSIGRecord != null && tsig.getError() != 17 && tsig.getError() != 16) {
            DNSOutput dNSOutput = new DNSOutput();
            dNSOutput.writeU16(tSIGRecord.getSignature().length);
            hmac.update(dNSOutput.toByteArray());
            hmac.update(tSIGRecord.getSignature());
        }
        message.getHeader().b(3);
        byte[] wire = message.getHeader().toWire();
        message.getHeader().a(3);
        hmac.update(wire);
        hmac.update(bArr, wire.length, message.a - wire.length);
        DNSOutput dNSOutput2 = new DNSOutput();
        tsig.getName().toWireCanonical(dNSOutput2);
        dNSOutput2.writeU16(tsig.dclass);
        dNSOutput2.writeU32(tsig.ttl);
        tsig.getAlgorithm().toWireCanonical(dNSOutput2);
        long time = tsig.getTimeSigned().getTime() / 1000;
        dNSOutput2.writeU16((int) (time >> 32));
        dNSOutput2.writeU32(time & 4294967295L);
        dNSOutput2.writeU16(tsig.getFudge());
        dNSOutput2.writeU16(tsig.getError());
        if (tsig.getOther() != null) {
            dNSOutput2.writeU16(tsig.getOther().length);
            dNSOutput2.writeByteArray(tsig.getOther());
        } else {
            dNSOutput2.writeU16(0);
        }
        hmac.update(dNSOutput2.toByteArray());
        byte[] signature = tsig.getSignature();
        int digestLength = hmac.digestLength();
        int i2 = this.c.equals("md5") ? 10 : digestLength / 2;
        if (signature.length > digestLength) {
            if (Options.check("verbose")) {
                System.err.println("BADSIG: signature too long");
            }
            return ap.n;
        }
        if (signature.length < i2) {
            if (Options.check("verbose")) {
                System.err.println("BADSIG: signature too short");
            }
            return ap.n;
        }
        if (hmac.verify(signature, true)) {
            message.b = 1;
            return (byte) 0;
        }
        if (Options.check("verbose")) {
            System.err.println("BADSIG: signature verification");
        }
        return ap.n;
    }

    public int verify(Message message, byte[] bArr, TSIGRecord tSIGRecord) {
        return verify(message, bArr, bArr.length, tSIGRecord);
    }
}
