package ub;

import de.measite.minidns.AbstractDNSClient;
import de.measite.minidns.DNSMessage;
import de.measite.minidns.DNSName;
import de.measite.minidns.Record;
import de.measite.minidns.dnssec.DNSSECValidationFailedException;
import de.measite.minidns.iterative.ReliableDNSClient;
import de.measite.minidns.record.k;
import java.io.IOException;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import ub.e;

/* compiled from: DNSSECClient.java */
/* loaded from: classes3.dex */
public class a extends ReliableDNSClient {

    /* renamed from: o, reason: collision with root package name */
    private static final BigInteger f47045o = new BigInteger("03010001a80020a95566ba42e886bb804cda84e47ef56dbd7aec612615552cec906d2116d0ef207028c51554144dfeafe7c7cb8f005dd18234133ac0710a81182ce1fd14ad2283bc83435f9df2f6313251931a176df0da51e54f42e604860dfb359580250f559cc543c4ffd51cbe3de8cfd06719237f9fc47ee729da06835fa452e825e9a18ebc2ecbcf563474652c33cf56a9033bcdf5d973121797ec8089041b6e03a1b72d0a735b984e03687309332324f27c2dba85e9db15e83a0143382e974b0621c18e625ecec907577d9e7bade95241a81ebbe8a901d4d3276e40b114c0a2e6fc38d19c2e6aab02644b2813f575fc21601e0dee49cd9ee96a43103e524d62873d", 16);

    /* renamed from: p, reason: collision with root package name */
    private static final DNSName f47046p = DNSName.from("dlv.isc.org");

    /* renamed from: k, reason: collision with root package name */
    private f f47047k;

    /* renamed from: l, reason: collision with root package name */
    private final Map<DNSName, byte[]> f47048l;

    /* renamed from: m, reason: collision with root package name */
    private boolean f47049m;

    /* renamed from: n, reason: collision with root package name */
    private DNSName f47050n;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: DNSSECClient.java */
    /* renamed from: ub.a$a, reason: collision with other inner class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class C0320a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f47051a;

        static {
            int[] iArr = new int[Record.TYPE.values().length];
            f47051a = iArr;
            try {
                iArr[Record.TYPE.NSEC.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f47051a[Record.TYPE.NSEC3.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: DNSSECClient.java */
    /* loaded from: classes3.dex */
    public class b {

        /* renamed from: a, reason: collision with root package name */
        boolean f47052a;

        /* renamed from: b, reason: collision with root package name */
        boolean f47053b;

        /* renamed from: c, reason: collision with root package name */
        Set<e> f47054c;

        private b() {
            this.f47052a = false;
            this.f47053b = false;
            this.f47054c = new HashSet();
        }

        /* synthetic */ b(a aVar, C0320a c0320a) {
            this();
        }
    }

    public a() {
        this(AbstractDNSClient.f34783e);
    }

    public a(rb.a aVar) {
        super(aVar);
        this.f47047k = new f();
        this.f47048l = new ConcurrentHashMap();
        this.f47049m = true;
        addSecureEntryPoint(DNSName.EMPTY, f47045o.toByteArray());
    }

    private ub.b h(DNSMessage dNSMessage, Set<e> set) {
        List<Record<? extends de.measite.minidns.record.d>> list = dNSMessage.f34804l;
        List<Record<? extends de.measite.minidns.record.d>> list2 = dNSMessage.f34805m;
        List<Record<? extends de.measite.minidns.record.d>> list3 = dNSMessage.f34806n;
        HashSet hashSet = new HashSet();
        Record.filter(hashSet, k.class, list);
        Record.filter(hashSet, k.class, list2);
        Record.filter(hashSet, k.class, list3);
        DNSMessage.b asBuilder = dNSMessage.asBuilder();
        if (this.f47049m) {
            asBuilder.setAnswers(k(list));
            asBuilder.setNameserverRecords(k(list2));
            asBuilder.setAdditionalResourceRecords(k(list3));
        }
        return new ub.b(asBuilder, hashSet, set);
    }

    private static boolean i(String str, String str2) {
        if (str.equals(str2) || str2.isEmpty()) {
            return true;
        }
        String[] split = str.split("\\.");
        String[] split2 = str2.split("\\.");
        if (split2.length > split.length) {
            return false;
        }
        for (int i10 = 1; i10 <= split2.length; i10++) {
            if (!split2[split2.length - i10].equals(split[split.length - i10])) {
                return false;
            }
        }
        return true;
    }

    private ub.b j(de.measite.minidns.b bVar, DNSMessage dNSMessage) throws IOException {
        if (dNSMessage == null) {
            return null;
        }
        if (dNSMessage.f34801i) {
            dNSMessage = dNSMessage.asBuilder().setAuthenticData(false).build();
        }
        return h(dNSMessage, l(dNSMessage));
    }

    private static List<Record<? extends de.measite.minidns.record.d>> k(List<Record<? extends de.measite.minidns.record.d>> list) {
        if (list.isEmpty()) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (Record<? extends de.measite.minidns.record.d> record : list) {
            if (record.f34870b != Record.TYPE.RRSIG) {
                arrayList.add(record);
            }
        }
        return arrayList;
    }

    private Set<e> l(DNSMessage dNSMessage) throws IOException {
        return !dNSMessage.f34804l.isEmpty() ? m(dNSMessage) : n(dNSMessage);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set<e> m(DNSMessage dNSMessage) throws IOException {
        boolean z10 = false;
        de.measite.minidns.b bVar = dNSMessage.f34803k.get(0);
        List<Record<? extends de.measite.minidns.record.d>> list = dNSMessage.f34804l;
        List<Record<? extends de.measite.minidns.record.d>> copyAnswers = dNSMessage.copyAnswers();
        b p10 = p(bVar, list, copyAnswers);
        Set<e> set = p10.f47054c;
        if (!set.isEmpty()) {
            return set;
        }
        HashSet hashSet = new HashSet();
        Iterator<Record<? extends de.measite.minidns.record.d>> it = copyAnswers.iterator();
        while (it.hasNext()) {
            Record<E> ifPossibleAs = it.next().ifPossibleAs(de.measite.minidns.record.b.class);
            if (ifPossibleAs != 0) {
                Set<e> o10 = o(bVar, ifPossibleAs);
                if (o10.isEmpty()) {
                    z10 = true;
                } else {
                    hashSet.addAll(o10);
                }
                if (!p10.f47053b) {
                    AbstractDNSClient.f34784f.finer("SEP key is not self-signed.");
                }
                it.remove();
            }
        }
        if (p10.f47053b && !z10) {
            set.addAll(hashSet);
        }
        if (p10.f47052a && !p10.f47053b) {
            set.add(new e.g(bVar.f34897a.ace));
        }
        if (!copyAnswers.isEmpty()) {
            if (copyAnswers.size() != list.size()) {
                throw new DNSSECValidationFailedException(bVar, "Only some records are signed!");
            }
            set.add(new e.h(bVar));
        }
        return set;
    }

    private Set<e> n(DNSMessage dNSMessage) throws IOException {
        e verifyNsec;
        HashSet hashSet = new HashSet();
        boolean z10 = false;
        de.measite.minidns.b bVar = dNSMessage.f34803k.get(0);
        List<Record<? extends de.measite.minidns.record.d>> list = dNSMessage.f34805m;
        DNSName dNSName = null;
        for (Record<? extends de.measite.minidns.record.d> record : list) {
            if (record.f34870b == Record.TYPE.SOA) {
                dNSName = record.f34869a;
            }
        }
        if (dNSName == null) {
            throw new DNSSECValidationFailedException(bVar, "NSECs must always match to a SOA");
        }
        boolean z11 = false;
        for (Record<? extends de.measite.minidns.record.d> record2 : list) {
            int i10 = C0320a.f47051a[record2.f34870b.ordinal()];
            if (i10 == 1) {
                verifyNsec = this.f47047k.verifyNsec(record2, bVar);
            } else if (i10 == 2) {
                verifyNsec = this.f47047k.verifyNsec3(dNSName, record2, bVar);
            }
            if (verifyNsec != null) {
                hashSet.add(verifyNsec);
            } else {
                z11 = true;
            }
            z10 = true;
        }
        if (z10 && !z11) {
            throw new DNSSECValidationFailedException(bVar, "Invalid NSEC!");
        }
        List<Record<? extends de.measite.minidns.record.d>> copyAuthority = dNSMessage.copyAuthority();
        b p10 = p(bVar, list, copyAuthority);
        if (z11 && p10.f47054c.isEmpty()) {
            hashSet.clear();
        } else {
            hashSet.addAll(p10.f47054c);
        }
        if (copyAuthority.isEmpty() || copyAuthority.size() == list.size()) {
            return hashSet;
        }
        throw new DNSSECValidationFailedException(bVar, "Only some nameserver records are signed!");
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set<e> o(de.measite.minidns.b bVar, Record<de.measite.minidns.record.b> record) throws IOException {
        DNSName dNSName;
        ub.b queryDnssec;
        de.measite.minidns.record.b bVar2 = record.f34874f;
        HashSet hashSet = new HashSet();
        Set<e> hashSet2 = new HashSet<>();
        if (this.f47048l.containsKey(record.f34869a)) {
            if (bVar2.keyEquals(this.f47048l.get(record.f34869a))) {
                return hashSet;
            }
            hashSet.add(new e.c(record));
            return hashSet;
        }
        if (record.f34869a.isRootLabel()) {
            hashSet.add(new e.f());
            return hashSet;
        }
        de.measite.minidns.record.c cVar = null;
        ub.b queryDnssec2 = queryDnssec(record.f34869a, Record.TYPE.DS);
        if (queryDnssec2 == null) {
            AbstractDNSClient.f34784f.fine("There is no DS record for " + ((Object) record.f34869a) + ", server gives no result");
        } else {
            hashSet.addAll(queryDnssec2.getUnverifiedReasons());
            Iterator<Record<? extends de.measite.minidns.record.d>> it = queryDnssec2.f34804l.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Record<E> ifPossibleAs = it.next().ifPossibleAs(de.measite.minidns.record.c.class);
                if (ifPossibleAs != 0) {
                    de.measite.minidns.record.c cVar2 = (de.measite.minidns.record.c) ifPossibleAs.f34874f;
                    if (bVar2.getKeyTag() == cVar2.f34951c) {
                        hashSet2 = queryDnssec2.getUnverifiedReasons();
                        cVar = cVar2;
                        break;
                    }
                }
            }
            if (cVar == null) {
                AbstractDNSClient.f34784f.fine("There is no DS record for " + ((Object) record.f34869a) + ", server gives empty result");
            }
        }
        if (cVar == null && (dNSName = this.f47050n) != null && !dNSName.isChildOf(record.f34869a) && (queryDnssec = queryDnssec(DNSName.from(record.f34869a, this.f47050n), Record.TYPE.DLV)) != null) {
            hashSet.addAll(queryDnssec.getUnverifiedReasons());
            Iterator<Record<? extends de.measite.minidns.record.d>> it2 = queryDnssec.f34804l.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Record<E> ifPossibleAs2 = it2.next().ifPossibleAs(ac.c.class);
                if (ifPossibleAs2 != 0 && record.f34874f.getKeyTag() == ((ac.c) ifPossibleAs2.f34874f).f34951c) {
                    AbstractDNSClient.f34784f.fine("Found DLV for " + ((Object) record.f34869a) + ", awesome.");
                    cVar = (de.measite.minidns.record.c) ifPossibleAs2.f34874f;
                    hashSet2 = queryDnssec.getUnverifiedReasons();
                    break;
                }
            }
        }
        if (cVar == null) {
            if (!hashSet.isEmpty()) {
                return hashSet;
            }
            hashSet.add(new e.i(record.f34869a.ace));
            return hashSet;
        }
        e verify = this.f47047k.verify(record, cVar);
        if (verify == null) {
            return hashSet2;
        }
        hashSet.add(verify);
        return hashSet;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private b p(de.measite.minidns.b bVar, Collection<Record<? extends de.measite.minidns.record.d>> collection, List<Record<? extends de.measite.minidns.record.d>> list) throws IOException {
        Date date = new Date();
        LinkedList linkedList = new LinkedList();
        b bVar2 = new b(this, null);
        ArrayList<Record> arrayList = new ArrayList(list.size());
        Iterator<Record<? extends de.measite.minidns.record.d>> it = list.iterator();
        while (it.hasNext()) {
            Record<E> ifPossibleAs = it.next().ifPossibleAs(k.class);
            if (ifPossibleAs != 0) {
                k kVar = (k) ifPossibleAs.f34874f;
                if (kVar.f34981h.compareTo(date) < 0 || kVar.f34982i.compareTo(date) > 0) {
                    linkedList.add(kVar);
                } else {
                    arrayList.add(ifPossibleAs);
                }
            }
        }
        if (arrayList.isEmpty()) {
            if (linkedList.isEmpty()) {
                bVar2.f47054c.add(new e.h(bVar));
            } else {
                bVar2.f47054c.add(new e.C0321e(bVar, linkedList));
            }
            return bVar2;
        }
        for (Record record : arrayList) {
            k kVar2 = (k) record.f34874f;
            ArrayList arrayList2 = new ArrayList(collection.size());
            for (Record<? extends de.measite.minidns.record.d> record2 : collection) {
                if (record2.f34870b == kVar2.f34976c && record2.f34869a.equals(record.f34869a)) {
                    arrayList2.add(record2);
                }
            }
            bVar2.f47054c.addAll(q(bVar, kVar2, arrayList2));
            if (bVar.f34897a.equals(kVar2.f34984k) && kVar2.f34976c == Record.TYPE.DNSKEY) {
                Iterator<Record<? extends de.measite.minidns.record.d>> it2 = arrayList2.iterator();
                while (it2.hasNext()) {
                    de.measite.minidns.record.b bVar3 = (de.measite.minidns.record.b) it2.next().ifPossibleAs(de.measite.minidns.record.b.class).f34874f;
                    it2.remove();
                    if (bVar3.getKeyTag() == kVar2.f34983j) {
                        bVar2.f47053b = true;
                    }
                }
                bVar2.f47052a = true;
            }
            if (i(record.f34869a.ace, kVar2.f34984k.ace)) {
                list.removeAll(arrayList2);
            } else {
                AbstractDNSClient.f34784f.finer("Records at " + ((Object) record.f34869a) + " are cross-signed with a key from " + ((Object) kVar2.f34984k));
            }
            list.remove(record);
        }
        return bVar2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set<e> q(de.measite.minidns.b bVar, k kVar, List<Record<? extends de.measite.minidns.record.d>> list) throws IOException {
        HashSet hashSet = new HashSet();
        Record.TYPE type = kVar.f34976c;
        Record.TYPE type2 = Record.TYPE.DNSKEY;
        de.measite.minidns.record.b bVar2 = null;
        if (type == type2) {
            Iterator<Record<? extends de.measite.minidns.record.d>> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Record<E> ifPossibleAs = it.next().ifPossibleAs(de.measite.minidns.record.b.class);
                if (ifPossibleAs != 0 && ((de.measite.minidns.record.b) ifPossibleAs.f34874f).getKeyTag() == kVar.f34983j) {
                    bVar2 = (de.measite.minidns.record.b) ifPossibleAs.f34874f;
                    break;
                }
            }
        } else {
            if (bVar.f34898b == Record.TYPE.DS && kVar.f34984k.equals(bVar.f34897a)) {
                hashSet.add(new e.i(bVar.f34897a.ace));
                return hashSet;
            }
            ub.b queryDnssec = queryDnssec(kVar.f34984k, type2);
            if (queryDnssec == null) {
                throw new DNSSECValidationFailedException(bVar, "There is no DNSKEY " + ((Object) kVar.f34984k) + ", but it is used");
            }
            hashSet.addAll(queryDnssec.getUnverifiedReasons());
            Iterator<Record<? extends de.measite.minidns.record.d>> it2 = queryDnssec.f34804l.iterator();
            while (it2.hasNext()) {
                Record<E> ifPossibleAs2 = it2.next().ifPossibleAs(de.measite.minidns.record.b.class);
                if (ifPossibleAs2 != 0 && ((de.measite.minidns.record.b) ifPossibleAs2.f34874f).getKeyTag() == kVar.f34983j) {
                    bVar2 = (de.measite.minidns.record.b) ifPossibleAs2.f34874f;
                }
            }
        }
        if (bVar2 != null) {
            e verify = this.f47047k.verify(list, kVar, bVar2);
            if (verify != null) {
                hashSet.add(verify);
            }
            return hashSet;
        }
        throw new DNSSECValidationFailedException(bVar, list.size() + " " + kVar.f34976c + " record(s) are signed using an unknown key.");
    }

    public void addSecureEntryPoint(DNSName dNSName, byte[] bArr) {
        this.f47048l.put(dNSName, bArr);
    }

    public void clearSecureEntryPoints() {
        this.f47048l.clear();
    }

    public void configureLookasideValidation(DNSName dNSName) {
        this.f47050n = dNSName;
    }

    public void disableLookasideValidation() {
        configureLookasideValidation(null);
    }

    @Override // de.measite.minidns.iterative.ReliableDNSClient, de.measite.minidns.AbstractDNSClient
    protected boolean e(de.measite.minidns.b bVar, DNSMessage dNSMessage) {
        return super.e(bVar, dNSMessage);
    }

    public void enableLookasideValidation() {
        configureLookasideValidation(f47046p);
    }

    @Override // de.measite.minidns.iterative.ReliableDNSClient, de.measite.minidns.AbstractDNSClient
    protected DNSMessage.b f(DNSMessage.b bVar) {
        bVar.getEdnsBuilder().setUdpPayloadSize(this.f34789d.getUdpPayloadSize()).setDnssecOk();
        bVar.setCheckingDisabled(true);
        return super.f(bVar);
    }

    @Override // de.measite.minidns.iterative.ReliableDNSClient
    protected String g(DNSMessage dNSMessage) {
        return !dNSMessage.isDnssecOk() ? "DNSSEC OK (DO) flag not set in response" : !dNSMessage.f34802j ? "CHECKING DISABLED (CD) flag not set in response" : super.g(dNSMessage);
    }

    public boolean isStripSignatureRecords() {
        return this.f47049m;
    }

    @Override // de.measite.minidns.AbstractDNSClient
    public DNSMessage query(de.measite.minidns.b bVar) throws IOException {
        return queryDnssec(bVar);
    }

    public ub.b queryDnssec(de.measite.minidns.b bVar) throws IOException {
        return j(bVar, super.query(bVar));
    }

    public ub.b queryDnssec(CharSequence charSequence, Record.TYPE type) throws IOException {
        de.measite.minidns.b bVar = new de.measite.minidns.b(charSequence, type, Record.CLASS.IN);
        return j(bVar, super.query(bVar));
    }

    public void removeSecureEntryPoint(DNSName dNSName) {
        this.f47048l.remove(dNSName);
    }

    public void setStripSignatureRecords(boolean z10) {
        this.f47049m = z10;
    }
}
