package org.xbill.DNS;

import java.util.Date;
import org.jivesoftware.smackx.EntityCapsManager;
import org.xbill.DNS.utils.HMAC;
import org.xbill.DNS.utils.base64;

/* loaded from: classes.dex */
public class TSIG {
    private static final String Gf = "HMAC-MD5.SIG-ALG.REG.INT.";
    private static final String Gg = "hmac-sha1.";
    private static final String Gh = "hmac-sha256.";
    public static final Name Gi;
    public static final Name Gj;
    public static final Name Gk;
    public static final Name Gl;
    public static final short Gm = 300;
    private Name FW;
    private String ij;
    private byte[] key;
    private Name zD;

    /* loaded from: classes.dex */
    public class StreamVerifier {
        private TSIG Gn;
        private HMAC Go;
        private int Gp = 0;
        private int Gq;
        private TSIGRecord Gr;

        public StreamVerifier(TSIG tsig, TSIGRecord tSIGRecord) {
            this.Gn = tsig;
            this.Go = new HMAC(this.Gn.ij, this.Gn.key);
            this.Gr = tSIGRecord;
        }

        public int a(Message message, byte[] bArr) {
            TSIGRecord kv = message.kv();
            this.Gp++;
            if (this.Gp == 1) {
                int a2 = this.Gn.a(message, bArr, this.Gr);
                if (a2 == 0) {
                    byte[] signature = kv.getSignature();
                    DNSOutput dNSOutput = new DNSOutput();
                    dNSOutput.R(signature.length);
                    this.Go.update(dNSOutput.toByteArray());
                    this.Go.update(signature);
                }
                this.Gr = kv;
                return a2;
            }
            if (kv != null) {
                message.kt().ah(3);
            }
            byte[] jM = message.kt().jM();
            if (kv != null) {
                message.kt().ag(3);
            }
            this.Go.update(jM);
            this.Go.update(bArr, jM.length, kv == null ? bArr.length - jM.length : message.Ds - jM.length);
            if (kv == null) {
                if (this.Gp - this.Gq >= 100) {
                    message.Dt = 4;
                    return 1;
                }
                message.Dt = 2;
                return 0;
            }
            this.Gq = this.Gp;
            this.Gr = kv;
            if (!kv.lc().equals(this.Gn.zD) || !kv.lX().equals(this.Gn.FW)) {
                if (Options.cQ("verbose")) {
                    System.err.println("BADKEY failure");
                }
                message.Dt = 4;
                return 17;
            }
            DNSOutput dNSOutput2 = new DNSOutput();
            long time = kv.kV().getTime() / 1000;
            dNSOutput2.R((int) (time >> 32));
            dNSOutput2.e(time & 4294967295L);
            dNSOutput2.R(kv.me());
            this.Go.update(dNSOutput2.toByteArray());
            if (!this.Go.verify(kv.getSignature())) {
                if (Options.cQ("verbose")) {
                    System.err.println("BADSIG failure");
                }
                return 16;
            }
            this.Go.clear();
            DNSOutput dNSOutput3 = new DNSOutput();
            dNSOutput3.R(kv.getSignature().length);
            this.Go.update(dNSOutput3.toByteArray());
            this.Go.update(kv.getSignature());
            return 0;
        }
    }

    static {
        Name cN = Name.cN(Gf);
        Gi = cN;
        Gj = cN;
        Gk = Name.cN(Gg);
        Gl = Name.cN(Gh);
    }

    public TSIG(String str, String str2) {
        this(Gi, str, str2);
    }

    public TSIG(String str, String str2, String str3) {
        this(Gi, str2, str3);
        if (str.equalsIgnoreCase("hmac-md5")) {
            this.FW = Gi;
        } else if (str.equalsIgnoreCase("hmac-sha1")) {
            this.FW = Gk;
        } else {
            if (!str.equalsIgnoreCase("hmac-sha256")) {
                throw new IllegalArgumentException("Invalid TSIG algorithm");
            }
            this.FW = Gl;
        }
        mc();
    }

    public TSIG(Name name, String str, String str2) {
        this.key = base64.dd(str2);
        if (this.key == null) {
            throw new IllegalArgumentException("Invalid TSIG key string");
        }
        try {
            this.zD = Name.b(str, Name.Ef);
            this.FW = name;
            mc();
        } catch (TextParseException e) {
            throw new IllegalArgumentException("Invalid TSIG key name");
        }
    }

    public TSIG(Name name, Name name2, byte[] bArr) {
        this.zD = name2;
        this.FW = name;
        this.key = bArr;
        mc();
    }

    public TSIG(Name name, byte[] bArr) {
        this(Gi, name, bArr);
    }

    public static TSIG cX(String str) {
        String[] split = str.split("[:/]");
        if (split.length < 2 || split.length > 3) {
            throw new IllegalArgumentException("Invalid TSIG key specification");
        }
        return split.length == 3 ? new TSIG(split[0], split[1], split[2]) : new TSIG(Gi, split[0], split[1]);
    }

    private void mc() {
        if (this.FW.equals(Gi)) {
            this.ij = "md5";
        } else if (this.FW.equals(Gk)) {
            this.ij = EntityCapsManager.mG;
        } else {
            if (!this.FW.equals(Gl)) {
                throw new IllegalArgumentException("Invalid algorithm");
            }
            this.ij = "sha-256";
        }
    }

    public int a(Message message, byte[] bArr, TSIGRecord tSIGRecord) {
        return b(message, bArr, bArr.length, tSIGRecord);
    }

    public TSIGRecord a(Message message, byte[] bArr, int i, TSIGRecord tSIGRecord) {
        Date date = i != 18 ? new Date() : tSIGRecord.kV();
        HMAC hmac = (i == 0 || i == 18) ? new HMAC(this.ij, this.key) : null;
        int cS = Options.cS("tsigfudge");
        if (cS < 0 || cS > 32767) {
            cS = 300;
        }
        if (tSIGRecord != null) {
            DNSOutput dNSOutput = new DNSOutput();
            dNSOutput.R(tSIGRecord.getSignature().length);
            if (hmac != null) {
                hmac.update(dNSOutput.toByteArray());
                hmac.update(tSIGRecord.getSignature());
            }
        }
        if (hmac != null) {
            hmac.update(bArr);
        }
        DNSOutput dNSOutput2 = new DNSOutput();
        this.zD.b(dNSOutput2);
        dNSOutput2.R(255);
        dNSOutput2.e(0L);
        this.FW.b(dNSOutput2);
        long time = date.getTime() / 1000;
        dNSOutput2.R((int) (time >> 32));
        dNSOutput2.e(time & 4294967295L);
        dNSOutput2.R(cS);
        dNSOutput2.R(i);
        dNSOutput2.R(0);
        if (hmac != null) {
            hmac.update(dNSOutput2.toByteArray());
        }
        byte[] sign = hmac != null ? hmac.sign() : new byte[0];
        byte[] bArr2 = null;
        if (i == 18) {
            DNSOutput dNSOutput3 = new DNSOutput();
            long time2 = new Date().getTime() / 1000;
            dNSOutput3.R((int) (time2 >> 32));
            dNSOutput3.e(time2 & 4294967295L);
            bArr2 = dNSOutput3.toByteArray();
        }
        return new TSIGRecord(this.zD, 255, 0L, this.FW, date, cS, sign, message.kt().jO(), i, bArr2);
    }

    public void a(Message message, int i, TSIGRecord tSIGRecord) {
        message.a(a(message, message.jM(), i, tSIGRecord), 3);
        message.Dt = 3;
    }

    public void a(Message message, TSIGRecord tSIGRecord) {
        a(message, 0, tSIGRecord);
    }

    public void a(Message message, TSIGRecord tSIGRecord, boolean z) {
        if (z) {
            a(message, tSIGRecord);
            return;
        }
        Date date = new Date();
        HMAC hmac = new HMAC(this.ij, this.key);
        int cS = Options.cS("tsigfudge");
        if (cS < 0 || cS > 32767) {
            cS = 300;
        }
        DNSOutput dNSOutput = new DNSOutput();
        dNSOutput.R(tSIGRecord.getSignature().length);
        hmac.update(dNSOutput.toByteArray());
        hmac.update(tSIGRecord.getSignature());
        hmac.update(message.jM());
        DNSOutput dNSOutput2 = new DNSOutput();
        long time = date.getTime() / 1000;
        dNSOutput2.R((int) (time >> 32));
        dNSOutput2.e(time & 4294967295L);
        dNSOutput2.R(cS);
        hmac.update(dNSOutput2.toByteArray());
        message.a(new TSIGRecord(this.zD, 255, 0L, this.FW, date, cS, hmac.sign(), message.kt().jO(), 0, null), 3);
        message.Dt = 3;
    }

    public byte b(Message message, byte[] bArr, int i, TSIGRecord tSIGRecord) {
        message.Dt = 4;
        TSIGRecord kv = message.kv();
        HMAC hmac = new HMAC(this.ij, this.key);
        if (kv == null) {
            return (byte) 1;
        }
        if (!kv.lc().equals(this.zD) || !kv.lX().equals(this.FW)) {
            if (Options.cQ("verbose")) {
                System.err.println("BADKEY failure");
            }
            return (byte) 17;
        }
        if (Math.abs(System.currentTimeMillis() - kv.kV().getTime()) > 1000 * kv.me()) {
            if (Options.cQ("verbose")) {
                System.err.println("BADTIME failure");
            }
            return (byte) 18;
        }
        if (tSIGRecord != null && kv.ma() != 17 && kv.ma() != 16) {
            DNSOutput dNSOutput = new DNSOutput();
            dNSOutput.R(tSIGRecord.getSignature().length);
            hmac.update(dNSOutput.toByteArray());
            hmac.update(tSIGRecord.getSignature());
        }
        message.kt().ah(3);
        byte[] jM = message.kt().jM();
        message.kt().ag(3);
        hmac.update(jM);
        hmac.update(bArr, jM.length, message.Ds - jM.length);
        DNSOutput dNSOutput2 = new DNSOutput();
        kv.lc().b(dNSOutput2);
        dNSOutput2.R(kv.zy);
        dNSOutput2.e(kv.Bl);
        kv.lX().b(dNSOutput2);
        long time = kv.kV().getTime() / 1000;
        dNSOutput2.R((int) (time >> 32));
        dNSOutput2.e(time & 4294967295L);
        dNSOutput2.R(kv.me());
        dNSOutput2.R(kv.ma());
        if (kv.mb() != null) {
            dNSOutput2.R(kv.mb().length);
            dNSOutput2.writeByteArray(kv.mb());
        } else {
            dNSOutput2.R(0);
        }
        hmac.update(dNSOutput2.toByteArray());
        if (hmac.verify(kv.getSignature())) {
            message.Dt = 1;
            return (byte) 0;
        }
        if (Options.cQ("verbose")) {
            System.err.println("BADSIG failure");
        }
        return (byte) 16;
    }

    public int md() {
        return this.zD.kL() + 10 + this.FW.kL() + 8 + 18 + 4 + 8;
    }
}
