package de.measite.minidns.dnssec;

import de.measite.minidns.DNSName;
import de.measite.minidns.Record;
import de.measite.minidns.dnssec.h;
import de.measite.minidns.record.NSEC3;
import de.measite.minidns.record.l;
import de.measite.minidns.record.p;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import kotlin.UByte;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class Verifier {
    private de.measite.minidns.dnssec.i.a a = de.measite.minidns.dnssec.i.a.f6446e;

    static byte[] a(p pVar, List<Record<? extends de.measite.minidns.record.g>> list) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        try {
            pVar.g(dataOutputStream);
            DNSName dNSName = list.get(0).name;
            if (!dNSName.isRootLabel()) {
                if (dNSName.getLabelCount() < pVar.f6503f) {
                    throw new d("Invalid RRsig record");
                }
                if (dNSName.getLabelCount() > pVar.f6503f) {
                    dNSName = DNSName.from("*." + ((Object) dNSName.stripToLabels(pVar.f6503f)));
                }
            }
            DNSName dNSName2 = dNSName;
            ArrayList arrayList = new ArrayList();
            for (Record<? extends de.measite.minidns.record.g> record : list) {
                arrayList.add(new Record(dNSName2, record.type, record.clazzValue, pVar.g, record.payloadData).toByteArray());
            }
            final int size = dNSName2.size() + 10;
            Collections.sort(arrayList, new Comparator<byte[]>() { // from class: de.measite.minidns.dnssec.Verifier.1
                @Override // java.util.Comparator
                public int compare(byte[] bArr, byte[] bArr2) {
                    int length;
                    int length2;
                    for (int i = size; i < bArr.length && i < bArr2.length; i++) {
                        if (bArr[i] != bArr2[i]) {
                            length = bArr[i] & UByte.MAX_VALUE;
                            length2 = bArr2[i] & UByte.MAX_VALUE;
                            break;
                        }
                    }
                    length = bArr.length;
                    length2 = bArr2.length;
                    return length - length2;
                }
            });
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                dataOutputStream.write((byte[]) it.next());
            }
            dataOutputStream.flush();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }

    static byte[] b(f fVar, byte[] bArr, byte[] bArr2, int i) {
        while (true) {
            int i2 = i - 1;
            if (i < 0) {
                return bArr2;
            }
            byte[] bArr3 = new byte[bArr2.length + bArr.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(bArr, 0, bArr3, bArr2.length, bArr.length);
            bArr2 = fVar.a(bArr3);
            i = i2;
        }
    }

    static boolean c(DNSName dNSName, DNSName dNSName2, DNSName dNSName3) {
        int labelCount = dNSName2.getLabelCount();
        int labelCount2 = dNSName3.getLabelCount();
        int labelCount3 = dNSName.getLabelCount();
        if (labelCount3 > labelCount && !dNSName.isChildOf(dNSName2) && dNSName.stripToLabels(labelCount).compareTo(dNSName2) < 0) {
            return false;
        }
        if (labelCount3 <= labelCount && dNSName.compareTo(dNSName2.stripToLabels(labelCount3)) < 0) {
            return false;
        }
        if (labelCount3 <= labelCount2 || dNSName.isChildOf(dNSName3) || dNSName.stripToLabels(labelCount2).compareTo(dNSName3) <= 0) {
            return labelCount3 > labelCount2 || dNSName.compareTo(dNSName3.stripToLabels(labelCount3)) < 0;
        }
        return false;
    }

    static boolean d(String str, String str2, String str3) {
        return c(DNSName.from(str), DNSName.from(str2), DNSName.from(str3));
    }

    public h e(Record<de.measite.minidns.record.e> record, de.measite.minidns.record.f fVar) {
        de.measite.minidns.record.e eVar = record.payloadData;
        f a = this.a.a(fVar.f6485f);
        if (a == null) {
            return new h.b(fVar.g, "DS", record);
        }
        byte[] d2 = eVar.d();
        byte[] bytes = record.name.getBytes();
        byte[] bArr = new byte[bytes.length + d2.length];
        System.arraycopy(bytes, 0, bArr, 0, bytes.length);
        System.arraycopy(d2, 0, bArr, bytes.length, d2.length);
        try {
            if (fVar.f(a.a(bArr))) {
                return null;
            }
            throw new d(record, "SEP is not properly signed by parent DS!");
        } catch (Exception e2) {
            return new h.a(fVar.f6485f, "DS", record, e2);
        }
    }

    public h f(List<Record<? extends de.measite.minidns.record.g>> list, p pVar, de.measite.minidns.record.e eVar) {
        g c2 = this.a.c(pVar.f6501d);
        if (c2 == null) {
            return new h.b(pVar.f6502e, "RRSIG", list.get(0));
        }
        if (c2.a(a(pVar, list), pVar.l, eVar.f())) {
            return null;
        }
        throw new d(list, "Signature is invalid.");
    }

    public h g(Record<? extends de.measite.minidns.record.g> record, de.measite.minidns.e eVar) {
        l lVar = (l) record.payloadData;
        if ((!record.name.equals(eVar.a) || Arrays.asList(lVar.f6496e).contains(eVar.b)) && !c(eVar.a, record.name, lVar.f6494c)) {
            return new h.d(eVar, record);
        }
        return null;
    }

    public h h(DNSName dNSName, Record<? extends de.measite.minidns.record.g> record, de.measite.minidns.e eVar) {
        NSEC3 nsec3 = (NSEC3) record.payloadData;
        f b = this.a.b(nsec3.f6473c);
        if (b == null) {
            return new h.b(nsec3.f6474d, "NSEC3", record);
        }
        String a = de.measite.minidns.j.a.a(b(b, nsec3.g, eVar.a.getBytes(), nsec3.f6476f));
        if (!record.name.equals(DNSName.from(a + "." + ((Object) dNSName)))) {
            if (d(a, record.name.getHostpart(), de.measite.minidns.j.a.a(nsec3.h))) {
                return null;
            }
            return new h.d(eVar, record);
        }
        for (Record.TYPE type : nsec3.j) {
            if (type.equals(eVar.b)) {
                return new h.d(eVar, record);
            }
        }
        return null;
    }
}
