package org.xbill.DNS.security;

import com.facebook.internal.AnalyticsEvents;
import java.io.PrintStream;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.xbill.DNS.Cache;
import org.xbill.DNS.DNSKEYRecord;
import org.xbill.DNS.DNSSEC;
import org.xbill.DNS.Name;
import org.xbill.DNS.Options;
import org.xbill.DNS.RRSIGRecord;
import org.xbill.DNS.RRset;
import org.xbill.DNS.Record;
import org.xbill.DNS.Type;
import org.xbill.DNS.Verifier;

/* loaded from: classes.dex */
public class DNSSECVerifier implements Verifier {
    private Map trustedKeys = new HashMap();

    private PublicKey findCachedKey(Cache cache, Name name, int i, int i2) {
        RRset[] findAnyRecords = cache.findAnyRecords(name, 48);
        if (findAnyRecords == null) {
            return null;
        }
        return findMatchingKey(findAnyRecords[0].rrs(), i, i2);
    }

    private PublicKey findKey(Cache cache, Name name, int i, int i2) {
        PublicKey findTrustedKey = findTrustedKey(name, i, i2);
        return (findTrustedKey != null || cache == null) ? findTrustedKey : findCachedKey(cache, name, i, i2);
    }

    private PublicKey findMatchingKey(Iterator it, int i, int i2) {
        while (it.hasNext()) {
            DNSKEYRecord dNSKEYRecord = (DNSKEYRecord) it.next();
            if (dNSKEYRecord.getAlgorithm() == i && dNSKEYRecord.getFootprint() == i2) {
                return KEYConverter.parseRecord(dNSKEYRecord);
            }
        }
        return null;
    }

    private synchronized PublicKey findTrustedKey(Name name, int i, int i2) {
        List list = (List) this.trustedKeys.get(name);
        if (list == null) {
            return null;
        }
        return findMatchingKey(list.iterator(), i, i2);
    }

    private int verifySIG(RRset rRset, RRSIGRecord rRSIGRecord, Cache cache) {
        byte[] signature;
        String str;
        PublicKey findKey = findKey(cache, rRSIGRecord.getSigner(), rRSIGRecord.getAlgorithm(), rRSIGRecord.getFootprint());
        if (findKey == null) {
            return 0;
        }
        Date date = new Date();
        if (date.compareTo(rRSIGRecord.getExpire()) > 0 || date.compareTo(rRSIGRecord.getTimeSigned()) < 0) {
            System.err.println("Outside of validity period");
            return -1;
        }
        byte[] digestRRset = DNSSEC.digestRRset(rRSIGRecord, rRset);
        int algorithm = rRSIGRecord.getAlgorithm();
        if (algorithm == 1) {
            signature = rRSIGRecord.getSignature();
            str = "MD5withRSA";
        } else if (algorithm == 3) {
            signature = DSASignature.fromDNS(rRSIGRecord.getSignature());
            str = "SHA1withDSA";
        } else {
            if (algorithm != 5) {
                return -1;
            }
            signature = rRSIGRecord.getSignature();
            str = "SHA1withRSA";
        }
        try {
            Signature signature2 = Signature.getInstance(str);
            signature2.initVerify(findKey);
            signature2.update(digestRRset);
            return signature2.verify(signature) ? 1 : -1;
        } catch (GeneralSecurityException e) {
            if (Options.check("verboseexceptions")) {
                PrintStream printStream = System.err;
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("Signing data: ");
                stringBuffer.append(e);
                printStream.println(stringBuffer.toString());
            }
            return -1;
        }
    }

    public synchronized void addTrustedKey(DNSKEYRecord dNSKEYRecord) {
        Name name = dNSKEYRecord.getName();
        List list = (List) this.trustedKeys.get(name);
        if (list == null) {
            Map map = this.trustedKeys;
            LinkedList linkedList = new LinkedList();
            map.put(name, linkedList);
            list = linkedList;
        }
        list.add(dNSKEYRecord);
    }

    public void addTrustedKey(Name name, int i, PublicKey publicKey) {
        Record buildRecord = KEYConverter.buildRecord(name, 48, 1, 0L, 0, 3, i, publicKey);
        if (buildRecord != null) {
            addTrustedKey((DNSKEYRecord) buildRecord);
        }
    }

    @Override // org.xbill.DNS.Verifier
    public int verify(RRset rRset, Cache cache) {
        Iterator sigs = rRset.sigs();
        if (Options.check("verbosesec")) {
            PrintStream printStream = System.out;
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("Verifying ");
            stringBuffer.append(rRset.getName());
            stringBuffer.append("/");
            stringBuffer.append(Type.string(rRset.getType()));
            stringBuffer.append(": ");
            printStream.print(stringBuffer.toString());
        }
        if (!sigs.hasNext()) {
            if (!Options.check("verbosesec")) {
                return 0;
            }
            System.out.println("Insecure");
            return 0;
        }
        while (sigs.hasNext()) {
            if (verifySIG(rRset, (RRSIGRecord) sigs.next(), cache) == 1) {
                if (Options.check("verbosesec")) {
                    System.out.println("Secure");
                }
                return 1;
            }
        }
        if (!Options.check("verbosesec")) {
            return -1;
        }
        System.out.println(AnalyticsEvents.PARAMETER_DIALOG_OUTCOME_VALUE_FAILED);
        return -1;
    }
}
