package org.minidns.dnssec;

import com.ehking.sdk.wepay.ui.activity.AddBankCardActivity;
import java.io.IOException;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.minidns.dnsmessage.DnsMessage;
import org.minidns.dnsname.DnsName;
import org.minidns.dnssec.e;
import org.minidns.iterative.ReliableDnsClient;
import org.minidns.record.Record;
import org.minidns.record.g;
import org.minidns.record.h;
import org.minidns.record.i;
import org.minidns.record.r;

/* compiled from: DnssecClient.java */
/* loaded from: classes3.dex */
public class b extends ReliableDnsClient {
    private static final BigInteger i = new BigInteger("1628686155461064465348252249725010996177649738666492500572664444461532807739744536029771810659241049343994038053541290419968870563183856865780916376571550372513476957870843322273120879361960335192976656756972171258658400305760429696147778001233984421619267530978084631948434496468785021389956803104620471232008587410372348519229650742022804219634190734272506220018657920136902014393834092648785514548876370028925405557661759399901378816916683122474038734912535425670533237815676134840739565610963796427401855723026687073600445461090736240030247906095053875491225879656640052743394090544036297390104110989318819106653199917493");
    private static final DnsName j = DnsName.from("dlv.isc.org");
    private f k;
    private final Map<DnsName, byte[]> l;
    private boolean m;
    private DnsName n;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: DnssecClient.java */
    /* loaded from: classes3.dex */
    public class a {
        boolean a;
        boolean b;
        Set<e> c;

        private a() {
            this.a = false;
            this.b = false;
            this.c = new HashSet();
        }
    }

    public b() {
        this(a);
    }

    public b(org.minidns.a aVar) {
        super(aVar);
        this.k = new f();
        this.l = new ConcurrentHashMap();
        this.m = true;
        a(DnsName.ROOT, i.toByteArray());
    }

    private static List<Record<? extends h>> a(List<Record<? extends h>> list) {
        if (list.isEmpty()) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (Record<? extends h> record : list) {
            if (record.b != Record.TYPE.RRSIG) {
                arrayList.add(record);
            }
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set<e> a(org.minidns.dnsmessage.a aVar, Record<org.minidns.record.f> record) throws IOException {
        c c;
        org.minidns.record.f fVar = record.f;
        HashSet hashSet = new HashSet();
        Set<e> hashSet2 = new HashSet<>();
        if (this.l.containsKey(record.a)) {
            if (fVar.a(this.l.get(record.a))) {
                return hashSet;
            }
            hashSet.add(new e.c(record));
            return hashSet;
        }
        if (record.a.isRootLabel()) {
            hashSet.add(new e.f());
            return hashSet;
        }
        i iVar = null;
        c c2 = c((CharSequence) record.a, Record.TYPE.DS);
        if (c2 == null) {
            b.fine("There is no DS record for " + ((Object) record.a) + ", server gives no result");
        } else {
            hashSet.addAll(c2.p());
            Iterator<Record<? extends h>> it2 = c2.l.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Record<E> a2 = it2.next().a(g.class);
                if (a2 != 0) {
                    g gVar = (g) a2.f;
                    if (fVar.b() == gVar.a) {
                        hashSet2 = c2.p();
                        iVar = gVar;
                        break;
                    }
                }
            }
            if (iVar == null) {
                b.fine("There is no DS record for " + ((Object) record.a) + ", server gives empty result");
            }
        }
        if (iVar == null && this.n != null && !this.n.isChildOf(record.a) && (c = c((CharSequence) DnsName.from(record.a, this.n), Record.TYPE.DLV)) != null) {
            hashSet.addAll(c.p());
            Iterator<Record<? extends h>> it3 = c.l.iterator();
            while (true) {
                if (!it3.hasNext()) {
                    break;
                }
                Record<E> a3 = it3.next().a(org.minidns.record.d.class);
                if (a3 != 0 && record.f.b() == ((org.minidns.record.d) a3.f).a) {
                    b.fine("Found DLV for " + ((Object) record.a) + ", awesome.");
                    iVar = (i) a3.f;
                    hashSet2 = c.p();
                    break;
                }
            }
        }
        if (iVar == null) {
            if (!hashSet.isEmpty()) {
                return hashSet;
            }
            hashSet.add(new e.i(record.a.ace));
            return hashSet;
        }
        e a4 = this.k.a(record, iVar);
        if (a4 == null) {
            return hashSet2;
        }
        hashSet.add(a4);
        return hashSet;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set<e> a(org.minidns.dnsmessage.a aVar, r rVar, List<Record<? extends h>> list) throws IOException {
        HashSet hashSet = new HashSet();
        org.minidns.record.f fVar = null;
        if (rVar.a == Record.TYPE.DNSKEY) {
            Iterator<Record<? extends h>> it2 = list.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Record<E> a2 = it2.next().a(org.minidns.record.f.class);
                if (a2 != 0 && ((org.minidns.record.f) a2.f).b() == rVar.h) {
                    fVar = (org.minidns.record.f) a2.f;
                    break;
                }
            }
        } else {
            if (aVar.b == Record.TYPE.DS && rVar.i.equals(aVar.a)) {
                hashSet.add(new e.i(aVar.a.ace));
                return hashSet;
            }
            c c = c((CharSequence) rVar.i, Record.TYPE.DNSKEY);
            if (c == null) {
                throw new DnssecValidationFailedException(aVar, "There is no DNSKEY " + ((Object) rVar.i) + ", but it is used");
            }
            hashSet.addAll(c.p());
            Iterator<Record<? extends h>> it3 = c.l.iterator();
            while (it3.hasNext()) {
                Record<E> a3 = it3.next().a(org.minidns.record.f.class);
                if (a3 != 0 && ((org.minidns.record.f) a3.f).b() == rVar.h) {
                    fVar = (org.minidns.record.f) a3.f;
                }
            }
        }
        if (fVar != null) {
            e a4 = this.k.a(list, rVar, fVar);
            if (a4 != null) {
                hashSet.add(a4);
            }
            return hashSet;
        }
        throw new DnssecValidationFailedException(aVar, list.size() + AddBankCardActivity.WHITE_SPACE + rVar.a + " record(s) are signed using an unknown key.");
    }

    /* JADX WARN: Multi-variable type inference failed */
    private a a(org.minidns.dnsmessage.a aVar, Collection<Record<? extends h>> collection, List<Record<? extends h>> list) throws IOException {
        Date date = new Date();
        LinkedList linkedList = new LinkedList();
        a aVar2 = new a();
        ArrayList<Record> arrayList = new ArrayList(list.size());
        Iterator<Record<? extends h>> it2 = list.iterator();
        while (it2.hasNext()) {
            Record<E> a2 = it2.next().a(r.class);
            if (a2 != 0) {
                r rVar = (r) a2.f;
                if (rVar.f.compareTo(date) < 0 || rVar.g.compareTo(date) > 0) {
                    linkedList.add(rVar);
                } else {
                    arrayList.add(a2);
                }
            }
        }
        if (arrayList.isEmpty()) {
            if (linkedList.isEmpty()) {
                aVar2.c.add(new e.h(aVar));
            } else {
                aVar2.c.add(new e.C0182e(aVar, linkedList));
            }
            return aVar2;
        }
        for (Record record : arrayList) {
            r rVar2 = (r) record.f;
            ArrayList arrayList2 = new ArrayList(collection.size());
            for (Record<? extends h> record2 : collection) {
                if (record2.b == rVar2.a && record2.a.equals(record.a)) {
                    arrayList2.add(record2);
                }
            }
            aVar2.c.addAll(a(aVar, rVar2, arrayList2));
            if (aVar.a.equals(rVar2.i) && rVar2.a == Record.TYPE.DNSKEY) {
                Iterator<Record<? extends h>> it3 = arrayList2.iterator();
                while (it3.hasNext()) {
                    org.minidns.record.f fVar = (org.minidns.record.f) it3.next().a(org.minidns.record.f.class).f;
                    it3.remove();
                    if (fVar.b() == rVar2.h) {
                        aVar2.b = true;
                    }
                }
                aVar2.a = true;
            }
            if (a(record.a.ace, rVar2.i.ace)) {
                list.removeAll(arrayList2);
            } else {
                b.finer("Records at " + ((Object) record.a) + " are cross-signed with a key from " + ((Object) rVar2.i));
            }
            list.remove(record);
        }
        return aVar2;
    }

    private c a(DnsMessage dnsMessage, Set<e> set) {
        List<Record<? extends h>> list = dnsMessage.l;
        List<Record<? extends h>> list2 = dnsMessage.m;
        List<Record<? extends h>> list3 = dnsMessage.n;
        HashSet hashSet = new HashSet();
        Record.a(hashSet, r.class, list);
        Record.a(hashSet, r.class, list2);
        Record.a(hashSet, r.class, list3);
        DnsMessage.a l = dnsMessage.l();
        if (this.m) {
            l.b((Collection<Record<? extends h>>) a(list));
            l.c(a(list2));
            l.d(a(list3));
        }
        return new c(l, hashSet, set);
    }

    private static boolean a(String str, String str2) {
        if (str.equals(str2) || str2.isEmpty()) {
            return true;
        }
        String[] split = str.split("\\.");
        String[] split2 = str2.split("\\.");
        if (split2.length > split.length) {
            return false;
        }
        for (int i2 = 1; i2 <= split2.length; i2++) {
            if (!split2[split2.length - i2].equals(split[split.length - i2])) {
                return false;
            }
        }
        return true;
    }

    private Set<e> b(DnsMessage dnsMessage) throws IOException {
        return !dnsMessage.l.isEmpty() ? c(dnsMessage) : d(dnsMessage);
    }

    private c b(org.minidns.dnsmessage.a aVar, DnsMessage dnsMessage) throws IOException {
        if (dnsMessage == null) {
            return null;
        }
        if (dnsMessage.i) {
            dnsMessage = dnsMessage.l().f(false).d();
        }
        return a(dnsMessage, b(dnsMessage));
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set<e> c(DnsMessage dnsMessage) throws IOException {
        boolean z = false;
        org.minidns.dnsmessage.a aVar = dnsMessage.k.get(0);
        List<Record<? extends h>> list = dnsMessage.l;
        List<Record<? extends h>> f = dnsMessage.f();
        a a2 = a(aVar, list, f);
        Set<e> set = a2.c;
        if (!set.isEmpty()) {
            return set;
        }
        HashSet hashSet = new HashSet();
        Iterator<Record<? extends h>> it2 = f.iterator();
        while (it2.hasNext()) {
            Record<E> a3 = it2.next().a(org.minidns.record.f.class);
            if (a3 != 0) {
                Set<e> a4 = a(aVar, (Record<org.minidns.record.f>) a3);
                if (a4.isEmpty()) {
                    z = true;
                } else {
                    hashSet.addAll(a4);
                }
                if (!a2.b) {
                    b.finer("SEP key is not self-signed.");
                }
                it2.remove();
            }
        }
        if (a2.b && !z) {
            set.addAll(hashSet);
        }
        if (a2.a && !a2.b) {
            set.add(new e.g(aVar.a.ace));
        }
        if (!f.isEmpty()) {
            if (f.size() != list.size()) {
                throw new DnssecValidationFailedException(aVar, "Only some records are signed!");
            }
            set.add(new e.h(aVar));
        }
        return set;
    }

    private Set<e> d(DnsMessage dnsMessage) throws IOException {
        e a2;
        HashSet hashSet = new HashSet();
        boolean z = false;
        org.minidns.dnsmessage.a aVar = dnsMessage.k.get(0);
        List<Record<? extends h>> list = dnsMessage.m;
        DnsName dnsName = null;
        for (Record<? extends h> record : list) {
            if (record.b == Record.TYPE.SOA) {
                dnsName = record.a;
            }
        }
        if (dnsName == null) {
            throw new DnssecValidationFailedException(aVar, "NSECs must always match to a SOA");
        }
        boolean z2 = false;
        for (Record<? extends h> record2 : list) {
            switch (record2.b) {
                case NSEC:
                    a2 = this.k.a(record2, aVar);
                    break;
                case NSEC3:
                    a2 = this.k.a(dnsName, record2, aVar);
                    break;
            }
            if (a2 != null) {
                hashSet.add(a2);
            } else {
                z2 = true;
            }
            z = true;
        }
        if (z && !z2) {
            throw new DnssecValidationFailedException(aVar, "Invalid NSEC!");
        }
        List<Record<? extends h>> g = dnsMessage.g();
        a a3 = a(aVar, list, g);
        if (z2 && a3.c.isEmpty()) {
            hashSet.clear();
        } else {
            hashSet.addAll(a3.c);
        }
        if (g.isEmpty() || g.size() == list.size()) {
            return hashSet;
        }
        throw new DnssecValidationFailedException(aVar, "Only some nameserver records are signed!");
    }

    @Override // org.minidns.iterative.ReliableDnsClient
    protected String a(DnsMessage dnsMessage) {
        return !dnsMessage.j() ? "DNSSEC OK (DO) flag not set in response" : !dnsMessage.j ? "CHECKING DISABLED (CD) flag not set in response" : super.a(dnsMessage);
    }

    @Override // org.minidns.AbstractDnsClient
    public DnsMessage a(org.minidns.dnsmessage.a aVar) throws IOException {
        return e(aVar);
    }

    public void a(DnsName dnsName, byte[] bArr) {
        this.l.put(dnsName, bArr);
    }

    public void a(boolean z) {
        this.m = z;
    }

    @Override // org.minidns.iterative.ReliableDnsClient, org.minidns.AbstractDnsClient
    protected boolean a(org.minidns.dnsmessage.a aVar, DnsMessage dnsMessage) {
        return super.a(aVar, dnsMessage);
    }

    @Override // org.minidns.iterative.ReliableDnsClient, org.minidns.AbstractDnsClient
    protected DnsMessage.a c(DnsMessage.a aVar) {
        aVar.c().a(this.f.b()).a();
        aVar.h(true);
        return super.c(aVar);
    }

    public c c(CharSequence charSequence, Record.TYPE type) throws IOException {
        org.minidns.dnsmessage.a aVar = new org.minidns.dnsmessage.a(charSequence, type, Record.CLASS.IN);
        return b(aVar, super.a(aVar));
    }

    public void d() {
        this.l.clear();
    }

    public c e(org.minidns.dnsmessage.a aVar) throws IOException {
        return b(aVar, super.a(aVar));
    }

    public boolean e() {
        return this.m;
    }

    public void f() {
        g(j);
    }

    public void f(DnsName dnsName) {
        this.l.remove(dnsName);
    }

    public void g() {
        g(null);
    }

    public void g(DnsName dnsName) {
        this.n = dnsName;
    }
}
