package org.xbill.DNS.security;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.util.Arrays;
import java.util.Comparator;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.apache.xpath.compiler.PsuedoNames;
import org.xbill.DNS.Cache;
import org.xbill.DNS.KEYRecord;
import org.xbill.DNS.Name;
import org.xbill.DNS.Options;
import org.xbill.DNS.RRset;
import org.xbill.DNS.Record;
import org.xbill.DNS.SIGRecord;
import org.xbill.DNS.Type;
import org.xbill.DNS.Verifier;
import org.xbill.DNS.utils.DataByteOutputStream;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/dnsjava-1.2.3.jar:org/xbill/DNS/security/DNSSECVerifier.class
 */
/* loaded from: input_file:apps/james.sar:SAR-INF/lib/dnsjava-1.2.3.jar:org/xbill/DNS/security/DNSSECVerifier.class */
public class DNSSECVerifier implements Verifier {
    private Hashtable trustedKeys = new Hashtable();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/dnsjava-1.2.3.jar:org/xbill/DNS/security/DNSSECVerifier$ByteArrayComparator.class
     */
    /* loaded from: input_file:apps/james.sar:SAR-INF/lib/dnsjava-1.2.3.jar:org/xbill/DNS/security/DNSSECVerifier$ByteArrayComparator.class */
    public class ByteArrayComparator implements Comparator {
        private final DNSSECVerifier this$0;

        ByteArrayComparator(DNSSECVerifier dNSSECVerifier) {
            this.this$0 = dNSSECVerifier;
        }

        @Override // java.util.Comparator
        public int compare(Object obj, Object obj2) throws ClassCastException {
            byte[] bArr = (byte[]) obj;
            byte[] bArr2 = (byte[]) obj2;
            for (int i = 0; i < bArr.length && i < bArr2.length; i++) {
                if (bArr[i] != bArr2[i]) {
                    return (bArr[i] & 255) - (bArr2[i] & 255);
                }
            }
            return bArr.length - bArr2.length;
        }
    }

    public synchronized void addTrustedKey(KEYRecord kEYRecord) {
        Name name = kEYRecord.getName();
        Vector vector = (Vector) this.trustedKeys.get(name);
        if (vector == null) {
            Hashtable hashtable = this.trustedKeys;
            Vector vector2 = new Vector();
            vector = vector2;
            hashtable.put(name, vector2);
        }
        vector.addElement(kEYRecord);
    }

    public void addTrustedKey(Name name, PublicKey publicKey) {
        KEYRecord buildRecord = KEYConverter.buildRecord(name, (short) 1, 0, 0, 3, publicKey);
        if (buildRecord != null) {
            addTrustedKey(buildRecord);
        }
    }

    private PublicKey findMatchingKey(Enumeration enumeration, int i, int i2) {
        while (enumeration.hasMoreElements()) {
            KEYRecord kEYRecord = (KEYRecord) enumeration.nextElement();
            if (kEYRecord.getAlgorithm() == i && kEYRecord.getFootprint() == i2) {
                return KEYConverter.parseRecord(kEYRecord);
            }
        }
        return null;
    }

    private synchronized PublicKey findTrustedKey(Name name, int i, int i2) {
        Vector vector = (Vector) this.trustedKeys.get(name);
        if (vector == null) {
            return null;
        }
        return findMatchingKey(vector.elements(), i, i2);
    }

    private PublicKey findCachedKey(Cache cache, Name name, int i, int i2) {
        RRset[] findAnyRecords = cache.findAnyRecords(name, (short) 25);
        if (findAnyRecords == null) {
            return null;
        }
        RRset rRset = findAnyRecords[0];
        if (rRset.getSecurity() < 1) {
            return null;
        }
        return findMatchingKey(rRset.rrs(), i, i2);
    }

    private PublicKey findKey(Cache cache, Name name, int i, int i2) {
        PublicKey findTrustedKey = findTrustedKey(name, i, i2);
        return (findTrustedKey != null || cache == null) ? findTrustedKey : findCachedKey(cache, name, i, i2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v49, types: [byte[], java.lang.Object[]] */
    private byte verifySIG(RRset rRset, SIGRecord sIGRecord, Cache cache) {
        byte[] create;
        String str;
        PublicKey findKey = findKey(cache, sIGRecord.getSigner(), sIGRecord.getAlgorithm(), sIGRecord.getFootprint());
        if (findKey == null) {
            return (byte) 0;
        }
        DataByteOutputStream dataByteOutputStream = new DataByteOutputStream();
        Date date = new Date();
        if (date.compareTo(sIGRecord.getExpire()) > 0 || date.compareTo(sIGRecord.getTimeSigned()) < 0) {
            System.err.println("Outside of validity period");
            return (byte) -1;
        }
        try {
            dataByteOutputStream.writeShort(sIGRecord.getTypeCovered());
            dataByteOutputStream.writeByte(sIGRecord.getAlgorithm());
            dataByteOutputStream.writeByte(sIGRecord.getLabels());
            dataByteOutputStream.writeInt(sIGRecord.getOrigTTL());
            dataByteOutputStream.writeInt((int) (sIGRecord.getExpire().getTime() / 1000));
            dataByteOutputStream.writeInt((int) (sIGRecord.getTimeSigned().getTime() / 1000));
            dataByteOutputStream.writeShort(sIGRecord.getFootprint());
            sIGRecord.getSigner().toWireCanonical(dataByteOutputStream);
            Enumeration rrs = rRset.rrs();
            int size = rRset.size();
            ?? r0 = new byte[size];
            while (rrs.hasMoreElements()) {
                Record record = (Record) rrs.nextElement();
                if (record.getName().labels() > sIGRecord.getLabels()) {
                    Name name = record.getName();
                    record = record.withName(name.wild(name.labels() - sIGRecord.getLabels()));
                }
                size--;
                r0[size] = record.toWireCanonical();
            }
            Arrays.sort(r0, new ByteArrayComparator(this));
            for (byte[] bArr : r0) {
                dataByteOutputStream.write(bArr);
            }
        } catch (IOException e) {
        }
        byte[] byteArray = dataByteOutputStream.toByteArray();
        switch (sIGRecord.getAlgorithm()) {
            case 1:
                create = sIGRecord.getSignature();
                str = "MD5withRSA";
                break;
            case 3:
                create = DSASignature.create(sIGRecord);
                str = "SHA1withDSA";
                break;
            default:
                return (byte) -1;
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(findKey);
            signature.update(byteArray);
            return signature.verify(create) ? (byte) 1 : (byte) -1;
        } catch (GeneralSecurityException e2) {
            if (!Options.check("verboseexceptions")) {
                return (byte) -1;
            }
            System.err.println(new StringBuffer().append("Signing data: ").append(e2).toString());
            return (byte) -1;
        }
    }

    @Override // org.xbill.DNS.Verifier
    public byte verify(RRset rRset, Cache cache) {
        Enumeration sigs = rRset.sigs();
        if (Options.check("verbosesec")) {
            System.out.print(new StringBuffer().append("Verifying ").append(rRset.getName()).append(PsuedoNames.PSEUDONAME_ROOT).append(Type.string(rRset.getType())).append(": ").toString());
        }
        if (!sigs.hasMoreElements()) {
            if (!Options.check("verbosesec")) {
                return (byte) 0;
            }
            System.out.println("Insecure");
            return (byte) 0;
        }
        while (sigs.hasMoreElements()) {
            if (verifySIG(rRset, (SIGRecord) sigs.nextElement(), cache) == 1) {
                if (!Options.check("verbosesec")) {
                    return (byte) 1;
                }
                System.out.println("Secure");
                return (byte) 1;
            }
        }
        if (!Options.check("verbosesec")) {
            return (byte) -1;
        }
        System.out.println("Failed");
        return (byte) -1;
    }
}
