package org.minidns.dnssec;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import org.minidns.DNSWorld;
import org.minidns.constants.DNSSECConstants;
import org.minidns.dnsmessage.DNSMessage;
import org.minidns.dnsname.DNSName;
import org.minidns.dnssec.algorithms.AlgorithmMap;
import org.minidns.record.DLV;
import org.minidns.record.DNSKEY;
import org.minidns.record.DS;
import org.minidns.record.Data;
import org.minidns.record.RRSIG;
import org.minidns.record.Record;
import org.minidns.util.InetAddressUtil;

/* loaded from: input_file:org/minidns/dnssec/DNSSECWorld.class */
public class DNSSECWorld extends DNSWorld {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.minidns.dnssec.DNSSECWorld$1, reason: invalid class name */
    /* loaded from: input_file:org/minidns/dnssec/DNSSECWorld$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$minidns$constants$DNSSECConstants$SignatureAlgorithm = new int[DNSSECConstants.SignatureAlgorithm.values().length];

        static {
            try {
                $SwitchMap$org$minidns$constants$DNSSECConstants$SignatureAlgorithm[DNSSECConstants.SignatureAlgorithm.RSAMD5.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$minidns$constants$DNSSECConstants$SignatureAlgorithm[DNSSECConstants.SignatureAlgorithm.RSASHA1.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$minidns$constants$DNSSECConstants$SignatureAlgorithm[DNSSECConstants.SignatureAlgorithm.RSASHA1_NSEC3_SHA1.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$minidns$constants$DNSSECConstants$SignatureAlgorithm[DNSSECConstants.SignatureAlgorithm.RSASHA256.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$minidns$constants$DNSSECConstants$SignatureAlgorithm[DNSSECConstants.SignatureAlgorithm.RSASHA512.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$minidns$constants$DNSSECConstants$SignatureAlgorithm[DNSSECConstants.SignatureAlgorithm.DSA.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$minidns$constants$DNSSECConstants$SignatureAlgorithm[DNSSECConstants.SignatureAlgorithm.DSA_NSEC3_SHA1.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    /* loaded from: input_file:org/minidns/dnssec/DNSSECWorld$AddressedNsecResponse.class */
    public static class AddressedNsecResponse implements DNSWorld.PreparedResponse {
        final InetAddress address;
        final DNSMessage nsecMessage;

        public AddressedNsecResponse(InetAddress inetAddress, DNSMessage dNSMessage) {
            this.address = inetAddress;
            this.nsecMessage = dNSMessage;
        }

        public boolean isResponse(DNSMessage dNSMessage, InetAddress inetAddress) {
            Record record = null;
            for (Record record2 : this.nsecMessage.authoritySection) {
                if (record2.type == Record.TYPE.NSEC) {
                    record = record2;
                }
            }
            return inetAddress.equals(this.address) && Verifier.nsecMatches(dNSMessage.getQuestion().name, record.name, record.payloadData.next);
        }

        public DNSMessage getResponse() {
            return this.nsecMessage;
        }
    }

    /* loaded from: input_file:org/minidns/dnssec/DNSSECWorld$SignedRRSet.class */
    public static class SignedRRSet {
        Record<? extends Data>[] records;
        Record<? extends Data> signature;

        public SignedRRSet(Record<? extends Data>[] recordArr, Record<? extends Data> record) {
            this.records = recordArr;
            this.signature = record;
        }
    }

    public static DNSWorld.Zone signedRootZone(SignedRRSet... signedRRSetArr) {
        return new DNSWorld.Zone("", (InetAddress) null, merge(signedRRSetArr));
    }

    public static DNSWorld.Zone signedZone(String str, String str2, String str3, SignedRRSet... signedRRSetArr) {
        try {
            return signedZone(str, InetAddress.getByAddress(str2, InetAddressUtil.ipv4From(str3).getAddress()), signedRRSetArr);
        } catch (UnknownHostException e) {
            throw new RuntimeException(e);
        }
    }

    public static DNSWorld.Zone signedZone(String str, InetAddress inetAddress, SignedRRSet... signedRRSetArr) {
        return new DNSWorld.Zone(str, inetAddress, merge(signedRRSetArr));
    }

    public static List<Record<? extends Data>> merge(SignedRRSet... signedRRSetArr) {
        ArrayList arrayList = new ArrayList();
        for (SignedRRSet signedRRSet : signedRRSetArr) {
            arrayList.add(signedRRSet.signature);
            arrayList.addAll(Arrays.asList(signedRRSet.records));
        }
        return arrayList;
    }

    public static SignedRRSet sign(DNSKEY dnskey, String str, PrivateKey privateKey, DNSSECConstants.SignatureAlgorithm signatureAlgorithm, Record<? extends Data>... recordArr) {
        return new SignedRRSet(recordArr, rrsigRecord(dnskey, str, privateKey, signatureAlgorithm, recordArr));
    }

    public static SignedRRSet sign(PrivateKey privateKey, RRSIG rrsig, Record<? extends Data>... recordArr) {
        return new SignedRRSet(recordArr, rrsigRecord(privateKey, rrsig, recordArr));
    }

    public static Record<? extends Data> rrsigRecord(DNSKEY dnskey, String str, PrivateKey privateKey, DNSSECConstants.SignatureAlgorithm signatureAlgorithm, Record<? extends Data>... recordArr) {
        Record.TYPE type = recordArr[0].type;
        String str2 = recordArr[0].name.ace;
        return rrsigRecord(privateKey, rrsig(type, signatureAlgorithm, str2.isEmpty() ? 0 : str2.split("\\.").length, recordArr[0].ttl, new Date(System.currentTimeMillis() + 1209600000), new Date(System.currentTimeMillis() - 1209600000), dnskey.getKeyTag(), str, new byte[0]), recordArr);
    }

    public static Record<? extends Data> rrsigRecord(PrivateKey privateKey, RRSIG rrsig, Record<? extends Data>... recordArr) {
        return record(recordArr[0].name, rrsig.originalTtl, rrsig(rrsig.typeCovered, rrsig.algorithm, rrsig.labels, rrsig.originalTtl, rrsig.signatureExpiration, rrsig.signatureInception, rrsig.keyTag, rrsig.signerName, sign(privateKey, rrsig.algorithm, Verifier.combine(rrsig, Arrays.asList(recordArr)))));
    }

    public static DS ds(String str, DNSSECConstants.DigestAlgorithm digestAlgorithm, DNSKEY dnskey) {
        return ds(DNSName.from(str), digestAlgorithm, dnskey);
    }

    public static DS ds(DNSName dNSName, DNSSECConstants.DigestAlgorithm digestAlgorithm, DNSKEY dnskey) {
        return ds(dnskey.getKeyTag(), dnskey.algorithm, digestAlgorithm, calculateDsDigest(dNSName, digestAlgorithm, dnskey));
    }

    public static DLV dlv(String str, DNSSECConstants.DigestAlgorithm digestAlgorithm, DNSKEY dnskey) {
        return dlv(DNSName.from(str), digestAlgorithm, dnskey);
    }

    public static DLV dlv(DNSName dNSName, DNSSECConstants.DigestAlgorithm digestAlgorithm, DNSKEY dnskey) {
        return dlv(dnskey.getKeyTag(), dnskey.algorithm, digestAlgorithm, calculateDsDigest(dNSName, digestAlgorithm, dnskey));
    }

    public static byte[] calculateDsDigest(DNSName dNSName, DNSSECConstants.DigestAlgorithm digestAlgorithm, DNSKEY dnskey) {
        DigestCalculator dsDigestCalculator = AlgorithmMap.INSTANCE.getDsDigestCalculator(digestAlgorithm);
        byte[] byteArray = dnskey.toByteArray();
        byte[] bytes = dNSName.getBytes();
        byte[] bArr = new byte[bytes.length + byteArray.length];
        System.arraycopy(bytes, 0, bArr, 0, bytes.length);
        System.arraycopy(byteArray, 0, bArr, bytes.length, byteArray.length);
        return dsDigestCalculator.digest(bArr);
    }

    public static byte[] sign(PrivateKey privateKey, DNSSECConstants.SignatureAlgorithm signatureAlgorithm, byte[] bArr) {
        Signature signature;
        try {
            switch (AnonymousClass1.$SwitchMap$org$minidns$constants$DNSSECConstants$SignatureAlgorithm[signatureAlgorithm.ordinal()]) {
                case 1:
                    signature = Signature.getInstance("MD5withRSA");
                    break;
                case 2:
                case 3:
                    signature = Signature.getInstance("SHA1withRSA");
                    break;
                case 4:
                    signature = Signature.getInstance("SHA256withRSA");
                    break;
                case 5:
                    signature = Signature.getInstance("SHA512withRSA");
                    break;
                case 6:
                case 7:
                    signature = Signature.getInstance("SHA1withDSA");
                    break;
                default:
                    throw new RuntimeException(signatureAlgorithm + " algorithm not yet supported by DNSSECWorld");
            }
            signature.initSign(privateKey);
            signature.update(bArr);
            byte[] sign = signature.sign();
            switch (AnonymousClass1.$SwitchMap$org$minidns$constants$DNSSECConstants$SignatureAlgorithm[signatureAlgorithm.ordinal()]) {
                case 1:
                case 2:
                case 3:
                case 4:
                case 5:
                default:
                    return sign;
                case 6:
                case 7:
                    return convertAsn1ToRFC((DSAPrivateKey) privateKey, sign);
            }
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] convertAsn1ToRFC(DSAPrivateKey dSAPrivateKey, byte[] bArr) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        dataOutputStream.writeByte((dSAPrivateKey.getParams().getP().bitLength() / 64) - 8);
        dataInputStream.skipBytes(2);
        streamAsn1Int(dataInputStream, dataOutputStream, 20);
        streamAsn1Int(dataInputStream, dataOutputStream, 20);
        return byteArrayOutputStream.toByteArray();
    }

    public static void streamAsn1Int(DataInputStream dataInputStream, DataOutputStream dataOutputStream, int i) throws IOException {
        dataInputStream.skipBytes(1);
        byte readByte = (byte) (dataInputStream.readByte() - i);
        if (readByte >= 0) {
            dataInputStream.skipBytes(readByte);
            readByte = 0;
        } else {
            for (int i2 = 0; i2 < 1 - readByte; i2++) {
                dataOutputStream.writeByte(0);
            }
        }
        byte[] bArr = new byte[i + readByte];
        if (dataInputStream.read(bArr) != bArr.length) {
            throw new IOException();
        }
        dataOutputStream.write(bArr);
    }

    public static PrivateKey generatePrivateKey(DNSSECConstants.SignatureAlgorithm signatureAlgorithm, int i) {
        switch (AnonymousClass1.$SwitchMap$org$minidns$constants$DNSSECConstants$SignatureAlgorithm[signatureAlgorithm.ordinal()]) {
            case 1:
            case 2:
            case 3:
            case 4:
            case 5:
                return generateRSAPrivateKey(i, RSAKeyGenParameterSpec.F4);
            case 6:
            case 7:
                return generateDSAPrivateKey(i);
            default:
                throw new RuntimeException(signatureAlgorithm + " algorithm not yet supported by DNSSECWorld");
        }
    }

    public static PrivateKey generateRSAPrivateKey(int i, BigInteger bigInteger) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(new RSAKeyGenParameterSpec(i, bigInteger));
            return keyPairGenerator.generateKeyPair().getPrivate();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static PrivateKey generateDSAPrivateKey(int i) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
            keyPairGenerator.initialize(i);
            return keyPairGenerator.generateKeyPair().getPrivate();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] publicKey(DNSSECConstants.SignatureAlgorithm signatureAlgorithm, PrivateKey privateKey) {
        switch (AnonymousClass1.$SwitchMap$org$minidns$constants$DNSSECConstants$SignatureAlgorithm[signatureAlgorithm.ordinal()]) {
            case 1:
            case 2:
            case 3:
            case 4:
            case 5:
                return getRSAPublicKey((RSAPrivateCrtKey) privateKey);
            case 6:
            case 7:
                return getDSAPublicKey((DSAPrivateKey) privateKey);
            default:
                throw new RuntimeException(signatureAlgorithm + " algorithm not yet supported by DNSSECWorld");
        }
    }

    private static byte[] getDSAPublicKey(DSAPrivateKey dSAPrivateKey) {
        try {
            BigInteger modPow = dSAPrivateKey.getParams().getG().modPow(dSAPrivateKey.getX(), dSAPrivateKey.getParams().getP());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            int bitLength = (dSAPrivateKey.getParams().getP().bitLength() / 64) - 8;
            dataOutputStream.writeByte(bitLength);
            dataOutputStream.write(toUnsignedByteArray(dSAPrivateKey.getParams().getQ(), 20));
            dataOutputStream.write(toUnsignedByteArray(dSAPrivateKey.getParams().getP(), (bitLength * 8) + 64));
            dataOutputStream.write(toUnsignedByteArray(dSAPrivateKey.getParams().getG(), (bitLength * 8) + 64));
            dataOutputStream.write(toUnsignedByteArray(modPow, (bitLength * 8) + 64));
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] getRSAPublicKey(RSAPrivateCrtKey rSAPrivateCrtKey) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            byte[] unsignedByteArray = toUnsignedByteArray(rSAPrivateCrtKey.getPublicExponent());
            if (unsignedByteArray.length > 255) {
                dataOutputStream.writeByte(0);
                dataOutputStream.writeShort(unsignedByteArray.length);
            } else {
                dataOutputStream.writeByte(unsignedByteArray.length);
            }
            dataOutputStream.write(unsignedByteArray);
            dataOutputStream.write(toUnsignedByteArray(rSAPrivateCrtKey.getModulus()));
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static byte[] toUnsignedByteArray(BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray[0] == 0) {
            byte[] bArr = new byte[byteArray.length - 1];
            System.arraycopy(byteArray, 1, bArr, 0, bArr.length);
            byteArray = bArr;
        }
        return byteArray;
    }

    private static byte[] toUnsignedByteArray(BigInteger bigInteger, int i) {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray.length != i) {
            if (byteArray.length == i + 1 && byteArray[0] == 0) {
                byte[] bArr = new byte[byteArray.length - 1];
                System.arraycopy(byteArray, 1, bArr, 0, bArr.length);
                byteArray = bArr;
            } else if (byteArray.length < i) {
                byte[] bArr2 = new byte[i];
                System.arraycopy(byteArray, 0, bArr2, i - byteArray.length, byteArray.length);
                byteArray = bArr2;
            }
        }
        return byteArray;
    }
}
