package org.nhindirect.dns;

import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.nhindirect.policy.PolicyExpression;
import org.nhindirect.policy.PolicyFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xbill.DNS.Header;
import org.xbill.DNS.InvalidTypeException;
import org.xbill.DNS.Message;
import org.xbill.DNS.Name;
import org.xbill.DNS.RRset;
import org.xbill.DNS.Record;
import org.xbill.DNS.Type;

/* loaded from: input_file:BOOT-INF/lib/dns-6.0.1.jar:org/nhindirect/dns/AbstractDNSStore.class */
public abstract class AbstractDNSStore implements DNSStore {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractDNSStore.class);
    protected static final String DNS_CERT_POLICY_NAME_VAR = "org.nhindirect.dns.CertPolicyName";
    protected static final String DEFAULT_JCE_PROVIDER_STRING = "BC";
    protected static final String JCE_PROVIDER_STRING_SYS_PARAM = "org.nhindirect.dns.JCEProviderName";
    protected Map<String, Record> soaRecords = null;
    protected PolicyFilter polFilter = null;
    protected PolicyExpression polExpression = null;

    public static String getJCEProviderName() {
        String property = System.getProperty(JCE_PROVIDER_STRING_SYS_PARAM);
        if (property == null || property.isEmpty()) {
            property = "BC";
        }
        return property;
    }

    public static void setJCEProviderName(String str) {
        if (str == null || str.isEmpty()) {
            System.setProperty(JCE_PROVIDER_STRING_SYS_PARAM, "BC");
        } else {
            System.setProperty(JCE_PROVIDER_STRING_SYS_PARAM, str);
        }
    }

    @Override // org.nhindirect.dns.DNSStore
    public Message get(Message message) throws DNSException {
        LOGGER.trace("get(Message) Entered");
        if (message == null) {
            throw new DNSException((DNSError<?>) DNSError.newError(1));
        }
        Header header = message.getHeader();
        if (header.getFlag(0) || header.getRcode() != 0) {
            throw new DNSException((DNSError<?>) DNSError.newError(1));
        }
        if (header.getOpcode() != 0) {
            throw new DNSException((DNSError<?>) DNSError.newError(4));
        }
        Record question = message.getQuestion();
        if (question == null || question.getDClass() != 1) {
            throw new DNSException((DNSError<?>) DNSError.newError(4));
        }
        Name name = question.getName();
        int type = question.getType();
        String str = null;
        try {
            str = Type.string(type);
        } catch (InvalidTypeException e) {
        }
        if (LOGGER.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder("Received Query Request:");
            sb.append("\r\n\tName: " + name.toString());
            sb.append("\r\n\tType: " + (str == null ? Integer.valueOf(type) : str));
            sb.append("\r\n\tDClass: " + question.getDClass());
            LOGGER.debug(sb.toString());
        }
        LOGGER.info("Process record for DNS request type " + (str == null ? Integer.valueOf(type) : str) + " and name " + name.toString());
        ArrayList arrayList = null;
        switch (type) {
            case 1:
            case 2:
            case 5:
            case 6:
            case 15:
            case 16:
            case 33:
            case Type.CAA /* 257 */:
                try {
                    RRset processGenericRecordRequest = processGenericRecordRequest(name.toString(), type);
                    if (processGenericRecordRequest != null) {
                        arrayList = new ArrayList();
                        Iterator rrs = processGenericRecordRequest.rrs();
                        while (rrs.hasNext()) {
                            arrayList.add(rrs.next());
                        }
                    }
                    break;
                } catch (Exception e2) {
                    throw new DNSException(DNSError.newError(2), "DNS service proxy call failed: " + e2.getMessage(), e2);
                }
            case 37:
                RRset processCERTRecordRequest = processCERTRecordRequest(name.toString());
                if (processCERTRecordRequest != null) {
                    arrayList = new ArrayList();
                    Iterator rrs2 = processCERTRecordRequest.rrs();
                    while (rrs2.hasNext()) {
                        arrayList.add(rrs2.next());
                    }
                    break;
                }
                break;
            case 255:
                Collection<Record> processGenericANYRecordRequest = processGenericANYRecordRequest(name.toString());
                RRset processCERTRecordRequest2 = processCERTRecordRequest(name.toString());
                if (processGenericANYRecordRequest != null || processCERTRecordRequest2 != null) {
                    arrayList = new ArrayList();
                    if (processGenericANYRecordRequest != null) {
                        arrayList.addAll(processGenericANYRecordRequest);
                    }
                    if (processCERTRecordRequest2 != null) {
                        Iterator rrs3 = processCERTRecordRequest2.rrs();
                        while (rrs3.hasNext()) {
                            arrayList.add(rrs3.next());
                        }
                        break;
                    }
                }
                break;
            default:
                LOGGER.debug("Query Type " + (str == null ? Integer.valueOf(type) : str) + " not implemented");
                throw new DNSException((DNSError<?>) DNSError.newError(4), "Query Type " + (str == null ? Integer.valueOf(type) : str) + " not implemented");
        }
        if (arrayList == null || arrayList.size() == 0) {
            LOGGER.debug("No records found.");
            return null;
        }
        Message message2 = new Message(message.getHeader().getID());
        message2.getHeader().setFlag(0);
        if (message.getHeader().getFlag(7)) {
            message2.getHeader().setFlag(7);
        }
        message2.addRecord(question, 0);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            message2.addRecord((Record) it.next(), 1);
        }
        message2.getHeader().setFlag(5);
        Record checkForSoaRecord = checkForSoaRecord(name.toString());
        if (checkForSoaRecord != null) {
            message2.addRecord(checkForSoaRecord, 2);
        }
        LOGGER.trace("get(Message) Exit");
        return message2;
    }

    protected abstract RRset processGenericRecordRequest(String str, int i) throws DNSException;

    protected abstract RRset processCERTRecordRequest(String str) throws DNSException;

    protected abstract Collection<Record> processGenericANYRecordRequest(String str) throws DNSException;

    protected abstract Record checkForSoaRecord(String str);

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isCertCompliantWithPolicy(X509Certificate x509Certificate) {
        if (this.polFilter == null) {
            return true;
        }
        try {
            return this.polFilter.isCompliant(x509Certificate, this.polExpression);
        } catch (Exception e) {
            LOGGER.warn("Error testing certificate for policy compliance.  Default to compliant.", (Throwable) e);
            return true;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
