package org.nhindirect.dns;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.bouncycastle.crypto.tls.CipherSuite;
import org.nhind.config.rest.CertPolicyService;
import org.nhind.config.rest.CertificateService;
import org.nhind.config.rest.DNSService;
import org.nhindirect.config.model.CertPolicy;
import org.nhindirect.config.model.Certificate;
import org.nhindirect.config.model.DNSRecord;
import org.nhindirect.config.model.exceptions.CertificateConversionException;
import org.nhindirect.config.model.utils.CertUtils;
import org.nhindirect.policy.PolicyFilterFactory;
import org.nhindirect.policy.PolicyLexiconParser;
import org.nhindirect.policy.PolicyLexiconParserFactory;
import org.nhindirect.policy.x509.SignatureAlgorithmIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xbill.DNS.CERTRecord;
import org.xbill.DNS.Name;
import org.xbill.DNS.RRset;
import org.xbill.DNS.Record;

/* loaded from: input_file:BOOT-INF/lib/dns-6.0.1.jar:org/nhindirect/dns/RESTServiceDNSStore.class */
public class RESTServiceDNSStore extends AbstractDNSStore {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RESTServiceDNSStore.class);
    protected final CertificateService certService;
    protected final CertPolicyService certPolicyService;
    protected final DNSService dnsService;
    protected String certPolicyName;

    public RESTServiceDNSStore(DNSService dNSService, CertificateService certificateService, CertPolicyService certPolicyService, String str) {
        this.dnsService = dNSService;
        this.certService = certificateService;
        this.certPolicyService = certPolicyService;
        this.certPolicyName = str;
        try {
            configCertPolicy();
        } catch (DNSException e) {
            throw new IllegalStateException(e);
        }
    }

    public void setCertPolicyName(String str) {
        this.certPolicyName = str;
        try {
            this.polFilter = null;
            this.polExpression = null;
            configCertPolicy();
        } catch (DNSException e) {
            throw new IllegalStateException(e);
        }
    }

    protected void configCertPolicy() throws DNSException {
        if (StringUtils.isEmpty(this.certPolicyName)) {
            LOGGER.info("No certificate policy has been configured.");
            return;
        }
        LOGGER.info("Certificate policy name " + this.certPolicyName + " has been configured.");
        try {
            try {
                CertPolicy policyByName = this.certPolicyService.getPolicyByName(this.certPolicyName);
                if (policyByName == null) {
                    LOGGER.warn("Certificate policy " + this.certPolicyName + " could not be found in the system.  Falling back to no policy.");
                    IOUtils.closeQuietly((InputStream) null);
                    return;
                }
                PolicyLexiconParser policyLexiconParserFactory = PolicyLexiconParserFactory.getInstance(policyByName.getLexicon());
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(policyByName.getPolicyData());
                this.polExpression = policyLexiconParserFactory.parse(byteArrayInputStream);
                this.polFilter = PolicyFilterFactory.getInstance();
                IOUtils.closeQuietly((InputStream) byteArrayInputStream);
            } catch (Exception e) {
                LOGGER.warn("Error loading and compling certificate policy " + this.certPolicyName + ".  Will fallback to no policy filter.", (Throwable) e);
                IOUtils.closeQuietly((InputStream) null);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) null);
            throw th;
        }
    }

    @Override // org.nhindirect.dns.AbstractDNSStore
    protected RRset processGenericRecordRequest(String str, int i) throws DNSException {
        try {
            Collection<DNSRecord> dNSRecord = this.dnsService.getDNSRecord(i, str);
            if (dNSRecord == null || dNSRecord.size() == 0) {
                return null;
            }
            RRset rRset = new RRset();
            try {
                for (DNSRecord dNSRecord2 : dNSRecord) {
                    rRset.addRR(Record.newRecord(Name.fromString(dNSRecord2.getName()), dNSRecord2.getType(), dNSRecord2.getDclass(), dNSRecord2.getTtl(), dNSRecord2.getData()));
                }
                return rRset;
            } catch (Exception e) {
                throw new DNSException(DNSError.newError(2), "Failure while parsing generic record data: " + e.getMessage(), e);
            }
        } catch (Exception e2) {
            throw new DNSException(DNSError.newError(2), "DNS service proxy call for DNS records failed: " + e2.getMessage(), e2);
        }
    }

    @Override // org.nhindirect.dns.AbstractDNSStore
    protected Collection<Record> processGenericANYRecordRequest(String str) throws DNSException {
        try {
            Collection<DNSRecord> dNSRecord = this.dnsService.getDNSRecord(255, str);
            if (dNSRecord == null || dNSRecord.size() == 0) {
                return null;
            }
            ArrayList arrayList = new ArrayList();
            try {
                for (DNSRecord dNSRecord2 : dNSRecord) {
                    arrayList.add(Record.newRecord(Name.fromString(dNSRecord2.getName()), dNSRecord2.getType(), dNSRecord2.getDclass(), dNSRecord2.getTtl(), dNSRecord2.getData()));
                }
                return arrayList;
            } catch (Exception e) {
                throw new DNSException(DNSError.newError(2), "Failure while parsing generic record data: " + e.getMessage(), e);
            }
        } catch (Exception e2) {
            throw new DNSException(DNSError.newError(2), "DNS service proxy call for DNS records failed: " + e2.getMessage(), e2);
        }
    }

    @Override // org.nhindirect.dns.AbstractDNSStore
    protected RRset processCERTRecordRequest(String str) throws DNSException {
        if (str.endsWith(".")) {
            str = str.substring(0, str.length() - 1);
        }
        try {
            Collection<Certificate> certificatesByOwner = this.certService.getCertificatesByOwner(str);
            if (certificatesByOwner == null || certificatesByOwner.size() == 0) {
                int i = 0;
                while (true) {
                    int indexOf = str.indexOf(".", i);
                    if (indexOf <= -1) {
                        break;
                    }
                    char[] charArray = str.toCharArray();
                    charArray[indexOf] = '@';
                    try {
                        certificatesByOwner = this.certService.getCertificatesByOwner(String.copyValueOf(charArray));
                        if ((certificatesByOwner != null && certificatesByOwner.size() > 0) || indexOf >= str.length() - 1) {
                            break;
                        }
                        i = indexOf + 1;
                    } catch (Exception e) {
                        throw new DNSException(DNSError.newError(2), "DNS service proxy call for certificates failed: " + e.getMessage(), e);
                    }
                }
            }
            if (certificatesByOwner == null || certificatesByOwner.size() == 0) {
                return null;
            }
            if (!str.endsWith(".")) {
                str = str + ".";
            }
            RRset rRset = new RRset();
            try {
                for (Certificate certificate : certificatesByOwner) {
                    int i2 = 1;
                    byte[] bArr = null;
                    X509Certificate x509Certificate = null;
                    try {
                        x509Certificate = CertUtils.toCertContainer(certificate.getData()).getCert();
                    } catch (CertificateConversionException e2) {
                    }
                    if (isCertCompliantWithPolicy(x509Certificate)) {
                        bArr = x509Certificate.getEncoded();
                        if (x509Certificate == null) {
                            try {
                                bArr = certificate.getData();
                                new URL(new String(bArr));
                                i2 = 253;
                            } catch (Exception e3) {
                                throw new DNSException(DNSError.newError(2), "Failure while parsing CERT record data: " + e3.getMessage(), e3);
                            }
                        }
                        int i3 = 0;
                        int i4 = 0;
                        if (x509Certificate != null && (x509Certificate.getPublicKey() instanceof RSAKey)) {
                            byte[] byteArray = ((RSAKey) x509Certificate.getPublicKey()).getModulus().toByteArray();
                            i3 = ((byteArray[byteArray.length - 2] << 8) & CipherSuite.DRAFT_TLS_DHE_RSA_WITH_AES_128_OCB) | (byteArray[byteArray.length - 1] & 255);
                            i4 = x509Certificate.getSigAlgOID().equalsIgnoreCase(SignatureAlgorithmIdentifier.SHA1RSA.getId()) ? 5 : x509Certificate.getSigAlgOID().equalsIgnoreCase(SignatureAlgorithmIdentifier.SHA256RSA.getId()) ? 8 : x509Certificate.getSigAlgOID().equalsIgnoreCase(SignatureAlgorithmIdentifier.SHA1DSA.getId()) ? 3 : x509Certificate.getSigAlgOID().equalsIgnoreCase(SignatureAlgorithmIdentifier.MD5RSA.getId()) ? 1 : 5;
                        }
                        rRset.addRR(new CERTRecord(Name.fromString(str), 1, 86400L, i2, i3, i4, bArr));
                    }
                }
                if (rRset.size() == 0) {
                    return null;
                }
                return rRset;
            } catch (Exception e4) {
                throw new DNSException(DNSError.newError(2), "Failure while parsing CERT record data: " + e4.getMessage(), e4);
            }
        } catch (Exception e5) {
            throw new DNSException(DNSError.newError(2), "DNS service proxy call for certificates failed: " + e5.getMessage(), e5);
        }
    }

    @Override // org.nhindirect.dns.AbstractDNSStore
    protected synchronized Record checkForSoaRecord(String str) {
        if (!str.endsWith(".")) {
            str = str + ".";
        }
        if (this.soaRecords == null) {
            try {
                Collection<DNSRecord> dNSRecord = this.dnsService.getDNSRecord(6, "");
                if (dNSRecord == null || dNSRecord.size() == 0) {
                    this.soaRecords = Collections.emptyMap();
                } else {
                    this.soaRecords = new HashMap();
                    for (DNSRecord dNSRecord2 : dNSRecord) {
                        Record newRecord = Record.newRecord(Name.fromString(dNSRecord2.getName()), 6, dNSRecord2.getDclass(), dNSRecord2.getTtl(), dNSRecord2.getData());
                        this.soaRecords.put(newRecord.getName().toString(), newRecord);
                    }
                }
            } catch (Exception e) {
                LOGGER.error("Failed to load SOA records from config service.");
            }
        }
        Record record = null;
        if (this.soaRecords.size() > 0) {
            record = this.soaRecords.get(str);
            if (record == null) {
                do {
                    int indexOf = str.indexOf(".");
                    if (indexOf <= 0 || indexOf >= str.length() - 1) {
                        break;
                    }
                    str = str.substring(indexOf + 1);
                    record = this.soaRecords.get(str);
                } while (record == null);
            }
        }
        return record;
    }
}
