package org.xbill.DNS;

import java.security.GeneralSecurityException;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xbill.DNS.utils.base64;
import org.xbill.DNS.utils.hexdump;

/* loaded from: classes5.dex */
public class TSIG {
    public static final Duration FUDGE;
    private static final Map<Name, String> b;
    private final Name c;
    private final Clock d;
    private final Name e;
    private final SecretKey f;
    private final String g;
    private final Mac h;
    private static final Logger a = LoggerFactory.getLogger((Class<?>) TSIG.class);
    public static final Name GSS_TSIG = Name.fromConstantString("gss-tsig.");
    public static final Name HMAC_MD5 = Name.fromConstantString("HMAC-MD5.SIG-ALG.REG.INT.");

    @Deprecated
    public static final Name HMAC = HMAC_MD5;
    public static final Name HMAC_SHA1 = Name.fromConstantString("hmac-sha1.");
    public static final Name HMAC_SHA224 = Name.fromConstantString("hmac-sha224.");
    public static final Name HMAC_SHA256 = Name.fromConstantString("hmac-sha256.");
    public static final Name HMAC_SHA384 = Name.fromConstantString("hmac-sha384.");
    public static final Name HMAC_SHA512 = Name.fromConstantString("hmac-sha512.");

    /* loaded from: classes5.dex */
    public static class StreamVerifier {
        private final TSIG a;
        private int b = 0;
        private int c;
        private TSIGRecord d;

        public StreamVerifier(TSIG tsig, TSIGRecord tSIGRecord) {
            this.a = tsig;
            this.d = tSIGRecord;
        }

        public int verify(Message message, byte[] bArr) {
            TSIGRecord tsig = message.getTSIG();
            this.b++;
            int i = this.b;
            if (i == 1) {
                int verify = this.a.verify(message, bArr, this.d);
                this.d = tsig;
                return verify;
            }
            if (tsig != null) {
                int verify2 = this.a.verify(message, bArr, this.d, false);
                this.c = this.b;
                this.d = tsig;
                return verify2;
            }
            if (i - this.c >= 100) {
                TSIG.a.debug("FORMERR: missing required signature on {}th message", Integer.valueOf(this.b));
                message.tsigState = 4;
                return 1;
            }
            TSIG.a.trace("Intermediate message {} without signature", Integer.valueOf(this.b));
            message.tsigState = 2;
            return 0;
        }
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put(HMAC_MD5, "HmacMD5");
        hashMap.put(HMAC_SHA1, "HmacSHA1");
        hashMap.put(HMAC_SHA224, "HmacSHA224");
        hashMap.put(HMAC_SHA256, "HmacSHA256");
        hashMap.put(HMAC_SHA384, "HmacSHA384");
        hashMap.put(HMAC_SHA512, "HmacSHA512");
        b = Collections.unmodifiableMap(hashMap);
        FUDGE = Duration.ofSeconds(300L);
    }

    @Deprecated
    public TSIG(String str, String str2) {
        this(HMAC_MD5, str, str2);
    }

    public TSIG(String str, String str2, String str3) {
        this(algorithmToName(str), str2, str3);
    }

    @Deprecated
    public TSIG(Mac mac, Name name) {
        this.e = name;
        this.h = mac;
        this.g = null;
        this.f = null;
        this.d = Clock.systemUTC();
        this.c = algorithmToName(mac.getAlgorithm());
    }

    public TSIG(Name name, String str, String str2) {
        byte[] fromString = base64.fromString(str2);
        if (fromString == null) {
            throw new IllegalArgumentException("Invalid TSIG key string");
        }
        try {
            this.e = Name.fromString(str, Name.root);
            this.c = name;
            this.d = Clock.systemUTC();
            this.g = nameToAlgorithm(name);
            this.h = null;
            this.f = new SecretKeySpec(fromString, this.g);
        } catch (TextParseException unused) {
            throw new IllegalArgumentException("Invalid TSIG key name");
        }
    }

    public TSIG(Name name, Name name2, String str) {
        this(name, name2, (byte[]) Objects.requireNonNull(base64.fromString(str)));
    }

    public TSIG(Name name, Name name2, SecretKey secretKey) {
        this(name, name2, secretKey, Clock.systemUTC());
    }

    public TSIG(Name name, Name name2, SecretKey secretKey, Clock clock) {
        this.e = name2;
        this.c = name;
        this.d = clock;
        this.g = nameToAlgorithm(name);
        this.f = secretKey;
        this.h = null;
    }

    public TSIG(Name name, Name name2, byte[] bArr) {
        this(name, name2, new SecretKeySpec(bArr, nameToAlgorithm(name)));
    }

    @Deprecated
    public TSIG(Name name, byte[] bArr) {
        this(HMAC_MD5, name, bArr);
    }

    private Mac a() {
        Mac mac = this.h;
        if (mac != null) {
            try {
                return (Mac) mac.clone();
            } catch (CloneNotSupportedException unused) {
                this.h.reset();
                return this.h;
            }
        }
        try {
            Mac mac2 = Mac.getInstance(this.g);
            mac2.init(this.f);
            return mac2;
        } catch (GeneralSecurityException e) {
            throw new IllegalArgumentException("Caught security exception setting up HMAC.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ Name a(final String str) {
        return (Name) b.entrySet().stream().filter(new Predicate() { // from class: org.xbill.DNS.-$$Lambda$TSIG$DLZrr5KAaFbxvHdqSHoS83NJy5c
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean a2;
                a2 = TSIG.a(str, (Map.Entry) obj);
                return a2;
            }
        }).map(new Function() { // from class: org.xbill.DNS.-$$Lambda$QmL6b3oYiEE5bRYYFZtFvQGrUpk
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return (Name) ((Map.Entry) obj).getKey();
            }
        }).findAny().orElseThrow(new Supplier() { // from class: org.xbill.DNS.-$$Lambda$TSIG$JHw-f69cLaCfYOpdc-BiC3ge0-8
            @Override // java.util.function.Supplier
            public final Object get() {
                IllegalArgumentException b2;
                b2 = TSIG.b(str);
                return b2;
            }
        });
    }

    private static void a(Instant instant, Duration duration, DNSOutput dNSOutput) {
        a(instant, dNSOutput);
        dNSOutput.writeU16((int) duration.getSeconds());
    }

    private static void a(Instant instant, DNSOutput dNSOutput) {
        long epochSecond = instant.getEpochSecond();
        dNSOutput.writeU16((int) (epochSecond >> 32));
        dNSOutput.writeU32(epochSecond & 4294967295L);
    }

    private static void a(Mac mac, TSIGRecord tSIGRecord) {
        byte[] u16 = DNSOutput.toU16(tSIGRecord.getSignature().length);
        if (a.isTraceEnabled()) {
            a.trace(hexdump.dump("TSIG-HMAC signature size", u16));
            a.trace(hexdump.dump("TSIG-HMAC signature", tSIGRecord.getSignature()));
        }
        mac.update(u16);
        mac.update(tSIGRecord.getSignature());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean a(String str, Map.Entry entry) {
        return ((String) entry.getValue()).equalsIgnoreCase(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean a(String str, Name name) {
        return name.toString().equalsIgnoreCase(str) || name.toString(true).equalsIgnoreCase(str);
    }

    private static boolean a(byte[] bArr, byte[] bArr2) {
        if (bArr2.length < bArr.length) {
            byte[] bArr3 = new byte[bArr2.length];
            System.arraycopy(bArr, 0, bArr3, 0, bArr3.length);
            bArr = bArr3;
        }
        return Arrays.equals(bArr2, bArr);
    }

    public static Name algorithmToName(final String str) {
        if (str != null) {
            return (str.equalsIgnoreCase("HMAC-MD5") || str.equalsIgnoreCase("HMAC-MD5.")) ? HMAC_MD5 : b.keySet().stream().filter(new Predicate() { // from class: org.xbill.DNS.-$$Lambda$TSIG$Hq_neS5GNPAt3jo3HWIgq-geQ4Q
                @Override // java.util.function.Predicate
                public final boolean test(Object obj) {
                    boolean a2;
                    a2 = TSIG.a(str, (Name) obj);
                    return a2;
                }
            }).findAny().orElseGet(new Supplier() { // from class: org.xbill.DNS.-$$Lambda$TSIG$7ovuI5AbHdXWRs4T4SjtnkqRDiw
                @Override // java.util.function.Supplier
                public final Object get() {
                    Name a2;
                    a2 = TSIG.a(str);
                    return a2;
                }
            });
        }
        throw new IllegalArgumentException("Null algorithm");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ IllegalArgumentException b(String str) {
        return new IllegalArgumentException("Unknown algorithm: " + str);
    }

    @Deprecated
    public static TSIG fromString(String str) {
        String[] split = str.split("[:/]", 3);
        int length = split.length;
        if (length == 2) {
            return new TSIG(HMAC_MD5, split[0], split[1]);
        }
        if (length == 3) {
            return new TSIG(split[0], split[1], split[2]);
        }
        throw new IllegalArgumentException("Invalid TSIG key specification");
    }

    @Deprecated
    public static String nameToAlgorithm(Name name) {
        String str = b.get(name);
        if (str != null) {
            return str;
        }
        throw new IllegalArgumentException("Unknown algorithm: " + name);
    }

    public void apply(Message message, int i, TSIGRecord tSIGRecord) {
        apply(message, i, tSIGRecord, true);
    }

    public void apply(Message message, int i, TSIGRecord tSIGRecord, boolean z) {
        message.addRecord(generate(message, message.toWire(), i, tSIGRecord, z), 3);
        message.tsigState = 3;
    }

    public void apply(Message message, TSIGRecord tSIGRecord) {
        apply(message, 0, tSIGRecord, true);
    }

    public void apply(Message message, TSIGRecord tSIGRecord, boolean z) {
        apply(message, 0, tSIGRecord, z);
    }

    @Deprecated
    public void applyStream(Message message, TSIGRecord tSIGRecord, boolean z) {
        apply(message, 0, tSIGRecord, z);
    }

    public TSIGRecord generate(Message message, byte[] bArr, int i, TSIGRecord tSIGRecord) {
        return generate(message, bArr, i, tSIGRecord, true);
    }

    public TSIGRecord generate(Message message, byte[] bArr, int i, TSIGRecord tSIGRecord, boolean z) {
        boolean z2;
        Mac a2;
        byte[] bArr2;
        byte[] bArr3;
        Instant timeSigned = i == 18 ? tSIGRecord.getTimeSigned() : this.d.instant();
        if (i == 0 || i == 18 || i == 22) {
            z2 = true;
            a2 = a();
        } else {
            a2 = null;
            z2 = false;
        }
        int intValue = Options.intValue("tsigfudge");
        Duration ofSeconds = (intValue < 0 || intValue > 32767) ? FUDGE : Duration.ofSeconds(intValue);
        if (tSIGRecord != null && z2) {
            a(a2, tSIGRecord);
        }
        if (z2) {
            if (a.isTraceEnabled()) {
                a.trace(hexdump.dump("TSIG-HMAC rendered message", bArr));
            }
            a2.update(bArr);
        }
        DNSOutput dNSOutput = new DNSOutput();
        if (z) {
            this.e.toWireCanonical(dNSOutput);
            dNSOutput.writeU16(255);
            dNSOutput.writeU32(0L);
            this.c.toWireCanonical(dNSOutput);
        }
        a(timeSigned, ofSeconds, dNSOutput);
        if (z) {
            dNSOutput.writeU16(i);
            dNSOutput.writeU16(0);
        }
        if (z2) {
            byte[] byteArray = dNSOutput.toByteArray();
            if (a.isTraceEnabled()) {
                a.trace(hexdump.dump("TSIG-HMAC variables", byteArray));
            }
            bArr2 = a2.doFinal(byteArray);
        } else {
            bArr2 = new byte[0];
        }
        byte[] bArr4 = bArr2;
        if (i == 18) {
            DNSOutput dNSOutput2 = new DNSOutput(6);
            a(this.d.instant(), dNSOutput2);
            bArr3 = dNSOutput2.toByteArray();
        } else {
            bArr3 = null;
        }
        return new TSIGRecord(this.e, 255, 0L, this.c, timeSigned, ofSeconds, bArr4, message.getHeader().getID(), i, bArr3);
    }

    public int recordLength() {
        return this.e.length() + 10 + this.c.length() + 8 + 18 + 4 + 8;
    }

    @Deprecated
    public byte verify(Message message, byte[] bArr, int i, TSIGRecord tSIGRecord) {
        return (byte) verify(message, bArr, tSIGRecord);
    }

    public int verify(Message message, byte[] bArr, TSIGRecord tSIGRecord) {
        return verify(message, bArr, tSIGRecord, true);
    }

    public int verify(Message message, byte[] bArr, TSIGRecord tSIGRecord, boolean z) {
        message.tsigState = 4;
        TSIGRecord tsig = message.getTSIG();
        if (tsig == null) {
            return 1;
        }
        if (!tsig.getName().equals(this.e) || !tsig.getAlgorithm().equals(this.c)) {
            a.debug("BADKEY failure on message id {}, expected: {}/{}, actual: {}/{}", Integer.valueOf(message.getHeader().getID()), this.e, this.c, tsig.getName(), tsig.getAlgorithm());
            return 17;
        }
        Mac a2 = a();
        if (tSIGRecord != null && tsig.getError() != 17 && tsig.getError() != 16) {
            a(a2, tSIGRecord);
        }
        message.getHeader().decCount(3);
        byte[] wire = message.getHeader().toWire();
        message.getHeader().incCount(3);
        if (a.isTraceEnabled()) {
            a.trace(hexdump.dump("TSIG-HMAC header", wire));
        }
        a2.update(wire);
        int length = message.tsigstart - wire.length;
        if (a.isTraceEnabled()) {
            a.trace(hexdump.dump("TSIG-HMAC message after header", bArr, wire.length, length));
        }
        a2.update(bArr, wire.length, length);
        DNSOutput dNSOutput = new DNSOutput();
        if (z) {
            tsig.getName().toWireCanonical(dNSOutput);
            dNSOutput.writeU16(tsig.dclass);
            dNSOutput.writeU32(tsig.ttl);
            tsig.getAlgorithm().toWireCanonical(dNSOutput);
        }
        a(tsig.getTimeSigned(), tsig.getFudge(), dNSOutput);
        if (z) {
            dNSOutput.writeU16(tsig.getError());
            if (tsig.getOther() != null) {
                dNSOutput.writeU16(tsig.getOther().length);
                dNSOutput.writeByteArray(tsig.getOther());
            } else {
                dNSOutput.writeU16(0);
            }
        }
        byte[] byteArray = dNSOutput.toByteArray();
        if (a.isTraceEnabled()) {
            a.trace(hexdump.dump("TSIG-HMAC variables", byteArray));
        }
        a2.update(byteArray);
        byte[] signature = tsig.getSignature();
        int macLength = a2.getMacLength();
        int max = Math.max(10, macLength / 2);
        if (signature.length > macLength) {
            a.debug("BADSIG: signature too long, expected: {}, actual: {}", Integer.valueOf(macLength), Integer.valueOf(signature.length));
            return 16;
        }
        if (signature.length < max) {
            a.debug("BADSIG: signature too short, expected: {} of {}, actual: {}", Integer.valueOf(max), Integer.valueOf(macLength), Integer.valueOf(signature.length));
            return 16;
        }
        byte[] doFinal = a2.doFinal();
        if (!a(doFinal, signature)) {
            if (a.isDebugEnabled()) {
                a.debug("BADSIG: signature verification failed, expected: {}, actual: {}", base64.toString(doFinal), base64.toString(signature));
            }
            return 16;
        }
        Instant instant = this.d.instant();
        if (Duration.between(instant, tsig.getTimeSigned()).abs().compareTo(tsig.getFudge()) > 0) {
            a.debug("BADTIME failure, now {} +/- tsig {} > fudge {}", instant, tsig.getTimeSigned(), tsig.getFudge());
            return 18;
        }
        message.tsigState = 1;
        return 0;
    }
}
