package androdns.android.leetdreams.ch.androdns;

import android.util.Log;
import java.util.Hashtable;
import java.util.Iterator;
import org.xbill.DNS.DNSKEYRecord;
import org.xbill.DNS.DNSSEC;
import org.xbill.DNS.Name;
import org.xbill.DNS.RRSIGRecord;
import org.xbill.DNS.RRset;
import org.xbill.DNS.Type;

/* loaded from: classes.dex */
public class DNSSECVerifier {
    private static final String TAG = "DNSSECVerifier";
    private Hashtable<String, DNSKEYRecord> knownDNSKeys = new Hashtable<>();

    private String hskey(String str, int i) {
        return str.toLowerCase() + "-" + i;
    }

    private String hskey(DNSKEYRecord dNSKEYRecord) {
        return hskey(dNSKEYRecord.getName().toString(), dNSKEYRecord.getFootprint());
    }

    public void addDNSKEY(DNSKEYRecord dNSKEYRecord) {
        this.knownDNSKeys.put(hskey(dNSKEYRecord), dNSKEYRecord);
        Log.d(TAG, "learned DNSKEY  " + hskey(dNSKEYRecord));
    }

    public DNSKEYRecord getDNSKEY(Name name, int i) {
        String hskey = hskey(name.toString(), i);
        if (this.knownDNSKeys.containsKey(hskey)) {
            return this.knownDNSKeys.get(hskey);
        }
        return null;
    }

    public void learnDNSSECKeysFromRRSETs(RRset[] rRsetArr) {
        for (RRset rRset : rRsetArr) {
            if (rRset.getType() == 48) {
                Iterator rrs = rRset.rrs();
                while (rrs.hasNext()) {
                    addDNSKEY((DNSKEYRecord) rrs.next());
                }
            }
        }
    }

    public String verificationStatusString(RRset[] rRsetArr) {
        StringBuffer stringBuffer = new StringBuffer();
        for (RRset rRset : rRsetArr) {
            Iterator sigs = rRset.sigs();
            while (sigs.hasNext()) {
                RRSIGRecord rRSIGRecord = (RRSIGRecord) sigs.next();
                stringBuffer.append(rRSIGRecord.getFootprint());
                stringBuffer.append("/");
                stringBuffer.append(rRSIGRecord.getSigner().toString());
                stringBuffer.append(":");
                stringBuffer.append(Type.string(rRset.getType()));
                stringBuffer.append("=");
                try {
                    verifySignature(rRset, rRSIGRecord);
                    stringBuffer.append("verified");
                } catch (DNSKEYUnavailableException unused) {
                    stringBuffer.append("have to learn DNSKEY");
                } catch (DNSSEC.DNSSECException e) {
                    if (e instanceof DNSSEC.SignatureExpiredException) {
                        stringBuffer.append("expired");
                    } else if (e instanceof DNSSEC.SignatureNotYetValidException) {
                        stringBuffer.append("not yet valid");
                    } else if (e instanceof DNSSEC.UnsupportedAlgorithmException) {
                        stringBuffer.append("unsupported alg");
                    } else {
                        stringBuffer.append(e.getMessage());
                    }
                }
                stringBuffer.append("\n");
            }
        }
        String stringBuffer2 = stringBuffer.toString();
        Log.d(TAG, "Validation status: " + stringBuffer2);
        return stringBuffer2;
    }

    public void verifySignature(RRset rRset, RRSIGRecord rRSIGRecord) throws DNSSEC.DNSSECException, DNSKEYUnavailableException {
        Name signer = rRSIGRecord.getSigner();
        int footprint = rRSIGRecord.getFootprint();
        DNSKEYRecord dnskey = getDNSKEY(signer, footprint);
        if (dnskey != null) {
            DNSSEC.verify(rRset, rRSIGRecord, dnskey);
            return;
        }
        Log.d(TAG, "missing DNSKEY " + hskey(signer.toString(), footprint));
        throw new DNSKEYUnavailableException("DNSKEY " + signer + "/" + footprint + " not available");
    }
}
