package B;

import a.C0015ao;
import a.C0020at;
import a.C0024ax;
import a.C0025ay;
import a.C0032g;
import a.C0036k;
import a.C0049x;
import a.aB;
import a.bc;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:B/DNSSECVerifier.class */
public class DNSSECVerifier {
    private Map trustedKeys = new HashMap();

    public synchronized void addTrustedKey(C0049x c0049x) {
        C0015ao o = c0049x.o();
        List list = (List) this.trustedKeys.get(o);
        List list2 = list;
        if (list == null) {
            Map map = this.trustedKeys;
            LinkedList linkedList = new LinkedList();
            list2 = linkedList;
            map.put(o, linkedList);
        }
        list2.add(c0049x);
    }

    public void addTrustedKey(C0015ao c0015ao, int i, PublicKey publicKey) {
        aB buildRecord = KEYConverter.buildRecord(c0015ao, 48, 1, 0L, 0, 3, i, publicKey);
        if (buildRecord != null) {
            addTrustedKey((C0049x) buildRecord);
        }
    }

    private PublicKey findMatchingKey(Iterator it, int i, int i2) {
        while (it.hasNext()) {
            C0049x c0049x = (C0049x) it.next();
            if (c0049x.e() == i && c0049x.d() == i2) {
                return KEYConverter.parseRecord(c0049x);
            }
        }
        return null;
    }

    private synchronized PublicKey findTrustedKey(C0015ao c0015ao, int i, int i2) {
        List list = (List) this.trustedKeys.get(c0015ao);
        if (list == null) {
            return null;
        }
        return findMatchingKey(list.iterator(), i, i2);
    }

    private PublicKey findCachedKey(C0036k c0036k, C0015ao c0015ao, int i, int i2) {
        C0025ay[] a2 = c0036k.a(c0015ao, 48);
        if (a2 == null) {
            return null;
        }
        return findMatchingKey(a2[0].c(), i, i2);
    }

    private PublicKey findKey(C0036k c0036k, C0015ao c0015ao, int i, int i2) {
        PublicKey findTrustedKey = findTrustedKey(c0015ao, i, i2);
        return (findTrustedKey != null || c0036k == null) ? findTrustedKey : findCachedKey(c0036k, c0015ao, i, i2);
    }

    private int verifySIG(C0025ay c0025ay, C0024ax c0024ax, C0036k c0036k) {
        byte[] i;
        String str;
        PublicKey findKey = findKey(c0036k, c0024ax.d(), c0024ax.l(), c0024ax.e());
        if (findKey == null) {
            return 0;
        }
        Date date = new Date();
        if (date.compareTo(c0024ax.h()) > 0 || date.compareTo(c0024ax.k()) < 0) {
            System.err.println("Outside of validity period");
            return -1;
        }
        byte[] a2 = C0032g.a(c0024ax, c0025ay);
        switch (c0024ax.l()) {
            case 1:
                i = c0024ax.i();
                str = "MD5withRSA";
                break;
            case 2:
            case 4:
            default:
                return -1;
            case 3:
            case 6:
                i = DSASignature.fromDNS(c0024ax.i());
                str = "SHA1withDSA";
                break;
            case 5:
            case 7:
                i = c0024ax.i();
                str = "SHA1withRSA";
                break;
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(findKey);
            signature.update(a2);
            return signature.verify(i) ? 1 : -1;
        } catch (GeneralSecurityException e) {
            if (!C0020at.a("verboseexceptions")) {
                return -1;
            }
            System.err.println("Signing data: " + e);
            return -1;
        }
    }

    public int verify(C0025ay c0025ay, C0036k c0036k) {
        Iterator d = c0025ay.d();
        if (C0020at.a("verbosesec")) {
            System.out.print("Verifying " + c0025ay.g().o() + "/" + bc.b(c0025ay.b()) + ": ");
        }
        if (!d.hasNext()) {
            if (!C0020at.a("verbosesec")) {
                return 0;
            }
            System.out.println("Insecure");
            return 0;
        }
        while (d.hasNext()) {
            if (verifySIG(c0025ay, (C0024ax) d.next(), c0036k) == 1) {
                if (!C0020at.a("verbosesec")) {
                    return 1;
                }
                System.out.println("Secure");
                return 1;
            }
        }
        if (!C0020at.a("verbosesec")) {
            return -1;
        }
        System.out.println("Failed");
        return -1;
    }
}
