package org.xbill.DNS;

import java.io.IOException;
import java.util.Date;
import org.xbill.DNS.utils.DataByteOutputStream;
import org.xbill.DNS.utils.base16;
import org.xbill.DNS.utils.base64;
import org.xbill.DNS.utils.hmacSigner;

/* loaded from: input_file:dnsjava-1.5.0.jar:org/xbill/DNS/TSIG.class */
public class TSIG {
    public static final Name HMAC = Name.fromConstantString("HMAC-MD5.SIG-ALG.REG.INT.");
    public static final short FUDGE = 300;
    private Name name;
    private Name alg;
    private byte[] key;

    /* loaded from: input_file:dnsjava-1.5.0.jar:org/xbill/DNS/TSIG$StreamVerifier.class */
    public static class StreamVerifier {
        private TSIG key;
        private hmacSigner verifier;
        private int nresponses = 0;
        private int lastsigned;
        private TSIGRecord lastTSIG;

        public StreamVerifier(TSIG tsig, TSIGRecord tSIGRecord) {
            this.key = tsig;
            this.verifier = new hmacSigner(this.key.key);
            this.lastTSIG = tSIGRecord;
        }

        public byte verify(Message message, byte[] bArr) {
            TSIGRecord tsig = message.getTSIG();
            this.nresponses++;
            if (this.nresponses == 1) {
                byte verify = this.key.verify(message, bArr, this.lastTSIG);
                if (verify == 0) {
                    byte[] signature = tsig.getSignature();
                    DataByteOutputStream dataByteOutputStream = new DataByteOutputStream();
                    dataByteOutputStream.writeUnsignedShort(signature.length);
                    this.verifier.addData(dataByteOutputStream.toByteArray());
                    this.verifier.addData(signature);
                }
                this.lastTSIG = tsig;
                return verify;
            }
            if (tsig != null) {
                message.getHeader().decCount(3);
            }
            byte[] wire = message.getHeader().toWire();
            if (tsig != null) {
                message.getHeader().incCount(3);
            }
            this.verifier.addData(wire);
            this.verifier.addData(bArr, wire.length, tsig == null ? bArr.length - wire.length : message.tsigstart - wire.length);
            if (tsig == null) {
                return this.nresponses - this.lastsigned >= 100 ? (byte) 1 : (byte) 0;
            }
            this.lastsigned = this.nresponses;
            this.lastTSIG = tsig;
            if (!tsig.getName().equals(this.key.name) || !tsig.getAlgorithm().equals(this.key.alg)) {
                if (!Options.check("verbose")) {
                    return (byte) 17;
                }
                System.err.println("BADKEY failure");
                return (byte) 17;
            }
            DataByteOutputStream dataByteOutputStream2 = new DataByteOutputStream();
            long time = tsig.getTimeSigned().getTime() / 1000;
            dataByteOutputStream2.writeUnsignedShort((int) (time >> 32));
            dataByteOutputStream2.writeUnsignedInt(time & 4294967295L);
            dataByteOutputStream2.writeShort(tsig.getFudge());
            this.verifier.addData(dataByteOutputStream2.toByteArray());
            if (!this.verifier.verify(tsig.getSignature())) {
                if (!Options.check("verbose")) {
                    return (byte) 16;
                }
                System.err.println("BADSIG failure");
                return (byte) 16;
            }
            this.verifier.clear();
            DataByteOutputStream dataByteOutputStream3 = new DataByteOutputStream();
            dataByteOutputStream3.writeUnsignedShort(tsig.getSignature().length);
            this.verifier.addData(dataByteOutputStream3.toByteArray());
            this.verifier.addData(tsig.getSignature());
            return (byte) 0;
        }
    }

    public TSIG(Name name, byte[] bArr) {
        this.name = name;
        this.alg = HMAC;
        this.key = bArr;
    }

    public TSIG(String str, String str2) {
        byte[] fromString = (str2.length() <= 1 || str2.charAt(0) != ':') ? base64.fromString(str2) : base16.fromString(str2.substring(1));
        if (fromString == null) {
            throw new IllegalArgumentException("Invalid TSIG key string");
        }
        try {
            this.name = Name.fromString(str, Name.root);
            this.alg = HMAC;
            this.key = fromString;
        } catch (TextParseException e) {
            throw new IllegalArgumentException("Invalid TSIG key name");
        }
    }

    public TSIGRecord generate(Message message, byte[] bArr, byte b, TSIGRecord tSIGRecord) {
        Date date = b != 18 ? new Date() : tSIGRecord.getTimeSigned();
        hmacSigner hmacsigner = null;
        if (b == 0 || b == 18) {
            hmacsigner = new hmacSigner(this.key);
        }
        int intValue = Options.intValue("tsigfudge");
        if (intValue < 0 || intValue > 32767) {
            intValue = 300;
        }
        if (tSIGRecord != null) {
            DataByteOutputStream dataByteOutputStream = new DataByteOutputStream();
            dataByteOutputStream.writeUnsignedShort(tSIGRecord.getSignature().length);
            if (hmacsigner != null) {
                hmacsigner.addData(dataByteOutputStream.toByteArray());
                hmacsigner.addData(tSIGRecord.getSignature());
            }
        }
        if (hmacsigner != null) {
            hmacsigner.addData(bArr);
        }
        DataByteOutputStream dataByteOutputStream2 = new DataByteOutputStream();
        this.name.toWireCanonical(dataByteOutputStream2);
        dataByteOutputStream2.writeShort(255);
        dataByteOutputStream2.writeInt(0);
        this.alg.toWireCanonical(dataByteOutputStream2);
        long time = date.getTime() / 1000;
        dataByteOutputStream2.writeUnsignedShort((int) (time >> 32));
        dataByteOutputStream2.writeUnsignedInt(time & 4294967295L);
        dataByteOutputStream2.writeUnsignedShort(intValue);
        dataByteOutputStream2.writeShort(b);
        dataByteOutputStream2.writeShort(0);
        if (hmacsigner != null) {
            hmacsigner.addData(dataByteOutputStream2.toByteArray());
        }
        byte[] sign = hmacsigner != null ? hmacsigner.sign() : new byte[0];
        byte[] bArr2 = null;
        if (b == 18) {
            DataByteOutputStream dataByteOutputStream3 = new DataByteOutputStream();
            long time2 = new Date().getTime() / 1000;
            dataByteOutputStream3.writeUnsignedShort((int) (time2 >> 32));
            dataByteOutputStream3.writeUnsignedInt(time2 & 4294967295L);
            bArr2 = dataByteOutputStream3.toByteArray();
        }
        return new TSIGRecord(this.name, 255, 0L, this.alg, date, intValue, sign, message.getHeader().getID(), b, bArr2);
    }

    public void apply(Message message, byte b, TSIGRecord tSIGRecord) {
        message.addRecord(generate(message, message.toWire(), b, tSIGRecord), 3);
    }

    public void apply(Message message, TSIGRecord tSIGRecord) {
        apply(message, (byte) 0, tSIGRecord);
    }

    public void applyStream(Message message, TSIGRecord tSIGRecord, boolean z) {
        if (z) {
            apply(message, tSIGRecord);
            return;
        }
        Date date = new Date();
        hmacSigner hmacsigner = new hmacSigner(this.key);
        int intValue = Options.intValue("tsigfudge");
        if (intValue < 0 || intValue > 32767) {
            intValue = 300;
        }
        DataByteOutputStream dataByteOutputStream = new DataByteOutputStream();
        dataByteOutputStream.writeUnsignedShort(tSIGRecord.getSignature().length);
        hmacsigner.addData(dataByteOutputStream.toByteArray());
        hmacsigner.addData(tSIGRecord.getSignature());
        hmacsigner.addData(message.toWire());
        DataByteOutputStream dataByteOutputStream2 = new DataByteOutputStream();
        long time = date.getTime() / 1000;
        dataByteOutputStream2.writeUnsignedShort((int) (time >> 32));
        dataByteOutputStream2.writeUnsignedInt(time & 4294967295L);
        dataByteOutputStream2.writeUnsignedShort(intValue);
        hmacsigner.addData(dataByteOutputStream2.toByteArray());
        message.addRecord(new TSIGRecord(this.name, 255, 0L, this.alg, date, intValue, hmacsigner.sign(), message.getHeader().getID(), 0, null), 3);
    }

    public byte verify(Message message, byte[] bArr, int i, TSIGRecord tSIGRecord) {
        TSIGRecord tsig = message.getTSIG();
        hmacSigner hmacsigner = new hmacSigner(this.key);
        if (tsig == null) {
            return (byte) 1;
        }
        if (!tsig.getName().equals(this.name) || !tsig.getAlgorithm().equals(this.alg)) {
            if (!Options.check("verbose")) {
                return (byte) 17;
            }
            System.err.println("BADKEY failure");
            return (byte) 17;
        }
        if (Math.abs(System.currentTimeMillis() - tsig.getTimeSigned().getTime()) > tsig.getFudge() * 1000) {
            if (!Options.check("verbose")) {
                return (byte) 18;
            }
            System.err.println("BADTIME failure");
            return (byte) 18;
        }
        if (tSIGRecord != null) {
            try {
                if (tsig.getError() != 17 && tsig.getError() != 16) {
                    DataByteOutputStream dataByteOutputStream = new DataByteOutputStream();
                    dataByteOutputStream.writeUnsignedShort(tSIGRecord.getSignature().length);
                    hmacsigner.addData(dataByteOutputStream.toByteArray());
                    hmacsigner.addData(tSIGRecord.getSignature());
                }
            } catch (IOException e) {
                return (byte) 2;
            }
        }
        message.getHeader().decCount(3);
        byte[] wire = message.getHeader().toWire();
        message.getHeader().incCount(3);
        hmacsigner.addData(wire);
        hmacsigner.addData(bArr, wire.length, message.tsigstart - wire.length);
        DataByteOutputStream dataByteOutputStream2 = new DataByteOutputStream();
        tsig.getName().toWireCanonical(dataByteOutputStream2);
        dataByteOutputStream2.writeShort(tsig.dclass);
        dataByteOutputStream2.writeUnsignedInt(tsig.ttl);
        tsig.getAlgorithm().toWireCanonical(dataByteOutputStream2);
        long time = tsig.getTimeSigned().getTime() / 1000;
        dataByteOutputStream2.writeUnsignedShort((int) (time >> 32));
        dataByteOutputStream2.writeUnsignedInt(time & 4294967295L);
        dataByteOutputStream2.writeShort(tsig.getFudge());
        dataByteOutputStream2.writeShort(tsig.getError());
        if (tsig.getOther() != null) {
            dataByteOutputStream2.writeShort(tsig.getOther().length);
            dataByteOutputStream2.write(tsig.getOther());
        } else {
            dataByteOutputStream2.writeShort(0);
        }
        hmacsigner.addData(dataByteOutputStream2.toByteArray());
        if (hmacsigner.verify(tsig.getSignature())) {
            return (byte) 0;
        }
        if (!Options.check("verbose")) {
            return (byte) 16;
        }
        System.err.println("BADSIG failure");
        return (byte) 16;
    }

    public byte verify(Message message, byte[] bArr, TSIGRecord tSIGRecord) {
        return verify(message, bArr, bArr.length, tSIGRecord);
    }

    public int recordLength() {
        return this.name.length() + 10 + HMAC.length() + 8 + 18 + 4 + 8;
    }

    static {
        if (Options.check("verbosehmac")) {
            hmacSigner.verbose = true;
        }
    }
}
