package com.lookout.utils;

import com.lookout.security.crypto.CryptoProvider;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.util.Store;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes7.dex */
public class w {
    private static Logger a = LoggerFactory.getLogger((Class<?>) w.class);

    static {
        Security.addProvider(CryptoProvider.getDefaultSecurityProvider());
    }

    private static X509Certificate a(Collection<? extends X509Certificate> collection, X509Certificate x509Certificate) {
        x xVar = new x();
        xVar.a(x509Certificate.getIssuerX500Principal());
        for (X509Certificate x509Certificate2 : collection) {
            if (xVar.match(x509Certificate2)) {
                return x509Certificate2;
            }
        }
        return null;
    }

    public static X509Certificate a(CMSSignedData cMSSignedData) {
        try {
            Store<X509CertificateHolder> certificates = cMSSignedData.getCertificates();
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                Iterator<X509CertificateHolder> it = certificates.getMatches(signerInformation.getSID()).iterator();
                while (it.hasNext()) {
                    X509CertificateHolder next = it.next();
                    if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(next))) {
                        it.remove();
                        return new JcaX509CertificateConverter().getCertificate(next);
                    }
                    String.format("Cannot verify signature %s", signerInformation.getSID());
                }
            }
            return null;
        } catch (Throwable th) {
            a.warn(String.format("Error locating valid, verifying certificate: %s", th.getMessage()), th);
            return null;
        }
    }

    public static List<X509Certificate> a(CMSSignedData cMSSignedData, X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        try {
            List<X509Certificate> b = b(cMSSignedData);
            arrayList.add(x509Certificate);
            if (a(x509Certificate)) {
                return arrayList;
            }
            do {
                X509Certificate a2 = a(b, x509Certificate);
                if (a2 == null) {
                    x509Certificate = null;
                } else {
                    x509Certificate.verify(a2.getPublicKey());
                    x509Certificate = a2;
                }
                if (x509Certificate == null) {
                    break;
                }
                arrayList.add(x509Certificate);
            } while (!a(x509Certificate));
            return arrayList;
        } catch (Throwable th) {
            throw new CertificateException("Signature has an invalid path", th);
        }
    }

    private static boolean a(X509Certificate x509Certificate) {
        try {
            if (!x509Certificate.getSubjectX500Principal().equals(x509Certificate.getIssuerX500Principal())) {
                return false;
            }
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    private static List<X509Certificate> b(CMSSignedData cMSSignedData) {
        ArrayList arrayList = new ArrayList();
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        Iterator<X509CertificateHolder> it = cMSSignedData.getCertificates().getMatches(null).iterator();
        while (it.hasNext()) {
            arrayList.add(jcaX509CertificateConverter.getCertificate(it.next()));
        }
        return arrayList;
    }
}
