package com.lookout.security.crypto;

import com.lookout.security.crypto.Notary;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import javax.crypto.SecretKey;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.interfaces.GOST3410PrivateKey;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Store;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes7.dex */
public final class a extends Notary {
    private static final Logger a;

    static {
        Security.addProvider(CryptoProvider.getDefaultSecurityProvider());
        a = LoggerFactory.getLogger((Class<?>) Notary.class);
    }

    public static int a(InputStream inputStream, OutputStream outputStream, SecretKey secretKey, Notary.Keychain keychain) {
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(inputStream);
            if (a(cMSSignedData, keychain)) {
                return b(new ByteArrayInputStream((byte[]) cMSSignedData.getSignedContent().getContent()), outputStream, secretKey);
            }
            throw new SignatureException("Could not verify data authenticity.");
        } catch (CertificateException | CMSException | OperatorCreationException e) {
            throw new SignatureException(e);
        }
    }

    private static boolean a(CMSSignedData cMSSignedData, Notary.Keychain keychain) {
        SimpleCertificateValidator simpleCertificateValidator = new SimpleCertificateValidator();
        if (keychain.c == null) {
            throw new SignatureException("CA cert is null.");
        }
        simpleCertificateValidator.addTrustedCertificate(keychain.c);
        Store<X509CertificateHolder> certificates = cMSSignedData.getCertificates();
        for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
            try {
                Collection<X509CertificateHolder> matches = certificates.getMatches(signerInformation.getSID());
                if (matches.isEmpty()) {
                    throw new SignatureException("There are no signers.");
                }
                X509CertificateHolder next = matches.iterator().next();
                if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(next)) && simpleCertificateValidator.validate(next)) {
                    return true;
                }
            } catch (CertificateNotYetValidException | CMSException e) {
                throw new SignatureException(e);
            }
        }
        return false;
    }

    @Override // com.lookout.security.crypto.Notary
    public final byte[] a(List<Notary.Keychain> list, byte[] bArr) {
        String str;
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        Date date = new Date();
        ArrayList arrayList = new ArrayList();
        for (Notary.Keychain keychain : list) {
            X509Certificate x509Certificate = keychain.b;
            X509Certificate x509Certificate2 = keychain.c;
            PrivateKey privateKey = keychain.a;
            if (x509Certificate == null) {
                throw new SignatureException("Signing certificate is not present");
            }
            if (x509Certificate.getNotAfter().compareTo(date) < 0) {
                throw new SignatureException(String.format("Singing cert invalid after %s", x509Certificate.getNotAfter()));
            }
            arrayList.add(x509Certificate);
            arrayList.add(x509Certificate2);
            try {
                JcaSimpleSignerInfoGeneratorBuilder signedAttributeGenerator = new JcaSimpleSignerInfoGeneratorBuilder().setSignedAttributeGenerator(new e());
                if (!(privateKey instanceof RSAPrivateKey) && !"RSA".equalsIgnoreCase(privateKey.getAlgorithm())) {
                    if (!"ECDSA".equalsIgnoreCase(privateKey.getAlgorithm()) && !"EC".equalsIgnoreCase(privateKey.getAlgorithm())) {
                        if (!(privateKey instanceof GOST3410PrivateKey) && !"GOST3410".equalsIgnoreCase(privateKey.getAlgorithm())) {
                            if (!"ECGOST3410".equalsIgnoreCase(privateKey.getAlgorithm())) {
                                throw new IllegalArgumentException(String.format("No supported signature algorithm found for SHA-512 digest with %s key", privateKey.getAlgorithm()));
                            }
                            str = "GOST3411-2012-512WITHECGOST3410-2012-512";
                            cMSSignedDataGenerator.addSignerInfoGenerator(signedAttributeGenerator.build(str, privateKey, x509Certificate));
                        }
                        str = "GOST3411-2012-512WITHGOST3410-2012-512";
                        cMSSignedDataGenerator.addSignerInfoGenerator(signedAttributeGenerator.build(str, privateKey, x509Certificate));
                    }
                    str = "SHA512WITHECDSA";
                    cMSSignedDataGenerator.addSignerInfoGenerator(signedAttributeGenerator.build(str, privateKey, x509Certificate));
                }
                str = "SHA512WITHRSA";
                cMSSignedDataGenerator.addSignerInfoGenerator(signedAttributeGenerator.build(str, privateKey, x509Certificate));
            } catch (CertificateEncodingException | OperatorCreationException e) {
                throw new SignatureException(e);
            }
        }
        try {
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(arrayList));
            return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).getEncoded();
        } catch (IOException | CertificateEncodingException | CMSException e2) {
            throw new SignatureException(e2);
        }
    }
}
