package com.lookout.security.crypto;

import com.lookout.security.crypto.f;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.Collection;
import java.util.Date;
import java.util.LinkedList;
import javax.crypto.SecretKey;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.jce.interfaces.GOST3410PrivateKey;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Store;

/* loaded from: classes4.dex */
public final class a extends f {
    private static final l0.h.b a;

    static {
        Security.addProvider(CryptoProvider.getDefaultSecurityProvider());
        int i = l0.h.c.a;
        a = l0.h.c.e(f.class.getName());
    }

    public static int a(InputStream inputStream, OutputStream outputStream, f.a aVar) {
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(inputStream);
            if (!a(cMSSignedData, aVar.f3354c)) {
                throw new SignatureException("Could not verify data authenticity.");
            }
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream((byte[]) cMSSignedData.getSignedContent().getContent());
            SecretKey secretKey = aVar.d;
            AESEngine aESEngine = new AESEngine();
            byte[] bArr = new byte[aESEngine.getBlockSize()];
            byteArrayInputStream.read(bArr);
            return f.a(byteArrayInputStream, outputStream, aESEngine, secretKey, false, bArr);
        } catch (CertificateException | CMSException | OperatorCreationException e) {
            throw new SignatureException(e);
        }
    }

    private static boolean a(CMSSignedData cMSSignedData, X509Certificate x509Certificate) {
        SimpleCertificateValidator simpleCertificateValidator = new SimpleCertificateValidator();
        if (x509Certificate == null) {
            throw new SignatureException("CA cert is null.");
        }
        simpleCertificateValidator.addTrustedCertificate(x509Certificate);
        Store<X509CertificateHolder> certificates = cMSSignedData.getCertificates();
        for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
            try {
                Collection<X509CertificateHolder> matches = certificates.getMatches(signerInformation.getSID());
                if (matches.isEmpty()) {
                    throw new SignatureException("There are no signers.");
                }
                X509CertificateHolder next = matches.iterator().next();
                SignerInformationVerifier build = new JcaSimpleSignerInfoVerifierBuilder().build(next);
                signerInformation.verify(build);
                simpleCertificateValidator.validate(next);
                if (signerInformation.verify(build) && simpleCertificateValidator.validate(next)) {
                    return true;
                }
            } catch (CertificateNotYetValidException | CMSException e) {
                a.error("Error verifying signature: ".concat(String.valueOf(e)));
                throw new SignatureException(e);
            }
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r4v1, types: [org.bouncycastle.cms.CMSAttributeTableGenerator, com.lookout.security.crypto.e] */
    @Override // com.lookout.security.crypto.f
    public final byte[] a(f.a aVar, byte[] bArr) {
        String str;
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        LinkedList linkedList = new LinkedList();
        Date date = new Date();
        X509Certificate x509Certificate = aVar.b;
        X509Certificate x509Certificate2 = aVar.f3354c;
        PrivateKey privateKey = aVar.a;
        if (x509Certificate == null || x509Certificate.getNotAfter().compareTo(date) < 0) {
            a.error("Signing cert is either null or has expired");
            throw new SignatureException("Signing cert is either null or has expired");
        }
        linkedList.add(x509Certificate);
        if (x509Certificate2 != null) {
            linkedList.add(x509Certificate2);
        }
        try {
            JcaSimpleSignerInfoGeneratorBuilder signedAttributeGenerator = new JcaSimpleSignerInfoGeneratorBuilder().setSignedAttributeGenerator((CMSAttributeTableGenerator) new e());
            try {
                if (!(privateKey instanceof RSAPrivateKey) && !"RSA".equalsIgnoreCase(privateKey.getAlgorithm())) {
                    if (!"ECDSA".equalsIgnoreCase(privateKey.getAlgorithm()) && !"EC".equalsIgnoreCase(privateKey.getAlgorithm())) {
                        if (!(privateKey instanceof GOST3410PrivateKey) && !"GOST3410".equalsIgnoreCase(privateKey.getAlgorithm())) {
                            if (!"ECGOST3410".equalsIgnoreCase(privateKey.getAlgorithm())) {
                                throw new IllegalArgumentException(String.format("No supported signature algorithm found for SHA-512 digest with %s key", privateKey.getAlgorithm()));
                            }
                            str = "GOST3411-2012-512WITHECGOST3410-2012-512";
                            cMSSignedDataGenerator.addSignerInfoGenerator(signedAttributeGenerator.build(str, privateKey, x509Certificate));
                            cMSSignedDataGenerator.addCertificates(new JcaCertStore(linkedList));
                            return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).getEncoded();
                        }
                        str = "GOST3411-2012-512WITHGOST3410-2012-512";
                        cMSSignedDataGenerator.addSignerInfoGenerator(signedAttributeGenerator.build(str, privateKey, x509Certificate));
                        cMSSignedDataGenerator.addCertificates(new JcaCertStore(linkedList));
                        return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).getEncoded();
                    }
                    str = "SHA512WITHECDSA";
                    cMSSignedDataGenerator.addSignerInfoGenerator(signedAttributeGenerator.build(str, privateKey, x509Certificate));
                    cMSSignedDataGenerator.addCertificates(new JcaCertStore(linkedList));
                    return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).getEncoded();
                }
                cMSSignedDataGenerator.addCertificates(new JcaCertStore(linkedList));
                return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).getEncoded();
            } catch (IOException | CertificateEncodingException | CMSException e) {
                throw new SignatureException(e);
            }
            str = "SHA512WITHRSA";
            cMSSignedDataGenerator.addSignerInfoGenerator(signedAttributeGenerator.build(str, privateKey, x509Certificate));
        } catch (CertificateEncodingException | OperatorCreationException e2) {
            throw new SignatureException(e2);
        }
    }
}
