package com.lookout.security.crypto;

import com.lookout.security.crypto.f;
import com.lookout.utils.Hex;
import com.lookout.utils.IOUtils;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import javax.crypto.SecretKey;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Store;

/* loaded from: classes4.dex */
public class CryptoProvider {
    public static final String ALIAS_KEY_WRAP = "sw";
    public static final String ALIAS_POLICY_ANCHOR = "sa";
    public static final String ALIAS_POLICY_CIPHER = "sp";
    public static final String ALIAS_POLICY_SIGNER = "ss";
    public static final String ALIAS_THREATSTORE_CIPHER = "st";
    public static final String KEYSTORE_TYPE = "BKS";
    private static final int[] d = {1829541479, -2120558870, -67981373, -1767747046, 543723860, -1665276008, 1167994444, 749740628, 80552007, 482332717, -366561953, -697941640, -1169021300, 1590609025, 1602855277, 910207396, -1368104336, 264288378, 22486822, -397719957, -1776440152, -834421902, 2035062375, 1834669802, -63787069, -1755164134, 711496020, -1380063336, 1184771660, 783295060, -263380921, 658493485, -337201825, -706330248, -1122883956, 1615774849, 1946788205, 910207396, -1389075856, 478197882, 362225446, -238336405, -1768051544, -813450382, 1808569959, -2128947478, -55398461, -1583197670, 564695380, -1346508904, 832450124, 783295060, -263380921, 687853613, -165235361, -685358728, -1135466868, 1410253953, 1925816685, 926984612, -1040948624, 486586490, 30875430, -448051605};
    private volatile int[] a;
    private volatile KeyStore b;

    /* renamed from: c, reason: collision with root package name */
    private volatile SecretKey f3353c;

    public CryptoProvider() {
        Security.addProvider(getDefaultSecurityProvider());
        setKeyTable(d);
    }

    public CryptoProvider(String str, String str2) {
        Security.addProvider(getDefaultSecurityProvider());
        setKeyTable(d.a(str2.getBytes()));
        loadKeystoreFromFile(str);
    }

    private static int a(InputStream inputStream, OutputStream outputStream, BlockCipher blockCipher, SecretKey secretKey, boolean z2, byte[] bArr) {
        PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(blockCipher));
        paddedBufferedBlockCipher.init(z2, new ParametersWithIV(new KeyParameter(secretKey.getEncoded()), bArr));
        byte[] bArr2 = new byte[2048];
        byte[] bArr3 = new byte[2048];
        int i = 0;
        while (true) {
            int read = inputStream.read(bArr2);
            if (read == -1) {
                break;
            }
            int processBytes = paddedBufferedBlockCipher.processBytes(bArr2, 0, read, bArr3, 0);
            if (processBytes > 0) {
                outputStream.write(bArr3, 0, processBytes);
                i += processBytes;
            }
        }
        int doFinal = paddedBufferedBlockCipher.doFinal(bArr3, 0);
        if (doFinal <= 0) {
            return i;
        }
        outputStream.write(bArr3, 0, doFinal);
        return i + doFinal;
    }

    public static int decrypt(InputStream inputStream, OutputStream outputStream, SecretKey secretKey) {
        AESEngine aESEngine = new AESEngine();
        byte[] bArr = new byte[aESEngine.getBlockSize()];
        inputStream.read(bArr);
        return a(inputStream, outputStream, aESEngine, secretKey, false, bArr);
    }

    public static int encrypt(InputStream inputStream, OutputStream outputStream, SecretKey secretKey) {
        AESEngine aESEngine = new AESEngine();
        int blockSize = aESEngine.getBlockSize();
        byte[] bArr = new byte[blockSize];
        SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
        outputStream.write(bArr, 0, blockSize);
        return blockSize + a(inputStream, outputStream, aESEngine, secretKey, true, bArr);
    }

    public static Provider getDefaultSecurityProvider() {
        return new BouncyCastleProvider();
    }

    public X509Certificate getCertificate(String str) {
        try {
            if (this.b != null) {
                return (X509Certificate) this.b.getCertificate(str);
            }
            throw new Exception("CS is not fully initialized.");
        } catch (Throwable th) {
            throw new Exception("Could not retrieve ".concat(String.valueOf(str)), th);
        }
    }

    public KeyStore getKeyStore() {
        return this.b;
    }

    public SecretKey getPolicyCipherKey() {
        try {
            if (this.b == null) {
                throw new b("CS is not fully initialized.");
            }
            return (SecretKey) this.b.getKey(ALIAS_POLICY_CIPHER, new KeyStore.PasswordProtection(new String(Hex.encode(((SecretKey) this.b.getKey(ALIAS_KEY_WRAP, ksPass())).getEncoded())).toCharArray()).getPassword());
        } catch (Throwable th) {
            throw new b("Could not retrieve sp", th);
        }
    }

    public X509Certificate getPolicySigningCertificate() {
        try {
            if (this.b != null) {
                return (X509Certificate) this.b.getCertificate(ALIAS_POLICY_SIGNER);
            }
            throw new b("CS is not fully initialized.");
        } catch (Throwable th) {
            throw new b("Could not retrieve ss", th);
        }
    }

    public PrivateKey getPolicySigningKey() {
        try {
            return (PrivateKey) getKeyStore().getKey(ALIAS_POLICY_SIGNER, ksPass());
        } catch (Throwable th) {
            throw new b("Could not retrieve ss", th);
        }
    }

    public X509Certificate getPolicyVerificationCertificate() {
        try {
            if (this.b != null) {
                return (X509Certificate) this.b.getCertificate(ALIAS_POLICY_ANCHOR);
            }
            throw new b("CS is not fully initialized.");
        } catch (Throwable th) {
            throw new b("Could not retrieve sa", th);
        }
    }

    public SecretKey getThreatStoreCipherKey() {
        try {
            if (this.b == null) {
                throw new b("CS is not fully initialized.");
            }
            if (this.f3353c == null) {
                this.f3353c = (SecretKey) this.b.getKey(ALIAS_THREATSTORE_CIPHER, new KeyStore.PasswordProtection(new String(Hex.encode(((SecretKey) this.b.getKey(ALIAS_KEY_WRAP, ksPass())).getEncoded())).toCharArray()).getPassword());
            }
            return this.f3353c;
        } catch (Throwable th) {
            throw new b("Could not retrieve st", th);
        }
    }

    public char[] ksPass() {
        return new String(d.a(this.a)).toCharArray();
    }

    public void loadKeystoreFromFile(String str) {
        FileInputStream fileInputStream = null;
        try {
            FileInputStream fileInputStream2 = new FileInputStream(str);
            try {
                loadKeystoreFromInputStream(fileInputStream2);
                IOUtils.closeQuietly(fileInputStream2);
            } catch (Throwable th) {
                th = th;
                fileInputStream = fileInputStream2;
                try {
                    throw new b("Cannot initialize KMS: " + th.getMessage(), th);
                } catch (Throwable th2) {
                    IOUtils.closeQuietly(fileInputStream);
                    throw th2;
                }
            }
        } catch (Throwable th3) {
            th = th3;
        }
    }

    public void loadKeystoreFromInputStream(InputStream inputStream) {
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
        keyStore.load(inputStream, ksPass());
        this.b = keyStore;
    }

    public void loadKeystoreFromResource(String str) {
        InputStream inputStream = null;
        try {
            InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(str);
            if (resourceAsStream == null) {
                throw new b("Could not load ".concat(String.valueOf(str)));
            }
            loadKeystoreFromInputStream(resourceAsStream);
            try {
                resourceAsStream.close();
            } catch (Throwable unused) {
            }
        } catch (Throwable th) {
            try {
                throw new b("Cannot initialize KMS: " + th.getMessage(), th);
            } catch (Throwable th2) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (Throwable unused2) {
                    }
                }
                throw th2;
            }
        }
    }

    public int seal(InputStream inputStream, OutputStream outputStream, SecretKey secretKey, PrivateKey privateKey, X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        a aVar = new a();
        f.a aVar2 = new f.a(x509Certificate2, secretKey, (byte) 0);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        f.a(inputStream, byteArrayOutputStream, aVar2.d);
        byte[] a = aVar.a(aVar2, byteArrayOutputStream.toByteArray());
        outputStream.write(a);
        return a.length;
    }

    public void setKeyTable(int[] iArr) {
        this.a = iArr;
    }

    public int unseal(InputStream inputStream, OutputStream outputStream, SecretKey secretKey, X509Certificate x509Certificate) {
        new a();
        return a.a(inputStream, outputStream, new f.a(x509Certificate, secretKey, (byte) 0));
    }

    public synchronized boolean verify(CMSSignedData cMSSignedData, X509Certificate x509Certificate) {
        SimpleCertificateValidator simpleCertificateValidator = new SimpleCertificateValidator();
        simpleCertificateValidator.addTrustedCertificate(x509Certificate);
        Store<X509CertificateHolder> certificates = cMSSignedData.getCertificates();
        for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
            try {
                Collection<X509CertificateHolder> matches = certificates.getMatches(signerInformation.getSID());
                if (matches.isEmpty()) {
                    throw new CMSException("There are no signers.");
                }
                X509CertificateHolder next = matches.iterator().next();
                if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(next)) && simpleCertificateValidator.validate(next)) {
                    return true;
                }
            } catch (CertificateNotYetValidException e) {
                l0.h.c.e(c.class.getName()).error("Certificate is not valid yet. [" + new Date().getTime() + " > " + x509Certificate.getNotBefore().getTime() + "]", e);
                throw e;
            }
        }
        return false;
    }
}
