package com.symantec.gfs;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Set;
import org.spongycastle.asn1.cms.Attribute;
import org.spongycastle.asn1.cms.AttributeTable;
import org.spongycastle.asn1.cms.CMSAttributes;
import org.spongycastle.asn1.cms.Time;
import org.spongycastle.cert.jcajce.JcaCertStoreBuilder;
import org.spongycastle.cms.CMSException;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: classes2.dex */
final class m extends g {
    protected String c;
    private String d;
    private Provider e;

    /* JADX INFO: Access modifiers changed from: package-private */
    public m(String str, Provider provider) {
        super(str);
        this.d = null;
        this.c = "";
        this.e = null;
        this.e = provider;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private static CertStore a(String str, Provider provider, org.spongycastle.cms.e eVar) {
        try {
            JcaCertStoreBuilder a = new JcaCertStoreBuilder().a(str);
            if (provider != null) {
                a.a(provider);
            }
            a.a(eVar.b());
            a.b(eVar.c());
            return a.a();
        } catch (NoSuchAlgorithmException e) {
            throw e;
        } catch (Exception e2) {
            throw new CMSException("exception creating CertStore: " + e2.getMessage(), e2);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private PKIXCertPathBuilderResult a(X509Certificate x509Certificate, X509CertSelector x509CertSelector, CertStore certStore, Date date) {
        try {
            CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", this.e);
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)), x509CertSelector);
            pKIXBuilderParameters.addCertStore(certStore);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.setDate(date);
            return (PKIXCertPathBuilderResult) certPathBuilder.build(pKIXBuilderParameters);
        } catch (Exception e) {
            p.a("GfsPkcs7SignedFile::buildPath(...)", "Exception when building path " + e.getMessage());
            throw new BadChainException("GfsPkcs7SignedFile::buildPath(...)", "Failed building cetificate path.");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:13:0x003f. Please report as an issue. */
    /* JADX WARN: Unreachable blocks removed: 6, instructions: 6 */
    private Time a(org.spongycastle.cms.o oVar) {
        try {
            p.a("GfsPkcs7SignedFile::getSigningtimes(SignerInformation)", "Geting signing time...");
            AttributeTable c = oVar.c();
            if (c != null && c.a(CMSAttributes.c).a() > 0) {
                throw new BadSigException("The signing-time attribute MUST NOT be an unsigned attribute");
            }
            AttributeTable b = oVar.b();
            Time time = null;
            if (b != null) {
                ASN1EncodableVector a = b.a(CMSAttributes.c);
                switch (a.a()) {
                    case 0:
                        return null;
                    case 1:
                        ASN1Set b2 = ((Attribute) a.a(0)).b();
                        if (b2.c() != 1) {
                            throw new BadSigException("A signing-time attribute MUST have a single attribute value");
                        }
                        ASN1Primitive j = b2.a(0).j();
                        if (j != null) {
                            time = Time.a(j);
                            p.a("GfsPkcs7SignedFile::getSigningtimes(SignerInformation)", "Finish geting signing time.");
                            return time;
                        }
                        break;
                    default:
                        throw new BadSigException("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the signing-time attribute");
                }
            }
            p.a("GfsPkcs7SignedFile::getSigningtimes(SignerInformation)", "Finish geting signing time.");
            return time;
        } catch (Exception unused) {
            throw new BadSigException("GfsPkcs7SignedFile::getSigningtimes(SignerInformation)", "Fail geting signing time:  " + this.b + "/" + this.c);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void a(Vector vector, Collection collection, CertStore certStore, e eVar) {
        CertStore certStore2 = certStore;
        Iterator it = collection.iterator();
        loop0: while (it.hasNext()) {
            org.spongycastle.cms.o oVar = (org.spongycastle.cms.o) it.next();
            try {
                Date a = a(oVar).a();
                try {
                    new org.spongycastle.cms.a.i();
                    if (certStore2.getCertificates(org.spongycastle.cms.a.i.a(oVar.a())).size() <= 0) {
                        throw new SecurityLibException("GfsPkcs7SignedFile::verifySignerCerts()", "could not find signer certificate in the database");
                    }
                    Iterator it2 = vector.iterator();
                    while (it2.hasNext()) {
                        b bVar = (b) it2.next();
                        try {
                            new org.spongycastle.cms.a.i();
                            PKIXCertPathBuilderResult a2 = a(bVar.a(), org.spongycastle.cms.a.i.a(oVar.a()), certStore2, a);
                            if (a2 == null) {
                                throw new BadChainException("GfsPkcs7SignedFile::verifyCertPath()", "Cannot build certicate path");
                            }
                            Vector vector2 = new Vector(a2.getCertPath().getCertificates());
                            int size = vector2.size();
                            int i = 0;
                            while (i < size) {
                                b bVar2 = new b((X509Certificate) vector2.elementAt(i), this.e);
                                b bVar3 = !(i == size + (-1)) ? new b((X509Certificate) vector2.elementAt(i + 1), this.e) : bVar;
                                if (bVar2.a(a)) {
                                    throw new BadCertException("GfsPkcs7SignedFile::verifyCertPath()", this.b + ": certificate expired: " + bVar2.b());
                                    break loop0;
                                }
                                PublicKey c = bVar3.c();
                                PublicKey c2 = bVar2.c();
                                bVar2.a(c, bVar3, a);
                                d dVar = new d();
                                try {
                                    if (!eVar.a(bVar2, dVar) && eVar.b() != 0) {
                                        throw new BadCertException("GfsPkcs7SignedFile::verifyCertPath()", this.b + ":missing restrictions on certificate" + bVar2.b());
                                    }
                                    if (!bVar2.f().a(dVar, c, c2)) {
                                        throw new BadCertException("GfsPkcs7SignedFile::verifyCertPath()", this.b + ": certificate restrictions do not verify for: " + bVar2.b());
                                    }
                                    i++;
                                    certStore2 = certStore;
                                } catch (GfsRuntimeException | CertificateException unused) {
                                    continue;
                                    certStore2 = certStore;
                                }
                            }
                        } catch (GfsRuntimeException | CertificateException unused2) {
                        }
                    }
                    throw new BadCertException("GfsPkcs7SignedFile::verifySignerCerts()", "Cannot verify signer's certificate with all trusted CAs.");
                } catch (Exception e) {
                    throw new SecurityLibException("GfsPkcs7SignedFile::verifySignerCerts()", "Error in retrieving signing cert", p.a(e));
                }
            } catch (Exception e2) {
                throw new SecurityLibException("GfsPkcs7SignedFile::verifySignerCerts()", "Error getting signing time", p.a(e2));
            }
        }
    }

    /* JADX WARN: Unreachable blocks removed: 5, instructions: 7 */
    private static boolean a(PublicKey publicKey, Provider provider, org.spongycastle.cms.o oVar) {
        try {
            return oVar.a(provider != null ? !provider.getName().equalsIgnoreCase("BC") ? new org.spongycastle.cms.a.a(new JcaDigestCalculatorProviderBuilder().a()).a(provider).a(publicKey) : new org.spongycastle.cms.a.e().a(provider).a(publicKey) : new org.spongycastle.cms.a.e().a(publicKey));
        } catch (OperatorCreationException e) {
            throw new CMSException("unable to create verifier: " + e.getMessage(), e);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    private static byte[] b(String str) {
        byte[] bArr;
        FileInputStream fileInputStream;
        try {
            File file = new File(str);
            fileInputStream = new FileInputStream(file);
            bArr = new byte[(int) file.length()];
        } catch (IOException e) {
            e = e;
            bArr = null;
        }
        try {
            fileInputStream.read(bArr);
            fileInputStream.close();
        } catch (IOException e2) {
            e = e2;
            e.printStackTrace();
            return bArr;
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Unreachable blocks removed: 5, instructions: 6 */
    public final void a(e eVar, Vector vector) {
        try {
            p.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Loading Guard/Signature pair data...");
            byte[] b = b(this.b);
            org.spongycastle.cms.e eVar2 = true == (this.c.length() != 0) ? new org.spongycastle.cms.e(new org.spongycastle.cms.c(b(this.c)), b) : new org.spongycastle.cms.e(b);
            p.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Finish loading Guard/Signature pair data.");
            try {
                p.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Verifying Guard/Signature pair...");
                org.spongycastle.cms.p a = eVar2.a();
                int a2 = a.a();
                if (a2 <= 0) {
                    throw new BadChainException("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", this.b + ": no signer certificate chains to any trusted root certificate");
                }
                CertStore a3 = a("Collection", this.e, eVar2);
                vector.iterator();
                int i = 0;
                loop0: while (true) {
                    for (org.spongycastle.cms.o oVar : a.b()) {
                        new org.spongycastle.cms.a.i();
                        Collection<? extends Certificate> certificates = a3.getCertificates(org.spongycastle.cms.a.i.a(oVar.a()));
                        if (!certificates.isEmpty() && a(((X509Certificate) certificates.iterator().next()).getPublicKey(), this.e, oVar)) {
                            i++;
                        }
                    }
                    break loop0;
                }
                if (i != a2) {
                    throw new BadSigException("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Fail verified " + this.b + " and " + this.c);
                }
                p.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Finish verifying Guard/Signature pair.");
                try {
                    a(vector, a.b(), a3, eVar);
                    try {
                        this.d = ((b) vector.elementAt(0)).d().a();
                    } catch (NoValueException | SecurityLibException e) {
                        p.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Exception while retrieving dnName " + e.getMessage());
                    }
                } catch (Exception e2) {
                    p.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Exception verifying path" + e2.getMessage());
                    throw new BadCertException("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Invilid certificate found in for " + this.b + " and " + this.c);
                }
            } catch (Exception e3) {
                p.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Exception when verifying " + e3.getMessage());
                throw new BadSigException("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Exception when verifying " + this.b + " and " + this.c);
            }
        } catch (CMSException unused) {
            throw new BadDataException("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Fail loading " + this.b + " and " + this.c);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public final void a(String str) {
        this.c = str;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public final String d() {
        return this.d;
    }
}
