package com.symantec.b;

import java.io.File;
import java.io.FileInputStream;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import org.symbouncycastle.asn1.ASN1EncodableVector;
import org.symbouncycastle.asn1.ASN1Set;
import org.symbouncycastle.asn1.DERObject;
import org.symbouncycastle.asn1.cms.Attribute;
import org.symbouncycastle.asn1.cms.AttributeTable;
import org.symbouncycastle.asn1.cms.CMSAttributes;
import org.symbouncycastle.asn1.cms.Time;
import org.symbouncycastle.cms.CMSException;
import org.symbouncycastle.cms.CMSProcessableByteArray;
import org.symbouncycastle.cms.CMSSignedData;
import org.symbouncycastle.cms.SignerInformation;
import org.symbouncycastle.cms.SignerInformationStore;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class y extends x {
    private String b;
    private String c;
    private Provider d;

    y() {
        this.b = null;
        this.c = "";
        this.d = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public y(String str, Provider provider) {
        super(str);
        this.b = null;
        this.c = "";
        this.d = null;
        this.d = provider;
    }

    private PKIXCertPathBuilderResult a(X509Certificate x509Certificate, X509CertSelector x509CertSelector, CertStore certStore, Date date) {
        try {
            CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", this.d);
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)), x509CertSelector);
            pKIXBuilderParameters.addCertStore(certStore);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.setDate(date);
            return (PKIXCertPathBuilderResult) certPathBuilder.build(pKIXBuilderParameters);
        } catch (Exception e) {
            l.a("GfsPkcs7SignedFile::buildPath(...)", "Exception when building path " + e.getMessage());
            throw new e("GfsPkcs7SignedFile::buildPath(...)", "Failed building cetificate path.");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:13:0x005c. Please report as an issue. */
    private Time a(SignerInformation signerInformation) {
        Time time;
        try {
            l.a("GfsPkcs7SignedFile::getSigningtimes(SignerInformation)", "Geting signing time...");
            AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
            if (unsignedAttributes != null && unsignedAttributes.getAll(CMSAttributes.signingTime).size() > 0) {
                throw new q("The signing-time attribute MUST NOT be an unsigned attribute");
            }
            AttributeTable signedAttributes = signerInformation.getSignedAttributes();
            if (signedAttributes != null) {
                ASN1EncodableVector all = signedAttributes.getAll(CMSAttributes.signingTime);
                switch (all.size()) {
                    case 0:
                        return null;
                    case 1:
                        ASN1Set attrValues = ((Attribute) all.get(0)).getAttrValues();
                        if (attrValues.size() != 1) {
                            throw new q("A signing-time attribute MUST have a single attribute value");
                        }
                        DERObject dERObject = attrValues.getObjectAt(0).getDERObject();
                        if (dERObject != null) {
                            time = Time.getInstance(dERObject);
                            l.a("GfsPkcs7SignedFile::getSigningtimes(SignerInformation)", "Finish geting signing time.");
                            return time;
                        }
                        break;
                    default:
                        throw new q("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the signing-time attribute");
                }
            }
            time = null;
            l.a("GfsPkcs7SignedFile::getSigningtimes(SignerInformation)", "Finish geting signing time.");
            return time;
        } catch (Exception e) {
            throw new q("GfsPkcs7SignedFile::getSigningtimes(SignerInformation)", "Fail geting signing time:  " + this.a + "/" + this.c);
        }
    }

    private void a(Vector vector, Collection collection, CertStore certStore, c cVar) {
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            SignerInformation signerInformation = (SignerInformation) it.next();
            try {
                Date date = a(signerInformation).getDate();
                try {
                    if (certStore.getCertificates(signerInformation.getSID()).size() <= 0) {
                        throw new g("GfsPkcs7SignedFile::verifySignerCerts()", "could not find signer certificate in the database");
                    }
                    Iterator it2 = vector.iterator();
                    while (it2.hasNext()) {
                        ab abVar = (ab) it2.next();
                        try {
                            PKIXCertPathBuilderResult a = a(abVar.a(), signerInformation.getSID(), certStore, date);
                            if (a == null) {
                                throw new e("GfsPkcs7SignedFile::verifyCertPath()", "Cannot build certicate path");
                            }
                            Vector vector2 = new Vector(a.getCertPath().getCertificates());
                            int size = vector2.size();
                            int i = 0;
                            while (i < size) {
                                ab abVar2 = new ab((X509Certificate) vector2.elementAt(i), this.d);
                                ab abVar3 = !(i == size + (-1)) ? new ab((X509Certificate) vector2.elementAt(i + 1), this.d) : abVar;
                                if (abVar2.a(date)) {
                                    throw new w("GfsPkcs7SignedFile::verifyCertPath()", this.a + ": certificate expired: " + abVar2.b());
                                }
                                PublicKey c = abVar3.c();
                                PublicKey c2 = abVar2.c();
                                abVar2.a(abVar3, date);
                                p pVar = new p();
                                if (!cVar.a(abVar2, pVar) && cVar.b() != 0) {
                                    throw new w("GfsPkcs7SignedFile::verifyCertPath()", this.a + ":missing restrictions on certificate" + abVar2.b());
                                }
                                if (!abVar2.f().a(pVar, c, c2)) {
                                    throw new w("GfsPkcs7SignedFile::verifyCertPath()", this.a + ": certificate restrictions do not verify for: " + abVar2.b());
                                }
                                i++;
                            }
                        } catch (Exception e) {
                        }
                    }
                    throw new w("GfsPkcs7SignedFile::verifySignerCerts()", "Cannot verify signer's certificate with all trusted CAs.");
                } catch (Exception e2) {
                    throw new g("GfsPkcs7SignedFile::verifySignerCerts()", "Error in retrieving signing cert", l.a(e2));
                }
            } catch (Exception e3) {
                throw new g("GfsPkcs7SignedFile::verifySignerCerts()", "Error getting signing time", l.a(e3));
            }
        }
    }

    private static byte[] b(String str) {
        byte[] bArr;
        Exception e;
        FileInputStream fileInputStream;
        try {
            File file = new File(str);
            fileInputStream = new FileInputStream(file);
            bArr = new byte[(int) file.length()];
        } catch (Exception e2) {
            bArr = null;
            e = e2;
        }
        try {
            fileInputStream.read(bArr);
            fileInputStream.close();
        } catch (Exception e3) {
            e = e3;
            e.printStackTrace();
            return bArr;
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void a(c cVar, Vector vector) {
        int i = 0;
        try {
            l.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Loading Guard/Signature pair data...");
            byte[] b = b(this.a);
            CMSSignedData cMSSignedData = true == (this.c.length() != 0) ? new CMSSignedData(new CMSProcessableByteArray(b(this.c)), b) : new CMSSignedData(b);
            l.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Finish loading Guard/Signature pair data.");
            try {
                l.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Verifying Guard/Signature pair...");
                SignerInformationStore signerInfos = cMSSignedData.getSignerInfos();
                int size = signerInfos.size();
                if (size <= 0) {
                    throw new e("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", this.a + ": no signer certificate chains to any trusted root certificate");
                }
                CertStore certificatesAndCRLs = cMSSignedData.getCertificatesAndCRLs("Collection", this.d);
                vector.iterator();
                for (SignerInformation signerInformation : signerInfos.getSigners()) {
                    Collection<? extends Certificate> certificates = certificatesAndCRLs.getCertificates(signerInformation.getSID());
                    i = (certificates.isEmpty() || !signerInformation.verify(((X509Certificate) certificates.iterator().next()).getPublicKey(), this.d)) ? i : i + 1;
                }
                if (i != size) {
                    throw new q("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Fail verified " + this.a + " and " + this.c);
                }
                l.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Finish verifying Guard/Signature pair.");
                try {
                    a(vector, signerInfos.getSigners(), certificatesAndCRLs, cVar);
                    try {
                        this.b = ((ab) vector.elementAt(0)).d().a();
                    } catch (Exception e) {
                    }
                } catch (Exception e2) {
                    l.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Exception verifying path" + e2.getMessage());
                    throw new w("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Invilid certificate found in for " + this.a + " and " + this.c);
                }
            } catch (Exception e3) {
                l.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Exception when verifying " + e3.getMessage());
                throw new q("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Exception when verifying " + this.a + " and " + this.c);
            }
        } catch (CMSException e4) {
            throw new s("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Fail loading " + this.a + " and " + this.c);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void a(String str) {
        this.c = str;
    }

    public final String e() {
        return this.b;
    }
}
