package com.symantec.gfs;

import java.io.File;
import java.io.FileInputStream;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import org.symbouncycastle.asn1.t;
import org.symbouncycastle.cms.CMSException;

/* loaded from: classes.dex */
public final class m extends g {
    public String c;
    protected String d;
    private Provider e;

    public m(String str, Provider provider) {
        super(str);
        this.c = null;
        this.d = "";
        this.e = null;
        this.e = provider;
    }

    private PKIXCertPathBuilderResult a(X509Certificate x509Certificate, X509CertSelector x509CertSelector, CertStore certStore, Date date) {
        try {
            CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", this.e);
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)), x509CertSelector);
            pKIXBuilderParameters.addCertStore(certStore);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.setDate(date);
            return (PKIXCertPathBuilderResult) certPathBuilder.build(pKIXBuilderParameters);
        } catch (Exception e) {
            p.a("GfsPkcs7SignedFile::buildPath(...)", "Exception when building path " + e.getMessage());
            throw new BadChainException("GfsPkcs7SignedFile::buildPath(...)", "Failed building cetificate path.");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:13:0x005c. Please report as an issue. */
    private org.symbouncycastle.asn1.b.j a(org.symbouncycastle.cms.m mVar) {
        org.symbouncycastle.asn1.b.j jVar;
        try {
            p.a("GfsPkcs7SignedFile::getSigningtimes(SignerInformation)", "Geting signing time...");
            org.symbouncycastle.asn1.b.b b = mVar.b();
            if (b != null && b.a(org.symbouncycastle.asn1.b.c.c).a.size() > 0) {
                throw new BadSigException("The signing-time attribute MUST NOT be an unsigned attribute");
            }
            org.symbouncycastle.asn1.b.b a = mVar.a();
            if (a != null) {
                org.symbouncycastle.asn1.e a2 = a.a(org.symbouncycastle.asn1.b.c.c);
                switch (a2.a.size()) {
                    case 0:
                        return null;
                    case 1:
                        t tVar = ((org.symbouncycastle.asn1.b.a) a2.a(0)).b;
                        if (tVar.a.size() != 1) {
                            throw new BadSigException("A signing-time attribute MUST have a single attribute value");
                        }
                        org.symbouncycastle.asn1.q a_ = tVar.a(0).a_();
                        if (a_ != null) {
                            jVar = org.symbouncycastle.asn1.b.j.a(a_);
                            p.a("GfsPkcs7SignedFile::getSigningtimes(SignerInformation)", "Finish geting signing time.");
                            return jVar;
                        }
                        break;
                    default:
                        throw new BadSigException("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the signing-time attribute");
                }
            }
            jVar = null;
            p.a("GfsPkcs7SignedFile::getSigningtimes(SignerInformation)", "Finish geting signing time.");
            return jVar;
        } catch (Exception e) {
            throw new BadSigException("GfsPkcs7SignedFile::getSigningtimes(SignerInformation)", "Fail geting signing time:  " + this.b + "/" + this.d);
        }
    }

    private void a(Vector vector, Collection collection, CertStore certStore, e eVar) {
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            org.symbouncycastle.cms.m mVar = (org.symbouncycastle.cms.m) it.next();
            try {
                Date c = a(mVar).c();
                try {
                    new org.symbouncycastle.cms.a.g();
                    if (certStore.getCertificates(org.symbouncycastle.cms.a.g.a(mVar.a)).size() <= 0) {
                        throw new SecurityLibException("GfsPkcs7SignedFile::verifySignerCerts()", "could not find signer certificate in the database");
                    }
                    Iterator it2 = vector.iterator();
                    while (it2.hasNext()) {
                        b bVar = (b) it2.next();
                        try {
                            new org.symbouncycastle.cms.a.g();
                            PKIXCertPathBuilderResult a = a(bVar.a, org.symbouncycastle.cms.a.g.a(mVar.a), certStore, c);
                            if (a == null) {
                                throw new BadChainException("GfsPkcs7SignedFile::verifyCertPath()", "Cannot build certicate path");
                            }
                            Vector vector2 = new Vector(a.getCertPath().getCertificates());
                            int size = vector2.size();
                            int i = 0;
                            while (i < size) {
                                b bVar2 = new b((X509Certificate) vector2.elementAt(i), this.e);
                                b bVar3 = !(i == size + (-1)) ? new b((X509Certificate) vector2.elementAt(i + 1), this.e) : bVar;
                                if (bVar2.a(c)) {
                                    throw new BadCertException("GfsPkcs7SignedFile::verifyCertPath()", this.b + ": certificate expired: " + bVar2.a());
                                }
                                PublicKey b = bVar3.b();
                                PublicKey b2 = bVar2.b();
                                bVar2.a(bVar3, c);
                                d dVar = new d();
                                if (!eVar.a(bVar2, dVar) && eVar.b() != 0) {
                                    throw new BadCertException("GfsPkcs7SignedFile::verifyCertPath()", this.b + ":missing restrictions on certificate" + bVar2.a());
                                }
                                if (bVar2.a == null) {
                                    throw new NoValueException("GfsCert::getCertFields()", "certificate not set.");
                                }
                                if (!bVar2.b.a) {
                                    bVar2.b.a(bVar2);
                                }
                                if (!bVar2.b.b.a(dVar, b, b2)) {
                                    throw new BadCertException("GfsPkcs7SignedFile::verifyCertPath()", this.b + ": certificate restrictions do not verify for: " + bVar2.a());
                                }
                                i++;
                            }
                        } catch (Exception e) {
                        }
                    }
                    throw new BadCertException("GfsPkcs7SignedFile::verifySignerCerts()", "Cannot verify signer's certificate with all trusted CAs.");
                } catch (Exception e2) {
                    throw new SecurityLibException("GfsPkcs7SignedFile::verifySignerCerts()", "Error in retrieving signing cert", p.a(e2));
                }
            } catch (Exception e3) {
                throw new SecurityLibException("GfsPkcs7SignedFile::verifySignerCerts()", "Error getting signing time", p.a(e3));
            }
        }
    }

    private static byte[] b(String str) {
        byte[] bArr;
        Exception e;
        FileInputStream fileInputStream;
        try {
            File file = new File(str);
            fileInputStream = new FileInputStream(file);
            bArr = new byte[(int) file.length()];
        } catch (Exception e2) {
            bArr = null;
            e = e2;
        }
        try {
            fileInputStream.read(bArr);
            fileInputStream.close();
        } catch (Exception e3) {
            e = e3;
            e.printStackTrace();
            return bArr;
        }
        return bArr;
    }

    public final void a(e eVar, Vector vector) {
        int i;
        int i2 = 0;
        try {
            p.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Loading Guard/Signature pair data...");
            byte[] b = b(this.b);
            org.symbouncycastle.cms.d dVar = true == (this.d.length() != 0) ? new org.symbouncycastle.cms.d(new org.symbouncycastle.cms.b(b(this.d)), b) : new org.symbouncycastle.cms.d(b);
            p.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Finish loading Guard/Signature pair data.");
            try {
                p.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Verifying Guard/Signature pair...");
                org.symbouncycastle.cms.n a = dVar.a();
                int size = a.a.size();
                if (size <= 0) {
                    throw new BadChainException("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", this.b + ": no signer certificate chains to any trusted root certificate");
                }
                CertStore a2 = dVar.a("Collection", this.e);
                vector.iterator();
                for (org.symbouncycastle.cms.m mVar : a.a()) {
                    new org.symbouncycastle.cms.a.g();
                    Collection<? extends Certificate> certificates = a2.getCertificates(org.symbouncycastle.cms.a.g.a(mVar.a));
                    if (!certificates.isEmpty()) {
                        PublicKey publicKey = ((X509Certificate) certificates.iterator().next()).getPublicKey();
                        Provider provider = this.e;
                        mVar.c();
                        if (mVar.a(publicKey, provider)) {
                            i = i2 + 1;
                            i2 = i;
                        }
                    }
                    i = i2;
                    i2 = i;
                }
                if (i2 != size) {
                    throw new BadSigException("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Fail verified " + this.b + " and " + this.d);
                }
                p.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Finish verifying Guard/Signature pair.");
                try {
                    a(vector, a.a(), a2, eVar);
                    try {
                        this.c = ((b) vector.elementAt(0)).c().a();
                    } catch (Exception e) {
                    }
                } catch (Exception e2) {
                    p.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Exception verifying path" + e2.getMessage());
                    throw new BadCertException("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Invilid certificate found in for " + this.b + " and " + this.d);
                }
            } catch (Exception e3) {
                p.a("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Exception when verifying " + e3.getMessage());
                throw new BadSigException("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Exception when verifying " + this.b + " and " + this.d);
            }
        } catch (CMSException e4) {
            throw new BadDataException("GfsPkcs7SignedFile::verify(GfsCertRestrictions, Vector)", "Fail loading " + this.b + " and " + this.d);
        }
    }

    public final void a(String str) {
        this.d = str;
    }
}
