package com.lookout.security.crypto;

import com.lookout.security.crypto.Notary;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.operator.OperatorCreationException;
import s40.g;
import s40.h;
import s40.u;
import s70.n;

/* loaded from: classes6.dex */
public final class a extends Notary {
    static {
        Security.addProvider(CryptoProvider.getDefaultSecurityProvider());
        h90.b.i(Notary.class);
    }

    public static int a(InputStream inputStream, OutputStream outputStream, SecretKey secretKey, Notary.Keychain keychain) {
        try {
            g gVar = new g(inputStream);
            if (a(gVar, keychain)) {
                return Notary.a(new ByteArrayInputStream((byte[]) gVar.b().getContent()), outputStream, secretKey);
            }
            throw new SignatureException("Could not verify data authenticity.");
        } catch (CertificateException | CMSException | OperatorCreationException e11) {
            throw new SignatureException(e11);
        }
    }

    public static boolean a(g gVar, Notary.Keychain keychain) {
        SimpleCertificateValidator simpleCertificateValidator = new SimpleCertificateValidator();
        if (keychain.a() == null) {
            throw new SignatureException("CA cert is null.");
        }
        simpleCertificateValidator.addTrustedCertificate(keychain.a());
        n<X509CertificateHolder> a11 = gVar.a();
        for (u uVar : gVar.d().a()) {
            try {
                Collection<X509CertificateHolder> a12 = a11.a(uVar.f());
                if (a12.isEmpty()) {
                    throw new SignatureException("There are no signers.");
                }
                X509CertificateHolder next = a12.iterator().next();
                if (uVar.m(new t40.c().a(next)) && simpleCertificateValidator.validate(next)) {
                    return true;
                }
            } catch (CertificateNotYetValidException | CMSException e11) {
                throw new SignatureException(e11);
            }
        }
        return false;
    }

    public final byte[] a(List list, byte[] bArr) {
        if (list.isEmpty()) {
            throw new SignatureException("Cannot sign content: no Keychain provided");
        }
        h hVar = new h();
        Date date = new Date();
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            Notary.Keychain keychain = (Notary.Keychain) it.next();
            X509Certificate b11 = keychain.b();
            X509Certificate a11 = keychain.a();
            PrivateKey c11 = keychain.c();
            if (b11 == null) {
                throw new SignatureException("Signing certificate is not present");
            }
            if (b11.getNotAfter().compareTo(date) < 0) {
                throw new SignatureException(String.format("Singing cert invalid after %s", b11.getNotAfter()));
            }
            arrayList.add(b11);
            arrayList.add(a11);
            try {
                hVar.b(new t40.b().c(new e()).a(Notary.a(c11), c11, b11));
            } catch (CertificateEncodingException | OperatorCreationException e11) {
                throw new SignatureException(e11);
            }
        }
        try {
            hVar.a(new p40.c(arrayList));
            return hVar.c(new s40.d(bArr), true).getEncoded();
        } catch (IOException | CertificateEncodingException | CMSException e12) {
            throw new SignatureException(e12);
        }
    }
}
