package com.nitrodesk.crypto.ew.impl.jca;

import com.echoworx.edt.common.ErrorCodes;
import com.echoworx.edt.common.pki.EDTPKIException;
import com.echoworx.edt.common.pki.EDTPrivateKey;
import com.echoworx.edt.common.pki.EDTX509Certificate;
import com.echoworx.edt.common.pki.PKCS7Container;
import com.nitrodesk.crypto.ew.impl.bouncycastle.BouncyCastleX509Certificate;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import org.ndbouncycastle.cms.CMSEnvelopedData;
import org.ndbouncycastle.cms.CMSSignedData;
import org.ndbouncycastle.cms.RecipientId;
import org.ndbouncycastle.cms.RecipientInformation;
import org.ndbouncycastle.cms.SignerInformation;
import org.ndbouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes.dex */
public class JCAPKCS7Container implements PKCS7Container {
    protected byte[] fASNContent;
    protected LinkedList<EDTX509Certificate> fChain;

    protected JCAPKCS7Container(byte[] bArr) {
        this.fASNContent = bArr;
    }

    protected static LinkedList<EDTX509Certificate> buildCertificateChain(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        try {
            Collection<? extends Certificate> certificates = new CMSSignedData(bArr).getCertificatesAndCRLs("Collection", BouncyCastleProvider.PROVIDER_NAME).getCertificates(new X509CertSelector());
            LinkedList<EDTX509Certificate> linkedList = new LinkedList<>();
            if (certificates == null || certificates.size() <= 0) {
                return linkedList;
            }
            LinkedList linkedList2 = new LinkedList();
            Iterator<? extends Certificate> it = certificates.iterator();
            while (it.hasNext()) {
                doInsert(linkedList2, new BouncyCastleX509Certificate((X509Certificate) it.next()));
            }
            Iterator it2 = linkedList2.iterator();
            while (it2.hasNext()) {
                mergeChains((LinkedList) it2.next(), linkedList);
            }
            return linkedList;
        } catch (Exception e) {
            throw new EDTPKIException("Could not build certificate chain.");
        }
    }

    static boolean checkCertificateIssuer(EDTX509Certificate eDTX509Certificate, EDTX509Certificate eDTX509Certificate2) {
        return compareSubjectDN(((BouncyCastleX509Certificate) eDTX509Certificate2).getCertificate().getSubjectX500Principal().getName("CANONICAL"), ((BouncyCastleX509Certificate) eDTX509Certificate).getCertificate().getIssuerX500Principal().getName("CANONICAL"));
    }

    private static boolean compareSubjectDN(String str, String str2) {
        if (str == null || str2 == null || str.length() != str2.length()) {
            return false;
        }
        String[] split = str.split(",");
        String[] split2 = str2.split(",");
        if (split.length != split2.length) {
            return false;
        }
        Arrays.sort(split);
        Arrays.sort(split2);
        return Arrays.equals(split, split2);
    }

    static void doInsert(LinkedList<LinkedList<EDTX509Certificate>> linkedList, EDTX509Certificate eDTX509Certificate) {
        boolean z = false;
        Iterator<LinkedList<EDTX509Certificate>> it = linkedList.iterator();
        while (it.hasNext() && !(z = tryInsert(it.next(), eDTX509Certificate))) {
        }
        if (z) {
            return;
        }
        LinkedList<EDTX509Certificate> linkedList2 = new LinkedList<>();
        tryInsert(linkedList2, eDTX509Certificate);
        linkedList.add(linkedList2);
    }

    public static JCAPKCS7Container load(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        return new JCAPKCS7Container(bArr);
    }

    static boolean mergeChains(LinkedList<EDTX509Certificate> linkedList, LinkedList<EDTX509Certificate> linkedList2) {
        if (linkedList2.isEmpty()) {
            linkedList2.addAll(0, linkedList);
        }
        if (checkCertificateIssuer(linkedList2.getLast(), linkedList.getFirst())) {
            linkedList2.addAll(linkedList2.size(), linkedList);
            return true;
        }
        if (!checkCertificateIssuer(linkedList.getLast(), linkedList2.getFirst())) {
            return false;
        }
        linkedList2.addAll(0, linkedList);
        return true;
    }

    static boolean tryInsert(LinkedList<EDTX509Certificate> linkedList, EDTX509Certificate eDTX509Certificate) {
        if (linkedList.isEmpty()) {
            linkedList.add(eDTX509Certificate);
            return true;
        }
        if (checkCertificateIssuer(eDTX509Certificate, linkedList.getFirst())) {
            linkedList.addFirst(eDTX509Certificate);
            return true;
        }
        if (!checkCertificateIssuer(linkedList.getLast(), eDTX509Certificate)) {
            return false;
        }
        linkedList.addLast(eDTX509Certificate);
        return true;
    }

    @Override // com.echoworx.edt.common.pki.PKCS7Container
    public byte[] decrypt(EDTPrivateKey eDTPrivateKey, EDTX509Certificate eDTX509Certificate) {
        if (this.fASNContent == null) {
            throw new EDTPKIException(ErrorCodes.INVALID_PKCS7);
        }
        if (eDTPrivateKey == null) {
            throw new EDTPKIException(ErrorCodes.INVALID_KEY);
        }
        if (!(eDTPrivateKey instanceof JCAKey)) {
            throw new EDTPKIException("Key is not of valid type (JCAKey).");
        }
        if (eDTX509Certificate == null) {
            throw new EDTPKIException(ErrorCodes.INVALID_CERTIFICATE);
        }
        if (!(eDTX509Certificate instanceof BouncyCastleX509Certificate)) {
            throw new EDTPKIException("Certificate was not of valid type (BouncyCastleX509Certificate).");
        }
        RecipientId recipientId = new RecipientId();
        recipientId.setCertificate(((BouncyCastleX509Certificate) eDTX509Certificate).getCertificate());
        recipientId.setSerialNumber((BigInteger) eDTX509Certificate.getSerialNumber());
        try {
            recipientId.setIssuer(eDTX509Certificate.getEncodedIssuer());
            try {
                RecipientInformation recipientInformation = new CMSEnvelopedData(this.fASNContent).getRecipientInfos().get(recipientId);
                if (recipientInformation == null) {
                    EDTPKIException eDTPKIException = new EDTPKIException(ErrorCodes.getErrorStringWithExtendedInfo(ErrorCodes.DECRYPT_PKCS7_FAIL, "No info found for the provided certificate"));
                    eDTPKIException.setErrorCode(ErrorCodes.DECRYPT_PKCS7_FAIL);
                    throw eDTPKIException;
                }
                try {
                    return recipientInformation.getContent(((JCAKey) eDTPrivateKey).getKey(), BouncyCastleProvider.PROVIDER_NAME);
                } catch (Exception e) {
                    EDTPKIException eDTPKIException2 = new EDTPKIException(ErrorCodes.getErrorStringWithExtendedInfo(ErrorCodes.DECRYPT_PKCS7_FAIL, "Could not retrieve contents corresponding to certificate"));
                    eDTPKIException2.setErrorCode(ErrorCodes.DECRYPT_PKCS7_FAIL);
                    throw eDTPKIException2;
                }
            } catch (Exception e2) {
                throw new EDTPKIException(ErrorCodes.DECRYPT_PKCS7_FAIL, e2);
            }
        } catch (IOException e3) {
            throw new EDTPKIException(ErrorCodes.INVALID_ISSUER, e3);
        }
    }

    @Override // com.echoworx.edt.common.pki.PKCS7Container
    public EDTX509Certificate[] getCertificateChain() {
        if (this.fChain == null) {
            this.fChain = buildCertificateChain(this.fASNContent);
        }
        if (this.fChain == null || this.fChain.isEmpty()) {
            return null;
        }
        return (EDTX509Certificate[]) this.fChain.toArray(new EDTX509Certificate[0]);
    }

    @Override // com.echoworx.edt.common.pki.PKCS7Container
    public EDTX509Certificate getLeafCertificate() {
        if (this.fChain == null) {
            this.fChain = buildCertificateChain(this.fASNContent);
        }
        if (this.fChain == null || this.fChain.isEmpty()) {
            return null;
        }
        return this.fChain.getFirst();
    }

    @Override // com.echoworx.edt.common.pki.PKCS7Container
    public byte[] verify() {
        CMSSignedData cMSSignedData;
        try {
            cMSSignedData = new CMSSignedData(this.fASNContent);
        } catch (Exception e) {
            e = e;
        }
        try {
            CertStore certificatesAndCRLs = cMSSignedData.getCertificatesAndCRLs("Collection", BouncyCastleProvider.PROVIDER_NAME);
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                try {
                    Iterator<? extends Certificate> it = certificatesAndCRLs.getCertificates(signerInformation.getSID()).iterator();
                    if (!it.hasNext()) {
                        EDTPKIException eDTPKIException = new EDTPKIException(ErrorCodes.getErrorStringWithExtendedInfo(ErrorCodes.VERIFY_PKCS7_FAIL, "Could not verify signature as certificates were not found."));
                        eDTPKIException.setErrorCode(ErrorCodes.VERIFY_PKCS7_FAIL);
                        throw eDTPKIException;
                    }
                    try {
                        if (!signerInformation.verify((X509Certificate) it.next(), BouncyCastleProvider.PROVIDER_NAME)) {
                            EDTPKIException eDTPKIException2 = new EDTPKIException(ErrorCodes.getErrorStringWithExtendedInfo(ErrorCodes.VERIFY_PKCS7_FAIL, "The signature failed verification."));
                            eDTPKIException2.setErrorCode(ErrorCodes.VERIFY_PKCS7_FAIL);
                            throw eDTPKIException2;
                        }
                    } catch (Exception e2) {
                        EDTPKIException eDTPKIException3 = new EDTPKIException(ErrorCodes.getErrorStringWithExtendedInfo(ErrorCodes.VERIFY_PKCS7_FAIL, "Failed while attempting to verify signature."), e2);
                        eDTPKIException3.setErrorCode(ErrorCodes.VERIFY_PKCS7_FAIL);
                        throw eDTPKIException3;
                    }
                } catch (CertStoreException e3) {
                    EDTPKIException eDTPKIException4 = new EDTPKIException(ErrorCodes.getErrorStringWithExtendedInfo(ErrorCodes.VERIFY_PKCS7_FAIL, "The certificates could not be found."), e3);
                    eDTPKIException4.setErrorCode(ErrorCodes.VERIFY_PKCS7_FAIL);
                    throw eDTPKIException4;
                }
            }
            return (byte[]) cMSSignedData.getSignedContent().getContent();
        } catch (Exception e4) {
            e = e4;
            throw new EDTPKIException(ErrorCodes.VERIFY_PKCS7_FAIL, e);
        }
    }
}
