package com.artifex.sonui.editor;

import android.app.Activity;
import android.content.Intent;
import android.util.Log;
import com.artifex.mupdf.fitz.FitzInputStream;
import com.artifex.sonui.editor.NUIPKCS7Verifier;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cms.CMSProcessableByteArray;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.util.Store;

/* loaded from: classes2.dex */
public class NUIDefaultVerifier extends NUIPKCS7Verifier {
    private static final int BUF_SIZE = 16384;
    private Activity mActivity;
    protected NUICertificate mCertificate;
    protected NUIPKCS7Verifier.NUIPKCS7VerifierListener mListener;
    protected int mResult = -1;
    protected Class mResultViewerClass;

    public NUIDefaultVerifier(Activity activity, Class cls) {
        this.mActivity = activity;
        this.mResultViewerClass = cls;
        Security.addProvider(new BouncyCastleProvider());
    }

    private static boolean selfSigned(X509Certificate x509Certificate) throws CertificateException {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException unused) {
            return false;
        }
    }

    @Override // com.artifex.sonui.editor.NUIPKCS7Verifier
    public void certificateUpdated() {
    }

    @Override // com.artifex.mupdf.fitz.PKCS7Verifier
    public int checkCertificate(byte[] bArr) {
        NUICertificate nUICertificate = this.mCertificate;
        if (nUICertificate == null || nUICertificate.publicKey() == null) {
            return 2;
        }
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
                keyStore.load(null, null);
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                    try {
                        x509Certificate.checkValidity();
                        Log.v("sign", "Issuer: " + x509Certificate.getIssuerDN().getName());
                        Log.v("sign", "Cert: " + x509Certificate.toString());
                        this.mCertificate.publicKey().verify(x509Certificate.getPublicKey());
                        return 0;
                    } catch (InvalidKeyException | NoSuchProviderException | CertificateException unused) {
                        Log.v("sign", "No certificate chain found for: " + nextElement);
                    } catch (SignatureException unused2) {
                        Log.v("sign", "Invalid signature: " + nextElement);
                    }
                }
                return 6;
            } catch (CertificateException e) {
                e = e;
                e.printStackTrace();
                return 6;
            }
        } catch (IOException e2) {
            e = e2;
            e.printStackTrace();
            return 6;
        } catch (KeyStoreException e3) {
            e = e3;
            e.printStackTrace();
            return 6;
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            e.printStackTrace();
            return 6;
        }
    }

    @Override // com.artifex.mupdf.fitz.PKCS7Verifier
    public int checkDigest(FitzInputStream fitzInputStream, byte[] bArr) {
        HashMap<String, String> validity;
        HashMap<String, String> v3Extensions;
        byte[] bArr2 = new byte[16384];
        this.mCertificate = new NUICertificate();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (true) {
            int read = fitzInputStream.read(bArr2, 0, 16384);
            if (read <= 0) {
                break;
            }
            byteArrayOutputStream.write(bArr2, 0, read);
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        try {
            this.mResult = 3;
            if (verifySignedData(byteArray, bArr)) {
                this.mResult = 0;
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (this.mResult == 0) {
            this.mResult = checkCertificate(bArr);
        }
        NUICertificate nUICertificate = this.mCertificate;
        HashMap<String, String> distinguishedName = nUICertificate != null ? nUICertificate.distinguishedName() : NUICertificate.defaultDetails();
        NUICertificate nUICertificate2 = this.mCertificate;
        if (nUICertificate2 != null && (v3Extensions = nUICertificate2.v3Extensions()) != null) {
            distinguishedName.putAll(v3Extensions);
        }
        NUICertificate nUICertificate3 = this.mCertificate;
        if (nUICertificate3 != null && (validity = nUICertificate3.validity()) != null) {
            distinguishedName.putAll(validity);
        }
        NUIPKCS7Verifier.NUIPKCS7VerifierListener nUIPKCS7VerifierListener = this.mListener;
        if (nUIPKCS7VerifierListener != null) {
            nUIPKCS7VerifierListener.onVerifyResult(distinguishedName, this.mResult);
        }
        presentResults(distinguishedName, this.mResult);
        return this.mResult;
    }

    @Override // com.artifex.sonui.editor.NUIPKCS7Verifier
    public void doVerify(NUIPKCS7Verifier.NUIPKCS7VerifierListener nUIPKCS7VerifierListener, int i2) {
        this.mListener = nUIPKCS7VerifierListener;
        this.mSignatureValidity = i2;
        nUIPKCS7VerifierListener.onInitComplete();
    }

    @Override // com.artifex.sonui.editor.NUIPKCS7Verifier
    public void presentResults(HashMap<String, String> hashMap, int i2) {
        Intent intent = new Intent(this.mActivity, (Class<?>) this.mResultViewerClass);
        intent.putExtra("certificateDetails", hashMap);
        intent.putExtra("verifyResult", i2);
        intent.putExtra("updatedSinceSigning", this.mSignatureValidity);
        this.mActivity.startActivity(intent);
    }

    public boolean verifySignedData(byte[] bArr, byte[] bArr2) throws Exception {
        CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableByteArray(bArr), bArr2);
        Store certificates = cMSSignedData.getCertificates();
        SignerInformation signerInformation = (SignerInformation) cMSSignedData.getSignerInfos().getSigners().iterator().next();
        X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next();
        this.mCertificate.fromCertificate(new JcaX509CertificateConverter().getCertificate(x509CertificateHolder));
        return signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(x509CertificateHolder));
    }
}
