package com.artifex.editor;

import android.app.Activity;
import android.content.Intent;
import android.util.Log;
import androidx.appcompat.app.a0;
import com.artifex.editor.NUIPKCS7Verifier;
import com.artifex.mupdf.fitz.FitzInputStream;
import dd.j3;
import dd.u3;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.SimpleTimeZone;
import n4.d0;
import n4.u;
import p3.f;
import q8.l;
import sj.i;
import sj.n;
import sj.o;
import wi.h;
import wi.k;
import wi.m;
import wi.q;
import wi.r;
import wi.s0;
import wi.t;
import wi.x;
import zi.g;
import zi.j;

/* loaded from: classes.dex */
public class NUIDefaultVerifier extends NUIPKCS7Verifier {
    private static final int BUF_SIZE = 16384;
    private Activity mActivity;
    protected NUICertificate mCertificate;
    protected NUIPKCS7Verifier.NUIPKCS7VerifierListener mListener;
    protected int mResult = -1;
    protected Class mResultViewerClass;

    public NUIDefaultVerifier(Activity activity, Class cls) {
        this.mActivity = activity;
        this.mResultViewerClass = cls;
        Security.addProvider(new yj.a());
    }

    private static boolean selfSigned(X509Certificate x509Certificate) throws CertificateException {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException unused) {
            return false;
        }
    }

    @Override // com.artifex.editor.NUIPKCS7Verifier
    public void certificateUpdated() {
    }

    @Override // com.artifex.mupdf.fitz.PKCS7Verifier
    public int checkCertificate(byte[] bArr) {
        NUICertificate nUICertificate = this.mCertificate;
        if (nUICertificate == null || nUICertificate.publicKey() == null) {
            return 2;
        }
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
                keyStore.load(null, null);
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                    try {
                        x509Certificate.checkValidity();
                        Log.v("sign", "Issuer: " + x509Certificate.getIssuerDN().getName());
                        Log.v("sign", "Cert: " + x509Certificate.toString());
                        this.mCertificate.publicKey().verify(x509Certificate.getPublicKey());
                        return 0;
                    } catch (InvalidKeyException | NoSuchProviderException | CertificateException unused) {
                        Log.v("sign", "No certificate chain found for: " + nextElement);
                    } catch (SignatureException unused2) {
                        Log.v("sign", "Invalid signature: " + nextElement);
                    }
                }
                return 6;
            } catch (CertificateException e10) {
                e = e10;
                e.printStackTrace();
                return 6;
            }
        } catch (IOException e11) {
            e = e11;
            e.printStackTrace();
            return 6;
        } catch (KeyStoreException e12) {
            e = e12;
            e.printStackTrace();
            return 6;
        } catch (NoSuchAlgorithmException e13) {
            e = e13;
            e.printStackTrace();
            return 6;
        }
    }

    @Override // com.artifex.mupdf.fitz.PKCS7Verifier
    public int checkDigest(FitzInputStream fitzInputStream, byte[] bArr) {
        HashMap<String, String> validity;
        HashMap<String, String> v3Extensions;
        byte[] bArr2 = new byte[16384];
        this.mCertificate = new NUICertificate();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (true) {
            int read = fitzInputStream.read(bArr2, 0, 16384);
            if (read <= 0) {
                break;
            }
            byteArrayOutputStream.write(bArr2, 0, read);
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        try {
            this.mResult = 3;
            if (verifySignedData(byteArray, bArr)) {
                this.mResult = 0;
            }
        } catch (Exception e10) {
            e10.printStackTrace();
        }
        if (this.mResult == 0) {
            this.mResult = checkCertificate(bArr);
        }
        NUICertificate nUICertificate = this.mCertificate;
        HashMap<String, String> distinguishedName = nUICertificate != null ? nUICertificate.distinguishedName() : NUICertificate.defaultDetails();
        NUICertificate nUICertificate2 = this.mCertificate;
        if (nUICertificate2 != null && (v3Extensions = nUICertificate2.v3Extensions()) != null) {
            distinguishedName.putAll(v3Extensions);
        }
        NUICertificate nUICertificate3 = this.mCertificate;
        if (nUICertificate3 != null && (validity = nUICertificate3.validity()) != null) {
            distinguishedName.putAll(validity);
        }
        NUIPKCS7Verifier.NUIPKCS7VerifierListener nUIPKCS7VerifierListener = this.mListener;
        if (nUIPKCS7VerifierListener != null) {
            nUIPKCS7VerifierListener.onVerifyResult(distinguishedName, this.mResult);
        }
        presentResults(distinguishedName, this.mResult);
        return this.mResult;
    }

    @Override // com.artifex.editor.NUIPKCS7Verifier
    public void doVerify(NUIPKCS7Verifier.NUIPKCS7VerifierListener nUIPKCS7VerifierListener, int i10) {
        this.mListener = nUIPKCS7VerifierListener;
        this.mSignatureValidity = i10;
        nUIPKCS7VerifierListener.onInitComplete();
    }

    @Override // com.artifex.editor.NUIPKCS7Verifier
    public void presentResults(HashMap<String, String> hashMap, int i10) {
        Intent intent = new Intent(this.mActivity, (Class<?>) this.mResultViewerClass);
        intent.putExtra("certificateDetails", hashMap);
        intent.putExtra("verifyResult", i10);
        intent.putExtra("updatedSinceSigning", this.mSignatureValidity);
        this.mActivity.startActivity(intent);
    }

    public boolean verifySignedData(byte[] bArr, byte[] bArr2) throws Exception {
        u uVar;
        j h5;
        boolean y2;
        Date p10;
        sj.b bVar = new sj.b(bArr);
        int i10 = i.f29683a;
        try {
            k i11 = new h(bArr2).i();
            sj.d dVar = new sj.d(bVar, i11 instanceof zi.e ? (zi.e) i11 : i11 != null ? new zi.e(r.p(i11)) : null);
            g gVar = dVar.f29670a;
            t tVar = gVar.f33120f;
            sj.d.f29669d.getClass();
            if (tVar != null) {
                ArrayList arrayList = new ArrayList(tVar.size());
                Enumeration s10 = tVar.s();
                while (s10.hasMoreElements()) {
                    q c10 = ((wi.e) s10.nextElement()).c();
                    if (c10 instanceof r) {
                        arrayList.add(new pj.a(nj.b.h(c10)));
                    }
                }
                uVar = new u(arrayList);
            } else {
                uVar = new u(new ArrayList());
            }
            if (dVar.f29672c == null) {
                ArrayList arrayList2 = new ArrayList();
                int i12 = 0;
                while (true) {
                    t tVar2 = gVar.f33122h;
                    if (i12 == tVar2.size()) {
                        break;
                    }
                    wi.e r10 = tVar2.r(i12);
                    arrayList2.add(new n(r10 instanceof zi.i ? (zi.i) r10 : r10 != null ? new zi.i(r.p(r10)) : null, gVar.f33119d.f33109b, dVar.f29671b));
                    i12++;
                }
                dVar.f29672c = new fi.r(1, arrayList2);
            }
            fi.r rVar = dVar.f29672c;
            rVar.getClass();
            n nVar = (n) new ArrayList(rVar.f22002c).iterator().next();
            pj.a aVar = (pj.a) uVar.a(nVar.f29694a).iterator().next();
            try {
                ((kf.b) new xa.b(27).f31990c).getClass();
                this.mCertificate.fromCertificate((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(aVar.f27733a.f())));
                f fVar = new f(27);
                d0 d0Var = new d0(1);
                zj.b bVar2 = new zj.b();
                ((u3) fVar.f27290c).getClass();
                b4.d dVar2 = new b4.d(24);
                ak.d dVar3 = (ak.d) dVar2.f2925c;
                dVar3.getClass();
                try {
                    dVar3.f512a.getClass();
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(aVar.f27733a.f()));
                    try {
                        m9.t tVar3 = new m9.t(dVar2, new qj.d(x509Certificate), x509Certificate);
                        ((u3) fVar.f27290c).getClass();
                        ba.c cVar = new ba.c(new a0(20, 0), 25);
                        o oVar = new o(d0Var, bVar2, tVar3, cVar);
                        q a10 = nVar.a(zi.c.f33104c, "signing-time");
                        if (a10 == null) {
                            h5 = null;
                        } else {
                            try {
                                h5 = j.h(a10);
                            } catch (IllegalArgumentException unused) {
                                throw new sj.a("signing-time attribute value not a valid 'Time' structure");
                            }
                        }
                        if (h5 != null) {
                            pj.a aVar2 = (pj.a) tVar3.f25387c;
                            try {
                                q qVar = h5.f33133b;
                                if (qVar instanceof x) {
                                    x xVar = (x) qVar;
                                    xVar.getClass();
                                    SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmssz");
                                    simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "Z"));
                                    String p11 = xVar.p();
                                    p10 = simpleDateFormat.parse(p11.charAt(0) < '5' ? "20".concat(p11) : "19".concat(p11));
                                } else {
                                    p10 = ((wi.g) qVar).p();
                                }
                                nj.b bVar3 = aVar2.f27733a;
                                if (!((p10.before(bVar3.f26396c.f26411g.h()) || p10.after(bVar3.f26396c.f26412h.h())) ? false : true)) {
                                    throw new sj.g("verifier not valid at signingTime");
                                }
                            } catch (ParseException e10) {
                                throw new IllegalStateException("invalid date string: " + e10.getMessage());
                            }
                        }
                        zi.i iVar = nVar.f29702i;
                        sj.f fVar2 = sj.f.f29680a;
                        nj.a aVar3 = nVar.f29704k;
                        String str = aVar3.f26393b.f31662b;
                        String str2 = (String) sj.f.f29681b.get(str);
                        if (str2 != null) {
                            str = str2;
                        }
                        try {
                            l a11 = oVar.a(aVar3, iVar.f33128d);
                            try {
                                ak.a o7 = a11.o();
                                byte[] bArr3 = nVar.f29701h;
                                t tVar4 = nVar.f29705l;
                                nj.a aVar4 = nVar.f29703j;
                                sj.h hVar = nVar.f29695b;
                                if (bArr3 == null) {
                                    l d10 = cVar.d(aVar4);
                                    if (hVar != null) {
                                        ak.a o10 = d10.o();
                                        if (tVar4 != null) {
                                            ((sj.b) hVar).b(o10);
                                            o7.write(tVar4 != null ? tVar4.g("DER") : null);
                                        } else if (a11 instanceof ak.b) {
                                            ((sj.b) hVar).b(o10);
                                        } else {
                                            ak.a aVar5 = new ak.a(o10, o7);
                                            ((sj.b) hVar).b(aVar5);
                                            aVar5.close();
                                        }
                                        o10.close();
                                    } else {
                                        if (tVar4 == null) {
                                            throw new sj.a("data not encapsulated in signature - use detached constructor.");
                                        }
                                        o7.write(tVar4 != null ? tVar4.g("DER") : null);
                                    }
                                    nVar.f29701h = ((MessageDigest) ((ak.a) d10.f28028d).f507c).digest();
                                } else if (tVar4 != null) {
                                    o7.write(tVar4 != null ? tVar4.g("DER") : null);
                                } else if (hVar != null) {
                                    ((sj.b) hVar).b(o7);
                                }
                                o7.close();
                                q a12 = nVar.a(zi.c.f33102a, "content-type");
                                boolean z10 = nVar.f29698e;
                                if (a12 != null) {
                                    if (z10) {
                                        throw new sj.a("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
                                    }
                                    if (!(a12 instanceof m)) {
                                        throw new sj.a("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
                                    }
                                    if (!((m) a12).equals(nVar.f29697d)) {
                                        throw new sj.a("content-type attribute value does not match eContentType");
                                    }
                                } else if (!z10 && tVar4 != null) {
                                    throw new sj.a("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
                                }
                                if (tVar4 != null && nVar.f29699f == null) {
                                    nVar.f29699f = new a0(tVar4);
                                }
                                a0 a0Var = nVar.f29699f;
                                a0 b5 = nVar.b();
                                if (b5 != null && b5.h(zi.c.f33106e).A() > 0) {
                                    throw new sj.a("A cmsAlgorithmProtect attribute MUST be a signed attribute");
                                }
                                if (a0Var != null) {
                                    b4.d h10 = a0Var.h(zi.c.f33106e);
                                    if (h10.A() > 1) {
                                        throw new sj.a("Only one instance of a cmsAlgorithmProtect attribute can be present");
                                    }
                                    if (h10.A() > 0) {
                                        zi.a h11 = zi.a.h(h10.p(0));
                                        if (h11.f33098c.size() != 1) {
                                            throw new sj.a("A cmsAlgorithmProtect attribute MUST contain exactly one value");
                                        }
                                        t tVar5 = h11.f33098c;
                                        wi.e[] eVarArr = new wi.e[tVar5.size()];
                                        for (int i13 = 0; i13 != tVar5.size(); i13++) {
                                            eVarArr[i13] = tVar5.r(i13);
                                        }
                                        wi.e eVar = eVarArr[0];
                                        zi.b bVar4 = eVar instanceof zi.b ? (zi.b) eVar : eVar != null ? new zi.b(r.p(eVar)) : null;
                                        if (!i.b(bVar4.f33099b, iVar.f33128d)) {
                                            throw new sj.a("CMS Algorithm Identifier Protection check failed for digestAlgorithm");
                                        }
                                        if (!i.b(bVar4.f33100c, iVar.f33130g)) {
                                            throw new sj.a("CMS Algorithm Identifier Protection check failed for signatureAlgorithm");
                                        }
                                    }
                                }
                                q a13 = nVar.a(zi.c.f33103b, "message-digest");
                                if (a13 != null) {
                                    if (!(a13 instanceof wi.n)) {
                                        throw new sj.a("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
                                    }
                                    if (!j3.y(nVar.f29701h, ((wi.n) a13).r())) {
                                        throw new sj.g("message-digest attribute value does not match calculated value");
                                    }
                                } else if (tVar4 != null) {
                                    throw new sj.a("the message-digest signed attribute type MUST be present when there are any signed attributes present");
                                }
                                if (a0Var != null && a0Var.h(zi.c.f33105d).A() > 0) {
                                    throw new sj.a("A countersignature attribute MUST NOT be a signed attribute");
                                }
                                a0 b10 = nVar.b();
                                if (b10 != null) {
                                    b4.d h12 = b10.h(zi.c.f33105d);
                                    for (int i14 = 0; i14 < h12.A(); i14++) {
                                        if (zi.a.h(h12.p(i14)).f33098c.size() < 1) {
                                            throw new sj.a("A countersignature attribute MUST contain at least one AttributeValue");
                                        }
                                    }
                                }
                                byte[] bArr4 = nVar.f29696c;
                                if (tVar4 == null) {
                                    try {
                                        if (nVar.f29701h != null && (a11 instanceof ak.b)) {
                                            ak.b bVar5 = (ak.b) a11;
                                            y2 = str.equals("RSA") ? bVar5.y(new nj.c(new nj.a(aVar4.f26393b, s0.f31676b), nVar.f29701h).g("DER"), j3.s(bArr4)) : bVar5.y(nVar.f29701h, j3.s(bArr4));
                                            return y2;
                                        }
                                    } catch (IOException e11) {
                                        throw new sj.a("can't process mime object to create signature.", e11);
                                    }
                                }
                                y2 = a11.x(j3.s(bArr4));
                                return y2;
                            } catch (IOException e12) {
                                throw new sj.a("can't process mime object to create signature.", e12);
                            } catch (zj.c e13) {
                                throw new sj.a("can't create digest calculator: " + e13.getMessage(), e13);
                            }
                        } catch (zj.c e14) {
                            throw new sj.a("can't create content verifier: " + e14.getMessage(), e14);
                        }
                    } catch (CertificateEncodingException e15) {
                        throw new zj.c("cannot process certificate: " + e15.getMessage(), e15);
                    }
                } catch (IOException e16) {
                    throw new ak.c(b4.c.j(e16, new StringBuilder("cannot get encoded form of certificate: ")), e16);
                } catch (NoSuchProviderException e17) {
                    throw new ak.c("cannot find factory provider: " + e17.getMessage(), e17);
                }
            } catch (IOException e18) {
                throw new qj.c(b4.c.j(e18, new StringBuilder("exception parsing certificate: ")), e18);
            } catch (NoSuchProviderException e19) {
                throw new qj.b("cannot find required provider:" + e19.getMessage(), e19);
            }
        } catch (IOException e20) {
            throw new sj.a("IOException reading content.", e20);
        } catch (ClassCastException e21) {
            throw new sj.a("Malformed content.", e21);
        } catch (IllegalArgumentException e22) {
            throw new sj.a("Malformed content.", e22);
        }
    }
}
