package com.lookout.security.crypto;

import com.lookout.analytics.internal.c;
import com.lookout.security.crypto.Notary;
import com.lookout.utils.IOUtils;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import javax.crypto.SecretKey;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Store;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public class CryptoProvider {

    /* renamed from: c, reason: collision with root package name */
    public static final int[] f6202c;

    /* renamed from: a, reason: collision with root package name */
    public volatile int[] f6203a;

    /* renamed from: b, reason: collision with root package name */
    public KeyStore f6204b;

    /* loaded from: classes3.dex */
    public class ParseException extends RuntimeException {
    }

    static {
        try {
            f6202c = new int[]{1829541479, -2120558870, -67981373, -1767747046, 543723860, -1665276008, 1167994444, 749740628, 80552007, 482332717, -366561953, -697941640, -1169021300, 1590609025, 1602855277, 910207396, -1368104336, 264288378, 22486822, -397719957, -1776440152, -834421902, 2035062375, 1834669802, -63787069, -1755164134, 711496020, -1380063336, 1184771660, 783295060, -263380921, 658493485, -337201825, -706330248, -1122883956, 1615774849, 1946788205, 910207396, -1389075856, 478197882, 362225446, -238336405, -1768051544, -813450382, 1808569959, -2128947478, -55398461, -1583197670, 564695380, -1346508904, 832450124, 783295060, -263380921, 687853613, -165235361, -685358728, -1135466868, 1410253953, 1925816685, 926984612, -1040948624, 486586490, 30875430, -448051605};
        } catch (ParseException unused) {
        }
    }

    public CryptoProvider() {
        Security.addProvider(e());
        j(f6202c);
    }

    public static int a(InputStream inputStream, OutputStream outputStream, AESEngine aESEngine, SecretKey secretKey, boolean z2, byte[] bArr) {
        try {
            PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(aESEngine));
            paddedBufferedBlockCipher.f(z2, new ParametersWithIV(new KeyParameter(secretKey.getEncoded()), bArr));
            byte[] bArr2 = new byte[2048];
            byte[] bArr3 = new byte[2048];
            int i2 = 0;
            while (true) {
                int read = inputStream.read(bArr2);
                if (read == -1) {
                    break;
                }
                int g2 = paddedBufferedBlockCipher.g(bArr2, 0, read, bArr3, 0);
                if (g2 > 0) {
                    outputStream.write(bArr3, 0, g2);
                    i2 += g2;
                }
            }
            int a2 = paddedBufferedBlockCipher.a(bArr3, 0);
            if (a2 <= 0) {
                return i2;
            }
            outputStream.write(bArr3, 0, a2);
            return i2 + a2;
        } catch (ParseException unused) {
            return 0;
        }
    }

    public static int b(InputStream inputStream, OutputStream outputStream, SecretKey secretKey) {
        try {
            AESEngine aESEngine = new AESEngine();
            byte[] bArr = new byte[aESEngine.c()];
            inputStream.read(bArr);
            return a(inputStream, outputStream, aESEngine, secretKey, false, bArr);
        } catch (ParseException unused) {
            return 0;
        }
    }

    public static int c(InputStream inputStream, OutputStream outputStream, SecretKey secretKey) {
        try {
            AESEngine aESEngine = new AESEngine();
            int c2 = aESEngine.c();
            byte[] bArr = new byte[c2];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
            outputStream.write(bArr, 0, c2);
            return c2 + a(inputStream, outputStream, aESEngine, secretKey, true, bArr);
        } catch (ParseException unused) {
            return 0;
        }
    }

    public static Provider e() {
        try {
            return new BouncyCastleProvider();
        } catch (ParseException unused) {
            return null;
        }
    }

    public X509Certificate d(String str) {
        try {
            KeyStore keyStore = this.f6204b;
            if (keyStore != null) {
                return (X509Certificate) keyStore.getCertificate(str);
            }
            throw new Exception("CS is not fully initialized.");
        } catch (Throwable th) {
            throw new Exception(c.a("Could not retrieve ", str), th);
        }
    }

    public VerificationKeychainFactory f() {
        try {
            return new VerificationKeychainFactory(this.f6204b, g());
        } catch (Throwable th) {
            throw new CryptoProviderException("Could not load keychain factory", th);
        }
    }

    public char[] g() {
        int[] iArr = this.f6203a;
        int[] iArr2 = (int[]) iArr.clone();
        byte[] bArr = new byte[iArr.length];
        int i2 = 9;
        int i3 = 3;
        for (int i4 = 0; i4 < iArr.length; i4++) {
            switch (((i4 * 555) % 5) + 2) {
                case 0:
                    i3++;
                    int i5 = iArr2[i4] / KeyObfuscator.f6210a[i3 % 22];
                    iArr2[i4] = i5;
                    i2++;
                    bArr[i4] = (byte) (((i5 ^ KeyObfuscator.f6211b[i2 % 22]) >> 11) & 255);
                    break;
                case 1:
                    i3++;
                    iArr[i4] = iArr[i4] - KeyObfuscator.f6210a[i3 % 22];
                    i2++;
                    bArr[i4] = (byte) (((KeyObfuscator.f6211b[i2 % 22] ^ iArr2[i4]) >> 15) & 255);
                    break;
                case 2:
                    i3++;
                    int i6 = iArr2[i4] + KeyObfuscator.f6210a[i3 % 22];
                    iArr2[i4] = i6;
                    i2++;
                    bArr[i4] = (byte) (((i6 ^ KeyObfuscator.f6211b[i2 % 22]) >> 22) & 255);
                    break;
                case 3:
                    i3++;
                    int i7 = iArr2[i4] / KeyObfuscator.f6210a[i3 % 22];
                    iArr2[i4] = i7;
                    i2++;
                    bArr[i4] = (byte) (((i7 ^ KeyObfuscator.f6211b[i2 % 22]) >> 19) & 255);
                    break;
                case 4:
                    i3++;
                    int i8 = iArr2[i4] / KeyObfuscator.f6210a[i3 % 22];
                    iArr2[i4] = i8;
                    i2++;
                    bArr[i4] = (byte) (((i8 ^ KeyObfuscator.f6211b[i2 % 22]) >> 23) & 255);
                    break;
                case 5:
                    i3++;
                    int i9 = iArr2[i4] - KeyObfuscator.f6210a[i3 % 22];
                    iArr2[i4] = i9;
                    i2++;
                    bArr[i4] = (byte) (((i9 ^ KeyObfuscator.f6211b[i2 % 22]) >> 13) & 255);
                    break;
                case 6:
                    i3++;
                    int i10 = iArr2[i4] + KeyObfuscator.f6210a[i3 % 22];
                    iArr2[i4] = i10;
                    i2++;
                    bArr[i4] = (byte) (((i10 ^ KeyObfuscator.f6211b[i2 % 22]) >> 5) & 255);
                    break;
            }
        }
        return new String(bArr).toCharArray();
    }

    public void h(InputStream inputStream) {
        try {
            KeyStore keyStore = KeyStore.getInstance("BKS");
            keyStore.load(inputStream, g());
            this.f6204b = keyStore;
        } catch (ParseException unused) {
        }
    }

    public void i(String str) {
        try {
            InputStream e2 = IOUtils.e(str, getClass().getClassLoader());
            if (e2 != null) {
                h(e2);
                IOUtils.c(e2);
            } else {
                throw new CryptoProviderException("Could not load " + str);
            }
        } catch (Throwable th) {
            try {
                throw new CryptoProviderException("Cannot initialize KMS: " + th.getMessage(), th);
            } catch (Throwable th2) {
                IOUtils.c(null);
                throw th2;
            }
        }
    }

    public void j(int[] iArr) {
        try {
            this.f6203a = iArr;
        } catch (ParseException unused) {
        }
    }

    public int k(InputStream inputStream, OutputStream outputStream, SecretKey secretKey, Notary.Keychain keychain) {
        new CMSNotary();
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(inputStream);
            if (CMSNotary.c(cMSSignedData, keychain)) {
                return Notary.a(new ByteArrayInputStream((byte[]) cMSSignedData.b().getContent()), outputStream, secretKey);
            }
            throw new SignatureException("Could not verify data authenticity.");
        } catch (CertificateException | CMSException | OperatorCreationException e2) {
            throw new SignatureException(e2);
        }
    }

    public synchronized boolean l(CMSSignedData cMSSignedData, X509Certificate x509Certificate) {
        SimpleCertificateValidator simpleCertificateValidator = new SimpleCertificateValidator();
        simpleCertificateValidator.a(x509Certificate);
        Store<X509CertificateHolder> a2 = cMSSignedData.a();
        for (SignerInformation signerInformation : cMSSignedData.e().a()) {
            try {
                Collection<X509CertificateHolder> a3 = a2.a(signerInformation.e());
                if (a3.isEmpty()) {
                    throw new CMSException("There are no signers.");
                }
                X509CertificateHolder next = a3.iterator().next();
                if (signerInformation.l(new JcaSimpleSignerInfoVerifierBuilder().a(next)) && simpleCertificateValidator.c(next)) {
                    return true;
                }
            } catch (CertificateNotYetValidException e2) {
                LoggerFactory.j(CryptoService.class).m("Certificate is not valid yet. [" + new Date().getTime() + " > " + x509Certificate.getNotBefore().getTime() + "]", e2);
                throw e2;
            }
        }
        return false;
    }
}
