package com.artifex.sonui.editor;

import android.app.Activity;
import android.security.KeyChain;
import android.security.KeyChainAliasCallback;
import android.security.KeyChainException;
import android.support.v4.media.RatingCompat$$ExternalSyntheticOutline0;
import com.artifex.mupdf.fitz.FitzInputStream;
import com.artifex.mupdf.fitz.PDFWidget;
import com.artifex.mupdf.fitz.PKCS7DistinguishedName;
import com.artifex.solib.FileUtils$$ExternalSyntheticOutline0;
import com.artifex.sonui.editor.NUIPKCS7Signer;
import com.ironsource.sdk.controller.t;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Vector;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Set;
import org.spongycastle.asn1.DERNull;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DEROutputStream;
import org.spongycastle.asn1.DLSet;
import org.spongycastle.asn1.cms.CMSObjectIdentifiers;
import org.spongycastle.asn1.cms.ContentInfo;
import org.spongycastle.asn1.cms.IssuerAndSerialNumber;
import org.spongycastle.asn1.cms.SignedData;
import org.spongycastle.asn1.cms.SignerIdentifier;
import org.spongycastle.asn1.cms.SignerInfo;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.Certificate;
import org.spongycastle.asn1.x509.Extensions;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaCertStore;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSProcessableByteArray;
import org.spongycastle.cms.CMSSignatureEncryptionAlgorithmFinder;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.CMSSignedDataGenerator;
import org.spongycastle.cms.CMSSignedHelper;
import org.spongycastle.cms.CMSUtils;
import org.spongycastle.cms.DefaultCMSSignatureEncryptionAlgorithmFinder;
import org.spongycastle.cms.SignerInfoGenerator;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.spongycastle.operator.DigestCalculator;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.RuntimeOperatorException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.io.TeeOutputStream;

/* loaded from: classes.dex */
public class NUIDefaultSigner extends NUIPKCS7Signer {
    public Activity mActivity;
    public String mAlias;
    public NUICertificate mCert;
    public PKCS7DistinguishedName mDistinguishedName;

    public NUIDefaultSigner(Activity activity) {
        this.mActivity = activity;
        Security.addProvider(new BouncyCastleProvider());
    }

    public static byte[] signData(byte[] bArr, X509Certificate x509Certificate, PrivateKey privateKey) throws Exception {
        AlgorithmIdentifier find;
        ASN1Set aSN1Set;
        ASN1Set aSN1Set2;
        ArrayList arrayList = new ArrayList();
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
        arrayList.add(x509Certificate);
        JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder("SHA256withRSA");
        try {
            Signature createSignature = jcaContentSignerBuilder.helper.createSignature(jcaContentSignerBuilder.sigAlgId);
            AlgorithmIdentifier algorithmIdentifier = jcaContentSignerBuilder.sigAlgId;
            createSignature.initSign(privateKey);
            JcaContentSignerBuilder.AnonymousClass1 anonymousClass1 = new JcaContentSignerBuilder.AnonymousClass1(jcaContentSignerBuilder, createSignature, algorithmIdentifier);
            JcaDigestCalculatorProviderBuilder.AnonymousClass1 anonymousClass12 = new JcaDigestCalculatorProviderBuilder.AnonymousClass1();
            DefaultCMSSignatureEncryptionAlgorithmFinder defaultCMSSignatureEncryptionAlgorithmFinder = new DefaultCMSSignatureEncryptionAlgorithmFinder();
            Certificate certificate = Certificate.getInstance(x509Certificate.getEncoded());
            Extensions extensions = certificate.tbsCert.extensions;
            cMSSignedDataGenerator.signerGens.add(new SignerInfoGenerator(new SignerIdentifier(new IssuerAndSerialNumber(certificate)), anonymousClass1, anonymousClass12, defaultCMSSignatureEncryptionAlgorithmFinder, true));
            List list = cMSSignedDataGenerator.certs;
            int i = CMSUtils.$r8$clinit;
            ArrayList arrayList2 = new ArrayList();
            try {
                Iterator it = ((ArrayList) jcaCertStore.getMatches(null)).iterator();
                while (it.hasNext()) {
                    arrayList2.add(((X509CertificateHolder) it.next()).x509Certificate);
                }
                list.addAll(arrayList2);
                if (!cMSSignedDataGenerator.signerInfs.isEmpty()) {
                    throw new IllegalStateException("this method can only be used with SignerInfoGenerator");
                }
                t tVar = new t(9);
                t tVar2 = new t(9);
                cMSSignedDataGenerator.digests.clear();
                for (SignerInformation signerInformation : cMSSignedDataGenerator._signers) {
                    CMSSignedHelper cMSSignedHelper = CMSSignedHelper.INSTANCE;
                    AlgorithmIdentifier algorithmIdentifier2 = signerInformation.digestAlgorithm;
                    if (algorithmIdentifier2.parameters == null) {
                        algorithmIdentifier2 = new AlgorithmIdentifier(algorithmIdentifier2.algorithm, DERNull.INSTANCE);
                    }
                    ((Vector) tVar.a).addElement(algorithmIdentifier2);
                    tVar2.add(signerInformation.info);
                }
                ASN1ObjectIdentifier aSN1ObjectIdentifier = cMSProcessableByteArray.type;
                if (cMSProcessableByteArray.getContent() != null) {
                    List<SignerInfoGenerator> list2 = cMSSignedDataGenerator.signerGens;
                    int i2 = CMSUtils.$r8$clinit;
                    OutputStream outputStream = null;
                    for (SignerInfoGenerator signerInfoGenerator : list2) {
                        DigestCalculator digestCalculator = signerInfoGenerator.digester;
                        OutputStream teeOutputStream = digestCalculator != null ? signerInfoGenerator.sAttrGen == null ? new TeeOutputStream(((JcaDigestCalculatorProviderBuilder.AnonymousClass1.C02631) signerInfoGenerator.digester).val$stream, ((JcaContentSignerBuilder.AnonymousClass1) signerInfoGenerator.signer).stream) : ((JcaDigestCalculatorProviderBuilder.AnonymousClass1.C02631) digestCalculator).val$stream : ((JcaContentSignerBuilder.AnonymousClass1) signerInfoGenerator.signer).stream;
                        if (outputStream == null) {
                            outputStream = CMSUtils.getSafeOutputStream(teeOutputStream);
                        } else if (teeOutputStream != null) {
                            outputStream = new TeeOutputStream(outputStream, teeOutputStream);
                        }
                    }
                    OutputStream safeOutputStream = CMSUtils.getSafeOutputStream(outputStream);
                    try {
                        safeOutputStream.write(cMSProcessableByteArray.bytes);
                        safeOutputStream.close();
                    } catch (IOException e) {
                        throw new CMSException(FileUtils$$ExternalSyntheticOutline0.m(e, RatingCompat$$ExternalSyntheticOutline0.m("data processing exception: ")), e);
                    }
                }
                for (SignerInfoGenerator signerInfoGenerator2 : cMSSignedDataGenerator.signerGens) {
                    Objects.requireNonNull(signerInfoGenerator2);
                    try {
                        CMSSignatureEncryptionAlgorithmFinder cMSSignatureEncryptionAlgorithmFinder = signerInfoGenerator2.sigEncAlgFinder;
                        AlgorithmIdentifier algorithmIdentifier3 = ((JcaContentSignerBuilder.AnonymousClass1) signerInfoGenerator2.signer).val$signatureAlgId;
                        Objects.requireNonNull((DefaultCMSSignatureEncryptionAlgorithmFinder) cMSSignatureEncryptionAlgorithmFinder);
                        if (((HashSet) DefaultCMSSignatureEncryptionAlgorithmFinder.RSA_PKCS1d5).contains(algorithmIdentifier3.algorithm)) {
                            algorithmIdentifier3 = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE);
                        }
                        AlgorithmIdentifier algorithmIdentifier4 = algorithmIdentifier3;
                        if (signerInfoGenerator2.sAttrGen != null) {
                            DigestCalculator digestCalculator2 = signerInfoGenerator2.digester;
                            find = ((JcaDigestCalculatorProviderBuilder.AnonymousClass1.C02631) digestCalculator2).val$algorithm;
                            byte[] digest = ((JcaDigestCalculatorProviderBuilder.AnonymousClass1.C02631) digestCalculator2).getDigest();
                            signerInfoGenerator2.calculatedDigest = digest;
                            ASN1Set attributeSet = signerInfoGenerator2.getAttributeSet(signerInfoGenerator2.sAttrGen.getAttributes(Collections.unmodifiableMap(signerInfoGenerator2.getBaseParameters(aSN1ObjectIdentifier, ((JcaDigestCalculatorProviderBuilder.AnonymousClass1.C02631) signerInfoGenerator2.digester).val$algorithm, algorithmIdentifier4, digest))));
                            JcaContentSignerBuilder.SignatureOutputStream signatureOutputStream = ((JcaContentSignerBuilder.AnonymousClass1) signerInfoGenerator2.signer).stream;
                            signatureOutputStream.write(attributeSet.getEncoded("DER"));
                            signatureOutputStream.close();
                            aSN1Set = attributeSet;
                        } else {
                            DigestCalculator digestCalculator3 = signerInfoGenerator2.digester;
                            if (digestCalculator3 != null) {
                                find = ((JcaDigestCalculatorProviderBuilder.AnonymousClass1.C02631) digestCalculator3).val$algorithm;
                                signerInfoGenerator2.calculatedDigest = ((JcaDigestCalculatorProviderBuilder.AnonymousClass1.C02631) digestCalculator3).getDigest();
                            } else {
                                find = ((DefaultDigestAlgorithmIdentifierFinder) signerInfoGenerator2.digAlgFinder).find(((JcaContentSignerBuilder.AnonymousClass1) signerInfoGenerator2.signer).val$signatureAlgId);
                                signerInfoGenerator2.calculatedDigest = null;
                            }
                            aSN1Set = null;
                        }
                        AlgorithmIdentifier algorithmIdentifier5 = find;
                        JcaContentSignerBuilder.AnonymousClass1 anonymousClass13 = (JcaContentSignerBuilder.AnonymousClass1) signerInfoGenerator2.signer;
                        Objects.requireNonNull(anonymousClass13);
                        try {
                            byte[] sign = anonymousClass13.stream.sig.sign();
                            if (signerInfoGenerator2.unsAttrGen != null) {
                                Map baseParameters = signerInfoGenerator2.getBaseParameters(aSN1ObjectIdentifier, algorithmIdentifier5, algorithmIdentifier4, signerInfoGenerator2.calculatedDigest);
                                ((HashMap) baseParameters).put("encryptedDigest", Arrays.clone(sign));
                                aSN1Set2 = signerInfoGenerator2.getAttributeSet(signerInfoGenerator2.unsAttrGen.getAttributes(Collections.unmodifiableMap(baseParameters)));
                            } else {
                                aSN1Set2 = null;
                            }
                            SignerInfo signerInfo = new SignerInfo(signerInfoGenerator2.signerIdentifier, algorithmIdentifier5, aSN1Set, algorithmIdentifier4, new DEROctetString(sign), aSN1Set2);
                            tVar.add(signerInfo.digAlgorithm);
                            ((Vector) tVar2.a).addElement(signerInfo);
                            byte[] bArr2 = signerInfoGenerator2.calculatedDigest;
                            byte[] clone = bArr2 != null ? Arrays.clone(bArr2) : null;
                            if (clone != null) {
                                cMSSignedDataGenerator.digests.put(signerInfo.digAlgorithm.algorithm.identifier, clone);
                            }
                        } catch (SignatureException e2) {
                            throw new RuntimeOperatorException("exception obtaining signature: " + e2.getMessage(), e2);
                        }
                    } catch (IOException e3) {
                        throw new CMSException("encoding error.", e3);
                    }
                }
                CMSSignedData cMSSignedData = new CMSSignedData(cMSProcessableByteArray, new ContentInfo(CMSObjectIdentifiers.signedData, new SignedData(new DLSet(tVar, 1), new ContentInfo(aSN1ObjectIdentifier, null), cMSSignedDataGenerator.certs.size() != 0 ? CMSUtils.createBerSetFromList(cMSSignedDataGenerator.certs) : null, cMSSignedDataGenerator.crls.size() != 0 ? CMSUtils.createBerSetFromList(cMSSignedDataGenerator.crls) : null, new DLSet(tVar2, 1))));
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                new DEROutputStream(byteArrayOutputStream).writeObject(cMSSignedData.contentInfo);
                return byteArrayOutputStream.toByteArray();
            } catch (ClassCastException e4) {
                throw new CMSException("error processing certs", e4);
            }
        } catch (GeneralSecurityException e5) {
            StringBuilder m = RatingCompat$$ExternalSyntheticOutline0.m("cannot create signer: ");
            m.append(e5.getMessage());
            throw new OperatorCreationException(m.toString(), e5);
        }
    }

    @Override // com.artifex.sonui.editor.NUIPKCS7Signer
    public void doSign(final NUIPKCS7Signer.NUIPKCS7SignerListener nUIPKCS7SignerListener) {
        if (this.mAlias == null) {
            KeyChain.choosePrivateKeyAlias(this.mActivity, new KeyChainAliasCallback() { // from class: com.artifex.sonui.editor.NUIDefaultSigner.1
                @Override // android.security.KeyChainAliasCallback
                public void alias(String str) {
                    X509Certificate[] x509CertificateArr;
                    NUIDefaultSigner.this.mCert = new NUICertificate();
                    if (str != null) {
                        NUIDefaultSigner nUIDefaultSigner = NUIDefaultSigner.this;
                        NUICertificate nUICertificate = nUIDefaultSigner.mCert;
                        Activity activity = nUIDefaultSigner.mActivity;
                        nUICertificate.init();
                        try {
                            x509CertificateArr = KeyChain.getCertificateChain(activity, str);
                        } catch (KeyChainException | InterruptedException unused) {
                            x509CertificateArr = null;
                        }
                        boolean z = false;
                        if (x509CertificateArr != null && x509CertificateArr.length != 0) {
                            z = nUICertificate.fromCertificate(x509CertificateArr[0]);
                        }
                        try {
                            nUICertificate.privKey = KeyChain.getPrivateKey(activity, str);
                        } catch (KeyChainException | InterruptedException unused2) {
                        }
                        if (z) {
                            NUIDefaultSigner nUIDefaultSigner2 = NUIDefaultSigner.this;
                            nUIDefaultSigner2.mAlias = str;
                            nUIDefaultSigner2.mDistinguishedName = nUIDefaultSigner2.mCert.pkcs7DistinguishedName();
                            nUIPKCS7SignerListener.onSignatureReady();
                            return;
                        }
                    }
                    NUIDefaultSigner nUIDefaultSigner3 = NUIDefaultSigner.this;
                    nUIDefaultSigner3.mCert = null;
                    nUIDefaultSigner3.mAlias = null;
                    nUIPKCS7SignerListener.onCancel();
                    Activity activity2 = NUIDefaultSigner.this.mActivity;
                    Utilities.showMessage(activity2, activity2.getString(R.string.sodk_editor_certificate_sign), NUIDefaultSigner.this.mActivity.getString(R.string.sodk_editor_certificate_no_identities));
                }
            }, null, null, null, -1, "");
        } else {
            nUIPKCS7SignerListener.onSignatureReady();
        }
    }

    @Override // com.artifex.mupdf.fitz.PKCS7Signer
    public int maxDigest() {
        return 7168;
    }

    @Override // com.artifex.mupdf.fitz.PKCS7Signer
    public PKCS7DistinguishedName name() {
        return this.mDistinguishedName;
    }

    @Override // com.artifex.mupdf.fitz.PKCS7Signer
    public byte[] sign(FitzInputStream fitzInputStream) {
        byte[] bArr = new byte[PDFWidget.PDF_BTN_FIELD_IS_NO_TOGGLE_TO_OFF];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (true) {
            int read = fitzInputStream.read(bArr, 0, PDFWidget.PDF_BTN_FIELD_IS_NO_TOGGLE_TO_OFF);
            if (read <= 0) {
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                NUICertificate nUICertificate = this.mCert;
                try {
                    return signData(byteArray, nUICertificate.publicCert, nUICertificate.privKey);
                } catch (Exception e) {
                    e.printStackTrace();
                    return null;
                }
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }
}
