package com.blackberry.a;

import android.os.Build;
import android.util.Log;
import java.io.ByteArrayInputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Store;

/* loaded from: classes.dex */
public final class e implements d {
    private static final String c = "e";
    private X509Certificate b = null;

    static {
        Provider provider = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
        if (provider != null) {
            Log.d(c, "removing BouncyCastle provider, version: " + provider.getVersion());
            Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
        }
        Security.addProvider(new BouncyCastleProvider());
        Provider provider2 = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
        Log.d(c, "adding BouncyCastle provider, version: " + provider2.getVersion());
    }

    public static List<Certificate> a(String[] strArr) {
        ArrayList arrayList = new ArrayList();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (String str : strArr) {
            arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(str.getBytes())));
        }
        return arrayList;
    }

    public static boolean b() {
        return Build.VERSION.SDK_INT >= 23;
    }

    public static boolean c() {
        return Build.VERSION.SDK_INT >= 26;
    }

    @Override // com.blackberry.a.d
    public void a() {
        if (this.b == null) {
            throw new CertificateException("Certificate not yet set");
        }
        List<Certificate> a2 = a(d.f1118a);
        X509Certificate x509Certificate = this.b;
        Certificate certificate = a2.get(1);
        HashSet hashSet = new HashSet();
        hashSet.add(new TrustAnchor((X509Certificate) certificate, null));
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(false);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate);
            arrayList.add(a2.get(0));
            try {
                try {
                    CertPathValidator.getInstance("PKIX").validate(certificateFactory.generateCertPath(arrayList), pKIXParameters);
                } catch (InvalidAlgorithmParameterException | CertPathValidatorException e) {
                    throw new CertificateException("Validation failed", e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new CertificateException("Failed to initialize CertPathValidator", e2);
            }
        } catch (InvalidAlgorithmParameterException e3) {
            throw new CertificateException("Failed to initialize PKIXParameters", e3);
        }
    }

    @Override // com.blackberry.a.d
    public void a(X509Certificate x509Certificate) {
        this.b = x509Certificate;
    }

    @Override // com.blackberry.a.d
    public boolean a(byte[] bArr, byte[] bArr2) {
        if (this.b == null) {
            throw new IllegalStateException("Certificate not yet set");
        }
        if (!b()) {
            Log.d(c, "Skipping report verification on older builds");
            return true;
        }
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableByteArray(bArr), bArr2);
            Store<X509CertificateHolder> certificates = cMSSignedData.getCertificates();
            Collection<SignerInformation> signers = cMSSignedData.getSignerInfos().getSigners();
            Iterator<SignerInformation> it = signers.iterator();
            if (signers.size() != 1 || !it.hasNext()) {
                return false;
            }
            SignerInformation next = it.next();
            Collection<X509CertificateHolder> matches = certificates.getMatches(next.getSID());
            Iterator<X509CertificateHolder> it2 = matches.iterator();
            if (matches.size() == 0) {
                return next.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(this.b));
            }
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(it2.next());
            if (!c() || Arrays.equals(this.b.getEncoded(), certificate.getEncoded())) {
                return next.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(certificate));
            }
            return false;
        } catch (CMSException e) {
            throw new CertificateException(e.toString());
        } catch (OperatorCreationException e2) {
            throw new CertificateException(e2.toString());
        } catch (Exception e3) {
            throw e3;
        }
    }
}
