package com.kofax.mobile.sdk.ah;

import ah.a0;
import ah.f1;
import ah.l0;
import ah.t1;
import ah.y0;
import android.app.Activity;
import android.nfc.NfcAdapter;
import android.nfc.Tag;
import android.nfc.tech.IsoDep;
import android.util.Pair;
import com.kofax.kmc.ken.engines.INFCTagReader;
import com.kofax.kmc.ken.engines.data.IMRZResult;
import com.kofax.kmc.ken.engines.data.ITagData;
import com.kofax.kmc.ken.engines.data.Image;
import com.kofax.kmc.ken.engines.data.NFCTagParameters;
import com.kofax.kmc.kut.utilities.AppContextProvider;
import com.kofax.kmc.kut.utilities.error.ErrorInfo;
import com.kofax.kmc.kut.utilities.error.KmcRuntimeException;
import com.kofax.mobile.sdk.extract.id.ICompletionListener;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;

/* loaded from: classes.dex */
public class c implements INFCTagReader {
    private static final String TAG = "c";
    private static final int WP = 131;
    private static final CertSelector WQ = new X509CertSelector() { // from class: com.kofax.mobile.sdk.ah.c.1
        @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
        public boolean match(Certificate certificate) {
            return certificate instanceof X509Certificate;
        }
    };
    com.kofax.mobile.sdk.am.f WR;
    com.kofax.mobile.sdk.am.g WS;
    com.kofax.mobile.sdk.am.a WT;
    com.kofax.mobile.sdk.am.h WU;
    com.kofax.mobile.sdk.am.d WV;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.kofax.mobile.sdk.ah.c$6, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass6 {
        static final /* synthetic */ int[] Xa;

        static {
            int[] iArr = new int[a.values().length];
            Xa = iArr;
            try {
                iArr[a.SIGNED_DATA.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                Xa[a.CERTIFICATE.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public enum a {
        SIGNED_DATA,
        CERTIFICATE
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class b implements ITagData {
        private IMRZResult Xe;
        private Image Xf;
        private byte[] Xg;

        public b(IMRZResult iMRZResult, Image image, byte[] bArr) {
            this.Xe = iMRZResult;
            this.Xf = image;
            this.Xg = bArr;
        }

        @Override // com.kofax.kmc.ken.engines.data.ITagData
        public byte[] getDocumentSecurityObject() {
            return this.Xg;
        }

        @Override // com.kofax.kmc.ken.engines.data.ITagData
        public Image getFaceImage() {
            return this.Xf;
        }

        @Override // com.kofax.kmc.ken.engines.data.ITagData
        public IMRZResult getMRZInformation() {
            return this.Xe;
        }
    }

    /* renamed from: com.kofax.mobile.sdk.ah.c$c, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    private static class CallableC0157c implements Callable<Set<Certificate>> {
        private final String Xh;

        public CallableC0157c(String str) {
            this.Xh = str;
        }

        private byte[] aF(String str) {
            try {
                return ig.e.i(AppContextProvider.getContext().getAssets().open(str));
            } catch (IOException e10) {
                com.kofax.mobile.sdk._internal.k.e(c.TAG, e10);
                return null;
            }
        }

        private void verifyPathVulnerability(String str) {
            String str2;
            try {
                str2 = new File("/Verify/ZipPath/", ig.c.f(str)).getCanonicalPath();
            } catch (IOException unused) {
                str2 = null;
            }
            if (!ng.e.j(str2) && !str2.startsWith("/Verify/ZipPath/")) {
                throw new KmcRuntimeException(ErrorInfo.KMC_NFC_CERTIFICATE_VALIDATION_FAILED, new Exception("path traversal vulnerability found"));
            }
        }

        @Override // java.util.concurrent.Callable
        /* renamed from: sl, reason: merged with bridge method [inline-methods] */
        public Set<Certificate> call() {
            byte[] aF = aF(this.Xh);
            if (aF == null) {
                File file = new File(this.Xh);
                if (!file.exists()) {
                    throw new KmcRuntimeException(ErrorInfo.KMC_NFC_MASTERLIST_NOT_EXIST);
                }
                verifyPathVulnerability(this.Xh);
                aF = ig.b.s(file);
            }
            ArrayList arrayList = new ArrayList();
            HashSet hashSet = new HashSet();
            try {
                for (jh.e eVar : c.a(ah.u.H(aF), (List) null, a.SIGNED_DATA)) {
                    Enumeration K = eVar.x().K();
                    while (K.hasMoreElements()) {
                        arrayList.add((X509Certificate) CertificateFactory.getInstance("X.509", new zh.a()).generateCertificate(new ByteArrayInputStream(oh.c.y(K.nextElement()).s("DER"))));
                    }
                    c.z(arrayList);
                    for (Certificate certificate : c.a(eVar.y().x(), (List) null, a.CERTIFICATE)) {
                        if (c.WQ.match(certificate)) {
                            hashSet.add(certificate);
                        }
                    }
                }
                return hashSet;
            } catch (Exception e10) {
                throw new KmcRuntimeException(ErrorInfo.KMC_NFC_CERTIFICATE_VALIDATION_FAILED, new Exception("failed at extracting masterList", e10));
            }
        }
    }

    /* loaded from: classes.dex */
    private static class d implements t1.h<Pair<Set<Certificate>, Boolean>, Boolean> {
        private final y Xi;

        private d(y yVar) {
            this.Xi = yVar;
        }

        private PKIXCertPathBuilderResult a(X509Certificate x509Certificate, Set<Certificate> set, boolean z10) {
            if (!z10 && a(x509Certificate)) {
                throw new Exception("The certificate is self-signed.");
            }
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            hashSet2.add(x509Certificate);
            for (Certificate certificate : set) {
                if (a(certificate)) {
                    hashSet.add(certificate);
                } else {
                    hashSet2.add(certificate);
                }
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            HashSet hashSet3 = new HashSet();
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                hashSet3.add(new TrustAnchor((X509Certificate) ((Certificate) it.next()), null));
            }
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet3, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet2)));
            return (PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX", "BC").build(pKIXBuilderParameters);
        }

        private boolean a(Certificate certificate) {
            try {
                certificate.verify(certificate.getPublicKey());
                return true;
            } catch (InvalidKeyException | SignatureException unused) {
                return false;
            }
        }

        @Override // t1.h
        /* renamed from: e, reason: merged with bridge method [inline-methods] */
        public Boolean then(t1.j<Pair<Set<Certificate>, Boolean>> jVar) {
            try {
                Security.removeProvider("BC");
                Security.addProvider(new zh.a());
                Pair<Set<Certificate>, Boolean> v10 = jVar.v();
                if (!((Boolean) v10.second).booleanValue()) {
                    throw new KmcRuntimeException(ErrorInfo.KMC_NFC_CERTIFICATE_VALIDATION_FAILED, new Exception("signature verification failed"));
                }
                boolean z10 = true;
                PKIXCertPathBuilderResult a10 = a(this.Xi.sR(), (Set) v10.first, true);
                ArrayList arrayList = new ArrayList(a10.getCertPath().getCertificates());
                arrayList.add(a10.getTrustAnchor().getTrustedCert());
                c.z(arrayList);
                if (arrayList.size() <= 1) {
                    z10 = false;
                }
                return Boolean.valueOf(z10);
            } catch (KmcRuntimeException e10) {
                throw e10;
            } catch (CertPathBuilderException e11) {
                throw new KmcRuntimeException(ErrorInfo.KMC_NFC_CERTIFICATE_VALIDATION_FAILED, new Exception("Error building certification path", e11));
            } catch (Exception e12) {
                throw new KmcRuntimeException(ErrorInfo.KMC_NFC_CERTIFICATE_VALIDATION_FAILED, new Exception("Error verifying the certificate", e12));
            }
        }
    }

    /* loaded from: classes.dex */
    private static class e implements t1.h<Set<Certificate>, Pair<Set<Certificate>, Boolean>> {
        private final y Xi;

        private e(y yVar) {
            this.Xi = yVar;
        }

        private int a(String str, Certificate certificate, byte[] bArr, byte[] bArr2) {
            Signature signature;
            for (int i10 = 0; i10 <= 512; i10++) {
                try {
                    signature = Signature.getInstance(str, new zh.a());
                    if (str.endsWith("withRSA/PSS")) {
                        signature.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), i10, 1));
                    }
                    signature.initVerify(certificate);
                    signature.update(bArr);
                } catch (Exception e10) {
                    com.kofax.mobile.sdk._internal.k.e(e10);
                }
                if (signature.verify(bArr2)) {
                    return i10;
                }
            }
            return 0;
        }

        @Override // t1.h
        /* renamed from: f, reason: merged with bridge method [inline-methods] */
        public Pair<Set<Certificate>, Boolean> then(t1.j<Set<Certificate>> jVar) {
            String str;
            MessageDigest messageDigest;
            try {
                Security.removeProvider("BC");
                Security.addProvider(new zh.a());
                X509Certificate sR = this.Xi.sR();
                sR.checkValidity();
                byte[] sQ = this.Xi.sQ();
                byte[] sP = this.Xi.sP();
                try {
                    str = this.Xi.sT();
                } catch (Exception unused) {
                    str = null;
                }
                if (ng.e.j(str)) {
                    String sS = this.Xi.sS();
                    try {
                        messageDigest = MessageDigest.getInstance(sS);
                    } catch (Exception unused2) {
                        messageDigest = MessageDigest.getInstance(sS, new zh.a());
                    }
                    messageDigest.update(sQ);
                    return new Pair<>(jVar.v(), Boolean.valueOf(Arrays.equals(messageDigest.digest(), sP)));
                }
                if ("SSAwithRSA/PSS" == str) {
                    str = this.Xi.sS().replace("-", "") + "withRSA/PSS";
                }
                if ("RSA" == str) {
                    str = this.Xi.sS().replace("-", "") + "withRSA";
                }
                Signature signature = Signature.getInstance(str, new zh.a());
                if (str.endsWith("withRSA/PSS")) {
                    signature.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), a(str, sR, sQ, sP), 1));
                }
                signature.initVerify(sR);
                signature.update(sQ);
                return new Pair<>(jVar.v(), Boolean.valueOf(signature.verify(sP)));
            } catch (CertificateExpiredException e10) {
                throw new KmcRuntimeException(ErrorInfo.KMC_NFC_CERTIFICATE_EXPIRED, e10);
            } catch (CertificateNotYetValidException e11) {
                throw new KmcRuntimeException(ErrorInfo.KMC_NFC_CERTIFICATE_EXPIRED, e11);
            } catch (Exception e12) {
                throw new KmcRuntimeException(ErrorInfo.KMC_NFC_CERTIFICATE_VALIDATION_FAILED, new Exception("failed at verifySignature", e12));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ITagData a(Tag tag, NFCTagParameters nFCTagParameters) {
        IsoDep isoDep = IsoDep.get(tag);
        if (isoDep == null) {
            throw new KmcRuntimeException(ErrorInfo.KMC_NFC_NO_TAG_SUPPORTED);
        }
        try {
            try {
                com.kofax.mobile.sdk._internal.k.d(TAG, "Electronic Passport");
                this.WR.a(isoDep);
                this.WR.sF();
                si();
                this.WT.a(nFCTagParameters);
                List<byte[]> so = this.WT.so();
                this.WU.e(so.get(0), so.get(1), so.get(2));
                return new b(new n(this.WV.z(new byte[]{1, 1})).sw(), new o(this.WV.z(new byte[]{1, 2})).getFaceImage(), this.WV.z(new byte[]{1, 29}));
            } catch (KmcRuntimeException e10) {
                throw e10;
            } catch (Exception e11) {
                throw new KmcRuntimeException(ErrorInfo.KMC_NFC_EXCEPTION, e11);
            }
        } finally {
            this.WU.e(null, null, null);
            this.WR.sG();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List a(Object obj, List list, a aVar) {
        ah.e x10;
        a0 a0Var;
        int i10;
        if (list == null) {
            list = new ArrayList();
        }
        try {
            i10 = AnonymousClass6.Xa[aVar.ordinal()];
        } catch (Exception unused) {
        }
        if (i10 == 1) {
            jh.e z10 = jh.e.z(obj);
            if (z10 != null) {
                list.add(z10);
            }
            return list;
        }
        if (i10 == 2) {
            list.add(new zh.e(oh.c.y(obj)));
            return list;
        }
        if (obj instanceof t1) {
            a0Var = (t1) obj;
        } else if (obj instanceof l0) {
            a0Var = (l0) obj;
        } else {
            if (!(obj instanceof f1)) {
                if (obj instanceof ah.u) {
                    Enumeration J = ((ah.u) obj).J();
                    while (J.hasMoreElements()) {
                        list = a(J.nextElement(), list, aVar);
                    }
                    return list;
                }
                if (obj instanceof ah.w) {
                    Enumeration K = ((ah.w) obj).K();
                    while (K.hasMoreElements()) {
                        list = a(K.nextElement(), list, aVar);
                    }
                    return list;
                }
                if (!(obj instanceof y0)) {
                    if (aVar != a.CERTIFICATE || !(obj instanceof jh.e)) {
                        return list;
                    }
                    x10 = ((jh.e) obj).y().x();
                    return a(x10, list, aVar);
                }
                ah.k kVar = new ah.k(new ByteArrayInputStream(((y0) obj).I()));
                while (true) {
                    try {
                        ah.t i02 = kVar.i0();
                        if (i02 == null) {
                            break;
                        }
                        list = a(i02, list, aVar);
                    } catch (IOException unused2) {
                    }
                }
                kVar.close();
                kVar.close();
                return list;
            }
            a0Var = (f1) obj;
        }
        x10 = a0Var.H();
        return a(x10, list, aVar);
    }

    private t1.j<Tag> a(Activity activity) {
        KmcRuntimeException kmcRuntimeException;
        final t1.k kVar = new t1.k();
        NfcAdapter defaultAdapter = NfcAdapter.getDefaultAdapter(activity);
        if (defaultAdapter == null) {
            kmcRuntimeException = new KmcRuntimeException(ErrorInfo.KMC_NFC_NOT_SUPPORTED);
        } else {
            if (defaultAdapter.isEnabled()) {
                defaultAdapter.enableReaderMode(activity, new NfcAdapter.ReaderCallback() { // from class: com.kofax.mobile.sdk.ah.c.5
                    @Override // android.nfc.NfcAdapter.ReaderCallback
                    public void onTagDiscovered(Tag tag) {
                        if (tag == null || !Arrays.asList(tag.getTechList()).contains("android.nfc.tech.IsoDep")) {
                            kVar.c(new KmcRuntimeException(ErrorInfo.KMC_NFC_NO_TAG_SUPPORTED));
                        } else {
                            kVar.d(tag);
                        }
                    }
                }, WP, null);
                return kVar.a();
            }
            kmcRuntimeException = new KmcRuntimeException(ErrorInfo.KMC_NFC_NOT_ENABLED);
        }
        kVar.c(kmcRuntimeException);
        return kVar.a();
    }

    private void a(final NFCTagParameters nFCTagParameters, final Activity activity) {
        a(activity).B(new t1.h<Tag, ITagData>() { // from class: com.kofax.mobile.sdk.ah.c.4
            @Override // t1.h
            /* renamed from: d, reason: merged with bridge method [inline-methods] */
            public ITagData then(t1.j<Tag> jVar) {
                activity.runOnUiThread(new Runnable() { // from class: com.kofax.mobile.sdk.ah.c.4.1
                    @Override // java.lang.Runnable
                    public void run() {
                        nFCTagParameters.getTagDetectedListener().onTagDetected();
                    }
                });
                return c.this.a(jVar.v(), nFCTagParameters);
            }
        }, t1.j.f13665i).k(new t1.h<ITagData, Void>() { // from class: com.kofax.mobile.sdk.ah.c.3
            @Override // t1.h
            public Void then(t1.j<ITagData> jVar) {
                c.this.b(activity);
                nFCTagParameters.getTagReadListener().onTagRead(jVar.v(), jVar.u());
                return null;
            }
        }, t1.j.f13667k);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void b(Activity activity) {
        NfcAdapter defaultAdapter = NfcAdapter.getDefaultAdapter(activity);
        if (defaultAdapter != null) {
            defaultAdapter.disableReaderMode(activity);
        }
    }

    private void si() {
        com.kofax.mobile.sdk._internal.k.d(TAG, "Select Passport Application");
        this.WS.a((byte) 4, (byte) 12, new byte[]{-96, 0, 0, 2, 71, 16, 1}, (byte) 0, false);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void z(List<X509Certificate> list) {
        int size = list.size();
        int i10 = 0;
        while (true) {
            int i11 = size - 1;
            if (i10 >= i11) {
                X509Certificate x509Certificate = list.get(i11);
                if (x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    return;
                }
                return;
            }
            X509Certificate x509Certificate2 = list.get(i10);
            i10++;
            X509Certificate x509Certificate3 = list.get(i10);
            if (!x509Certificate2.getIssuerX500Principal().equals(x509Certificate3.getSubjectX500Principal())) {
                throw new Exception("Certificates do not chain");
            }
            x509Certificate2.verify(x509Certificate3.getPublicKey());
        }
    }

    @Override // com.kofax.kmc.ken.engines.INFCTagReader
    public void readTag(NFCTagParameters nFCTagParameters, Activity activity) {
        a(nFCTagParameters, activity);
    }

    @Override // com.kofax.kmc.ken.engines.INFCTagReader
    public void verifyDocumentSignerCertificate(byte[] bArr, String str, final ICompletionListener<Boolean> iCompletionListener) {
        try {
            y yVar = new y(bArr);
            t1.j f10 = t1.j.f(new CallableC0157c(str));
            e eVar = new e(yVar);
            ExecutorService executorService = t1.j.f13665i;
            f10.B(eVar, executorService).B(new d(yVar), executorService).k(new t1.h<Boolean, Void>() { // from class: com.kofax.mobile.sdk.ah.c.2
                @Override // t1.h
                public Void then(t1.j<Boolean> jVar) {
                    iCompletionListener.onComplete(jVar.v(), jVar.u());
                    return null;
                }
            }, t1.j.f13667k);
        } catch (KmcRuntimeException e10) {
            iCompletionListener.onComplete(null, e10);
        } catch (Exception e11) {
            iCompletionListener.onComplete(null, new KmcRuntimeException(ErrorInfo.KMC_NFC_CERTIFICATE_VALIDATION_FAILED, e11));
        }
    }
}
