package com.sophos.mobilecontrol.client.android.module.autoenrollment;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.sophos.smsec.core.smsectrace.SMSecTrace;
import d1.g;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import okhttp3.A;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Store;
import org.json.JSONException;
import org.json.JSONObject;
import q1.C1472a;
import retrofit2.Retrofit;
import retrofit2.converter.gson.GsonConverterFactory;

/* loaded from: classes3.dex */
public final class b {

    /* loaded from: classes3.dex */
    public static final class a {

        /* renamed from: a, reason: collision with root package name */
        public String f16300a;

        /* renamed from: b, reason: collision with root package name */
        public String f16301b;

        /* renamed from: c, reason: collision with root package name */
        public String f16302c;

        private a() {
        }
    }

    public static AutoEnrollmentResponse a(byte[] bArr) {
        try {
            CMSTypedData signedContent = new CMSSignedData(new ByteArrayInputStream(bArr)).getSignedContent();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            signedContent.write(byteArrayOutputStream);
            return (AutoEnrollmentResponse) new Gson().fromJson(byteArrayOutputStream.toString(StandardCharsets.UTF_8.name()), AutoEnrollmentResponse.class);
        } catch (IOException e3) {
            SMSecTrace.e("AEU", "IOException decoding response", e3);
            return null;
        } catch (CMSException e4) {
            SMSecTrace.e("AEU", "CMSException decoding response", e4);
            return null;
        } catch (Exception e5) {
            SMSecTrace.e("AEU", "exception decoding response", e5);
            return null;
        }
    }

    public static AutoEnrollmentApi b(String str) {
        A.b t3 = new A().t();
        TimeUnit timeUnit = TimeUnit.SECONDS;
        return (AutoEnrollmentApi) new Retrofit.Builder().baseUrl(str).client(t3.c(60L, timeUnit).d(60L, timeUnit).e(60L, timeUnit).b()).addConverterFactory(GsonConverterFactory.create(new GsonBuilder().setLenient().create())).build().create(AutoEnrollmentApi.class);
    }

    public static boolean c(byte[] bArr) {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                new CMSSignedData(byteArrayInputStream).getVersion();
                byteArrayInputStream.close();
                return true;
            } finally {
            }
        } catch (Exception unused) {
            return false;
        }
    }

    public static a d(String str) {
        a aVar = new a();
        try {
            JSONObject jSONObject = new JSONObject(str);
            JSONObject jSONObject2 = new JSONObject(jSONObject.getString("mdmProfileCustomData"));
            aVar.f16301b = jSONObject2.getString("t");
            aVar.f16302c = jSONObject2.getString("h");
            aVar.f16300a = jSONObject.getString("mdmUri");
        } catch (JSONException e3) {
            SMSecTrace.e("AEU", "JSONException parsing KME data", e3);
        } catch (Exception e4) {
            SMSecTrace.e("AEU", "could not parse KME data", e4);
        }
        return aVar;
    }

    public static boolean e(byte[] bArr, String str) {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                CMSSignedData cMSSignedData = new CMSSignedData(byteArrayInputStream);
                Store<X509CertificateHolder> certificates = cMSSignedData.getCertificates();
                for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                    X509Certificate certificate = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(certificates.getMatches(signerInformation.getSID()).iterator().next());
                    byte[] l3 = g.l(certificate.getEncoded());
                    if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(new BouncyCastleProvider()).build(certificate))) {
                        SMSecTrace.i("AEU", "signature valid");
                        if (str.equals(new String(C1472a.d(l3)))) {
                            SMSecTrace.i("AEU", "certificate is correct");
                            byteArrayInputStream.close();
                            return true;
                        }
                        SMSecTrace.e("AEU", "signature is valid, however, not from the expected customer CA");
                    } else {
                        SMSecTrace.e("AEU", "signature of body not valid");
                    }
                }
                byteArrayInputStream.close();
                return false;
            } catch (Throwable th) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (Exception unused) {
            SMSecTrace.e("AEU", "no valid signature");
            return false;
        }
    }
}
