package com.samsung.android.email.security.smime;

import android.content.Context;
import android.security.KeyChain;
import android.security.KeyChainException;
import com.google.common.net.HttpHeaders;
import com.samsung.android.email.common.util.smime.RevocationInfo;
import com.samsung.android.email.provider.R;
import com.samsung.android.emailcommon.basic.log.SemSMIMELog;
import com.samsung.android.emailcommon.provider.Account;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DLTaggedObject;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.operator.OperatorCreationException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class SemBCRevocation extends SemRevocation {
    private RevocationInfo checkOCSP(Certificate[] certificateArr) {
        OCSPReq generateOCSPRequest;
        RevocationInfo revocationInfoInstance = SemSMIMEFactory.getRevocationInfoInstance();
        revocationInfoInstance.setRevocationStatus(0);
        try {
            generateOCSPRequest = generateOCSPRequest((X509Certificate) certificateArr[1], ((X509Certificate) certificateArr[0]).getSerialNumber());
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (generateOCSPRequest == null) {
            throw SemSMIMEFactory.getOCSPExceptionInstance("generateOCSPRequest failure");
        }
        OCSPResp oCSPResponse = getOCSPResponse(SMIMEWrapper.getURLString(getOcspUrlFromCertificate((X509Certificate) certificateArr[0])), generateOCSPRequest);
        if (oCSPResponse == null) {
            throw SemSMIMEFactory.getOCSPExceptionInstance("getOCSPResponse failure");
        }
        if (oCSPResponse.getStatus() != 0) {
            throw SemSMIMEFactory.getIOExceptionInstance("Invalid status: " + oCSPResponse.getStatus());
        }
        BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResponse.getResponseObject();
        if (basicOCSPResp != null) {
            SingleResp[] responses = basicOCSPResp.getResponses();
            if (responses.length == 1) {
                CertificateStatus certStatus = responses[0].getCertStatus();
                if (certStatus == CertificateStatus.GOOD) {
                    revocationInfoInstance.setGenericMessage("Certificate Valid.");
                    revocationInfoInstance.setRevocationStatus(1);
                    revocationInfoInstance.setResourceID(-1);
                } else if (certStatus instanceof RevokedStatus) {
                    revocationInfoInstance.setGenericMessage("Certificate is revoked");
                    revocationInfoInstance.setResourceID(R.string.certificate_revoked);
                } else {
                    revocationInfoInstance.setGenericMessage("Unknown Error.");
                    revocationInfoInstance.setResourceID(R.string.crl_unknown_error);
                }
            }
        }
        return revocationInfoInstance;
    }

    private OCSPReq generateOCSPRequest(X509Certificate x509Certificate, BigInteger bigInteger) {
        OCSPReqBuilder oCSPReqBuilderInstance = SemSMIMEFactory.getOCSPReqBuilderInstance();
        try {
            oCSPReqBuilderInstance.addRequest(SemSMIMEFactory.getCertificateIDInstance(SemSMIMEFactory.getJcaDigestCalculatorProviderBuilderInstance().build().get(CertificateID.HASH_SHA1), SemSMIMEFactory.getJcaX509CertificateHolderInstance(x509Certificate), bigInteger));
            return oCSPReqBuilderInstance.build();
        } catch (CertificateEncodingException | OCSPException | OperatorCreationException e) {
            e.printStackTrace();
            return null;
        }
    }

    private OCSPResp getOCSPResponse(String str, OCSPReq oCSPReq) {
        try {
            byte[] encoded = oCSPReq.getEncoded();
            if (!str.startsWith("http")) {
                System.out.println("Only http is supported for ocsp calls");
                return null;
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) SMIMEWrapper.openConnection(SemSMIMEFactory.getURLInstance(str));
            httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
            httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, "application/ocsp-response");
            httpURLConnection.setDoOutput(true);
            OutputStream outputStream = httpURLConnection.getOutputStream();
            try {
                DataOutputStream dataOutputStreamInstance = SemSMIMEFactory.getDataOutputStreamInstance(SemSMIMEFactory.getBufferedOutputStreamInstance(outputStream));
                try {
                    dataOutputStreamInstance.write(encoded);
                    dataOutputStreamInstance.flush();
                    if (dataOutputStreamInstance != null) {
                        dataOutputStreamInstance.close();
                    }
                    if (outputStream != null) {
                        outputStream.close();
                    }
                    InputStream inputStream = (InputStream) httpURLConnection.getContent();
                    try {
                        OCSPResp oCSPRespInstance = SemSMIMEFactory.getOCSPRespInstance(inputStream);
                        if (inputStream != null) {
                            inputStream.close();
                        }
                        return oCSPRespInstance;
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            e.printStackTrace();
            System.out.println("Cannot get ocspResponse from url: " + str + StringUtils.SPACE + e);
            return null;
        }
    }

    private URL getOcspUrlFromCertificate(X509Certificate x509Certificate) throws IllegalArgumentException {
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(x509Certificate.getExtensionValue(Extension.authorityInfoAccess.getId()));
            if (aSN1Sequence != null) {
                Enumeration objects = aSN1Sequence.getObjects();
                while (objects.hasMoreElements()) {
                    ASN1Sequence aSN1Sequence2 = (ASN1Sequence) objects.nextElement();
                    ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) aSN1Sequence2.getObjectAt(0);
                    DLTaggedObject dLTaggedObject = (DLTaggedObject) aSN1Sequence2.getObjectAt(1);
                    if (dLTaggedObject.getTagNo() == 6) {
                        String stringInstance = SemSMIMEFactory.getStringInstance(((DEROctetString) dLTaggedObject.getObject()).getOctets());
                        if (aSN1ObjectIdentifier.equals((ASN1Primitive) X509ObjectIdentifiers.id_ad_ocsp)) {
                            return SemSMIMEFactory.getURLInstance(stringInstance);
                        }
                    }
                }
            }
            throw SemSMIMEFactory.getIllegalArgumentExceptionInstance("Could not find OCSP URL in certificate");
        } catch (Exception e) {
            throw SemSMIMEFactory.getIllegalArgumentExceptionInstance(e);
        }
    }

    private int validateCertificate(Certificate[] certificateArr, String[] strArr, RevocationInfo revocationInfo) {
        FileInputStream fileInputStreamInstance;
        for (int i = 0; i < certificateArr.length - 1; i++) {
            try {
                try {
                    fileInputStreamInstance = SemSMIMEFactory.getFileInputStreamInstance(strArr[i]);
                    try {
                    } finally {
                    }
                } catch (IOException e) {
                    e.printStackTrace();
                }
                if (((X509CRL) SMIMEWrapper.generateCRL(getCertificateFactory(), fileInputStreamInstance)).isRevoked(certificateArr[i])) {
                    revocationInfo.setGenericMessage("Certificate is revoked");
                    revocationInfo.setResourceID(R.string.certificate_revoked);
                    if (fileInputStreamInstance != null) {
                        fileInputStreamInstance.close();
                    }
                    return -1;
                }
                if (fileInputStreamInstance != null) {
                    fileInputStreamInstance.close();
                }
            } catch (CRLException e2) {
                e2.printStackTrace();
            }
        }
        revocationInfo.setRevocationStatus(1);
        revocationInfo.setGenericMessage("Certificate Valid");
        revocationInfo.setResourceID(-1);
        return 1;
    }

    @Override // com.samsung.android.email.security.smime.SemRevocation
    Certificate[] getCertificateChain(Context context, long j, X509Certificate x509Certificate, boolean z) throws KeyChainException, InterruptedException, SemBCSMIMEException {
        Account restoreAccountWithId = Account.restoreAccountWithId(context, j);
        if (restoreAccountWithId == null) {
            SemSMIMELog.sysE("%s::doRevocationCheck() - account is null!!!", this.TAG);
            throw SemSMIMEFactory.getSemBCSMIMEException(SemBCSMIMEException.ACCOUNT_NOT_FOUND_ERROR);
        }
        String str = z ? restoreAccountWithId.mSmimeOwnEncryptCertAlias : restoreAccountWithId.mSmimeOwnSignCertAlias;
        if (str == null) {
            throw SemSMIMEFactory.getSemBCSMIMEException(SemBCSMIMEException.USER_CERTIFICATE_NOT_INSTALED_ERROR);
        }
        Security.addProvider(SemSMIMEFactory.getBouncyCastleProviderInstance());
        Security.setProperty("ocsp.enable", "true");
        X509Certificate[] certificateChain = KeyChain.getCertificateChain(context, str);
        if (certificateChain == null) {
            throw SemSMIMEFactory.getSemBCSMIMEException(SemBCSMIMEException.USER_CERTIFICATE_NOT_INSTALED_ERROR);
        }
        if (certificateChain.length != 1) {
            return certificateChain;
        }
        throw SemSMIMEFactory.getSemBCSMIMEException(SemBCSMIMEException.ROOT_CERTIFICATE_NOT_INSTALED_ERROR);
    }

    @Override // com.samsung.android.email.security.smime.SemRevocation
    CertificateFactory getCertificateFactory() {
        try {
            return CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            e.printStackTrace();
            SemSMIMELog.e("%s::doRevocationCheck() - Failed to make factory in bc", this.TAG);
            return null;
        }
    }

    @Override // com.samsung.android.email.security.smime.SemRevocation
    RevocationInfo performCertValidation(Context context, long j, Certificate[] certificateArr) {
        checkRevocationPolicy(context, j);
        SemSMIMELog.i("%s::performCertValidation() - accountId[%s]", this.TAG, Long.valueOf(j));
        if (isRevocationEnabled(context, j)) {
            return isOCSPEnabled(context, j) ? checkOCSP(certificateArr) : checkCRL(context, certificateArr);
        }
        return null;
    }

    @Override // com.samsung.android.email.security.smime.SemRevocation
    void validateCertificate(Context context, Certificate[] certificateArr, RevocationInfo revocationInfo, String[] strArr, String[] strArr2, List<byte[]> list) {
        int validateCertificate;
        for (int i = 0; i < certificateArr.length - 1; i++) {
            int validateCertificate2 = validateCertificate(certificateArr, strArr, revocationInfo);
            if (validateCertificate2 != 1) {
                SemSMIMELog.sysE("%s::validateCertificate() - CRL revocationResult[%s]", this.TAG, Integer.valueOf(validateCertificate2));
                return;
            } else {
                if (strArr2[i] != null && (validateCertificate = validateCertificate(certificateArr, strArr2, revocationInfo)) != 1) {
                    SemSMIMELog.sysE("%s::validateCertificate() - Delta CRL revocationResult[%s]", this.TAG, Integer.valueOf(validateCertificate));
                    return;
                }
            }
        }
    }
}
